Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

1.3.x, however, is now officially old software. With the 2.0.35 release, Apache 2.0 is now considered stable and ready for production use. It is now the recommended version of the server; expect to see it start showing up in distributions later this year.

So what has the Apache team been doing all this time? Some of the most significant new features in 2.0 include:

• The new hybrid process/thread model. Apache has traditionally worked by running a (potentially large) number of processes to handle multiple requests simultaneously. This scheme works well most of the time, but the overhead of running many processes can get large on high-traffic systems. By splitting each process into several lightweight threads, Apache 2.0 is able to get better performance at the high end. It must be time for another Mindcraft benchmark.

• Apache modules can now be written as filters, making it possible to stack them. Want to process server-side includes in the output of your mod_perl code? Now it's possible.

• SSL encryption is included in a module packaged with the Apache distribution, eliminating the need to go out and find an SSL plugin from somewhere else.

• There is also an included module providing WebDAV support.

Other additions include IPv6 support, an improved internal API, the ability to serve multiple protocols, a simplified configuration mechanism, completely rewritten proxy support, and the ability to create customized error responses in multiple languages. Congratulations are due to the Apache team, which has worked long and hard to improve on the world's most popular web server.

The Elcomsoft case will not be dismissed, at least not yet. At a preliminary hearing on April 1, Elcomsoft's lawyers asked for a dismissal of the DMCA-based charges against the company, claiming that U.S. jurisdiction does not extend to a product developed (legally) in Russia. Judge Ronald Whyte didn't buy that argument, however. This result is not all that surprising; the company did, after all, sell the Advanced eBook Processor in the U.S., via a web site hosted in the U.S. The jurisdictional situation thus seems relatively clear.

There are two other motions for dismissal outstanding, however. One is based on claims that the DMCA is overly vague, making it impossible for a company to know if a product is in violation or not. The other challenge is on freedom of speech grounds. Judge Whyte has not indicated when he might rule on those motions.

The next date in this case is April 15, when a "status conference" will be held. Stay tuned.

Licensing terms: what's in a name? Richard Stallman recently objected to our use of the term "reasonable and non-discriminatory" to describe certain classes of software and patent licenses. These licenses, require a payment for the use of the patented technology; the RAND terms just ensure that everybody can use that technology for the same payment. According to Mr. Stallman, the name RAND is inappropriate because:

• By requiring a fee for use, the license is clearly discriminatory against free software.

• This discrimination, of course, is not reasonable.

Mr. Stallman's suggested term is "UFO" for "Uniform Fee Only." LWN will likely not drop the use of "RAND" entirely for the simple reason that the term is widely used and recognized. There is a certain appeal to the "UFO" term, though...

Meanwhile, "royalty-free" (RF) licenses are generally considered to be good for free software. But what is one to make of Microsoft's "Royalty-Free CIFS Technical Reference License Agreement," which prohibits the distribution of a CIFS implementation under an "IPR impairing" license - specifically the GPL? It's only "royalty-free" if Microsoft likes your license. These terms appear to be an effort to undermine Samba, which is licensed under the GPL. Whether this attempt will see any success is, of course, another question: the Samba developers have not signed this agreement. It does hint, however, at the possibility of real attacks against Samba - using patents, perhaps - in the future.

Microsoft's language also highlights a common misconception about the GPL that Microsoft, seemingly, wants to encourage. One often sees claims that use of GPL-licensed software can force the release of a company's proprietary source code. In fact, the GPL lacks any such power. A company which distributes software derived from GPL-licensed code is required to make source available and follow the other GPL terms. Should a company fail to comply with those terms, however, there is only one thing that happens: the company loses its right to use the original GPL-licensed code. From the GPL text:

You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License.

The loss of the right to use GPL-licensed code can be devastating to a business, but it is not the same as having that business's intellectual property pried away from it.

Inside this LWN.net weekly edition:

• Security: Red Hat adopts CVE; security breaches rare in Linux environment
• Kernel: USB reorganization; IDE tagged command queueing; kbuild 2.5 returns; supporting discontiguous memory.
• Distributions: spyLinux returns to the list; RedHawk Linux.
• Development: Foomatic Print System, sendmail 8.12.3, AFPL GS 7.20, AlsaPlayer 0.99.59, KDE 3.0, GHC 5.02.3, Pike language.
• Commerce: EFF Broadcast Protection Discussion Group weblog; Concurrent Introduces iHawk Real-Time Linux Multiprocessor Systems.
• Letters: CBDTPA, RMS, the way out.

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor

See also: last week's Security page.

Security

News and Editorials

Red Hat Unveils CVE Security Compatibility. Red Hat announced that their security alerts and advisories, including updates issued through the Red Hat Network, will use Common Vulnerabilities and Exposures (CVE) standard names. The CVE project has been working since 1999 to create a standard way of talking about security problems. So far, fifty one organizations have declared that seventy six network security products or services are, or will be CVE-compatible.

Other Linux distributors who have adopted CVE at some level include Caldera, Debian, EnGarde Secure Linux and Mandrake Linux. LWN published a brief introduction to CVE in our February 28th security section.

New Evans Data Survey Reports Security Breaches Rare in Linux Environment. An Evans Data Corp. survey looks at Linux security statistics. "According to CERT, a center for Internet security expertise operated by Carnegie Mellon University, the total number of computer attacks has almost doubled every year since 1988. However, the rarity of security breaches in the Linux environment is illustrated by the fact that 78% of respondents to the survey have never experienced an unwanted intrusion and 94% have operated virus-free."

Open sourcers wear the white hats (ZDNet). Here's an article by Bruce Perens about the difference in the security of open-source and proprietary software. "In contrast, open source has a lot of "white hats" looking at the source. They often do find security bugs while working on other aspects of the code, and the bugs are reported and closed. However, open source can still profit from a formal security review, just as proprietary code can, and there is an accelerating trend to do formal security reviews in open-source projects."

Security Reports

IMP 2.2.8 released. Version 2.2.8 of IMP has been released, it fixes some vulnerabilities. "The Horde team announces the availability of IMP 2.2.8, which prevents some potential cross-site scripting (CSS) attacks. Site administrators should consider upgrading to IMP 3 (our first recommendation), but if this is not possible, IMP 2.2.8 should be used to prevent these potential attacks."

Red Hat Security Advisory - tcpdump. Updated tcpdump, libpcap, and arpwatch packages are available for Red Hat Linux 6.2 and 7.x. These updates close vulnerabilities present in versions of tcpdump up to 3.5.1 and various other bugs.

Red Hat Security Advisory - logwatch. Updated Red Hat Linux 7.2 logwatch packages are available that fix tmp file race conditions which can cause a local user to gain root privileges. Here's the same alert for the Red Hat Powertools logwatch.

web scripts. The following web scripts were reported to contain vulnerabilities:

• Steve Gustin has reported a remote code execution vulnerability in csGuestBook, csLiveSupport, csNewsPro and csChatRBox. Updates that fix the vulnerability are available from CGIScript.net

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

• Emumail has a reported vulnerability in emumail.cgi which allows viewing of arbitrary files on the server.

Updates

Apache spoofed information logging vulnerabilty. Versions of apache prior to 1.3.24 sometimes put invalid client hostnames in the log file. A remote attacker may exploit this behavior to insert spoofed information into the webserver logs. The fix is to upgrade to the recent Apache 1.3.24 release. (First LWN report: March 28th).

This week's updates:

• Eridani (April 5, 2002) .

rsync supplementary groups vulnerability. Ethan Benson reported that rsyncd fails to remove supplementary groups (such as root) from the server process after changing to the specified unprivileged uid and gid. "This seems only serious if rsync is called using "rsync --daemon" from the command line where it will inherit the group of the user starting the server (usually root)." (First LWN report:  March 14th, 2002).

This week's updates:

• Caldera (April 3, 2002)
• Conectiva (March 14, 2002)
• EnGarde (March 11, 2002)
• Mandrake (March 13, 2002)
• Mandrake (April 17th, 2002) (Mandrake 8.1/ia64)
• Red Hat (March 21, 2002)
• Slackware (March 12, 2002)

Multiple vulnerabilities in SNMP implementations. Most SNMP implementations out there have a variety of buffer overflow vulnerabilities and should be upgraded at first opportunity. See this CERT advisory for more. (First LWN report: February 14).

This week's updates:

• SuSE (April 8, 2002) (ucdsnmp)

Previous updates:

• Caldera (January 22, 2002)
• Conectiva (February 14, 2002)
• Debian (February 28, 2002) (first update caused some problems)
• Debian (February 14, 2002)
• Eridani Linux (February 22, 2002)
• Mandrake (February 15, 2002)
• Red Hat (February 12, 2002)
• Yellow Dog (February 11, 2002)

zlib corrupts malloc data structures via double free. This vulnerability impacts all major Linux vendors. It may impact every Linux installation on Earth. Updates are required to zlib and any packages that were statically built with the zlib code. (First LWN report: March 14).

LinuxSecurity describes the vulnerability and coordinated distributor efforts in detail. "Packages including X11, rsync, the Linux kernel, QT, mozilla, gcc, vnc, and many other programs that have the ability to use network compression are potentially vulnerable."

Updating is recommended. As always, please proceed with caution when applying updates to the kernel.

This week's updates:

• Caldera (April 4, 2002) (libz and derived packages)
• Caldera (April 3, 2002) (rsync)

Previous updates:

• Conectiva (March 14, 2002) (zlib and derived packages)
• Debian (March 11, 2002) (nine packages)
• EnGarde (March 11, 2002) (zlib kernel popt rsync)
• Eridani (March 22, 2002) (kernel update to March 13 alert)
• Eridani (March 13, 2002) (libz)
• Eridani (March 13, 2002) (vnc dump cvs rsync kernel)
• Mandrake (March 13, 2002) (packages containing zlib)
• Mandrake (March 12, 2002) (zlib)
• Mandrake (March 12, 2002) (twelve packages including kernel)
• OpenPKG (March 12, 2002) (zlib cvs gnupg rrdtool rsync)
• Red Hat (March 21, 2002) (Powertools 6.2 VNC update to March 11 fix; sparc64 kernel for Red Hat 6.2)
• Red Hat (March 15, 2002) (kernel for Red Hat 6.2 & 7.0)
• Red Hat (March 11, 2002) (Red Hat Linux; also apply the March 15 kernel update)
• Red Hat (March 11, 2002) (Red Hat Powertools)
• SuSE (March 11, 2002) (libz/zlib)
• SuSE (March 11, 2002) (eight packages including kernel)
• Slackware (March 12, 2002) (zlib)
• Slackware (March 12, 2002) (rsync)
• Slackware (March 12, 2002) (cvs)
• Trustix (March 18, 2002) (zlib and derived packages)

See also: articles in ZDNet and The Register about the zlib vulnerability. And, these reports from ZDNet and Vnunet on this vulnerability in some of Microsoft's major applications.

Resources

Linux security week. The Linux Security Week and Linux Advisory Watch publications from LinuxSecurity.com are available.

Network security tips for managers (ZDNet). While not Linux (or Unix) specific, this article does contain some good security tips. "To see what may be listening on the computers in your network, you should use a simple hacker's tool known as a port scanner. Software is used across a network listens to network information on a port. There are a number of ports available on most servers. By using a tool known as a port scanner, a hacker checks for every possible piece of network software. If it answers, the hacker tries to find more information about the computer. The hacker then tries to exploit that port. However, you can use it just as a list of what's listening on a computer and check to make sure you don't have unnecessary software running."

Events

Upcoming Security Events.

Date	Event	Location
April 14 - 15, 2002	Workshop on Privacy Enhancing Technologies 2002	(Cathedral Hill Hotel)San Francisco, California, USA
April 15 - 19, 2002	InfoSec 2002	UniNet IRC network (irc.uninet.edu) - channel #infosec
April 16 - 19, 2002	The Twelfth Conference on Computers, Freedom & Privacy	(Cathedral Hill Hotel)San Francisco, California, USA
April 23 - 25, 2002	Infosecurity Europe 2002	Olympia, London, UK
May 1 - 3, 2002	cansecwest/core02	Vancouver, Canada
May 4 - 5, 2002	DallasCon	Dallas, TX., USA
May 12 - 15, 2002	2002 IEEE Symposium on Security and Privacy	(The Claremont Resort)Oakland, California, USA
May 13 - 14, 2002	3rd International Common Criteria Conference(ICCC)	Ottawa, Ont., Canada
May 13 - 17, 2002	14th Annual Canadian Information Technology Security Symposium(CITSS)	(Ottawa Congress Centre)Ottawa, Ontario, Canada
May 27 - 31, 2002	3rd International SANE Conference(SANE 2002)	Maastricht, The Netherlands
May 29 - 30, 2002	RSA Conference 2002 Japan	(Akasaka Prince Hotel)Tokyo, Japan

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Dennis Tenney

LWN Resources
Security alerts archive

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

Dave Jones's latest prepatch is 2.5.7-dj3. There's not much new in it; Dave appears to be concentrating more on feeding changes to Linus at the moment.

The latest 2.5 status summary from Guillaume Boissiere came out on April 2.

The current stable kernel release is 2.4.18. The current 2.4.19 prepatch is 2.4.19-pre6. It includes a long list of networking fixes, a netfilter update, lots of USB updates, and a vast number of other changes. Significantly, this patch also includes a few pieces of Andrea Arcangeli's VM update, as reworked by Andrew Morton. Much of the reworked VM code remains outside of the main 2.4 kernel, however.

Alan Cox's latest prepatch is 2.4.19-pre5-ac3. The most interesting part of this prepatch is the inclusion of Pavel Machek's software suspend code. If you want to actually play with that code, though, you'll also need to apply this patch from Pavel.

Alan has also released 2.2.21-rc3, the third 2.2.21 release candidate.

Reorganizing USB. It's all Lineo's fault. The company announced the contribution of its "USB Device Software" to the Linux kernel. This code allows a Linux system to behave as a device (not the host) on a USB bus; it is used in the Sharp Zaurus PDA. The code was welcomed by all, but it led quickly to the inevitable question: "where do we put all that code?"

After some discussion, it was decided that the USB source tree needed to be reorganized. The final organization looks like this (everything under drivers/usb, of course):

core	The core USB code (including device-side code)
host	Controller code for USB hosts
device	Controller code for USB device systems
class	Drivers for USB devices with defined 'class' specifications
net	Network drivers
image	Scanner drivers
input	Input drivers
media	Media drivers (i.e. cameras)
serial	Serial drivers
storage	Storage drivers
misc	Everything else

The resulting changes were merged in 2.5.8-pre3, resulting in a huge patch that, for the most part, just moves files around. The Lineo code has not yet been merged, but it's on the list of things to do.

kbuild 2.5 is back. We last heard from the kbuild 2.5 project, which is mostly the work of Keith Owens, some months ago. At that point, the project had a much improved, cleaner, and more accurate kernel build process which provided some interesting new features. There was just one little problem: a full kernel build took twice as long. That kind of bad news does not get you very far with kernel hackers, who spend a lot of time as it is waiting for kernel builds; Keith was essentially told, politely, to come back when the performance problems had been dealt with. (See the January 3 LWN Kernel Page).

Keith is back. Kbuild 2.5 version 2.0 is now available for 2.4.16, with version for the 2.5 kernel available as well. While previous versions of kbuild worked with a text file that was read at every step in the process, the new kbuild uses a memory-mapped database implementation borrowed from BitKeeper. The database code, like a few other pieces of BitKeeper, has been released under the GPL, so there should be no licensing objections here.

The new code has made a difference. On Keith's system, a full kernel build with the traditional kbuild code takes a full 15 minutes (with everything configured in). With the new code, that time drops to just under nine minutes. If you immediately run a second make on the fully-built tree, things look even better. The old kbuild recompiles a bunch of stuff unnecessarily, resulting in a "build" time of just over two minutes. The new kbuild, instead, figures out that nothing needs to be done in 14 seconds. Says Keith:

More accurate kernel build, easier to write and understand Makefiles, 30% faster than kbuild 2.4. Now the nay-sayers will have to find something else to complain about!

Keith has no plans to try to get the new code into the 2.4 kernel tree ("Changing the kernel build on a stable kernel is a bad idea"), but there will probably be a renewed push to see it incorporated into 2.5. The "nay-sayers" may have to scramble if they want to keep it out.

EVMS 1.0 released. The news is a bit stale (due to the Kernel Page taking last week off), but still worth a mention: the Enterprise Volume Management System team has announced the release of EVMS 1.0, the first full release. EVMS is a high-end system for the management of disk drives, partitions, and volumes; in addition to the usual nice volume management features it supports snapshots, bad block handling, and more. See the EVMS web page for more information.

Tagged command queueing for IDE drives. SCSI drives have supported tagged command queueing (TCQ) for many years. TCQ allows a device driver to attach an identifying "tag" onto each request passed to a drive; the drive will then use that tag when reporting on the status of an operation. This tagging allows the drive to have multiple requests outstanding, and to satisfy them in any order it chooses. TCQ improves performance in a couple of ways:

• Having multiple operations outstanding reduces idle time by ensuring that the drive always has work to do. In a single-request mode, the drive must wait after signalling completion until the system gets around to handing it another request. In the tagged mode, that next request is already available.

• The drive can optimize the ordering of requests for the best performance. The Linux filesystem and driver code already tries to perform this optimization, but there limits to how successful the host system can be in this regard. The simple cylinders / heads / tracks model of a disk drive's block layout has been an approximate fiction for years; blocks may not actually be close to where the host system thinks they should be. And it is hard for the host system to know the current head and platter positions. The drive (one hopes) is better informed, and can make better decisions.

TCQ support has been a justification for SCSI user smugness for years. IDE is catching up, however, and Linux is almost ready: Jens Axboe has released a patch which uses TCQ on IDE drives which support that feature. With the release of the second version of the patch, Jens states: "The code has taken quite a lot of beating, so I'm ready to call this beta and ask for more testers. No malfunctions have been detected here."

Note that the patch is still a little way from being ready for widespread enterprise deployment - among other things, no real performance testing has been done yet. Jens has been most concerned with issues like data integrity so far - something that most Linux users will likely appreciate. It's also worth taking a look at this note from Andre Hedrick on the (dismal) state of TCQ support in most IDE hardware.

Nonetheless, the TCQ code has begun to find its way into Martin Dalecki's IDE patch set, and will thus likely show up in a 2.5 prepatch before too long.

Dealing with discontiguous memory. Most computers out there organize their memory as a single, contiguous array of bytes - or something close to that. If there are gaps (such as the x86 memory hole at 640K), they tend to be small and easily worked around. Linux on most systems takes advantage of this contiguous nature by treating memory as a simple, linear array.

But what do you do if your hardware is not so reasonable? The Linux kernel has had discontiguous memory support for some time, but the implementation has not been considered satisfactory by all. Its performance is suboptimal, and the code tends to be strongly tied to specific architectures.

Daniel Phillips has set out to apply an old computer science axiom to this challenge: any problem can be solved by adding another layer of indirection. He has posted a patch which makes some interesting changes to how the Linux kernel sees the memory it runs on.

In kernel space, there is a fundamental distinction between "virtual" and "physical" addresses. Kernel virtual addresses are different from user-space virtual addresses; most of the code treats them as if they were really physical, hardware addresses. In fact, on most architectures, the only difference between (most) kernel virtual addresses and the corresponding physical addresses is a constant offset. The kernel usually works with virtual addresses, translating them to physical addresses only when it is really necessary.

With Daniel's patch, the kernel works with a third address type, called a "logical" address. The characteristics of the three address types, from lowest-level to highest, now are:

physical	Addresses recognized directly by the hardware. They may have significant gaps.
logical	Pseudo-physical addresses as seen by the kernel; the logical address space is contiguous
virtual	Virtual addresses used by most kernel code

The establishment of the logical address space is handled at the lowest levels of the kernel; most of the rest of the system is unaware of it. By setting up the logical address tables properly, the patch takes a system with randomly-organized, discontiguous memory and makes that memory look like a nice, linear array. As a result, most of the kernel code need not be aware of the real arrangement of the hardware.

This patch is a fundamental change in how Linux deals with its memory. Despite that, it is relatively small in size, and it makes it easy for the kernel to deal with complicated hardware arrangements. That extra layer of indirection hides the complexity of the underlying system. Maybe the old axiom is right.

(Here is the latest version of Daniel's patch as of this writing).

SUBTERFUGUE needs a new maintainer. As if in response to the project's having been mentioned in NTK, SUBTERFUGUE maintainer Mike Coleman has announced that he can no longer maintain the project. Have a look if you think you might like to take on this interesting tool.

Other patches and updates released this week include:

Kernel trees:

• Andrea Arcangeli: 2.4.19-pre6-aa1; a number of fixes and performance patches.

• Greg Kroah-Hartman: 2.5.7-gregkh-1; includes a great many USB patches.

• Jörg Prante: 2.4.19-pre5-jp9; the kitchen sink is missing but not much else.

• Marc-Christian Petersen: 2.4.18-WOLK3.3; also includes the kitchen sink.

• Christoph Hellwig: 1.0.9-hch1. "After all the discussions about VFS races and VM problems and growing bloat in all areas of the kernel people seem to have forgotten the good old days of the small and simple linux kernels. Even more important the ego of a young kernel developer will suffer in the long term if he doesn't have his own kernel patchkit, so here it is." Yes, it really is based on 1.0.9.

• J.A. Magallon: 2.4.19-pre5-jam2; updated to the latest Arcangeli VM.

• Paul P Komkoff Jr: 2.4.19-pre5-ac3-s43.

Core kernel code:

• Christoph Hellwig: radix tree page cache for 2.5; this is the first "release candidate."

• Robert Love: a new preemptive kernel patch with mostly minor changes.

• Rusty Russell: futex generalization patch, including pthread support. Also available is an asynchronous futex extension from Hubertus Franke.

• Andrew Morton: the return of the out-of-memory killer in the Arcangeli VM.

• Robert Love: CPU affinity system calls (merged in 2.5.8-pre3).

• Rik van Riel: version 12i of the reverse mapping VM.

• Andrea Arcangeli: vm-33. "I recommend everybody to never use a 2.4 kernel without first applying this vm patch." Here's his explanation for that recommendation.

• Andreas Gruenbacher: version 0.8.25 of the ACL code; due to some changes this patch is considered to be a security fix.

Development tools:

• Amit Kale: kgdb 1.5, with better support for tracking down SMP-related problems.

• Manoj Iyer: Linux Test Project April 2002 release.

• Robert Love: preempt-stats, a kernel preemption measurement tool.

Device drivers

• Greg Kroah-Hartman: USB serial console support, merged in 2.5.8-pre3.

• Richard Gooch: devfs v199.12 for 2.4.19-pre6 and devfs v209 for 2.5.8-pre3.

• Greg Kroah-Hartman: hotplug scripts 2002-04-01.

• James Simmons: new frame buffer device API for 2.5.7.

• Peter Horton: a Radeon frame buffer driver for 2.4.19-pre2.

• Jeff V. Merkey: Dolphin SCI-PCI driver v1.19.

• Marc Boucher: Conexant HCF and HSF linmodem drivers.

Filesystems:

• Anton Altaparmakov: NTFS 2.0.0, a read-only driver for the NT filesystem. The patch has since been updated to version 2.0.1.

• Will Dyson, BeFS 0.92, a Be filesystem driver.

• Steve Best: JFS 1.0.17.

• Hirokazu Takahashi: zero copy NFS update.

Miscellaneous:

• David Welton: a Forth interpreter as a kernel module. "I doubt the code itself is of much interest. Actually, I'm pretty embarassed about it, but decided to make it available despite that."

• Rick A. Hohensee: another kernel Forth implementation.

• Erik Kline: a PAM module implementing per-user capability sets.

• Denis Vlasenko: the kernel maintainers file.

• Neil Brown: mdadm 0.8, a release candidate for this RAID administration tool.

Networking:

• Dmitry Kasatkin: Affix 0.98 (Bluetooth stack for Linux).

• Kazunori Miyazawa: USAGI 3.1, a stable release from this project, which is working to improve Linux IPv6 support.

Ports:

• Andi Kleen: a new x86-64 snapshot. "It has so many bugs fixed over previous kernels that I would recommend every x86-64 user to update to this kernel version."

• Jeff Dike: User-mode Linux 0.56-2.4.18-15.

• Eric W. Biederman: a set of x86 boot enhancements for better support of LinuxBIOS and embedded systems, and more. Additional patch parts: 2, 3, 4, 5, 6, 7, 8.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Distributions

News and Editorials

spyLinux returns to the list. spyLinux was one of those distributions that disappeared from our Distributions List during the recent upgrade. But it wasn't really gone, only moved to a new web site. And now, thanks to doks, we welcome spyLinux back to the list. spyLinux is (s)mall (py)thon (Linux), a single disk distribution of Linux based on tomsrtbt with mxCGIPython. You'll find listed with the Floppy-based distributions.

RedHawk Linux. Concurrent Computer Corporation's RedHawk Linux is an industry-standard, POSIX-compliant, real-time version of Linux, based on the Red Hat Linux distribution. RedHawk features high I/O throughput, fast response to external events, and optimized interprocess communication. Other real-time Linux versions are small, embedded species. Not RedHawk! This real-time OS tackles the larger industry applications that require both a full featured OS and real-time abilities. While not really new, it's a newcomer to the LWN Distributions list, where it's now listed with the Special Purpose distributions. Concurrent sells complete systems; hardware, software, support and service. See this week's Commerce page for an announcement about the the iHawk(TM) Series 860 high-performance Intel-based multiprocessors running RedHawk.

Distribution News

Debian News. The Debian Weekly News for the week of April 3rd picks the best of April Foolery, and an essay entitled "Debian's Problems, Debian's Future".

Here is the latest Woody Release Status report, dated April 6, 2002. "In that vein, I'm becoming increasingly confident in woody's release readiness. So, to go out on a limb:
Debian 3.0 (codenamed woody) will release on May 1st, 2002." A Woody CD image is available for testing.

The third and final call for votes for the Debian Project Leader Election 2002 has been announced. Participation levels are currently lagging behind previous years, so if you are a Debian developer, and you haven't voted yet, vote now.

The 2nd Annual Debian Conference registration page is now available. Debconf 2 will be held in Toronto, Ontario, at York University, from Friday, July 5, to Sunday, July 7, 2002.

FreeBSD. A Developer Preview release of FreeBSD 5.0-CURRENT is now available for widespread testing. This preview is a significant milestone towards the eventual release of FreeBSD 5.0 in late 2002.

Lindows.com's LindowsOS, Sneak Preview 2, Available for Digital Download. Lindows.com has announced the release of Lindows Sneak Preview 2. "One of the new features showcased in LindowsOS Sneak Preview 2 is Click-N-Run(tm) (www.lindows.com/clicknrun), a powerful new tool that opens the door to a world of high-quality software solutions by allowing LindowsOS users to instantly zap software to their machines with one click."

The Future of Mandrake Linux? The Answers!. Gaël Duval answers questions concerning the MandrakeClub. "Did you become concerned after reading the "Future of MandrakeSoft" message that was released on March 11th? Do you feel that MandrakeClub is not an ideal solution for a "for-profit" company? Do you support the idea of the Club, but have been unable to pay? Would you prefer to become a shareholder? Here are the answers to many of these questions and more."

More Mandrake Linux News. The Mandrake Linux Community Newsletter for April 3, 2002 is available. Topics include 8.2 PPC Beta 2; improved printer drivers for HP Inkjets; 8.2 errata online; and more.

Various packages are being provided as bugfix updates to the Mandrake Linux 8.2 release.

Red Hat News. The announcement begins: "It's time for another installment of "As The Packages Churn." In today's episode, the young Cups McDriver continues her quest to wrestle away control of Printers, Ltd. from the powerful L.P.R. Meanwhile a visitor to Skipjack, Alternatives de Debian, tries to mend fences between Hendrik Postfix and Pixie Sendmail. Also Mayor Kernel, still recovering from recent recompiling, tries to bring peace within the Desktop crime syndicate, as the war for control escalates between Keyser Denis Edwards and Gnome Widget."

The second public beta of Red Hat Linux: Skipjack is packed with the very latest technology, including: the 2.4.18 kernel; XFree86 4.2.0; GNOME 1.4, including Evolution; Mozilla 0.9.9; and much, much more.

This week's bug fix advisories:

• Updated up2date and rhn_register clients are available for Red Hat Linux.
• New python-popt packages are available to fix incorrect an dependency.

Slackware News. The testing version of Slackware has seen many upgrades recently, including improvements in nearly every package. Slackware 8.1 is getting closer. See the changes for this week.

Turbolinux News. Newsforge is running a press release from Turbolinux about Birkenstock USA. Apparently Birkenstock is running its ecommerce site on Turbolinux Cluster Server 6.

Embedded Distribution updates

MontaVista Linux. MontaVista announced MontaVista Linux Carrier Grade Edition 2.1, the first carrier-grade quality Linux distribution targeted for edge and core telecommunications including applications for the converging IP and voice networks, optical networks, signaling gateways and Voice over IP (VoIP) gateways, and many other applications.

TimeSys Linux. TimeSys Corporation announced the release of a board support package (BSP) for Embedded Planet's PowerPC-based RPX Lite 823 single board computer (SBC) based on the Motorola PowerPC 823e processor.

Minor Distribution updates

2-Disk Xwindow System. The 2-Disk Xwindow System has released v1.4rc05 with minor feature enhancements.

CRUX. CRUX announced the availability of the CRUX Network Setup, which lets you install CRUX over FTP (i.e. without burning a CD).

Gentoo Linux. Gentoo Linux has announced the release of Gentoo Linux 1.1a. Changes since Gentoo Linux 1.0 include important pam/shadow/util-linux security fixes; support for pppoe installs from our install CDs; various important improvements to Portage; a new design for our nvidia-glx, nvidia-driver and xfree ebuilds; and very many upgrades and improvements to a bunch of packages.

Kondara MNU/Linux. Kondara MNU/Linux has given notice of the termination of releasing "Jirai", a former development branch which is no longer maintained..

Linux From Scratch. Linux From Scratch has released stable version 3.3 with minor bug fixes.

Netstation Linux. Netstation Linux has released development version 0.6 with major bug fixes.

tomsrtbt. A major new version of Tomsrtbt has been released. Version 2.0.0 contains a kernel upgrade (from 2.0.39 to 2.2.20) and lots of other stuff.

Virtual Linux. Virtual Linux will soon release v1.1. A new website is in progress here.

Distribution Reviews

Lindows opens new 'Sneak Preview' (ZDNet). ZDNet reviews the second Lindows preview. "The two features added with the new Lindows software are 'Click-N-Run', an automated process for downloading and installing software, and a set of file viewers designed to handle formats like Word, Excel and Powerpoint."

Section Editor: Rebecca Sobol

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Distribution Lists:
LWN List
DistroWatch
ibiblio
Linux.com
LinuxLinks
LDP English-language GNU/Linux distributions on CD-ROM
Woven Goods

See also: last week's Development page.

Development projects

News and Editorials

A little background on Foomatic:

"Foomatic is a system for using free software printer drivers with common spoolers on Unix. It supports LPD, PDQ, CUPS, the VA Linux LPD, LPRng, PPR, and direct spooler-less printing and any free software driver for which execution data has been entered in the database."

In other words, Foomatic forms a kind of "glue logic" that connects a number of common spoolers to the appropriate printer driver software. It derives the connection information from the Linux Printer Compatibility Database.

The project aims to give a more comprehensive solution to the problem of connecting a large number of printers to different spoolers. It is more of a "big picture" solution than most of the vendor-supplied printer configuration tools. A printer that is set up with Foomatic will be able to handle a variety of different input file formats such as Text, PostScript, and common image formats.

Foomatic supports a long list of printer drivers and printers, but it apparently does not work with IBM's Omni printer driver as of this writing.

For an example of what needs to be done to get Foomatic running on your system, see the documentation for running it with LPD/LPRng/GNUlpr. More documentation is provided for other spooling systems.

The new version is a test for the upcoming 2.0 release, and features streamlined installation as well as performance improvements. Installation no longer requires dealing with a large number of Perl libraries. The announcement gives a detailed list of new capabilities, the ChangeLog has more developer oriented information. See the Foomatic version 1.9 USAGE document for installation tips.

This whitepaper (PDF format) for a description of the origins of Foomatic and the LinuxPrinting.org site that hosts Foomatic. Foomatic can be downloaded here.

Databases

psycopg. Federico Di Gregorio has brought our attention to the psycopg project. Psycopg provides a python interface to PostgreSQL. "psycopg is different from the other database adapter because it was designed for heavily multi-threaded applications that create and destroy lots of cursors and make a conspicuous number of concurrent INSERTs or UPDATEs." The current version is 1.0.7-1.

Embedded Systems

LinuxDevices.com Embedded Linux Newsletter. The April 4, 2002 Embedded Linux Newsletter looks at the VTech Helio PDA and embedded Linux in China. An interview with FSMLabs' president Victor Yodaiken is also included.

Mail Software

Sendmail 8.12.3 released. A new version of Sendmail is available. "This version fixes a long-standing MIME (7 to 8-bit) conversion bug and several smaller problems, e.g., a possible communication problem between the MTA and libmilter, a bug in handling (invalid) addresses containing 8-bit characters, a possible problem with small timeouts being lost on slow machines if itimers are used, and the handling of the 421 reply code and timeouts in the SMTP delivery code."

Network Management

Writing PAM-Capable Applications (O'Reilly). Jennifer Vesperman writes about PAM (Pluggable Authentication Modules) on O'Reilly. "This is the first part of a two-part series on writing PAM-capable applications. This part provides the background knowledge and some of the supporting functions necessary for a developer to effectively use the PAM library. The second part will introduce the PAM library functions."

Printing Software

AFPL Ghostscript 7.20 devel release. A new development release of AFPL Ghostscript has been announced. "Major new features include the new Font API for supporting third-party font renderers, a 'diskn' implemenentation, and tightening of the filesystem access security introduced in the previous stable and GPL releases. -dSAFER now restricts read access as well as write, equivalent to -dSAFER -dPARANOIDSAFER in earlier releases."

Web-site Development

Linux App Writer Wows Skeptics (Wired). Wired examines IBM's SashXB web scripting language. "Some experienced Linux developers say they weren't impressed with the idea of SashXB at first, thinking that working with relatively simple languages such as HTML and JavaScript would limit them and their projects. But the majority of those who finally used SashXB are excited by its promise. " IBM has released the source code for SashXB under the LGPL license. Also see IBM's SashXB homepage and this article on the Gnotices site.

mnoGoSearch-php-3.2.0.beta3 released. A new beta version of the 3.2 branch of the mnoGoSearch web search engine software is available. New features include an Alias command, an improved make script, and an updated search template. The ChangeLog file has all of the release information.

Zope Members' News. This week's Zope Members' News items include an announcement for MailBoxer 1.2beta, SiteBoiler 0.1, ZFireBirdDA 0.0.2, and talk of the Zope BBQ Europe.

Tips for Building Web Database Applications with PHP and MySQL (O'Reilly). Hugh E. Williams gives some tips on building web database applications. "As a backend database management system, MySQL is the perfect partner for PHP. It has a well-deserved reputation for speed in the Web environment, where the commonest class of queries are simple SELECT queries that read from a database."

Documentation

The Linux Documentation Project gets a new domain. The latest Linux Documentation Project Weekly News includes a note that the LDP site has moved to www.tldp.org. There were evidently "some difficulties with the linuxdoc.org domain name." The old address still works for now, but updating of bookmarks and links would appear to be in order.

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Desktop Development

Audio Applications

AlsaPlayer version 0.99.59 released. A new version of the AlsaPlayer audio PCM file player has been released. This version adds a number of locking fixes and includes new song information on the playlist.

WaveSurfer 1.3.1 released. Version 1.3.1 of the WaveSurfer multi-platform sound visualization and manipulation tool is available. The changes include new documentation tools, updated documentation, and bug fixes.

Web Browsers

Mozilla 1.0 RC1 coming soon. The Mozilla hope page says that the first release candidate for Mozilla 1.0 is coming soon. A development roadmap shows where the project is headed.

Desktop Environments

KDE 3.0: A New Era In Desktop Choice. KDE.News has posted the announcement for the release of KDE 3.0. "Every advance opens the door to a group of new adopters, and KDE 3 is set to tear the doors asunder."

KDE.de App of the Month: KView (KDE.News). KDE.News reports on the KDE.de Application of the Month, the KView image viewer. (In German)

People Behind KDE: Takumi Asaki. In this week's episode of The People Behind KDE, we travel to Osaka, Japan for a beer with Takumi Asaki. "I'm one of KDE users. I check the Japanese support for other bugs, and report them. Sometimes I write a patch if I can."

Graphics

Crystal Space 0.94r001 Released. Version 0.94r001 of the Crystal Space 3D engine has been released with lots of new features.

Office Applications

AbiWord Weekly News #86. Issue #86 of the AbiWord Weekly News covers the soon to be released version 0.99.5. The news site has been reworked to improve the handling of bugs.

Kernel Cousin GNUe #23. Issue #23 of Kernel Cousin GNUe is out with the latest GNU Enterprise developments.

Miscellaneous

Announcing Ganymede 1.0.10. Version 1.0.10 of the Ganymede metadirectory system has been released. "Lots of minor feature additions, lots of small bug fixes, and a good bit of code maintainability changes that we have put together over the last four months for this release." See the CHANGES file for the a detailed list.

Programming Languages

Caml

The Caml Hump. The latest adds on the Caml Hump include Stew, the OCamlGD GD graphics library interface, mtlib for mutable lists and binary trees, Lablgtk hump for dealing with LablGtk and LablGL, Cryptokit, and more.

Haskell

Glasgow Haskell Compiler 5.02.3 released. Version 5.02.3 of the Glasgow Haskell Compiler (GHC) has been released. New features include compatibility with gcc 3.x and newer glibc releases, and lots of bug fixes. (Thanks to Jens Petersen.)

Java

Create native, cross-platform GUI applications (IBM developerWorks). Kirk Vogen explains how to use the Java Standard Widget Toolkit. "The Java language has flourished in the server-side and applet spaces, but when it comes to end-user applications, it isn't usually a player. But it doesn't have to be this way. Using Linux, the GNU Compiler for Java, and the Standard Widget Toolkit, you can create fast, native GUI applications programmed in the Java language."

Lisp

New Lisp Software. The latest new Lisp software entries include version 0.2.0 of the ICanCAD electronic CAD editor for integrated circuit design, and the Meta-CVS layer on top of the popular CVS version control utility.

The first issue of The Lisp Magazine has also been announced.

Perl

SOAP::Lite servers are in danger (use Perl). use Perl points out a nasty security vulnerability in SOAP::Lite servers. "This is a big one, and relates to how SOAP::Lite dispatches method calls at runtime, and how Perl executes dynamic method calls. The very best thing you can do is take down your SOAP servers until an update is available."

Stem 0.06 released. Version 0.06 of the Stem general-purpose networking toolkit for Perl has been released. This version has been released under the GPL license and includes a new installation script, more documentation, rewritten modules, and bug fixes. See the April, 2002 edition of the Stem News for all of the details.

PHP

PHP Weekly Summary for April 8, 2002. The April 8, 2002 PHP Weekly Summary looks at a proposal to make mbstring the default, Apache 2 compatibility issues for PHP, dealing with output compression level, and features an examination of Aggregate and Overload.

Pike

Pike: A Language with Teeth (Linux Journal). Linux Journal introduces Pike, a scripting language with roots in C++. "Why should you use Pike? Its powerful C++-like syntax and multiple packages are a plus, as is its speed. It's a strong web-scripting language and treats sockets like files, allowing beginners to talk to mail servers and other services with a minimal fuss."

Pascal

Writing GTK+ Programs with the Free Pascal Compiler (Linux Journal). Linux Journal shows how to use GTK+ with the Free Pascal Compiler. "Being a fan of Delphi/Pascal for Windows programming, I have been curious about the Free Pascal project for quite some time. Free Pascal is an object-oriented compiled language that has been in development since 1993. I've also been interested in writing GUI applications for Linux, which recently prompted me to give Free Pascal a try. This article will briefly explain, based on my (limited) experience, how to write graphical applications using the GIMP Took Kit (GTK+) and the Free Pascal compiler on Linux."

Python

Dr. Dobb's Python-URL!. The weekly Python-URL! for April 9 is available, with links and news of interest to the Python community.

Python 2.2.1 released. Python 2.2.1 has been released. "This being a bugfix release, there are no exciting new features -- we just fixed a lot of bugs." A bug that affects Zope has been fixed in this release.

Python Options (O'Reilly). Stephen Figgins talks about the handling of command line options in Python. "Parsing and handling options is so simple that when Greg Ward announced Optik, a command-line parsing library, I asked him why he would even bother. He replied, 'The problem is not that it's difficult per se, but that it's too easy -- any idiot can code a loop over sys.argv.'"

The Daily Python-URL. This week's entries on the Daily Python-URL include the Python Computer Graphics Kit, the JpGraph PHP graphing utility, Python 2.1.3, SLiP, the CAGE cellular automaton engine, SVGdraw, and more.

Ruby

The Ruby Garden. This week's Ruby Garden looks at several implicit return issues, endian-ness, LDAP & SSO, the Struct class, and more.

The Ruby Weekly News has announcements for the Eclipse Ruby Development Tool, Devel::Logger/1.0.0, and a new Ruby book.

Smalltalk

Swazoo, a Smalltalk Web Zoo. An new version of the "Open Source, vendor agnostic, dialect neutral web application framework for Smalltalk", known as Swazoo has been announced. New features include SSL support, support for multihomed hosts, better portability, and more.

Tcl/Tk

Dr. Dobb's Tcl-URL!. The Dr. Dobb's Tcl-URL! for April 3, 2002 is out with lots of April Fool's Day material as well as more serious Tcl material.

XML

Apache SOAP type mapping, Part 2: A serialization cookbook (IBM developerWorks). Gavin Bong continues his IBM developerWorks series on Apache/SOAP. "SOAP specifies an encoding to represent common types found in databases, programming languages (for example, Java programming language), and data repositories. Apache SOAP's toolkit supports encoding by supplying a base set of (de)serializers; classes that do the grunt work of mapping Java types to serialized XML representations."

Integrated Development Environments

GNUstep Weekly Editorial. The April 5, 2002 GNUstep Weekly Editorial covers the new gslib implementation for gnustep-back, as well as other project developments.

Miscellaneous

Server clinic: Expect exceeds expectations (IBM developerWorks). Cameron Laird writes about Expect on IBM's developerWorks. "Cameron Laird opens his new monthly column with an overview of the popular Expect tool, a language capable of far more than most programmers and administrators realize. Expect is so apt for the general-purpose work needed to keep servers healthy, in fact, that it can serve as your one (almost) universal programming language."

SQL Console 1.3 for Jext. Another new version of SQL Console for the Jext programmer's editor is available and features a new sortable table view.

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

EFF Broadcast Protection Discussion Group weblog. The Electronic Frontier Foundation calls attention to a "mini-SSSCA" -- a narrow government mandate sought by electronics and computer industries as an alternative to the broad mandate in the SSSCA/CBDTPA. "It's still a mandate, and it's still bad for free software. It would mean, in practice, that free software couldn't be used to receive or display digital television broadcasts."

Concurrent Introduces iHawk Real-Time Linux Multiprocessor Systems. Concurrent Computer Corporation introduced the iHawk(TM) Series 860 high-performance Intel-based multiprocessors running the Linux(R) operating system. The new iHawk systems are powered by from one to eight Intel Pentium(R) Xeon(TM) processors, each running Concurrent's RedHawk(TM) Linux real-time operating system.

Concurrent also announced its NightStar(TM) real-time software development tools for the iHawk.

'Jython Essentials' from O'Reilly. O'Reilly has announced the release of Jython Essentials, a book about the Python implementation written in Java, by Noel Rappin and Samuele Pedroni. The first chapter is available online.

Linux Stock Index for April 05 to April 10, 2002.
LSI at closing on April 05, 2002 ... 24.06
LSI at closing on April 10, 2002 ... 23.48

The high for the week was 24.06
The low for the week was 23.14

Press Releases:

Open Source Products

• MBSI (): Improved Conexant HCF/HSF Linux drivers and website.

• On2 Technologies, The Duck Corporation (NEW YORK): On2's Open Source Personal Video Recorder Technology, VPVision, Now Available to Open Source Community.

• SnapGear Inc (SALT LAKE CITY, Utah): SnapGear Announces Shared Library Support for uClinux.

Distributions and Bundled Products

• MontaVista Software Inc. (PARIS & TOKYO): MontaVista Announces Industry's First Linux Platform Designed for Carrier-Grade Telecommunications Applications.

• TimeSys Corporation (PITTSBURGH): TimeSys Expands PowerPC Support with Embedded Linux Solution for the PowerPC 823 Processor.

Proprietary Products for Linux

• Discreet (LAS VEGAS): Discreet Announces Latest Versions of inferno, flame and flint at NAB 2002; Company Celebrates a Decade of Excellence with flame at NAB 2002.

• Discreet (LAS VEGAS): Discreet Unveils New Effects, Streaming and Infrastructure Solutions at NAB 2002; Unprecedented Range of Innovations Fuel New Features, Productivity and Distributed Workflow.

• Pico Technology (CAMBRIDGE, United Kingdom): Pico Adds Linux Drivers for DSOs and Data Loggers.

• Sphera Corporation (BOSTON): Sphera's Software Selected to be Used in IBM Hosting Solution.

• Synopsys, Inc. (MOUNTAIN VIEW, Calif.): Synopsys' Physical Compiler Enables Timing Closure Flow That Scales to 20+ Million Gate Designs.

Linux Server Hardware

• ASL (NEWARK, Calif.): ASL Inc. Announces Immediate Availability of New 1U Server.

• BroadVision, Inc. (REDWOOD CITY, Calif.): BroadVision Announces Support for New IBM eServer; Powerful High-end Technologies Infused in New IBM Midrange Solution.

Embedded Linux Products

• Mediabolic (LAS VEGAS): Mediabolic Demonstrates Emerging Entertainment Software Platform on IBM's STB04xxx Advanced Set-Top Box Hardware Reference Design.

Products With Linux Versions

• DMOD (BOSTON): DMOD Announces Version 2.0 of the DMOD WorkSpace Software for Secure Digital Media Collaboration and Distribution.

• Innovation Data Processing (LITTLE FALLS, N.J.): Innovation Data Processing Announces FDR/Upstream Version 3.1.5 NetWare 6 Certified.

• Marratech (KISTA, Sweden): Marratech Launches the Marratech Enterprise Architecture -- A New Integration Platform for Web Based E-Meetings and Conferences.

• MINOLTA-QMS, Inc. (MOBILE, Ala.): MINOLTA-QMS Printers Support Common UNIX Printing Methods.

• NovaStor (SIMI VALLEY, Calif.): NovaStor Improves Disaster Recovery With New InstantRecovery 3.0; Updates to NovaStor's InstantRecovery Software Improve Convenience and Compatibility.

• Pactolus Communication Software Corporation (WESTBOROUGH, Mass.): Pactolus Introduces Linux Version of Proven, Carrier-Ready SIPware Services Solution.

• STARBAK (COLUMBUS, Ohio): STARBAK Introduces the Next-Generation Gateway for Streaming H.323 Videoconferences Over Any IP Network.

• Synplicity (SUNNYVALE, Calif.): Synplicity Automates Physical Synthesis for PLD Designers; Amplify Software Supports High-Density PLDs and Platform-Based Solutions From Altera and Xilinx.

• Synplicity (SUNNYVALE, Calif.): Synplicity Enhances Synplify Pro Software; Supports Verilog-2001 Standard; Synthesis Solution Offers Improved Performance and Support for New Operating Systems and Devices.

• Vanguard Integrity Professionals (LAS VEGAS): Vanguard Integrity Professionals Introduces Multi-Platform Password and Intrusion Management Solution.

Linux At Work

• Red Hat, Inc. (RALEIGH, N.C): Red Hat Linux Powers Credit Suisse First Boston's Massive Global Trading Architecture.

Java Products

• iKnowledge (LAS VEGAS): iKnowledge Announces New Object-Based Content Aggregation and Distribution Solution At NAB 2002.

Partnerships

• Fujitsu Limited (TOKYO & SAN JOSE, Calif.): Fujitsu Joins Eclipse Board; Fujitsu's Breadth of Experience in Developer Tools to Enhance Eclipse Community.

• Red Hat, Inc. (RALEIGH, N.C.): Red Hat Unveils CVE Security Compatibility.

Financial Results

• EBIZ Enterprises (SEC filing): EBIZ Enterprises filing 10KSB/A (Amended Annual Report).

Other

• Vanguard Integrity Professionals (LAS VEGAS): Vanguard Integrity Professionals Files for Intrusion Detection Patent; Process Detects and Prevents Intrusion in Multi-Platform Computing Environment.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Copyright bill universally rejected (GlobeTechnology). Globe Technology is running a Reuters article on the reaction to the CBDTPA. "The Senate Judiciary Committee, which has also held hearings on the issue, has received more than 3,500 comments criticizing the bill, a spokeswoman said. 'We haven't received one e-mail in support of the Hollings bill,' said Judiciary Committee spokeswoman Mimi Devlin." (Thanks to Michael Walma).

The EFF Gets a Blog (Linux Journal). Linux Journal looks at Consensus at Lawyerpoint, part of the EFF's effort to raise concern about the activities of the Broadcast Protection Discussion Group. "As with everything else the EFF does, Consensus at Lawyerpoint helps us save the Internet's commons from the self-righteous paranoids whose unseen hands operate congressional sock puppets like South Carolina's Fritz Hollings, (prime author of the CBDTPA...)"

Don't Buy Hollywood's Broadband Script (Business Week). Business Week writes about problems with the latest bill from Senator Hollings. "Little by little, Hollywood is calling the shots when it comes to the Digital Age. Standardization and legislative work is going on in bits and pieces, making it difficult to fully understand how much traditional consumer rights could ultimately be infringed upon."

Judges iffy about library filtering law (News.com). Reuters covers another threat to online rights, the Children's Internet Protection Act (CIPA). "A trial to determine how far the government can go to protect children from pornography ended Thursday with judges openly concerned about whether the latest online smut law from Congress infringes on free-speech rights."

Linux and Large Database (IT-Director). This is a followup to last week's article "Can Linux Do Database?". "An interesting straw in the Linux database wind is the announcement that Florida International University, a leading public research university, is using Linux (and also DB2) running on an IBM SP Supercomputer to power its High Performance Database Research Center. One of the applications it will run is TerraFly which gives users an image based overhead view of almost any location in the US. This will be one of the largest on-line databases in the world and hence it may prove a point or two."

Linux grrls break free (Sydney Morning Herald). Here's an article about LinuxChix, the LUG for women. "The LinuxChix community primarily revolves around eight general mailing lists. They include "techtalk" for technical questions and answers from beginner to expert level, "issues" relating to Linux, open source, technology and women and "grrls-only" - a combination of the LinuxChix mailing-lists topics but for women only. Grrls-only is deliberately not archived, to encourage people to speak openly."

ISS ranks Net vulnerabilities (Register). The Register looks at the results from the most recent ISS survey of Internet vulnerabilities: "The company counted 7,665,000 hybrid related attacks during the quarter, which eclipsed the number denial-of-service attacks tracked by the ISS X-Force Internet Threat Intelligence service."

IBM's unfolding power play (ZDNet). ZDNet is skeptical of the justification provided by IBM and Microsoft for excluding Sun from the board of the Web Services Interoperability Organization. "At the time of OpenServer.org, Oracle and IBM were holding up payments to Sun for their licenses of Sun's Java 2 Enterprise Edition . Could those licenses have served as pawns in a power play that was culminating in the launch of OpenServer.org? At the last minute, Oracle licensed J2EE, withdrew support for OpenServer.org, and OpenServer.org subsequently went poof . Sun, after patching up its J2EE license snafu with Oracle, appeared to have pulled the rug right out from under OpenServer.org, IBM, and the rest of the companies behind the consortium."

Anti-Unix site returns - on MySQL? (Register). Andrew Orlowski further analyzes the Microsoft/Unisys "wehavethewayout.com" site, which was, until recently, running on an OpenBSD machine. "But is the site itself entirely clean? The server yesterday revealed that some interesting ports were left open. The most interesting of which is port 3306, which is used by MySQL and Postgres. Since wehavethewayout.com was a BSD/Apache combination, it was almost certainly running an open source database, too. While Unisys has switched the front-end server to Windows IIS, the most likely explanation for keeping this port open is that the back-end still interfaces to a MySQL database."

Anti-Unix Web site back online (News.com). News.com looks at the Microsoft/Unisys "We have the way out" publicity fiasco. "'Microsoft is well known for trying to steer people away from anything non-Microsoft by any means possible,' Jon Fields, of LinuxFreak.org, which runs the 'We have the way in' parody Web site, wrote in an e-mail. ''Wehavethewayout.com' was developed to fool people into thinking Unix-based systems are a dead end and very costly. However, they didn't seem to notice they were running on FreeBSD at the time.'"

Judge: U.S. has jurisdiction in DMCA case (CNN). CNN is carrying this Reuters story covering the ElcomSoft trial. "The judge previously denied a defense motion to dismiss conspiracy charges against ElcomSoft, but Burton said the judge said he could refile that motion after getting more information."

Adobe-Hack Lawyers: Toss the Case (Wired). Wired looks at this week's developments in the Elcomsoft case. "The courtroom debate lasted about an hour, with Judge Whyte asking few questions of the attorneys. He made no immediate ruling. He is also still considering a a previous defense motion to dismiss the case. "

US courts claim jurisdiction over Sklyarov (Register). The Register further examines the latest developments in the Elcomsoft case. "During a pre-trial hearing on Monday, lawyers argued that since ElcomSoft's Advanced eBook Processor, which can circumvent the weak copyright protection in electronic books, was legal in Russia and distributed over the Internet - a US court had no right to adjudicate on the matter.

This argument failed to impress US District Court Judge Ronald Whyte."

Microsoft still trying to stop Lindows (PC World). PC World reports on the continuing developments between Microsoft and Lindows. "Saying that the court asked the wrong questions and therefore arrived at the wrong answers in its preliminary injunction ruling that allowed Lindows.com to continue to use the name Lindows, Microsoft filed a motion for reconsideration late last week with United States District Court for the Western District of Washington." There's a related story in the San Diego Union-Tribune.

Companies

Dell looks to employ old tactic with new products. Newsalert talks about Dell Computer Corporation's push into the server market. "Dell believes businesses are increasingly interested in switching to Windows and Linux servers from the now common Unix servers, a market Hewlett-Packard dominates. If that switch happens, the Intel processors inside Dell servers would be in greater demand."

News.Com also covers Dell's plans. "One area where it will likely grow is services, which now represent about 10 percent of Dell's revenue. The company is working to expand the offerings of its services arm, Dell Technology Consulting, in a variety of ways, including partnerships, organic growth and acquisitions focused on Microsoft and Linux software."

Open source: IBM's deadly weapon (ZDNet). ZDNet examines IBM's changing business practices over the past twenty years. "There's no question that IBM's involvement in Linux is, in some ways, a power play against Microsoft, Intel, and even Sun . IBM could take much more control over its destiny if it minimized its dependency on these companies. But in order to strategically marginalize these three companies, IBM would have to place a few more bets under the industry-friendly guise of open source."

Red Hat bitten by Linux's low cost (News-Observer). The (Raleigh, NC) News & Observer examines Red Hat's situation. "Meanwhile, the company's top executives have been selling Red Hat shares, which doesn't typically boost investor confidence. In late March, Chief Executive Officer Matthew Szulik filed to sell 425,000 of his shares after filing to sell 600,000 shares in February, according to documents filed with the U.S. Securities and Exchange Commission. Company co-founder and Chairman Robert F. Young has unloaded nearly 700,000 shares so far this year, part of a plan in which he sells shares automatically on a daily basis."

Red Hat Lands a Big Fish (IT-Director). IT-Director looks at the Linux deployment at Credit Suisse First Boston. "Trading systems are not trivial applications. They are demanding in many ways, particularly in terms of the requirement for very high availability, failover and high performance. About 10 years ago the Digital VAX dominated this application space, primarily because of its resilience, and later on UNIX machines dominated. Now the space appears to be going over to Linux."

Business

Canadian Linux Consultants Offer Safety from Software Audits (Linux Journal). Don Marti examines a site called stay-legal.org that a group of consultants started in order to help businesses reduce the liability of software piracy fines. "Afraid one of your employees ratted you out to the Canadian Alliance Against Software Theft? Linux consultants will help you replace those illegal copies of proprietary software with legal Linux."

Reviews

MS Office for Linux? Not quite--but close! (ZDNet). ZDNet investigates Code Weavers' CrossOver Office, which uses parts of WINE to run Microsoft applications on Linux. "CrossOver currently supports only three Office applications: Word, PowerPoint, and Excel. While those three are sufficient for most users, you're out of luck (at least for now) if you want to use Access, Outlook, or FrontPage."

KDE 3.0 in the news. Open For Business looks at the new KDE 3.0 release. "According to Andreas Pour, Chairman of the KDE League, 'KDE systems - combined with GNU/Linux or a UNIX system - offer a compelling solution for enterprises which desire to realize substantial savings in their IT budgets, and comes at an opportune time in light of current economic conditions and runaway licensing fee inflation.'" (Thanks to Timothy R. Butler.)

Here's the Official KDE 3.0 announcement, the site is somewhat slow, however.

KDE polishes Linux desktop (ZDNet). Here is another look at KDE 3.0, this time from ZDNet UK. "The software currently supports 50 languages through the use of Unicode, a standard for rendering international characters, throughout its libraries. KDE 3.0 also supports right-to-left writing systems."

New version of Apache released--again (News.com). News.com takes a look at the latest version of Apache. "On Friday, the Apache Software Foundation endorsed version 2.0 for real-world "production" use, not just for test machines. Apache Software Foundation Director Greg Stein designated version 2.0.35 as the first general availability--or final--version, and now recommends it over the earlier 1.3 versions."

Sharp starts shipping Linux handheld (News.com). News.com gives its coverage of the Linux based Sharp Zaurus PDA. "Another feature that sets the new Zaurus apart from other handhelds is a tiny keyboard that slides out when needed. Zaurus owners can also input data via handwriting-recognition software and an on-screen keyboard." Hooray for that.

Palm handed open-source browser (ZDNet). Linux Labs has released a beta version of the Vagabond browser. "The browser's features include support for color screens, HTML, WAP, i-mode, cookies, SSL, bookmarks, an advanced toolbar and history, and auto-fill of Web addresses. It is designed for wireless Palms like the Palm VII, VIIx or 705, but will work with any Palm handheld that has a recent version of the operating system and the Web Clipping libraries installed."

Lessig's doomsday look at cyberspace (News.com). News.com reviews Lawrence Lessig's book 'The Future of Ideas: The Fate of the Commons in a Connected World'. "The Internet, Lessig reminds us, was originally designed to be an intellectual 'commons,' a free public space open equally to all (see, for example, the mission statement of the World Wide Web Consortium). But in recent years corporate heavyweights have begun using copyright and patent law to turn large swathes of the Internet into their own private property. " (Thanks to Kyle Roberson.)

Linux Orbit reviews the 3D Tank game BZFlag. Linux Orbit has reviewed BZFlag, a 3D tank game. "BZFlag is a 3D multi-player tank battle game. You can fight other tanks by yourself as a Rogue (some game servers don't support Rogues) or join a team based on your tank color (Red, Green, Blue, Purple). The object of course is to kill other tank opponents by shooting them, a fairly straightforward scenario for a first-person shoot 'em up type of game. "

Resources

Simulating Massively Parallel Database Processing on Linux. IBM is running this article exploring how to set up two database partitions on a single computer (known as multiple logical nodes) and create tables partitioned across these nodes. This single CPU machine can then run multiple nodes and simulate having computers connected together in a cluster. (Thanks to Frank Carlos)

ELJOnline: Quest for PDA Utopia: Qtopia?. Are you getting a Zaurus? This ELJOnline tutorial shows you how to develop your first PDA application with Qtopia, and test it on your desktop before your new Zaurus comes.

Clustering Tutorial (IBM). IBM is offering an online tutorial on clustering. "When you finish this tutorial, you'll not only know what clusters are, you'll also know how to achieve high availability, failover, redundancy, and replication. For added measure, you'll understand resiliency, load balancing, CSM, and resource sharing. " Registration is required.

Whitepaper: Management of Web contents: the example of Zope. Here is an introduction (in French) to a whitepaper which uses Zope as an example in the management of Web contents.

A new era: Carrier-grade Linux for Telecommunications (LinuxDevices). This whitepaper by MontaVista Software's Glenn Seiler provides an introduction to one of the most significant emerging applications for Linux -- as a "carrier grade" operating system platform in public network telecommunications products.

LinuxUser issue 18. Issue #18 of LinuxUser is now available as a series of PDF format files.

Miscellaneous

IBM will own Java (ZDNet). Daniel Lord expresses his opinion on the future of Java in a letter to ZDNet. "I was surprised to hear IBM state that they had twice as many Java programmers as Sun did (including JavaSoft) and that they were scattered around the world in Russia and other locale, and developing Java 24x7.

I knew then that IBM saw the potential of Java better than Sun, who almost killed it."

Section Editor: Forrest Cook

See also: last week's Announcements page.

Announcements

Resources

Discounted LPI Exams at SDExpo. LPI will offer half price exams at the Software and Development Conference in San Jose California, April 24th and 25th, 2002.

Events

2nd Annual Debian Conference. The 2nd Annual Debian Conference registration page is now available. Debconf 2 will be held in Toronto, Ontario, at York University, from Friday, July 5, to Sunday, July 7, 2002.

Linux Install Day 2002. A number of Linux Install Days will be held across England in May and June, 2002. (Thanks to M J Ray.)

Bruce Perens to speak in Belgium. Bruce Perens will give a talk on the social interest of Free Software in Belgium on Sunday, April 14.

Australian Open Source Symposium CFP. A call for papers has been issued for the fourth Australian Open Source Symposium, which will be held in Sydney on July 20, 2002.

InterNetworking Event Coverage. Aschwin Marsman has sent us his coverage of the InterNetworking Event in Amsterdam.

GUADEC Coverage. Steven Hanley has sent us links to his coverage of the GUADEC conference. Notes are available for Day 1 and Day 2.

Embedded Linux at ESC 2002 San Francisco (LinuxDevices). Here is the LinuxDevices.com annual report on "all things Linux at the Embedded Systems Conference".

Events: April 11 - June 6, 2002.

Date	Event	Location
April 11 - 12, 2002	Zope BBQ 2002, Europe	Berlin, Germany
April 22 - 26, 2002	Software Development Conference and Expo	(San Jose Convention Center)San Jose, CA
April 24 - 27, 2002	Federal Open Source Conference	(Ronald Reagan Building)Washington DC
April 29 - 30, 2002	Samba eXPerience 2002	(Hotel Freizeit)Göttingen, Germany
May 2 - 4, 2002	The International Forum of Free Software	Porto Alegre, Brazil
May 5 - 10, 2002	NetWorld+Interop	Las Vegas
May 13 - 16, 2002	O'Reilly Emerging Technology Conference	Santa Clara, CA., USA
May 18 - 22, 2002	The 13th Annual Borland Conference(BorCon)	(Anaheim Convention Center)Anaheim, CA
May 19 - 24, 2002	XML Europe 2002 Conference & Exposition	(Princesa Sofia Inter Continental)Barcelona, Spain
May 25 - 26, 2002	Magdeburger Linuxtag 2002	(Building 22 (W) University of Magdeburg)Magdeburg, GERMANY
May 27, 2002	Linux@work	Copenhagen
May 28, 2002	Linux@work	Oslo
May 29, 2002	Linux@work	Stockholm
May 30, 2002	Linux@work	Helsinki
June 3 - 6, 2002	Embedded Systems Conference - Chicago	(Donald E. Stephens Convention Center)Rosemont, IL
June 4, 2002	Linux@work	Paris
June 5, 2002	Linux@work	Brussels
June 6, 2002	Linux@work	Amsterdam
June 6 - 9, 2002	LinuxTag 2002	(Exhibition Center)Karlsruhe, Germany

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Web sites

Loads of Linux Links (LoLL). The Loads of Linux Links (LoLL) project has announced the release of stable version 1.0.0. The LoLL project contains 3000+ subject-classified and searchable Linux links for all levels of Linux users.

Miscellaneous

University of Illinois/NCSA Open Source License. For those of you who are interested in software license architecture, Steve Mallett has sent us a link to a template for the latest OSI approved University of Illinois/NCSA Open Source License.

Postfix User Group seeks logo. Calling all GIMP artists: the Postfix User Group has announced that it is looking for submissions for a new logo.

Section Editor: Forrest Cook.

Software Announcements

The Alphabetical List and Sorted by license

Our software announcements are provided courtesy of FreshMeat

See also: last week's Letters page.

Letters to the editor

From:	 chris.m.moore@amsjv.com
To:	 letters@lwn.net
Subject: A better name for CBDTPA
Date:	 Thu, 04 Apr 2002 14:13:08 +0100

Hi,

Great interview with RMS.  As to discussing the CBDTPA bill: why not
call it the CoBbleD TressPAss bill since it's poorly thought out and
invasive.  :-)

Cheers,
 
Chris M. Moore
Software engineer, UK

From:	 Richard Kay <rich@copsewood.net>
To:	 jono@fsf.org
Subject: US anti-communications act
Date:	 Fri, 5 Apr 2002 12:53:18 +0100
Cc:	 letters@lwn.net

Seems you guys in the US have a similar problem
we had in the UK with what we renamed "The Poll Tax", which
the government of the day (Margaret Thatcher) named
"The Community Charge" in a particularly Orwellian bit
of double-speak. This particular malformed legislation
cost Maggie her job. No-one now refers to the oppressive
law by her name for it - everyone calls it "The Poll Tax".

Following RMS's interview it seems you need to have a
competition for the best rename of the CBDTPA. How
about:

The Anti-Communications Statute (TACS) 

Programming Prevention Act

Programmer Unconditional Suppression Statute (PUSS).

I'm sure someone can come up with something better. 

From:	 "Chris Brand" <Chris_Brand@spectrumsignal.com>
To:	 <letters@lwn.net>
Subject: The FTAA
Date:	 Thu, 4 Apr 2002 16:59:28 -0800

In your interview with him, Mr Stallman said
>The USA is not the only battleground: the Free Trade Agreement of the Americas (FTAA)
>may extend DMCA-style anti-circumvention provisions from the southern tip of Chile to 
>the northern territories of Canada--that is what the US demands. If you live in the Americas,
>please work to oppose the FTAA, particularly this April when it is debated again. The
>immediate battle here is that the USA is pushing to accelerate adoption by 2003 when the 
>current slate is for 2005. Let's at least try to keep the schedule for 2005 so we have more 
>time to fight. 

I'd like to second this motion. Please help oppose the extension of the DMCA into the rest of
the Americas. Visit  http://www.ftaa-alca.org/. Read the invitation to participate.
Note that there are very strict requirements that comments have to adhere to and that
you only have until the end of this month to submit them. Then send them comments, even
if it's only a few lines. Please.

Chris Brand 

(Not speaking on behalf of my employer)

From:	 David Walker <alternativept@yahoo.com>
To:	 letters@lwn.net
Subject: 
Date:	 Sat, 6 Apr 2002 11:12:05 -0800 (PST)

Mr. Stallman writes in your interview: "I would not ban high salaries, but
I think they should have a high tax bracket. As for making software
proprietary, I really don't care whether it is legal as long as in practice
it is rare enough to have no significant impact on society."

He also writes: "Proprietary software is antisocial, so developing it is
wrong."

It would appear from these quotes that Mr. Stallman does not think people
should be allowed to make money from their own labor, but should "donate"
it to the common good or have it taken from them.

As a health professional (physical therapist), I am familiar with this
thinking.  There are many who contend that health care should be a "human
right", available to all at no cost.  Nice idea until you get to the part
where I must work for free.  Health care is a service, not a right.
Otherwise, who will pay for my lunch?

In the world of computing, Mr. Stallman says that a programmer who goes to
school and thinks up a unique, marketable hack must give it away.
He/she/they should not be allowed to benefit from their hours of
butt-numbing labor.  If they manage to make a ton of money in spite of the
forces arrayed against them, then this money shall be taken away by
government.

How is this in any way reasonable?  In a free society if a guy writes a
program, it is his.  He can sell it or give it away as the spirit moves
him.  Both choices are reasonable and morally correct.

Gnu is a gift that Mr. Stallman and friends have -freely- chosen to give.
Nobody told them they had to, they just gave it.  Linux and Gnu should be
viewed in this light, and valued accordingly.  Such gifts are precious.

However for Mr. Stallman to suggest that it is immoral to make or use
proprietary software is not supportable.  Patents, copywrites and trade
secret protections are a cornerstone of modern Western civilization.  They
were invented and developed over centuries because they were desperately
needed.

The founders of the United States felt the issue was sufficiently important
to put it in the Constitution.  That certain unscrupulous companies ("Who's
the leader of the club...?") and politicians have abused the law does not
invalidate the principle on which it is based.

I think Mr. Stallman needs to look into the philosophical underpinnings of
his belief system.  Private property is not immoral in a free society.

In fact, there is no freedom without private property.  Freedom starts with
the absolute ownership of your own body and your own labor.  If your labor
is not yours, you can't give it away.

David Walker, Ancaster Ont. Canada

From:	 Ronald Cole <ronald@forte-intl.com>
To:	 letters@lwn.net
Subject: "intellectual property"
Date:	 Fri, 5 Apr 2002 14:20:54 -0800

RMS claims that he doesn't like the term "intellectual property"
because it is biased.  I've given it much thought and came to the
conclusion that the term "intellectual property" can reasonably only
mean one thing: "trade secrets"...  and the laws in that area are
quite reasonable, I believe.

-- 
Forte International, P.O. Box 1412, Ridgecrest, CA  93556-1412
Ronald Cole <ronald@forte-intl.com>      Phone: (760) 499-9142
President, CEO                             Fax: (760) 499-9152
My GPG fingerprint: C3AF 4BE9 BEA6 F1C2 B084  4A88 8851 E6C8 69E3 B00B

From:	 Leon Brooks <whtwo@leon.brooks.fdns.net>
To:	 eCommunity@unisys.com
Subject: Must The Way Out be dodgy from end to end?
Date:	 Fri, 5 Apr 2002 10:47:38 +0800
Cc:	 Thomas.Freeman@unisys.com, Kevin.McHugh@unisys.com

Is this really The Way Out?

OK, so the embarrassment of hosting an anti-Unix site on a Unix box has 
passed, and the website is actually up instead of showing Error403s and blank 
pages... but still, something's not right. In fact, practically everything's 
not right.

The main page actually seems to work in most browsers, but the image is 
crazy... you're supposed to be representing someone escaping from a dark maze 
to a better place, but the window into the maze has light shining OUT from 
the maze. Is this a Freudian slip? A glance at http://www.wehavethewayin.com/ 
- the opposition - shows a much more relevant set of images.

So next, I go to join the ecommunity, and am served a page packed to the 
eyebrows in fragile JavaScript. Needless to say, this JavaScript fails to 
construct a useable registration form, so I cannot register. Why are you 
using JavaScript so heavily on a site supposedly inspiring confidence in your 
viewers, so they will transition to UniSys and Microsoft?

But this is still only the beginning of troubles.

During the page load, I get a nice dialog box explaining that DoubleClick 
have offered an expired certificate, and asking if I should accept it. I 
decline. This does not look competent. Why are you outsourcing advertising, 
especially from a provider which many people block, on a site which has 
advertising as its primary purpose?

Next, I see that the underlying technology is JSP, a technology designed and 
fathered by Sun - Unix specialists - and over which much controversy hangs 
with regard to Microsoft's ability to provide compliant Java support. Why are 
you again using a technology which `belongs' to the opposition and not one 
which `belongs' to your allies? Why are you demonstrating with a product over 
which standards-compliance questionmarks hang?

The main WHTWO page has no Document Type Definition (DTD) in it, which is a 
violation of the international HTML standards.

The page also uses a Windows-only character set, which is going to make it 
display poorly for those very Unix users you're targetting, not to mention 
Macintosh and other browsers. The character set in question (windows-1252) 
places printable characters (notably `smart quotes') in a UniCode control 
character zone, so not only is it non-standard, it actively conflicts with an 
important international standard, and ironically one which Microsoft are 
active in promoting the use of.

WHTWO fails all of the HTML validations (http://www.validator.w3.org/) no 
matter what class of HTML I tell the validator to try. This is a bit of a 
showstopper because you're targetting an audience for whom standards are 
important. The Ecommunity entry page is even worse, with element nesting 
errors and the like throughout.

A quick portscan of the webserver shows more ports open than necessary (ie 
it's not as secure as it should be) including a port normally associated with 
the Open Source database MySQL. Even if you're not using MySQL, this doesn't 
look good at all.

If these sites are supposed to be showcasing the benefits of riding with 
UniSys and Microsoft, for me at least they've achieved the precise opposite.

If UniSys and Microsoft were carrying out an enterprise-wide implementation 
for me and fumbled it this badly, repeatedly, I'd just about die of shame.

Cheers; Leon

From:	 jimd@starshine.org (Jim Dennis)
To:	 letters@lwn.net, editors@linuxtoday.com
Subject: Intellectual Property in the New Millennium: A Tempestuous Sea of Change
Date:	 Fri,  5 Apr 2002 13:34:06 -0800 (PST)

  Intellectual Property in the New Millennium: 
  A Tempestuous Sea of Change
	copyright: James T. Dennis <jimd@starshine.org> 2002





 [License to read, publish, translate and discuss granted without fee or
 royalty subject to the following license:

	You must absolutely agree with everything I say! (*) ]





 Regarding the recent Slashdot article, I have a somewhat rambling rant 
 that might be thought provoking:

> Microsoft Tech Specs Prohibit GPL Implementations
>
> Posted by michael on Friday April 05, @10:42AM
> from the difference-between-trust-and-anti-trust dept.
> abartlet writes "As described in this Advogato entry, MS is trying to pull a
> swifty with their latest 'release' of their CIFS (the networked filesystem
> Samba implements) Technical Reference. The licence specifically prohibits
> any GPLed or (or LGPLed) program from implementing it, defining it as an
> 'IPR Impairing Licence'! Fortunately the CIFS community is about to release 
> its own Technical Reference based on earlier MS documents and long 
> experience in attempting to interoperate with the MS product." Microsoft's 
> claim is completely ungrounded - nothing written by a third-party can
> take away Microsoft's intellectual property rights. But it makes a good 
> (read: confusing to the general public) justification for preventing others 
> from interoperating with their software. 

 This is just a symptom of a much larger problem.  Microsoft is only 
 one example of this increasingly invasive and oppressive trend by 
 large corporations to re-define laws and customs that relate to 
 fair use.  They, in essence, are trying to say that a publication 
 (NOT SOFTWARE BUT TEXTUAL INFORMATION, AS IT MIGHT BE PRINTED) is
 subject to LICENSING rather than traditional copyright law.

 Let's give an example:  If I wrote a novel, hypothetically a mystery,
 I could not publish it under a "license" that required people to pay
 me royalties for any of the "ideas" that the might implement in 
 committing or investigating real crimes.  Indeed, I can't (under our
 customs or traditional laws) attempt to limit the right of other 
 people to write other novels (even if they happen to be mysteries, 
 set in similar time periods and/or mileus, even if they have similar
 characters and gimmicks, even if they actually involve the "same" 
 crime -- such as the classic "locked room" murder).

 If course I might have a claim if an author used the same characters
 (name and description), and/or the same titles or author's psuedonyms
 (or names, titles, or author psuedonyms that were sufficiently similar 
 as would be likely to cause confusion --- a point where copyright starts
 to interface with trademark laws and traditions).

 I recall that there was actually a lawsuit recently (within the last
 year or two) where a parody of "Gone with the Wind" was at issue.  Such
 a lawsuit would, historically, have been unthinkable (parody is specifically
 protected in copyright and trademark laws as a right of free speech).

 Although IANAL (I am NOT a lawyer) it seems that most of these "licenses" 
 are unenforceable and without legal foundation.  However, there is 
 absolutely NO doubt that they are having chilling effect on public
 discourse.  Countless individuals are giving up rights to their 
 Internet domain names, their product names, and being bullied into 
 publishing retractions etc for activities that are almost certainly 
 legally "protected" by Bill of Rights (in the U.S.) or similar legal
 principles.  As our legal system currently works there is a wide disparity
 between our hypothetical rights and the practical ability of individuals
 or small businesses to defend themselves in a court of law.  Our tort
 and litigation environment is currently the principal injustice of
 our civilization.

 Thus, with the dawn of a new millennium we see the initial skirmishes 
 between "content owners" and individual fair use rights.  Ultimately 
 the "content owners" are striving to define concepts of patent, copyright,
 trademark, trade secret, and all other forms of "intellectual property"
 etc, in the broadest possible way -- essentially to control our very 
 thoughts.  (If Disney could, I've no doubt that they charge for every
 time a kid *dreamed* of a mouse!)

 Microsoft is most visible to members of the slashdot, open source, 
 free software, Linux and related communities.  However we should realize
 that they are overshadowed by organizations that epitomize abuse of 
 our legal and political systems to protect their monopolies on "content."
 
 Yes, I'm referring to the RIAA, ASCAP, BMI, the MPAA etc. We also must
 keep in mind that the "media" (the major source for all of the "news"
 in the western "first" world) is basically owned by, and an extension of,
 the "entertainment" industry (A.K.A. the "content OWNERS").  This probably
 comes as no surprise to the many geeks who now rely on slashdot and 
 other online sources far more than CNN for their news.  However, it is
 easy to forget that most of the rest of the industrialized world gets
 virtually all of their second hand information about the state of the 
 world filtered through these "content owners."

 Of course we shouldn't be blind to history.  This struggle is not 
 unprecedented.  There are specific elements of U.S. copyright law 
 dating back to it's inception in the 1700's from what I've heard) that
 exempt "fonts" and "typefaces" from being copyrightable.  (It has been
 argued that computer fonts, such as Postscript and TrueType, are actually
 "programs" rather than "typefaces" in a strict interpretation --- though
 I think a reasonable view would hold that the INTENT of the exemption 
 would clearly extend it to them regardless of technical details about the
 "new paper" and "new fangled press" on which they are implemented).  
 Apparently there were efforts dating back almost to Gutenberg to "license"
 fonts and limit what could be published with them.  I've heard anecdotes
 that suggest that Thomas Edison tried to extend the notions of copyright
 (and patents) as it applied to his phonographic tubes and (later) discs.
 (Indeed the distinction between "playing" recorded music (for personal
 use) and "performing" it (for the public) was introduced at that time
 --- with vastly different legal implications between them.

 In a broader socio-historical view I suspect that this is an inevitable
 consequence of civilization and technical progress.  An industrial 
 epoch will naturally change the relative values of goods vs. services
 and of tangibles vs. "intellectual property."  Eventually any consumer
 good can be manufactured by just about anybody.  Even without Trekkie
 "replicators" the overall trend is that consumer items become commodities
 --- and eventually manufacturing and distribution costs become the only
 relevant objective factor in choosing among manufacturers of any given
 commodity.  Thus the manufacturers gain a vested interest in promoting
 subjective factors ("branding") in order to gain or retain market share
 and/or to command any sort of premium or margin on their goods.  While
 these pressures push down the prices (towards cost) significant factions
 business seek new markets -- and the issues that relate to intangibles
 become more important.  Historically, industries will attempt to exert
 political and legal pressures to protect it's business.  Every existing
 company would like to get the "franchise" that creates artificial 
 barriers to entry for competition.

 I just hope that a large enough proportion of our population can be 
 educated enough to speak out and apply the political pressure that 
 will be necessary for all of us to retain any semblance of our 
 "inalienable" rights.

 All to often I hear fallacious references to rights being "granted"
 by the "Bill of Rights."  However it's important to realize that the
 wording of that document has NOTHING to do with granting liberties.
 It was an effort to *recognize* that our rights are inherent, 
 "self-evident" and "inalienable" (would that these were true in any
 pragmatic sense).  It may sound like a nitpick, but there is a deep
 philosophical difference.  No one, and no entity has the right to 
 grant or deny our rights.  

 Our government was *supposed* to be founded on the belief that our 
 rights were inherent, SELF-EVIDENT and INALIENABLE.  Clearly our 
 current and recent legislators don't care to recognize this. (Whether
 they understand it is irrelevant).  Each and every congressperson 
 and senator that voted for the CDA (common decency act) and the DMCA,
 and that is currently sponsoring, authoring or supporting the SSSCA
 (or CBT-gobblegook to which it got renamed) is in violation of their
 oath (to uphold the Constitution) and of the public trust.

 Of course that is of no practical consequence.  In system politicians
 are primarily elected based on campaign financing and there are 
 no practical choices in most elections (usually the differences between
 a Democrat and a Republican in any given election are largely 
 superficial --- when it comes to broad and long term fiscal policies).
 Our political system is systemically corrupt. [There are historical
 precendent for this, too.  Most fallen civilization in history have
 succumbed to their own political corruption and decay].

 I realize I've been speaking about these issues from a vague 
 perspective -- referring to global issues (at least to "industrialized
 first-world issues) and to U.S. legal and political problems as though
 the U.S. was the only law that mattered in the world.  It isn't my
 intent to be "americo-centric" and I'm sure that similar problems are
 evident in every other political sphere.  However, I don't have solutions,
 not even suggestions!  

 In closing I would like to say one other thing specifically about 
 situation in the U.S.

 The Constitution of the United States of America is an imperfect document,
 but IT'S A DAMN SIGHT BETTER THAN WHAT WE'RE USING NOW!  


* (RE: This document's License: Just kidding!)