Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Donate to LWN
 LWN Supporters
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

Way back in the late 1980's, John Ousterhout, then at the University of California at Berkeley, put together a programming language called Tcl - the "Tool Command Language." Tcl had many of the features that have since come to be expected of scripting languages: it was interpreted, embeddable within applications, and easily extendable. With the addition of the Tk user interface library in 1990, Tcl/Tk became a widely popular tool for application development. Its mindshare may have fallen somewhat in the intervening years (and wasn't helped by Richard Stallman's famous "drive-by flaming" in 1994), but it remains popular and Tk is at the core of the GUI libraries used by Perl, Python, and other languages.

After a period at Sun, Mr. Ousterhout decided to create his own company around Tcl/Tk. This company, called Scriptics, put forward a combination of open source and proprietary products, with the TclPro development environment being perhaps the flagship product on the proprietary side. Scriptics recently recast itself as Ajuba Solutions and took on a broader approach, with XML products for putting businesses on the web and such. (See John Ousterhout's Tcl history page for more on Tcl's roots).

Interwoven has purchased Ajuba (announcement here) for $31 million in stock. The company has absolutely no interest in Tcl; what they wanted was Ajuba's XML expertise. So Ajuba's product line, including TclPro, will be discontinued.

This is, of course, a blow to the Tcl community. The loss of the products will hurt some, but the loss of Ajuba's developers will hurt more. Ajuba was the corporate champion of Tcl/Tk, and put in a large part of the total development effort. Those developers will now be off doing proprietary XML stuff for Interwoven, and Tcl/Tk will have to do without them.

Beyond the loss of developers, what are the implications for Tcl/Tk? The company has tried to answer those questions on this page about the acquisition. Among other things:

• The development of TclPro will be stopped. They are "considering" putting the product on the net for free, in either binary or full open source form. The Tcl community, clearly, would like to see the open source option.

• Again, Interwoven has no interest in Tcl, and will not fund its development. So Tcl is losing Mr. Ousterhout, its creator and long-time leader. This, as it turns out, was one of the reasons for the creation of the Tcl Core Team (which was discussed in the September 28 LWN Development Page). Ajuba made an effort to move the core of Tcl development outside of the company before the acquisition happened; with luck, this move will help to ease the transition.

• The Tcl source is moving to SourceForge.

• The Tcl community web site will be finding a new home, likely at TclTk.org.

So things could be worse.

There are some lessons in this series of events that are worth noting. Increasingly, free software projects have prominent corporate sponsors. Think of gcc (Red Hat), GNOME (Helix Code), Mozilla (Netscape/AOL), OpenOffice (Sun), PHP (Zend), PostgreSQL (Great Bridge), Python (BeOpen), Qt (Trolltech), and many others. This sponsorship certainly helps get the software developed and keep free software developers employed; it is thus a good thing. But the corporate world is volatile, and the tech corporate world doubly so.

Fortunately, the free software community has everything it needs to cope with corporate changes - even those that are more hostile to free software than the Ajuba acquisition. Free software licenses, of course, are the first line of defense. Ajuba may no longer be in the Tcl business, but they can not take Tcl/Tk away. Software that is free will remain so.

This acquisition shows, however, that it is also important to have a diverse developer base. A project that is too heavily dependent on developers at a single company will collapse if all those developers go away. Tcl is diverse enough to survive; some other projects could have a harder time.

It is also important that crucial project resources live independently of the hosting company. Ajuba is working to find a new home for the Tcl development site; other companies might not bother. To this end, having sites like SourceForge around is a good thing - as long as nobody buys VA Linux Systems. It still would be nicer to see a community of SourceForges, again for the sake of diversity.

Expect to see these issues come up again in the future. Linux and free software are part of the commercial world, and cannot hope to remain unaffected by it.

KDE 2.0 is out. The long-awaited KDE 2.0 release is finally available. Mindful of its PR needs, the project has sent out a press release on Business Wire, complete with supporting quotes from Ransom Love, Dirk Hohndel, Gaël Duval, and others. The announcement on the KDE site is rather more satisfying, in that it skips most of the quotes and talks more about what KDE 2.0 has to offer.

So, what's in KDE 2.0? At the user level there's a great many changes. Perhaps top on many peoples' lists will be KOffice and Konqueror. KOffice is the KDE office suite, which is said to be moving along nicely, though it is not yet being presented as ready for Grandma. Konqueror, instead, is the new file manager/web browser, and is said to be quite ready. It handles just about everything a web browser is supposed to do, including Java, Javascript, and SSL. There are also new window manager styles, advanced theme support, extensive internationalization capability, and, of course, the much-hyped new icons.

There is a great deal of new stuff under the hood as well - much of the KDE project's effort over the last year has gone into the creation of a new advanced infrastructure. High on the list, of course, is the new KParts component system, which is claimed to be lighter-weight and easier to deal with than GNOME's CORBA-based implementation. The larger applications, such a KOffice and Konqueror, use KParts to assemble themselves out of smaller components. There is also DCOP, which allows applications to talk to each other, and KIO, supporting network-transparent I/O. The XMLGUI layer uses XML to store the details of an application's layout; it also maintains a global "style sheet" which helps to ensure consistency across the set of applications.

Two years ago, critics were still saying that the free software world was not capable of producing something as complicated as a modern desktop. How much fun it is to point out to those critics that we now have two... The KDE project has raised the bar considerably with this release; congratulations to all the developers who worked to make it possible.

Microsoft says penguins can mutate. Do check out this Microsoft advertisement scanned from the print version of c't magazine. It contains a set of distorted penguins, and claims that open source systems can mutate on you - so it's better to go with proprietary stuff.

There are those who claim that the ad is interesting because it is the first direct Microsoft attack against free software. That, however, is not quite true - the Linux Myths page showed up on the Microsoft page just over a year ago. The ad does show that Microsoft sees a threat, though, and is looking for ways to counter it.

This one is not likely to get them very far. The creator of the Word file format is not in much of a position to criticize other systems for changing - at least changes in the free software world are documented and in the open. It is an amusing ad, though, and unlikely to be the last such from that direction.

Announcing...Mountain View Data. A company called Mountain View Data announced its existence this week. The first thing that catches the attention with this company is that its principals are Cliff Miller and Iris Miller, the founders of TurboLinux, along with Peter Braam, the designer behind the Coda and Intermezzo filesystems.

The Millers, of course, have been easing out of their roles in TurboLinux for a while. Large venture investments have a way of pushing aside a company's founders in favor of more presentable (to investors) executives. So they are off to Mountain View, which gives them a chance to create another successful open source company.

Mountain View intends to provide services around data storage needs. To that end, they have brought in Mr. Braam's Intermezzo filesystem, and Mr. Braam himself as CTO. The filesystem is being presented as an ideal high-availability solution, especially when complemented with the SnapFS filesystem (which allows taking easy snapshots of the filesystem state) and the LinuxDisk storage area network system.

Mountain View is clear on its technology and personnel; what is not so clear at this point is just how the company plans to make money. The software is, after all, open source. There is a lot of talk about how corporations have increasing needs for data storage, and increasing trends toward outsourcing. Mountain View clearly plans to be involved in that outsourcing, but its services page only says "We will be offering managed storage services, early 2001."

We asked Mr. Braam about what the company will sell, and were told:

The business model is to manage data centers and offer storage to customers. We take care of the backups, installation, management and growth in these centers and will probably charge by the "byte"

There are a few other companies operating in this area, but Mountain View is the only one explicitly working with open source software. Through the use of this software and commodity hardware, the company expects to price its offerings far below those of its competitors. It's an ambitious plan, but the company may just have the right people to pull it off.

LynuxWorks files for an IPO. Just as this LWN Weekly Edition went to "press", LynuxWorks announced that it had filed for its initial public offering of stock. We've done a quick pass over the company's IPO filing, and written up our impressions as a feature article. LynuxWorks has an interesting business model in mind; it's not necessarily going to be an easy path.

Inside this week's Linux Weekly News:

• Security: XFree86 security problems, the case for exploits, the Cybercrime Treaty.
• Kernel: poll() and scalability; extended attributes on files
• Distributions: LSB-FHS test suite issues, Dirk Hohndel interview, the future of Linux-Mandrake
• Development: Jython, Linux For Kids CD, PostgreSQL slides.
• Commerce: Open Source corporate sponsers; European Commission to research software patents.
• Back page: Linux links, this week in Linux history, and letters to the editor

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

Security

News and Editorials

XFree86 security problems. XFree86 security problems have become an ongoing issue. Chris Evans pointed out on BugTraq this week an increasing number of XFree86 security problems for which vendors have not released security updates, including:

• XFree86 Xserver Denial-of-Service vulnerability (May 18th, 2000).
• Multiple X applications stack corruption vulnerability (June 19th, 2000), requires a setuid xterm or other X application.
• XFree86 4.0.1 /tmp Vulnerabilities (July 2nd, 2000).

Given Linux' heavy dependence on XFree86, the current situation is definitely not good. We cannot tell, from the lack of response, if the problems above have been investigated and found to be invalid or valid, whether fixes haven't been released because no one took the time or because the issues are too difficult, intrinsically, to fix properly. Fixes for the problems may even have been put into the XFree86 development tree without announcement or back-port to the stable versions in general use; that has happened in the past.

Chris Evans' response to this has been the release of an exploit for at least one of the problems he personally reported, and the encouragement for others to do the same. As a result, the need for fixes for these problems has just increased an order of magnitude. Most of us can't afford to stop using X, therefore security updates for XFree86 are a real necessity. In the meantime, while we continue to wait, a check on your firewall to make sure you are blocking X packets is one good idea.

The case for exploits. Chris Evans' choice to develop and release exploits for a security problem for which no fixes have been developed after several months is a good example of why exploits became so necessary in the computer security world. Particularly with commercial software, where the customer has no option other than to wait for a vendor to release a fix, exploits and negative publicity are about the only tools available. Negative publicity is easier to generate for a problem with a proven exploit, so the two go hand in hand.

Last week, discussion on BugTraq mentioned and highlighted a couple of additional reasons for the use of exploits. One security problem seen last week had been reported as a bug many months before, but the person who reported it, and others that read the bug report, couldn't quite envision how the bug could be used to actually broach security. As a result, the bug was left unfixed -- until last week, where someone proposed a theoretical manner in which it could be exploited, and then proved their theory with an exploit. Needless to say, the bug was quickly fixed.

That particular example could quickly take us to a discussion of why every bug is important to fix, but that's not our topic this week. Let's concentrate, instead, on other ways that exploits help us. For systems administrators who are actively following and applying patches for security problems, exploits allow them to first identify whether or not their system is vulnerable (and adjust the priority of the security update) and also to test an applied "security fix" to see if it has really removed the problem.

Much publicity and attention is going to the negative aspects of such exploits, the way in which they have been used by "script kiddies" to proliferate attacks on systems across the Internet. However, it is very difficult to see how computer security would have ever improved to even today's wobbly standard without them. Blaming the exploits obscures the real culprit: the software/hardware is vulnerable and needs to be fixed.

The Cybercrime Treaty. It is important to understand the need for exploits, and other tools that are used by systems administrators and script kiddies alike. A lack of that understanding is frighteningly demonstrated by the draft Cybercrime Treaty from the Council of Europe.

This is not a new draft; it is dated April 25th, 2000. It was discussed on Slashdot in September. However, this week, MS NBC covered the treaty, stating that it would create a new class of persecuted artists: computer hackers. This article is, obviously, fairly inflammatory and does not bother to reference the text of the original treaty, nor use accurate quotes from it. However, we don't disagree with the heart of the article, that this potential Treaty could have serious negative impacts on software developers.

What, exactly, in the treaty generates such concern? Much of it stems from the necessarily vague language of a treaty that involves forty-one European nations, as well as the US, Canada, Japan, and South Africa. In particular, the treaty outlaws "Illegal Devices", and then proceeds to define them as follows:

Article 6 - Illegal Devices

Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law when committed intentionally and without right:

a.the production, sale, procurement for use, import, distribution or otherwise making available of:

1.a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5;

2.a computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed with intent that it be used for the purpose of committing the offences established in Articles 2 - 5;

a.the possession of an item referred to in paragraphs (a)(1) and (2) above, with intent that it be used for the purpose of committing the offenses established in Articles 2 - 5. A party may require by law that a number of such items be possessed before criminal liability attaches.

Another reason for concern is the fact that this treaty is so far-reaching, yet the process of developing it side-steps the internal process of the U.S. and other countries for guaranteeing input and review from citizens. For more specific details on such concerns, you may want to refer to this additional MS NBC article in which a coalition of 28 cyber-rights organizations slam the treaty. ""Police agencies and powerful private interests acting outside of the democratic means of accountability have sought to use a closed process to establish rules that will have the effect of binding legislation," the GILC stated in its letter."

People working with computer security are particularly affected, since much, if not all, of the software used for computer security purposes can be adapted for illegal purposes. It may even, depending on the individual's point of view, have been designed for computer intrusion, yet be an essential tool for security experts and systems administrators. All exploit code would fall into this category. As a result, this statement of concerns has been signed by a number of "leading security practitioners, educators, vendors, and users of information security". They state bluntly, "We are concerned that some portions of the proposed treaty may inadvertently result in criminalizing techniques and software commonly used to make computer systems resistant to attack."

There is no indication that the draft has been changed in response to these expressed concerns.

Happy birthday to OpenBSD. Thanks to Alexandre Dulaunoy, who pointed out that October 18 was the fifth anniversary of the beginning of the OpenBSD project. Congratulations, and we wish you many more!

U.S. crypto winners -- Belgian heroes (Wall Street Journal Interactive. Jokingly, they were presented with a pseudo-gold medal, draped around the neck of an inflatable Tux. This Wall Street Journal Interactive article takes a look at Vincent Rijmen and Joan Daemen, creators of the Rijndael encryption formula, selected by NIST to become the new Advanced Encryption Standard.

"Rijndael is the fruit of symbiotic intellectual relationship. Though he has the more assertive personality and even shows a cocky side at times, Daemen says he considers himself less gifted in math than the shy, understated Rijmen -- something Rijmen doesn't seem to dispute. But both say they couldn't be successful without being able to test ideas and theories through each other. And Rijmen may be the better mathematician, but Daemen's creative ideas are sometimes what put them on track toward a breakthrough, they say."

Security Reports

Oracle vulnerabilities. The Oracle LDAP daemon, oidldapd, contains a buffer overflow that can be exploited via the use of an environmental variable, whose value is not properly checked before use. For details, check the original BugTraq report. Oracle 8.1.6 on Linux is affected, as is Oracle Internet Directory 2.0.6. Oracle has responded and promises a fix next week.

MySQL authentication weakness. The CORE SDI team reported an authentication weakness in MySQL this week. MySQL uses a challenge/response authentication scheme to avoid passing passwords across the network in plaintext. The CORE SDI team demonstrated that this authentication scheme can be detected and, after the observation of such challenge/response interactions, fake passwords can be generated to interact with the server and gain access to client data and privileges.

This is a known security weakness of MySQL, documented in the MySQL manual. To avoid it, ssh-tunneling should be used to support MySQL client/server interactions outside a local network. The manual section makes other configuration suggestions to minimize the problem.

Slackware PPP vulnerability. A Slackware-specific configuration error in the ppp-off script could allow an unprivileged user to overwrite any file on the system. A new Slackware PPP package has been issued to correct the problem.

ntop '-i' buffer overflow. The "-i" option of ntop can be exploited to pass in a command which is then executed by ntop. If ntop is installed setuid root, this can lead to a root break-in. Check this BugTraq report for more details.

Exploits for ntop have also been published, so you may want to disable ntop until a security update is available. Alternatively, Christophe Bailleux reported that ntop-1.1-5.i386.rpm is not installed setuid and is not vulnerable.

Red Hat lpr print filter vulnerability. The lpr package shipped with Red Hat 6.2 (and possibly earlier versions) contains a print filter with a configuration error that can be exploited to run arbitrary commands under the lp group. This, in turn, can be exploited to gain root privileges. Red Hat 7.0 is reported not to be vulnerable. For more information, check out BugTraq ID 1834. This problem was reported by Zenith Parsec on October 20th.

Commercial products. A security fix for Half-Life, a popular first-person shooter game, was included in the 1.1.0.4 release of Half-Life, now available for download.

Updates

Apache mod_rewrite vulnerabilty. Files outside the document root can be accessed, if the mod_rewrite module for Apache is in use. For more details, check the October 5th LWN Security Summary.

This week's updates:

• Linux-Mandrake, updated advisory
• Red Hat

• Caldera (October 12th)
• Conectiva (October 12th)
• Trustix (October 12th)
• Slackware (October 19th)
• Linux-Mandrake (October 19th) (OUTDATED!)

GnuPG false signature verification. GnuPG fails to correctly validate multiple signatures in a file. Check last week's Security Summary for details. GnuPG 1.0.4 has been released and contains the fix for this problem. Anyone using GnuPG will want to upgrade their package as soon as possible.

This week's updates:

• Caldera
• Red Hat
• Linux-Mandrake
• Immunix

Format string vulnerabilities in PHP. Multiple format string vulnerabilities in PHP 3 and PHP 4, including one involving the use of syslog, can be exploited remotely to execute arbitrary code under the web server's identity. PHP 3.0.17 and 4.0.3 contain the fixes for these problems. For more information, check last week's LWN Security Summary.

This week's updates:

• Red Hat
• Immunix

• Debian (October 19th)
• Caldera (October 19th)
• Linux-Mandrake (October 19th)
• Conectiva (October 19th)

NIS/ypbind format string vulnerability. A format string vulnerability in NIS/ypbind can be remotely exploited to run arbitrary code as root. An immediate upgrade is recommended. For more information, check last week's LWN Security Summary.

This week's updates:

• Linux-Mandrake
• Red Hat
• Immunix

• Debian (October 19th)
• SuSE (October 19th)

xlockmore. Check the August 24th Security Summary for details. An update to xlockmore 4.17.1 is recommended.

This week's updates:

• Slackware (xlockmore 4.17.2)

• Conectiva (August 24th)
• Debian (August 24th)
• Linux-Mandrake (August 31st)
• FreeBSD (September 7th)

curl buffer overflow. A buffer overflow in curl, a command-line tool for getting data from a URL, was reported last week.

This week's updates:

• Red Hat

• Debian (October 19th)

Buffer overflows in ping. Multiple buffer overflows in Alexey Kuznetsov's ping were discussed last week.

This week's updates:

• Red Hat
• Immunix

Resources

• Bastille Linux 1.1.1, a hardening script for Red Hat-based Linux systems. It includes some initial work on support for Red Hat 7.0, meaning it probably is not yet ready for use on Red Hat 7.0 systems, but they are "working on it".

Events

Upcoming security events.

Date	Event	Location
October 29-November 2, 2000.	SD 2000 (Software Development Conference)	Washington D.C., USA
November 1-3, 2000.	Compsec 2000	Westminster, London, U.K.
November 1-4, 2000.	7th ACM Conference on Computer and Communication Security	Athens, Greece.
November 3-5, 2000.	PhreakNIC v4.0	Nashville, TN, USA.
November 8, 2000.	Security Forum 2000	Vancouver, British Columbia, Canada.
November 13-15, 2000.	CSI 27th Annual Computer Security Conference and Exhibition	Chicago, IL, USA.
November 26-December 1, 2000	Computer Security 2000 and International Computer Security Day (DISC 2000)	Mexico City, Mexico
December 3-7, 2000.	Asiacrypt 2000	Kyoto, Japan.
December 3-8, 2000.	LISA 2000	New Orleans, LA, USA.
December 10-13, 2000.	INDOCRYPT 2000	Calcutta, India.
December 11-15, 2000.	16th Annual Computer Security Applications Conference	New Orleans, LA, USA.
December 20-21, 2000.	The Third International Workshop on Information Security	University of Wollongong, NSW, Australia.
December 27-29, 2000.	Chaos Communication Congress	Berlin, Germany.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

See also: last week's Kernel page.

Kernel development

The current stable kernel release is still 2.2.17. The 2.2.18 prepatch is up to 2.2.18pre17. More fixes have gone in, but there's still a list of things that need to be dealt with before the real 2.2.18 release can happen.

Should applications be allowed to bind to any IP address? "Binding," of course, is how a server gets set up to accept connections. The current 2.4.0-test implemention allows binding to an arbitrary address - even if the system has no interfaces at that address. Such an action would seem to make no sense; if there are no interfaces which can receive packets to an address, a server that has bound to that address will have very little to do.

The reasoning behind allowing that sort of binding is that an interface could conceivably come up in the future which does correspond to the given address. Not all interfaces are up all the time, and life may be simpler for servers if they do not have to be continually checking to see if the network is there yet.

There are a couple of problems with that behavior, though. It turns out that the POSIX standard requires that a bind to a nonexistent address fail. And it turns out that some applications try to bind to an address as a way of determining whether the address is local or not. The Java virtual machine, in particular, does this; the 2.4.0 semantics confuse it and causes the compatibility test to fail.

As a result, the ability to bind to nonexistent addresses will be going away. There will, however, be a sysctl option added that will allow the system administrator to restore that behavior if need be.

A new Linux event handling interface? Readers of linux-kernel this week were treated to a lengthy discussion of how Linux makes event information available to applications, and the beginnings of a new interface that may improve on things in the future.

The mechanism used by most applications for tracking events is the poll() system call. poll() essentially takes a list of open files (and devices and network sockets...) and blocks until one or more of them is ready to perform I/O. The classic example of a user of poll() is the X window system server, which has a long list of client connections and must be able to respond to input events on any of them.

Dan Kegel started things off by posting the results of some benchmarks he did with poll(). To stress things a bit, he tried an application watching 100, then 10,000 file descriptors on both Linux and Solaris. Solaris did rather better than Linux did; in particular, it showed only a factor of 6.5 time difference between 100 and 10,000 sockets.

Some people were quick to downplay the results, pointing out that they almost have to indicate a large setup time on the Solaris side that will penalize programs polling a small number of sockets (which is most of them). Linus was in this camp:

Basically, for poll(), perfect scalability is that poll() scales by a factor of 100 when you go from 100 to 10000 entries. Anybody who does NOT scale by a factor of 100 is not scaling right - and claiming that 6.5 is a "good" scale factor only shows that you've bought into marketing hype.

Others pointed out that the Linux implementation of poll() is not ideal, since it requires four passes over the list of file descriptors: (1) reading them into kernel space, (2) querying drivers and setting up wait queues, (3) querying again after an event happens, and (4) copying results back to user space. Every pass over a large array hurts.

The Linux poll() implementation could probably be improved to perform fewer passes over the list. The real problem, though, is that poll() requires the system to pass over such a large array in the first place. To make things worse, the array is entirely under the application's control, so every call to poll() is like the first one. Clearly there is some room for improvement here, and this conversation got people thinking about a better way of doing things.

So Linus posted a new interface design reflecting one of those better ways. Read the posting for the details; in very simple terms, the proposed interface allows the application to tell the kernel about events of interest. The kernel maintains the list, and thus knows when the list changes. Each process has a queue of events waiting to be processed, which it may look at with a system call. Whenever an event actually happens (a network connection arrives, for example) the kernel adds it to the list of every process that is interested - but only if an event of that type is not already on the queue.

The business about putting only one event of a given type on the queue is important. An event notification from the kernel means that one or more events are pending, and the application must be sure to deal with them all. This requirement makes life a little bit harder for applications, but much easier for the kernel. Among other things, the kernel need not worry about running out of memory should a large blast of network packets show up.

Of course, nothing much is new under the sun...Dan Kegel pointed out that Linus's scheme bears a strong resemblance to the FreeBSD kqueue mechanism. It has evolved somewhat under discussion as well. Nobody, yet, has rushed out to implement this approach - it would be a 2.5 item in any case. But something along these lines will likely happen before too long. The fun of free software is that you can see it take form in the early stages.

Access Control Lists and extended attributes. Andreas Gruenbacher released version 0.7.0 of the Access Control List (ACL) patch. This release was the first stable release in some time... except that it was closely followed by 0.7.1 to fix up a few details..

On a more general level, Andreas also posted a proposal for the implementation of "extended attributes" (such as access control lists) in the Linux virtual filesystem. The ACL project has had an extended attribute patch for a while; they would now like to begin the process of getting it into the kernel.

Something will almost certainly go in at some point, but the extended attribute interface may well see some changes first. Stephen Tweedie posted a separate extended attribute specification which was evidently hammered out at the recent storage workshop in Miami. This version takes a wider view of things; it tries to handle things like the ACL's found on the NT filesystem and NTish identifiers that can be used by Samba. It's a complicated problem, and the kernel developers would like to solve it properly.

Once again, of course, this is 2.5 material, so there is some time to work out the details. The 2.6 kernel will likely have a much more extensive security scheme as a result.

KernelTrap.com hits the web. A new site called KernelTrap has turned up on the net. It is dedicated to kernel hacking in general, but its content is very much Linux-oriented.

Other patches and updates released this week include:

• The Linux Advanced Routing & Traffic Control Mailing List has been announced. It is being run by the folks who wrote the HOWTO on the same subject, and is aimed at helping those who are using Linux in routing applications.

• Eric Raymond has released version 0.8.2 of his CML2 kernel configuration and build system.

• Keith Owens posted a warning that the get_module_symbol() and put_module_symbol() functions in the kernel will go away shortly, unless somebody can come up with a good reason why they should stay.

• Keith also released modutils-2.3.19. Remember that, if you're thinking about running a 2.4.0-test kernel, you need to be running at least version 2.3.15 of modutils...

• Jens Axboe posted a patch adding support for ATAPI DVD-RAM devices.

• A new version of hfsplusutils (tools for the HFS filesystem) was released by Klaus Halfmann.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

News and Editorials

LSB-FHS test suite issues. Early in the week we received a notice from SuSE regarding the results of the LSB-FHS test suite run against the SuSE 7.0 distribution. While the results are obviously very good for SuSE, their claim to be the most compliant distribution could be questioned. SuSE scored 238 passed tests and 5 failed tests, a good mark undeniably, but just how valid were the tests? Debian Project leader Wichert Akkerman later sent out a response to the LSB-FHS test suite results which showed SuSE as the most conformant distribution. Looking at the places where Debian ran into trouble, Mr. Akkerman takes issue with some aspects of the test, and admits to trouble on Debian's part for others.

Not all of the test results are fair in my opinion: some are real bugs in Debian, others are bugs in the test-suite or the result of using an incomplete install.

The messages began flying on the Debian Development list (and were copied to LWN) discussing the methods and madness behind the LSB-FHS tests. Andrew Josey, LSB Test leader, and author of the LSB-FHS test suite wrote in with his own view of the FHS test suite and it's status along with the latest LSB test news.

"The first milestone for LSB test development is now complete. This has been in setting up the test framework for integrating tests into. The framework adopted is the Test Environment Toolkit, with the VSXgen (generic VSX test framework) layered on top of that. As proof of concept the first testsets, the LSB-VSX and LSB-FHS testsets have been integrated into the framework."

Despite this work, Andrews stated that "[the community] should not be expecting any distributions to pass the current version of the test suite. Although [LSB] believes it to be a fair and accurate test of the LSB FHS 2.1 specification, there are issues with the specification and tests that need to be resolved."

This argument was backed by Daniel Quinlan, who wrote in to the Debian Development list:

"I just checked the old version of the LSB test web pages and while they didn't warn people to not claim compliance, they do refer to LSB-FHS-2.1-1 as "the latest development release" and it was noted that (1) the test results weren't believed to be accurate and (2) that there are issues that would be fixed in FHS."

So the moral of the story? The standards are, well, not standard yet. While FHS is both desirable and necessary, its existence and availability does not make it complete. Press releases related to the FHS need to be put into context and, most importantly, distribution vendors need to be aware of what they are doing when it comes to the LSB FHS. Certainly, at a minimum, they should be aware of what is and isn't standard.

TurboLinux Founders move to storage startup. TurboLinux founders Cliff and Iris Miller, along with file system and data storage authority Dr. Peter Braam, announced the launch of a new, global storage service company -- Mountain View Data.

The new company will sell storage services on the open-source InterMezzo file storage software. The Millers retain their majority stake in TurboLinux but control of that company has been handed over to Paul Thomas, who took over as CEO in June.

More information is available on the Front Page.

Getting To Know SuSE Linux. SuSE was in the news a number of times this week:

Dirk Hondel, SuSE's Chief Technology Officer, is interviewed by ISPworld. "SuSE has a strong focus on security within its distribution. We not only have an internal security team within SuSE Labs that audits all major packages and closely follows all relevant information sources, but we also maintain an active dialogue with our customer base through mailing lists and security alerts." (For a related-article, check our coverage of the SuSE Security Team in the September 14th LWN Security Summary).

SuSE also expanded its international presence with a new subsidiary in France. The European Linux heavyweight opened a new sales and service office in Paris. The new office provides installation support by phone, fax, and e-mail for the French version of SuSE Linux, which was introduced two years ago.

Finally, Marc Heuse wrote to let us know about a new document available on SuSE's web site describing, in a step by step fashion, how to install a secure Web server.

North Carolina State University EOS runs Red Hat. NC State's College of Engineering project EOS was used to show the school's committment to the open source movement. "IBM provided deep discounts on hardware for the Eos project, including a large mainframe computer that runs Linux. Red Hat's 3-month-old University Program provided software and technical assistance to N.C. State. The Linux company's ties to the engineering program there actually date to Red Hat's earliest days."

It's not the color, it's the network. And finally, from the "I don't speak that language" department: A reader wrote in last week concerned about the use of colors in the naming of Linux distributions - Red Hat, Yellow Dog Linux, and so forth. One of the projects mentioned was the Red Escolar Project. Numerous readers wrote in to let us know that "red" in spanish means "network". So that would be the "School Network" Project, not the "Red School" Project.

Life is never as black and white as it seems, eh?

Distribution Reviews

Review of Conectiva Linux 5.0 - Duke of URL. The Duke of URL this week carried a review of Conectiva Linux 5.0, a Red Hat-based distribution which is known for its large selection of software and language support. "Conectiva Linux features much of what we've come to expect, SMP, graphical installation, optimized kernels, SSL, hardware detection, and more, but also brings to the table a few new features. One of these new features is two CDs full of commercial applications, something not normally seen in your typical Linux distributions."

SAMS Red Hat 7 Unleashed. While not a review, SAMS has followed Red Hat's release of their verion 7 distribution with their own Red Hat 7 Unleashed text.

General-Purpose Distributions

The Future of Linux-Mandrake. Now that the Linux-Mandrake 7.2 release has been frozen (no new features will be added), discussion was opened on where Linux-Mandrake should go from here. Some of the wish list items readers asked for included:

• Font foundries
• XFree86 Render Extension
• Helix GNOME
• More USB support
• More multimedia applications (MP3 players and graphics editors)

Best Linux 2000 Release 3. SOT Finnish Software Engineering Ltd. issued a new release for its Best Linux Operating System for desktop and server applications. The new release of Best Linux includes, in addition to many other improvements, support for the Portuguese language, improved sound card support, modem configuration, and the new KDE 2.0 desktop environment.

ROCK Linux 1.3.11 released. The ROCK Linux team has announced the release of ROCK Linux 1.3.11. ROCK Linux is a distribution "for admins, hackers, geeks, and skilled Unix users;" this release is based on the 2.4.0-test9 kernel and a number of other current software releases (they stopped short of gcc-2.96, though).

Red Flag Linux. Sun Wah Linux Limited and Red Flag Software Company Limited, of the Chinese Academy of Sciences ("CAS"), have officially launched the Red Flag Linux Server - Traditional Chinese Version, which is aimed specifically at the Chinese market. Included in this launch are Red Flag Linux Server 2.0 and Red Flag E-business Start Kit 1.0. The former runs on 32-bit, 64-bit or higher-end machines and optimizes server hardware performance. It provides an operating environment that is secure, stable and reliable, and supports key Internet/Intranet-based applications.

Caldera eServer 2.3 Wins Network World Blue Ribbon Award. Caldera announced that OpenLinux eServer 2.3 has received Network World's Blue Ribbon award for use as an enterprise server. Caldera eServer led the list of five Linux server-side distributions based on the following criteria: LAN administration and setup, added applications and value, installation, service support policies and documentation.

Debian News. The Debian Weekly news this week discusses LSB-FSH issues and why Helix Gnome isn't in Debian yet.

Mizi Linux 1.5 released. MIZI Linux OS is a Linux distribution version developed by MIZI Research. Its goal is to develop a distribution version that can be used in desktop environment.

ODDAS-Linux 0.2. ODDAS-Linux was released earlier this week. This release fixes some network initialization scripts and provides better documentation.

easyLinux. We haven't heard much about easyLinux/ since about February 2000, but they contacted us to see if they could be included in the list of distributions. A quick look at their web site shows the distribution to be available on CD-ROM and in a boxed package. The RPM based distribution has won a few awards (according to their web site) and offers shares of the company in exchange for contributions to the distribution and for purchases made. While not public, one wonders how valuable such shares might be (or how many you can get in the long run). Interesting concept.

Special-Purpose Distributions

WinLinux 2000. Last covered in March of 2000, WinLinux 2000 sent LWN a press release suggesting it was a new release. No web site was provided in the press release but we already had the URL: http://www.winlinux.net/

Other updates.

• Green Frog Linux 1.0.0 - replaced Postfix with OMTA, netkit inetd with xinetd, w3m with wget, and isapnptools with the 2.3/2.4 isapnp backport, deprecated proftpd and bind (manual builds required)
• DragonLinux v2r1 - added Loopback filesystem, distribution now available on CD.
• PeeWeeLinux 0.53 - updated configuration file handling.

Embedded Distributions

Tynux expands into Japan. According to a LinuxDevices.com report, PalmPalm Technology, makers of the Tynux embedded Linux distributions, will open its Japan office, PalmPalm Japan, on October 25th.

Errata

e-smith 4.0. Last week we covered the release of e-smith 4.0 server and gateway products. In that coverage we incorrectly stated that the server and gateway software is used on their line of Internet appliances. Kirrily Skud Robert, who recently joined the e-smith team, wrote in to set the record straight:

I notice you list e-smith 4.0 on your distributions page, based on my freshmeat announcement from a few days ago. I wanted to point out to you that the e-smith server and gateway does *not* run on a specialised internet appliance, and in fact e-smith has no such appliance product. The e-smith server and gateway runs on any Intel-based PC (eg a commodity Pentium) and, as it's fully GPL's, can be used at no cost -- though of course e-smith do provide support and software subscriptions at a very reasonable rate.

We apologize for the confusion and hope this clarifies the situation.

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

See also: last week's Development page.

Development projects

News and Editorials

Speaking of Python variants, David Mertz of Gnosis Software discusses several other versions of Python, including Vyper and Stackless Python. The article delves into the issues of multiple language implementations.

Browsers

Mozilla Sidebar Tools. There are several new tools for working with the Mozilla sidebar panel. Eric Hodel has added some requested new features to the Links Sidebar Panel, and D.J. Adams has written a perl script called My Sidebar which allows for the creation of a Mozilla 5 sidebar panel from "an RSS data source of your choice".

Jabberzilla Alpha 1 for M18. Eric Murphy has released an Alpha 1 version of Jabberzilla, which combines Jabber and Mozilla technologies. "Jabber is a peer-to-peer messaging system that is XML-based and lets you use Instant Message systems like AIM, ICQ, IRC, MSN, Yahoo Chat, etc. from a single application."

DOM 1 Reference published. Jiri Znamenacek has published a Document Object Model (DOM) level 1 reference. He is looking for XML contributions to the reference.

Databases

PostgreSQL tutorial slides (PostgreSQL). The PostgreSQL site has published a set of slides for an upcoming talk by Tom Lane and Bruce Momjian. The talk will be presented at the Open Source Database Summit on October 30 and 31, 2000 in San Jose, California.

Education

Linux For Kids releases CD Collection. The Linux For Kids site has just announced the release of an ISO image of its version 1.03 CD software collection. Now you can burn your own CD and have lots of Linux educational and game software in one handy location.

SEUL/edu report #31. The October 23 edition of the SEUL/edu report is out. Check it out for the latest news concerning Linux in the schools.

Interoperability

Wine Weekly News #66. The October 23 edition of the Wine Weekly News is out. This issue announces a new Winehq search engine, new mailing lists, and some Wine history.

Network Management

OpenNMS Update. The latest OpenNMS Update has been sent in, providing updates on various projects, including a MIB compiler and the scope of the OpenNMS project for the month of November.

Office Applications

Kivio First Public Beta Available. KDE Dot News reports on the first beta release of Kivio, a KDE-based diagram and flowchart editing tool. "Kivio is the first and most complete diagramming tool for KDE".

Gimp 1.1.27 and 1.1.28 released. Manish Singh, Gimp build master, released Gimp 1.1.27, a new developer's version of the Gnu Image Manipulation Program, back on October 4th. After some build problems were reported, Gimp 1.1.28 was released on October 16th. These releases contain mostly bug-fixes and documentation changes.

Gnumeric Spreadsheet 0.57 released. Version 0.57 of the Gnumeric Spreadsheet program has been released.

On the Desktop

The People Behind KDE: Claudiu Costin. This week, the People Behind KDE series interviews Claudiu Costin.

Trolltech releases an open source localization tool. Trolltech has released a fully functional preview of Qt Linguist, an application language translation system. Qt linguist is licensed under the open source BSD license. Qt Linguist works in conjunction with Qt, Trolltech's cross-platform GUI application framework. "Qt Linguist, localization tool, allows users to seamlessly convert Qt-based programs from one language to another, simply and intelligently. Qt Linguist helps with the translation of all visible text in a program, to and from any language supported by Unicode and the target platforms".

Evolution 0.6 announced (Gnome.org). Gnome.org has announced the release of Evolution 0.6, code named Procompsognathus, truly a coded name in this case. This release features lots of additions to the Mail program, and numerous bug fixes among other things.

Reorganizing the UI team (Gnome.org). Miguel De Icaza has posted an article on Reorganizing the UI team for the Gnome project.

The executive summary follows:

• A call for volunteers to extend the life of the GNOME User Interface team.
• A call for people who want to coordinate the individual parts of the team.
• If you are interested in a managing role in the project, please read to the end of this message for further instructions ;-).

The Alternative Languages in Gnome Matrix. Erik Bågfors has published The Alternative Languages in Gnome Matrix with a large table of languages that may be used for developing Gnome applications.

Science

Medical software's free future (BMJ). The British Medical Journal has run an editorial by Douglas Carnall on Medical software's free future. "Free software concepts make particular sense in medicine: although peer review has its problems, medical knowledge is becoming more open, not less, and the idea of locking it up in proprietary systems is untenable". Worth checking out.

Section Editor: Forrest Cook

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Programming Languages

Erlang

Erlang Conference Proceedings. The proceedings from the October 3, 2000 Erlang/OTP user conference have been made available. Take a virtual tour of the conference.

Java

Blackdown releases Java2 SE v1.3.0-FCS. Blackdown has released its Java2 SE v1.3.0-FCS for Linux. This release contains many bug fixes.

Perl

Programming GNOME Applications with Perl, Part One (Perl.com). O'Reilly's Perl.com has published a feature article on Programming GNOME Applications with Perl. The article takes you through the process of developing a simple gnome application with Perl.

Perl 5 Porters gets new author. Simon Cozens has recently taken charge of the Perl 5 Porters digest. The latest issue contains discussions on virtual values, slow unshift response, and the handling of integers and floating point values.

PHP

PHP Weekly Summary #8. The October 23 issue of the PHP Weekly Summary is out. News includes a pl1 release of PHP 4.0.3 that fixes a problem with the Apache php_value mechanism, among other things. PHP 4.0.3pl1 can be downloaded here.

Python

Python-dev summary for October 1-16, 2000. The Python-dev summary for October 1 - 16, 2000 is now available. A summary of recent discussions about Python's handling of floating point numbers was posted.

This week's Python-URL. Here is Dr. Dobb's Python-URL for October 23 with the usual collection of goodies from the Python development world. Topics include hints on math operators, IEEE 754, watch variables, assertions, and exceptions

Python Bindings and Scripting for KDE Updated. theKompany.com announced the release of VeePee v1.0 and SIP/PyQt/PyKDE version 2.1. "VeePee is the Python-based scripting environment for KDE, and SIP/PyQt/PyKDE are the Python bindings for Qt and KDE. These updates are to support Python 2.0 as well as numerous feature additions and some bug fixes".

Mod_python beta 2.6 announced. Gregory Trubetskoy has announced the release of Mod_python beta 2.6. This release features bug fixes, faster operation, and improved installation thanks to a switch to the autoconf system.

py_cpp Python/C++ binding system announced. A new Python/C++ binding system, py_cpp, has been announced.

SGML

Installing and using SGMLtools-Lite (IBM Developer Works). IBM's developer works has run an article on Installing and using SGMLtools-Lite by Joe "Zonker" Brockmeister. The article covers the installation of this tool and its use in converting SGML into HTML, PostScript, text, and other languages.

Tcl/tk

This week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for October 23 with the latest from the Tcl/Tk development community. This week's edition discusses accessing tape drives, closing out applications correctly, and terminal i/o among other things.

Software Development Tools

LSB test news. The Linux Standards Based released this announcement regarding the status of their testing processes. "The first milestone for LSB test development is now complete. This has been in setting up the test framework for integrating tests into. The framework adopted is the Test Environment Toolkit, with the VSXgen (generic VSX test framework) layered on top of that. As proof of concept the first test sets, the LSB-VSX and LSB-FHS test sets have been integrated into the framework."

More information on this can be found in the Distributions Page.

See also: last week's Commerce page.

Linux and Business

Open Source corporate sponsers. Open Source activity has certainly been strong this week. As was mentioned in this week's front page, corporate sponsors play a large part in keeping the open source community going. Who are these corporate sponsors and what are they up to this week?

The Open Source Development Network (OSDN) is a division of VA Linux. The old Andover.net is now incorporated into OSDN. Of course the Andover.net site is still there, but the OSDN site has all the same departments, and lots more besides. Through OSDN, VA Linux supports open source in many ways. Freshmeat.net and SourceForge.net are just a couple of the many examples. OSDN has an opportunity to support open source in other ways as well. The recently announced Open Source Database Summit provides a different type of forum for developers. (More info on the Summit can be found in this week's announcements page.)

Corporations make alliances to better support open source. This alliance between OSDN and Jabber is a good example. Webb Interactive is the corporate sponsor/developer of the open source messaging system, Jabber (found at jabber.com). OSDN will soon feature the Jabber system on both SourceForge.net and OSDN.com.

DevelopOnline.com is a collaborative, online development center for programmers and engineers geared towards the embedded market. Sponsors include Intel, Avnet, Lineo and, according to this announcement, MontaVista. DevelopOnline recently announced support for Linux developers wishing to work on Compaq iPaq and StrongArm based handheld devices.

Smaller companies may not have the resources of VA Linux or Intel, but ID-PRO has found another way to help. They are holding an auction to raise money for the Free Software Foundation Europe and KDE. They will be auctioning the prototype version of PAUL, ID-PRO's communications server, which has been signed by a number of Open Source luminaries such as Linus Torvalds and Jon "maddog" Hall.

The Danish Parliament supports open source, showing us that governments can also supply support. Danish MP Knud Erik Hansen had put out a press release regarding a proposal in the Danish Parliament on open source. "In the report the parties clearly express their support for Open Source and for provision of a good framework for development of Open Source by the state. This will be a part of the state's IT policy in the future. The report recommends that the state henceforward use Open Source in the development of its own software, that the state provides possibilities for bids with Open Source software, and that the state disseminates information about experiences with Open Source." (Thanks to Peter Toft, via Stéfane Fermigier).

More open source announcements can be found below in the press release section.

European Commission to research software patents. Here is a release from the EuroLinux Alliance on a move by the European Commission to study the economic and social effects of software patents in Europe. It seems they are beginning to figure out that there could be some trouble there. The EuroLinux Alliance is trying to help them out with well-written input; they are looking for contributions from people in Europe. This issue directly affects a lot of our readers; consider helping them out if you can.

Axis announces 2120 network camera. Axis Communications has announced the availability of the 2120 network camera. This camera resembles the 2100 model, reviewed by LWN last May, in that it has a built-in Linux system and web server, and plugs directly into the net. The new version has a number of new features, including full motion JPEG output and motion detection capability.

Codemesh needs Beta testers. Codemesh is porting its JunC++ion product to several *nix platforms, including Linux. "The UNIX platforms that customers have expressed the most interest in are Solaris, Linux, AIX, and HP-UX. If you're interested in becoming a beta test site for one or more of these UNIX platforms, e-mail Codemesh at beta@codemesh.com."

Press Releases:

Open Source Products

• 5NINE (MONTREAL) announced that WMLBrowser.org, an open source development project for creating a Wireless Markup Language (WML) Browser to work with all types of Linux environments, is supporting RIM blackberry devices.

• ActiveState released ActivePython 2.0, a free binary distribution of Python for the Linux, Solaris and Windows platforms.

• American Coders, Limited (RALEIGH, NC) announced another release of its product Open Business Objects For EDI (OBOE). OBOE translates between several Electronic Data Interchange (EDI) document formats and EDI/XML files. The base package for OBOE is available with an open source license.

• Covalent Technologies has a set of product and service offerings around the open source Apache web server. The services announcement includes training courses and commercial support options. On the products side, they have the "SNMP Conductor," which is a network management product; "Nettruss" - for Apache management; and a set of security products.

• Microcross, Inc. announced the availability of GNU X-Tools, a suite of 21 target microprocessor software development tools.

• NETDUMP (VIENNA, Austria), the project for the exchange of data garbage (mainly of the artistic kind), which has won prizes such as the Prix Ars Electronica 00, is being released as Open Source.

• Stratabase (ABBOTSFORD, BRITISH COLUMBIA) released a new Customer Relationship Management (CRM) software application.

• The Software Group Limited (BARRIE, ONTARIO) released Linux drivers and administration utilities for its SGP hardware adapter to the public domain under the Free Software Foundation's General Public License, version 2.

• Zero-Knowledge Systems announced the release of the source for its "Freedom 2.0" client, and plans to release its entire Freedom Privacy suite.

Commercial Products for Linux

• Avnet Inc. (PHOENIX) announced that it will offer its extensive design service technology to design engineers and Linux programming developers through DevelopOnline, an online development center designed to accelerate product time to market.

• Concert (NEW YORK) introduced Concert IP Secure, extending the capabilities of Concert IP Extra, the company's suite of Internet security and VPN solutions.

• Informix has a couple of announcements related to the Linux world. The first is the release of their Red Brick Decision Server 6.1. The second covers the release of their Extended Parallel Server Developer's Edition for the Linux platform.

• Keller Group announced the release of PMfax for Linux, a full-featured fax and voice messaging application.

• NetSilicon, Inc. (WALTHAM, Mass.) announced the availability of NET+Lx, a complete environment for building embedded Linux applications.

• Overland Data, Inc. (SAN DIEGO and PHOENIX) and Enhanced Software Technologies, Inc. (EST) announced that Overland's AIT LibraryPro automated backup tape library is certified to run under Linux.

• VirtualTek announced plans to release Joydesk 2.11 for the Cobalt Qube 3 server appliance. Joydesk 2.11 is an integrated web-based Intranet solution.

Products Using Linux

• Cyber Digital, Inc. (NEW YORK) created its GoCyberWeb.com Division to provide sophisticated web hosting solutions for small to medium size enterprise (SME) customers. Cyber Web Server (CWEB) software technology is based on Cyber Digital Linux and Red Hat Linux.

• Gateway Guardian Enterprise (VANCOUVER, BC) announced an advanced version of Gateway Guardian, Linux-based technology that protects computer networks from unwanted intruders.

• IBM (ARMONK N.Y.) announced its new line of eServer appliances. Many Linux distributions are well supported.

• IBM (MILPITAS, Calif.) will be using Adaptec's Compatibility Test Lab to ensure system compatibility between Adaptec's host bus adapters and IBM's eServer xSeries servers.

• InterVideo, Inc. announced its LinDVD Linux DVD player/decoder will be used for the DVD video/audio playback in the ZapMedia ZapStation.

• Siemens Medical Systems, Inc. (ISELIN, N.J.) introduced CATHCOR LX Desktop, the newest member of the CATHCOR LX family of cath lab information and recording systems. It's based on the Linux operating system.

Products with Linux Versions

• Akamba Corporation (LOS GATOS, Calif.) announced the release of its first product, the Velobahn Accelerator, an accelerator specifically designed to enhance the performance of Web servers.

• Coyote Point Systems (Santa Clara, CA) announced the release of Equalizer 5.0, a UDP-enabled version of its load balancing appliance that will work with WAP devices and serverless storage devices. Equalizer is based on FreeBSD.

• Dell (ROUND ROCK, Texas) introduced the PowerEdge 300, a new workgroup server. The PowerEdge 300 can be ordered with Red Hat Linux 7.

• Espial (OTTAWA) announced a new integrated business model to enable the rapid growth of the Pervasive Internet.

• FOCUS Enhancements, Inc. (WILMINGTON, Mass.) announced that the Cocom Group has released a new addition to their set-top box lineup, the Voyager 7.

• IBM (RESEARCH TRIANGLE PARK, NC) announced enhancements to WebSphere Transcoding Publisher Version 3.5, its software designed to translate Web content to a variety of handheld devices.

• ichat, inc. announced that the next generation of ROOMS, a chat room tool, is now in beta. ROOMS 5.0 will support Linux servers.

• Information Management Research, Inc. (Denver) unveiled AlchemyXML (AXML), a set of self-describing XML-based components that acquire, index, store, retrieve and present unstructured data for a complete e-business infrastructure.

• Integrated Research Ltd (SYDNEY, Australia) announced PROGNOSIS IP Telephony Manager, the latest addition to its systems and application management solution, PROGNOSIS.

• Macromedia, Inc. (NEW YORK) announced Macromedia Flash 5 Generator Studio, a complete solution for designing and automating high-impact Web sites. It is available for Red Hat Linux.

• MGI (NEW YORK, NY) introduced MGI ZOOM Image Server 4.0, a new imaging server platform.

• NEON Systems, Inc. (SUGAR LAND, Texas) announced that the NEON iCopy product, a next generation IMS database management tool, is now generally available.

• NETWORK HARMONi Inc. (SAN DIEGO) announced the HARMONi Suite, an all-in-one performance monitoring agent for instrumenting enterprise IT infrastructures.

• Professo (NEW YORK) introduced AppStreamer, an application service management platform. It is available initially for Red Hat Linux and Solaris.

• Strategic Concepts, Inc. (BENTONVILLE, Ark.) released Strategy5, its new street-level mapping interface. It is available for Red Hat servers with Windows clients.

• webwasher.com AG announced the launch of a new server-based enterprise version of its WebWasher intelligent Internet management software. It will support Linux clients.

Java Products

• NetDIVE (SAN FRANCISCO, CA) announced the release of WeMessage Portal 5.0, an instant messaging software based on a Java client/server architecture.

• worldweb.net, Inc. (NEW YORK) announced the launch of the beta version of its next-generation content management software, Expressroom I/O v2.0.

Books and Training

• Caldera Systems Inc. (OREM, Utah) announced that the first three courses for their OpenLinux Solution Series are complete. "Linux Essentials," "NDS on OpenLinux," and "Samba on OpenLinux" will be available by the end of October. Three additional courses will be available before the end of the year.

• Computer Associates International, Inc. (ISLANDIA, N.Y.) and Caldera Systems, Inc. announced an agreement to create and deliver instructor-led courses and computer-based and Web-enabled content as part of Caldera's OpenLinux Solutions Series.

• IDC (FRAMINGHAM, Mass.) says "Linux training in the United States alone could be a $311 million market by 2004".

• O'Reilly announced the release of both Java Performance Tuning, by Jack Shirazi, and Network Printing, by Matthew Gast & Todd Radermacher.

• Sams Publishing (Indianapolis, IN) announced several new Linux titles, including Red Hat Linux 7 Unleashed, Linux Programming Unleashed, Second Edition, as well as the release of Sams Teach Yourself Java 2 in 21 Days, Second Edition.

Partnerships

• AOL Europe, S.A. (LONDON & MADRID, Spain) and Banco Santander Central Hispano, S.A. announced a new joint venture to launch AOL-branded interactive services in Spain, including AOL Avant. AOL Avant is an appliance with 64 MB of RAM, 4Gb hard drive and a wireless keyboard with five "smart keys" to take the user directly to the web or content partners. The appliance will operate on a customized version of the Linux operating system.

• Baymountain, Inc. (RICHMOND, Va.) announced that eGrail, a next-generation content management software provider, has selected Baymountain as its first preferred hosting partner.

• Dialtone Internet, Inc. and Chili!Soft, Inc. (FORT LAUDERDALE, Fla., and BELLEVUE, Wash.) announced that henceforth, all new dedicated Linux servers and Cobalt RaQ server appliances will include Chili!Soft ASP as an integral part of Dialtone Internet's bundled hosting solutions.

• EdgeMatrix (HONG KONG) announced their partnership with Sun Wah Linux (SW Linux) to bundle their mobile Internet solutions in Hong Kong.

• Experts Exchange Inc. (SAN MATEO, Calif.) announced a new partnership with Zend Technologies, the leader in PHP (PHP: Hypertext Preprocessor) technology.

• NEC Electronics Inc. (SANTA CLARA, Calif.) and Luxxon Corporation have signed a strategic alliance agreement to develop streaming multimedia solutions for wireless internet devices. Support for Linux is planned.

• NeTraverse (AUSTIN, Texas) announced an authorized reseller program as part of the rollout of Win4Lin Desktop Version 2.0. The CD box set will be available in November, followed by a planned release of a server version in early 2001.

Investments and Acquisitions

• IBM (SOMERS, N.Y.) announced that it has acquired OpenOrders Inc., a provider of enterprise-scale order management and fulfillment software for e-commerce. OpenOrders' software is available in Linux versions. IBM will incorporate OpenOrders' technology into its' WebSphere Commerce Suite software.

• International Mercantile Corp. (BALTIMORE) has signed a Stock Exchange/Merger agreement with LinuxOne, Inc.

Financial Results

Applix, Inc. reported third quarter growth over last year due in part to increased customers and strategic partners, but still showed a larger loss from the same period.
• Ariel Corp. (CRANBURY, N.J.) reported net sales of $2,180,597 for the third quarter ended September 30.

• SCO (SANTA CRUZ, Calif.) announced the net loss for the fourth fiscal quarter was $10,162,000.

• Webb Interactive Services Inc. (DENVER) developers of Jabber.com, announced record financial results for the third quarter.

New Offices/Personnel

• Caldera Systems Inc. (OREM, Utah) announced the appointment of David Acheson as director of education. Acheson will be responsible for the globalization of Caldera OpenLearning.

• Covalent Technologies, Inc. (LONDON) announced three new additions to its management team; Mark Losh, Jim Zemlin and Scott Albro.

• Coventive Technologies (TAIPEI, Taiwan) a software company focused on custom Linux solutions for systems and embedded information appliance use, announced the appointment of Randy Tan to the position of chief executive officer.

• Eazel has hired Brian Croll, veteran Sun marketing directory, as their new vice president of marketing.

• PalmPalm Technology (Seoul, KOREA) opened an office in Japan. Key activities of PalmPalm Japan include providing Embedded Linux support services, and to deliver Embedded Linux solutions based on PalmPalm's Tynux OS to Japanese Internet appliance manufacturers.

• SuSE Linux amplified its presence in the French market by opening a sales and services office in the Greater Paris area.

• Tim O'Reilly, has joined the Board of Directors of Webb Interactive Services, Inc., owners of open source instant messaging provider Jabber.com.

Linux At Work

• Red Hat announced it was being used on the server side of 3Com's new Kerbango Internet Radio service. "'Our Web servers running on Red Hat Linux are currently experiencing an uptime of 308 days with roughly 99.9 percent availability worldwide,' said John Bryant, director of Internet development for 3Com's Internet Audio Division. 'We selected Red Hat because of its reliability and position in the Linux space. Its pre-made Linux packages and overall support of Linux development made it the obvious choice for us'."

• SimpleDeal Inc. (BOZEMAN, Mont.) announced the roll-out of the SimpleDeal Network, the automobile industry's first and only full-service, dealer-to-dealer auction host operating totally online. And its all on a Linux-based cluster system.

• Turbo