Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Donate to LWN
 LWN Supporters
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

To some, BeOpen seemed like a bit of an awkward fit. And it turns out that it was - On October 27, Guido sent out a new announcement stating that the PythonLabs team was moving again - this time to Digital Creations. The hope, clearly, is that the new home will work out better: "We trust that Digital Creations will provide a stable home for Python for many years."

What went wrong with BeOpen? Consider that the Python group consists of five top-level hackers (Guido, along with Tim Peters, Barry Warsaw, Jeremy Hylton, and Fred Drake); just keeping them supplied with pizza could be an expensive proposition, and payroll even more so. BeOpen would not commit itself to such a drain on its checkbook without having some idea of just how the Python team would bring in revenue to offset the expense.

That idea, according to a conversation we had with Guido, was to build an advertising-supported Python portal site. But that's a hard business and it didn't work out; neither did any of the other ideas that came up. Says Guido:

In the end the plan was that the PythonLabs team would do Python consulting to bring in revenue to fund the entire company. But even that didn't work, and they couldn't pay our salaries. At that point we figured we'd waited long enough for things to get better, and decided to cut our losses.

Digital Creations, of course, will have the same sorts of concerns; will things go more smoothly this time around? The view from the outside suggests that it should. We talked with Digital Creations CEO Paul Everitt about this move, and it became clear that the company has the potential to be a good match for the Python team.

Digital Creations, of course, is the home of Zope, the Python-based, open source web application server that has been on a growth path for the last couple years. Zope has derived great benefit from Python and the capabilities it provides. It is also true, however, that Python has benefitted from Zope, which was the "killer app" the language needed to push it further into the mainstream.

The business case for hosting the Python group seems clear. Digital Creations is a classic example of the value of branding. Anybody can set up a Zope-based site, but DC is the company that created Zope. They will be the first provider on anybody's list when they are thinking about Zope. That branding effort can only be helped by also having on board the people who created Python.

There is also the little fact that DC has a lot of Python programming that it needs to get done. The PythonLabs group will spend part of its time doing DC's work, which can include hacking directly on Zope. The rest of their time is to be spent doing whatever they think needs doing to push Python forward. According to Paul Everitt:

One of our strongest differentiators is time-to-market, and Python is core to our ability to deliver on that story.

At the same time, the PythonLabs guys have some extremely unique experience in some problem domains of importance to us. They'll clearly help us shave months off the time needed to get technology into the market, and the value of that is very important to our plans.

So having the Python group around clearly makes sense, even without Paul's last reason, which could justify hosting this group by itself: "Finally, we've bet the business on Python. We need to help secure its future and increase its success."

There was another important bit of news in Guido's note: a non-profit organization (the "Python Software Foundation") is being created to hold the copyrights to the core Python code. Python will not be owned by Digital Creations. This is a good move on Guido's part; as the acquisition of Ajuba Solutions (covered in last week's LWN weekly edition) shows, a company's priorities can change very quickly. Digital Creations looks pretty solid as it is, but having Python set up to thrive if things change makes a lot of sense.

(See also: Paul Everitt's ZopeNewbies posting on the move; LWN's interview with Paul and with Guido, which have more interesting information, the Ninth International Python Conference, which should be a most interesting event next March, and this reminder that papers for that conference are due by November 6).

Turbolinux Inc. files for IPO. The pace is picking up: Turbolinux announced on October 30 that it has filed for an initial public offering of stock. As usual, we've gone and taken a look at Turbolinux's IPO filing. The result is an interesting picture of a true Linux software company - there is no reliance on service plans or web portals in this plan. There's also some interesting information on just how Turbolinux parted ways with its founders, Cliff and Iris Miller. Have a look at our writeup for the full scoop.

It seems that the Linux IPO drought may finally be coming to an end. No Linux company has managed to go public since Caldera Systems squeezed in last March, and many that were expected to didn't even try. But now there are three Linux companies with IPOs outstanding: Lineo, LynuxWorks, and TurboLinux. Actually, there's four if you count Transmeta, which is currently due to hit the market on November 6 or 7. OK, five if you count Rackspace, which still does not have a date.

Of course, filing for an IPO and actually accomplishing one are two different things, as Lineo (which filed in May) can attest. It remains to be seen whether any of these companies actually get their stock out there. The markets are hostile, and quite a few investors may be a little worried about Linux stocks. But then, Linux is stronger than ever, and people (outside the Linux community) may be beginning to figure that out. If they come back to the Linux market with more realistic expectations, things should be better off all around.

U.K. Patent Office consultation on software patents. The U.K. Patent Office has put up a request for comments on how software (and business method) patents should be treated in the U.K. and Europe. There is also some interesting information to be found in there, including the fact that some 15% of all U.K. patents now are "software-based."

They seem truly interested. "We want to know what you think about this so that Government policy is evidence-based and relevant to business, commerce, and consumers - in other words to you. So, whether you are in the software industry, financial services, are a software user, a consumer, or are otherwise interested, we want to hear from you." The deadline for responses is December 15. (Thanks to Alan Cox).

Linuxcare ups and ... well, ups. The news out of San Francisco this week was the appointment of Art Tyde as CEO to Linux services company Linuxcare. Tyde was one of the original founders, along with David L. Sifry, Linuxcare's Chief Technology Officer, who talked with us about Linuxcare's future.

LWN: Linuxcare has shut down its European operation, which unfortunately means a lot of people are out of work. The company has also put Art Tyde in as CEO (replacing Fernand Sarrat who was let go in April) after a exhaustive search for a IPO-targeted "brand name" chief. Why?

Sifry: Why is Art CEO? It was a business decision. As a company we've been in a search for a CEO since April/May. Various search agencies were helping (including Christian and Timbers, who helped put [Carla] Fiorina in charge at HP) - we wanted the right person, someone who understands open source and Linuxcare, which has grown up out of the community. Someone who understands that philosophy and not be like a hardware company. An advocate for the customer who understands the culture, but then also understands business. Someone who can take a company from $1M to $10M, who can deal with investors and the public sector. We wanted a leader, a visionary - someone who can motivate the company. You can find people with one or two of these attributes, but seldom all three.

There was no lack of candidates, but we had a hard time finding the right person. After 6 months the board thought they had set their standards too high for a single person. They looked around the company itself and found those attributes in various people - in fact two people. The board was happier looking inside the company instead of outside - continuance of leadership instead of someone coming in with their own people.

The business was doing well - deals with HP, Motorola, $30M in venture, all without a CEO. This was a testament to the company's business being fundamentally strong. The board said "lets get creative". They made Art CEO - the visionary, the business type - and backed him up with Christian Paul as COO. Art has overall responsibility for the actions of the company. He's focusing his time with customers and partners, as well as providing leadership and vision to the troops. Chris is responsible for managing the day-to-day business operations of the company, such as finance.

We then looked at our business and where we were making our money. For now, the majority of money is being made in North America and Asia. We weren't making a lot in Europe. When the market was hot we hired on a bunch of people, but things settled out and the way the market looks the business was not coming from Europe. If we can't play to win - if we're not willing to invest in the infrastructure then we shouldn't be there. It had nothing to do with the people - they were some terrific developers. But it came down to a business sense - were we really focusing on core markets.

We fully expect to be back in Europe in force, but when we can focus on a market that exists (when it does). We realized we had overextended a little. As a company we play to win, if we're going to be in a market we want to be the dominant player.

LWN: So is this the end of the Venture Capital driven strategy? Are VC's still driving Linuxcare?

Sifry: VC are interested in results. They aren't particularly interested in the details. As a company, they want to know if we have focus. Do we have a position in the markets we're playing in where we are dominant? That's what VC's (and investors) ask. Linuxcare's board, which only has 2 VCs, includes such people as:

• John Drew - founder of INS, who sold to Lucent for several billion.
• Regis McKenna - Intel, Compaq, Apple marketing whiz
• Ted Schlein - general partner, Kleiner Perkins Caufield & Byers

LWN: Does the re-appointment of Art Tyde indicate that Linuxcare has a reduced interest in attracting investors? Have you had any negative feedback with Art's appointment?

Sifry: No negative feedback. He was already there, now it's just more permament.

LWN: Might the appointment indicate that the VC world is giving up on Linuxcare?

Sifry: We raised $30M earlier (in September I think), and we are hitting our numbers.

LWN: Will Linuxcare be seeking further investments in the near future?

Sifry: No current plans. We expect to be profitable by the end of next year.

LWN: What are the priorities for Linuxcare now? Where will the money be coming from? Has the business model changed?

Sifry: Revenue will come from services for open source software. We continue to see ourselves as scaling in more automated ways. Our focus will stay in professional services, with our knowledge base. You can expect more big announcements by the end of the year, but I can't give any details right now.

LWN: What lessons have been learned about how free software businesses should work with the investment community?

Sifry: We both have to learn a common language. We had to train our investors and board on what we do. Once they understood that and had their expectations correctly set it's been a smooth relationship. The need for a common language was key.

What they taught us was discipline and focus for the business. You have to be selective about what markets you target.

Summary: The closing of the European offices was unfortunate, but a definite sign that Linuxcare is refocusing to meet investor expectations and internal strengths. The company is slowly regaining its focus as a free software company, rather than an "IPO missile." Dave Sifry's summary suggests that things are on the right track: "I'm happier now than I've been in a year and half."

Inside this week's Linux Weekly News:

• Security: Lessons from Microsoft hack, Princeton reports on SDMI technology.
• Kernel: 2.4.0-test10; XML in the kernel; loadable modules patented?
• Distributions: Progeny Linux Beta, MaxOS, Slackware on Sparc, Nanix.
• Development:Qt/Embedded under GPL, Gnome UI team reorg, KDE multimedia, hypeware.
• Commerce: Investing in open source; OpenSales changes name; JYACC releases Open Source POSSL.
• Back page: Linux links, this week in Linux history, and letters to the editor

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

Security

News and Editorials

Lessons from the Microsoft network intrusion. By far the most notorious of security news this past week was the admission by Microsoft that their internal network had been compromised, the FBI called in to investigate and the source code to Microsoft Windows and/or other Microsoft products possibly accessed by the intruders. Below, we've listed a compendium of sites that have coverage on the issue, so feel free to glut yourself.

Most of the coverage has looked either at the mystery of who the intruders were, what their intent was, or the possible repercussion. For better or worse, though, these are all speculation; real answers will come later or possibly not at all. We'd like to focus, instead, on the lessons to be learned from this intrusion.

First and foremost, the clearest message we see is that "all bugs deserve to be fixed". We cannot resist pointing out this old, and infamous, interview with Bill Gates in which he states, "There are no significant bugs in our released software that any significant number of users want fixed". The largest "bug", in this case, has been the vulnerability of the various Microsoft operating systems to viruses and the unintended execution of suspect binaries. Rather than fix this fundamental flaw, Microsoft allowed and encouraged an entire industry built on "protecting people" from its impact. Unfortunately, the ease in which new viruses can be developed, or mutated from previous viruses, plus the reality of the amount of personnel resources needed to keep virus databases up-to-date and computers secured, makes a joke of the ostensible purpose of this industry.

The real purpose of the virus-protection software industry is to make money and they were given a wonderful business model for it -- a never-ending supply of new viruses, guaranteeing that people would have to pay money, again and again, in order to "get the latest protection". People didn't end up truly secure, just poorer. In the end, it is poetic justice that Microsoft itself should suffer for its choice. What user cares about having this bug fixed? In this case, Microsoft is one user that must wish this bug had been fixed. They are far from the only one.

Another lesson from this intrusion is the fallibility of the closed source security model. Time and time again, security experts in the Open Source community have warned that security which has not been exposed or scrutinized cannot be counted on. Now with the possibility that the Microsoft operating system code has been exposed, and exposed to people with a track record for exploiting security vulnerabilities, we're about to get a graphic lesson on the topic. Given the wide-spread use of Microsoft products, what country, what company, is not currently wondering what impact this will have on them. Many people believe there are back-doors in Microsoft products -- if there are and the source code has truly been exposed, they will be exploited.

If I were a foreign government, I would be strongly tempted to make an international incident of this intrusion, demanding immediate disclosure of the source code, so that everyone at least has an equal chance of finding security vulnerabilities and protecting themselves against them.

In the end, the final lesson: while access to the source code can't protect you from security problems, it is an essential first step towards security. You can't protect yourself without it.

Press Coverage:

• MSNBC (copy of original Wall Street Journal article, the initial news story).
• News.com
• Salon
• Slashdot (October 27th)
• Yahoo
• ZDNET (interesting to watch the PR spin):
  • Hackers burgle Microsoft source code (October 27th)
  • Could stolen Microsoft code lead to more security mishaps? (October 27th)
  • Ballmer says break-in 'not damaging' (October 27th)
  • Experts think MS hack was industrial espionage, says paper
  • MS hackers were watched, software safe (October 30th)
  • Mitnick: Something's fishy in Redmond

Princeton Team Cracks SDMI (Web Developer). The Secure Internet Programming team at Princeton chose to pick up the SDMI Challenge. As a result, they announced this week their defeat of the SDMI watermark technology, a critical part of SDMI's boasted security.

The Princeton team explained their decision to participate in the challenge in their FAQ, which is well worth a perusal. Here is one quote:

"Still, wouldn't it have been better for opponents of SDMI if you let SDMI go ahead and deploy a flawed technology, so music lovers could teach them a lesson by copying music despite the technology?

Of course not. This is scientific research: it is not our goal to engage in tactics such as tricking the industry into choosing a flawed system. Our goal is simply to analyze security systems and share our results openly with the scientific community.

Again, researchers who crack cryptosystems and security systems are not motivated by a desire to exploit these flaws later. They are merely subjecting systems to analysis, motivated instead by a desire to increase the existing body of knowledge about security systems.

Secondly, if the technology is cracked in deployment, rather than on the drawing board, everyone loses to some extent. The recording industry obviously, device manufacturers most certainly, but even opponents of SDMI. Even pirates! To an opponent of SDMI, even a broken, circumventable SDMI system is worse than no SDMI system at all. "

Princeton waived the potential reward in return for free disclosure of what they found. We can only hope that their work helps bridge the knowledge gap with proponents of SDMI.

Zero Knowledge marks Freedom milestone (Upside). Mike Shaver, Zero Knowledge's Chief Software Officer and well known Mozilla veteran, wanted to put an open source spin on the company's products. With the release of Freedom 2.0, they've made it official. "Freedom 2.0 is a software tool that lets users encrypt Internet communications and route those encrypted messages through a collection of independent servers which, in turn, add their own layers of encryption. Users who run the client on their desktop machines can use it to manage a collection of pseudonymous identities."

Tripwire Open Source, Linux Edition Now Available. Tripwire, Inc. has released Tripwire Open Source Linux Edition, a project being hosted on Sourceforge.

Interview with AES Winner (LinuxSecurity.com). Vincent Rijmen, co-author of the AES winning algorithm known as Rijndael, is interviewed by LinuxSecurity.com for his thoughts on the development of the Rijndael algorithm, its selection as the NIST algorithm of choice for AES, thoughts on Linux and security, and the future of Internet security. "Vincent Rijmen: ... I think there is an important challenge in making the distinction between complexity and security. Some people still believe that added complexity increases automatically security. This belief should be erased. We should keep on working towards secure and simple systems, that are as easy to understand for the people as a door lock, a sealed envelope, etc."

Security Reports

Samba 2.0.7 SWAT vulnerabilities. Multiple vulnerabilities in SWAT, the Samba Web Administration Tool, were reported this past week. They can be used to bruteforce username and passwords and, if logging is enabled, a race condition can be exploited locally to gain root access. Last, a denial-of-service attack can also be implemented. No fixes for this have been posted as of yet. Disabling SWAT, or restricting access to the service, is recommended.

nss_ldap race condition. Red Hat has reported a race condition in nss_ldap, a set of C library extensions which enable the use of X.500 and LDAP directory servers. Updated packages are provided. This problem will affect any Linux system using the nss_ldap package. No update from PADL Software, the official maintainer of nss_ldap, has been seen yet.

pam_mysql trusted input vulnerability. Pam_mysql, a pluggable authentication module used to authenticate users against a mysql database, uses the user-provided username and password to construct SQL statements. This can be exploited both locally and remotely to gain access to plaintext passwords/hashes or, with pam_mysql > 0.4, to gain an unauthorized login. Check the original advisory for additional details.

An upgrade to pam_mysql 0.4.7 will fix the problem.

bftpd buffer overflow. An exploitable buffer overflow was reported in bftpd 1.0.11. bftpd 1.0.12 has been released with a fix for this problem.

Multiple buffer overflows in tcpdump. FreeBSD discovered multiple buffer overflows in tcpdump 3.5 during an internal audit. They have released a patch to fix the problems.

Format string vulnerability in FreeBSD chpass utilities. FreeBSD reported a format string vulnerability which impacts multiple commands, including chfn, chpass, chsh, ypchfn, ypchpass, ypchsh, and passwd. Local root access can be obtained. They have released patches for the problem. Note that other BSD variants are likely affected; we do not know whether or not this code is shared with Linux.

dump-0.4b15 local root access. An input-trust vulnerability in dump-0.4b15 allows dump's environment variables to be used to gain local root access, according to this report on BugTraq. No patch for this has been released as of yet.

Red Hat cyrus-sasl advisory. Red Hat has released a security advisory for the cyrus-sasl packages shipped with Red Hat 7. Due to a bug, users who had been successfully authenticated were allowed to access resources that should have been blocked from them. Versions of cyrus-sasl shipped with earlier Red Hat Power Tools packages do not have the reported problem.

host 8.21 exploitable buffer overflow. An exploitable buffer overflow was apparently found and fixed in the host command some months ago, without announcement. host 8.21 has been verified as exploitable. No information on what version of host contains the fix for this is yet available.

lpr group permissions elevation. An IRC chat session reported vulnerabilities in lpr-0.50-4 and earlier which can be exploited locally to gain elevated permissions. In combination with a wu-ftpd install, it can be used to gain root. Note that newer versions of lpr are widely available, but you may want to check the version you are using.

Commercial products. There appears to have been a minor conspiracy to release advisories regarding security flaws in commercial products this week. The following commercial products were reported to contain vulnerabilities

• The HTTP service facility in the Cisco IOS can be crashed and forced to reload in reaction to a remote command. Cisco has acknowledged the problem and made fixes and workarounds available. Note that unofficial reports indicate the Catalyst 2820 units with ATM interfaces are also vulnerable, although the advisory indicates they are not. Cisco has confirmed and an updated advisory is promised.

• The Cisco Catalyst 3500 XL series switches are reported to allow execution of any command via the web interface without logging in. No response from Cisco has been posted yet.

• The Cisco Systems' Virtual Central Office 4000 (VCO/4K) is reported to be exploitable via SNMP, allowing an attacker to gain administrative access. No response from Cisco has been posted yet.

• iPlanet Web Server 4.x is vulnerable to a denial-of-service attack. No vendor fix or workaround is available, though the vendor was apparently notified multiple times as early as January, 2000. Netscape Enterprise Server 3.6sp3, fortunately, does not appear to be impacted.

• iPlanet CMS and Netscape Directory Server have been reported vulnerable to both local and remote exploits via two bugs. The first bug allows a classic directory transversal exploit, where unauthorized files outside the webserver root may be accessed. The second accesses the administrator password, not difficult, since it is stored in plain-text. Patches for iPlanet have been made available from the vendor.

• The Oracle Enterprise Server listener program is vulnerable to a remote attack from which server access and the ability to execute command can be gained. Oracle has made patches available for this problem.

• Trusted Systems' TIS Firewall Toolkit (FTWK) is reported to contain a format string vulnerability in their X Windows gateway which can be exploited, in some cases, to execute arbitrary code on the firewall. The vendor does not appear to have been notified in advance. Rick Murphy posted some comments on this vulnerability, including a promise of an unofficial patch for the problem.

• The Ultraseek Search engine is reported to be vulnerable to a denial-of-service attack. The vendor has made patches available.

• Unify's eWave ServletExec, a plug-in used with Apache and other webservers, is reportedly vulnerable to both a denial-of-service attack and unauthorized remote command execution. ServletExec version 3.0E has been made available to fix these problems.

• Allaire's JRun 3.0 is vulnerable to a denial-of-service attack. Allaire has acknowledged the problem and has released a patch.

• CGIScriptCenter's News Update 1.1 has been reported to contain a vulnerability whereby the news administration password can be changed without previous authentication.

Updates

Conectiva update to XFree86 vulnerabilities. Andreas Hasenack of Conectiva sent in this update regarding our report on XFree86 vulnerabilities last week:

Regarding your story on XFree86 vulnerabilities, we have released an update for one of the vulnerabilities (in Portuguese)[bugtraq #1235) for the CL 5.0 distro (others, where applicable, were also updated). That update was done at a time when we were not sending update notices to lwn.net nor bugtraq, but only to our own local lists (in pt_BR). The other XFree86 issues are being investigated and will be addressed soon.

Apache mod_rewrite vulnerabilty. Files outside of the document root can be accessed, if the mod_rewrite module for Apache is in use. For more details, check the October 5th LWN Security Summary.

This week's updates:

• Immunix
• Red Hat, Secure Web Server

• Caldera (October 12th)
• Conectiva (October 12th)
• Trustix (October 12th)
• Slackware (October 19th)
• Linux-Mandrake (October 19th) (OUTDATED!)
• Linux-Mandrake, updated advisory (October 26th)
• Red Hat (October 26th)

Pine buffer overflow vulnerability. An exploitable buffer overflow in Pine was reported to BugTraq in early October. The problem involves Pine's handling of incoming mail during an open session. Check the October 5th LWN Security Summary for the initial report. Note that the FreeBSD update below is the first one we've seen for this problem.

Also announced this week was pine 4.30, which, judging by the Changes, fixes this problem.

This week's updates:

• FreeBSD

ncurses buffer overflow. Check the October 12th LWN Security Summary for the initial report of this problem. Updates for this vulnerability continue to trickle in more slowly than usual.

This week's updates:

• SuSE

• Caldera (October 19th)

Boa webserver directory transveral vulnerability. Check the October 12th LWN Security Summary for more details. Boa 0.94.8.3 fixes this problem.

This week's updates:

• FreeBSD

• Debian (October 12th)
• Linux-Mandrake (October 12th)

NIS/ypbind format string vulnerability. A format string vulnerability in NIS/ypbind can be remotely exploited to run arbitrary code as root. An immediate upgrade is recommended. For more information, check the October 19th LWN Security Summary.

This week's updates:

• Caldera
• NetBSD
• Trustix

• Debian (October 19th)
• SuSE (October 19th)
• Linux-Mandrake (October 26th)
• Red Hat (October 26th)
• Immunix (October 26th)

GnuPG false signature verification. GnuPG fails to correctly validate multiple signatures in a file. Check the October 19th Security Summary for details. GnuPG 1.0.4 has been released and contains the fix for this problem. Anyone using GnuPG will want to upgrade their package as soon as possible.

This week's updates:

• Conectiva
• Trustix
• Kondara

• Caldera (October 26th)
• Red Hat (October 26th)
• Linux-Mandrake (October 26th)
• Immunix (October 26th)

Buffer overflows in ping. Multiple buffer overflows in Alexey Kuznetsov's ping were discussed October 19th.

This week's updates:

• Trustix
• Kondara

• Red Hat
• Immunix (October 26th)

GNU CFEngine format string vulnerability. Root access can be obtained on a local system by exploiting CFEngine's use of syslog and its related format string vulnerability. Check the October 5th LWN Security Summary for more details.

This week's updates:

• NetBSD

• SuSE (October 12th)
• Linux-Mandrake (October 19th)

Events

Upcoming security events.

Date	Event	Location
October 29-November 2, 2000.	SD 2000 (Software Development Conference)	Washington D.C., USA
November 1-3, 2000.	Compsec 2000	Westminster, London, U.K.
November 1-4, 2000.	7th ACM Conference on Computer and Communication Security	Athens, Greece.
November 3-5, 2000.	PhreakNIC v4.0	Nashville, TN, USA.
November 8, 2000.	Security Forum 2000	Vancouver, British Columbia, Canada.
November 13-15, 2000.	CSI 27th Annual Computer Security Conference and Exhibition	Chicago, IL, USA.
November 19-21, 2000.	Privacy by Design	Le Chateau Montebello, Quebec, Canada.
November 26-December 1, 2000	Computer Security 2000 and International Computer Security Day (DISC 2000)	Mexico City, Mexico
December 3-7, 2000.	Asiacrypt 2000	Kyoto, Japan.
December 3-8, 2000.	LISA 2000	New Orleans, LA, USA.
December 10-13, 2000.	INDOCRYPT 2000	Calcutta, India.
December 11-15, 2000.	16th Annual Computer Security Applications Conference	New Orleans, LA, USA.
December 20-21, 2000.	The Third International Workshop on Information Security	University of Wollongong, NSW, Australia.
December 27-29, 2000.	Chaos Communication Congress	Berlin, Germany.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

See also: last week's Kernel page.

Kernel development

Ok, test10-final is out there now. This has no _known_ bugs that I consider show-stoppers, for what it's worth.

And when I don't know of a bug, it doesn't exist. Let us rejoice. In traditional kernel naming tradition, this kernel hereby gets anointed as one of the "greased weasel" kernel series, one of the final steps in a stable release.

There has been the occasional objection that 2.4.0-test10 is not ready, but those have been very small in number. It looks like we're getting close.

The current stable kernel release is 2.2.17. The 2.2.18 prepatch is up to 2.2.18pre18. This one comes with more than the usual number of warnings, due to the deep nature of one of the fixes; if anybody has been burned, however, they are keeping very quiet about it.

Timpanogas Research Group appoints Andre Hedrick as CTO. The Timpanogas Research Group has announced the hiring of Andre Hedrick as CTO. Andre is best known as "the Linux IDE guy," the person in charge of the IDE disk subsystem.

LynuxWorks patents loadable modules? LynuxWorks recently filed for an IPO. The casual reader of the (2.5MB) IPO filing might easily have missed this little bit of interesting material:

We have developed a patented technology that enables LynxOS to be configured to leave out portions of the operating system not required for a given application, thereby reducing the amount of memory used. [...]

In addition, we have filed a patent that covers technology that allows the developer to extend the functionality of the LynxOS kernel without modifying the source code by adding modules for new functionality.

We have not yet succeeded in either finding the relevant patents in the database or getting patent numbers out of LynuxWorks. But from this description, it sure looks like the company is talking about loadable modules. Such modules, of course, are an important part of most Linux installations, and have been a feature of many operating systems for a very long time. It would be surprising if LynuxWorks had really come up with something new in this area.

As always, though, these patents are worrisome. It is getting harder to build a system without encountering more and more of them.

A new Linux IPv6 project. The USAGI Project announced its existence this week. USAGI stands for "UniverSAl playGround for Ipv6"; the project is digging into the Linux IPv6 stack with the intent of bringing it up to modern standards. That work includes bringing the code into compliance with a number of IPv6 RFC's, integrating IPSEC, and a bunch of other stuff.

The project's first release was also part of the announcement. It's based on 2.4.0-test9, and includes a number of enhancements and bug fixes to the standard IPv6 implementation. They have even made an IPv6 version of khttpd. Further releases are planned on a two-week schedule.

More information may be found on the linux-ipv6 web page. (Thanks to Per Harald Myrvang).

/proc in XML? A posting from somebody identified as "Joe" raised an intriguing idea: why not have the /proc filesystem return data in XML format? In this scheme, a file like /proc/meminfo would have lines like:

	<MemTotal>63036 KB</MemTotal>

	MemTotal:     63036 kB

On the downside, this would be yet another /proc format change that breaks applications. And all that XML boilerplate would bloat the kernel image a bit.

But the real reason why this change will never happen is that the vision for /proc is a bit different. The plan is to split apart /proc entries so that each contains a single value, replacing file formatting with a directory structure. There's no need or place for XML in such a scheme, and parsing problems mostly just go away. But it's a fun idea...

Other patches and updates released this week include:

• Gary Lawrence Murphy posted an updated call for participation in his KernelWiki collaborative documentation project. KernelWiki is coming along, a fair number of people have contributed material.

• SUBTERFUGUE 0.1.99 ("a foundation for building tools to do tracing, sandboxing, and many other things") was released by Mike Coleman; it was followed quickly by a bug-fix update.

• H. Peter Anvin announced a new policy for cryptographic software on kernel.org, in response to a further liberalization of U.S. crypto export policy.

• Jens Axboe released version 0.0.2d of his packet CD writing driver.

• A new user-mode Linux release was announced by Jeff Dike.

• Bartlomiej Zolnierkiewicz has released a backport of the 2.4 IDE patch.

• Andreas Gruenbacher posted a new version of his extended attributes proposal.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

News and Editorials

Progeny announced the first beta of its distribution on October 31. It's on the bleeding edge, being based on the unstable "woody" version of Debian. They have added some nice things, like hardware autodetection; in general making the Debian install a friendlier process seems to be a priority for Progeny.

Interestingly, you can not simply download the distribution itself; it is packaged as an upgrade to Debian 2.2. To install Progeny, simply make a one-line configuration file adjustment and run apt-get.

There will also be a formal beta testing program, with boxed sets being sent to the participants. Interested people should read the announcement and go fill out the application.

An interesting question is that of just how Progeny will keep its product unique. Proprietary software is anathema to the people involved; they will be giving all of their work back to Debian. So they may well push forward the state of the art, but Debian as a whole will follow them closely. The company must certainly have a plan in mind; it will be interesting to see it unfold.

Counting source lines of code. David A. Wheeler has posted a lengthy article in which he examines the amount of code present in a Red Hat 6.2 installation. He came up with over 17 million total source lines; a bit of number crunching leads him to conclude that this installation represents over 4500 person-years of development effort, with a value of some $600  million. Check out the paper for more, including a description of his methodology.

Distribution reviews

Making Linux Work in the Workplace: Installing Linux Mandrake (Linux Orbit). A brief look at installing Linux Mandrake vs Microsoft NT, this article from Linux Orbit is well written if not exactly detailed. "The Linux Mandrake 7.1 installation program, like most other top-notch Open Source software, is generally an almost-ready-for-prime-time product. It definitely has the eye candy factor to its advantage, it has tons of options, and great features (the progress stars, notably). Aside from problems configuring X, the installation can be buggy, as it will sometimes install items that had not been selected, or worse, it will not install items that had been selected."

The Virtues of MaxOS (TechRepublic). TechRepublic has an in depth interview with Dexter Dombro and Donald Warman, the creators of yet another Linux Distribution - MaxOS. "The other thing we set out to do was deliberately exclude any GNOME, because of the instability problems. Every single application and utility we have on our desktop we know is stable. And at the same time, all the resources you could possibly ask for are in there. So whether you're a developer or gamer or somebody who wants to run a network, you'll still have Apache, and you'll have Kdeveloper."

VMWare is also included as a 30 day trial package. The Alta Terra team focused on ex-Microsoft users: "So we have something like My Computer. It says Max Computer, and you go in there and it shows you a C: drive and an A: drive, and things like that, and we've created a Control Panel setting for people so that they're not immediately wondering 'Well, what do I do with the console?'"

The article is in two parts (Part 1, Part 2). While no contact or URL information is provided, LWN already had MaxOS (skipping the Flash introductory page) listed on the Weekly Distributions Page.

New Distributions

Nanix. Another of the embedded class Linux distributions hit the streets this week: Nanix, from Charmed Technologies. Charmed is a company focused on wireless (and apparently wearable) computing. According to the website,

NANIX[tm] is a Linux-based operating system distribution optimized for small wireless Internet devices. Support will be included for power management, wireless connectivity (802.11, IRDA, Bluetooth), and non-conventional input/output such as handheld keyboards, voice-recognition, head mounted displays, and palm-sized LCD monitors.

General-Purpose Distributions

Black Lab Linux to be shown at SC2000. Terra Soft Solutions will be demonstrating CSP, Inc's. high-density, multiple G4 processor Fast Cluster as well as a 6 node, Apple G4 cluster running Black Lab Linux at the Super Computing 2000 show in Dallas, Texas from November 7th to the 9th.

Caldera ratings and awards. Caldera Systems Inc. (OREM, Utah) reported that OpenLinux was given the highest rating in VARBusiness' 2000 Annual Report Card.
Caldera Systems also announced that OpenLinux eDesktop 2.4 received the CNET "Editors' Choice" Award.

Debian gets a search engine. Visitors to the Debian web site have long been frustrated by the lack of a working search engine. No longer, however; the Debian Project has announced that UdmSearch will be used as the search engine on the site. It is up and running now.

Linux-Mandrake News: 7.2 released and OpenOffice RPMS.. Linux-Mandrake 7.2 (aka Odyssey) has been released. This release includes the ViaVoice voice recognition software and the latest GNOME 1.2 release.

Linux-Mandrake also sent word of the availability of the OpenOffice RPMS. They claim to be (to their knowledge) the first company to publish such a package. "It feels good to know that all this code REALLY compiles on Linux box. FYI, it took Frederic ca. 1 week of work to get it all compiled, so it really wasn't trivial..."

SuSE News: KDE 2.0 and S/390 support. SuSE Linux this week announced the availability for download of the latest version of the Linux desktop KDE and the forthcoming release of an update package for KDE 2.0.

SuSE also rolled out the big iron this week, announcing support for IBM S/390 servers.

Rumor mill: Slackware goes Sparc. Slashdot had quite a bit of activity around a rumor that Slackware had released a version of their distribution for the Sparc. The supplied URL to the supposed distribution took visitors to an FTP repository of the Slackware packaging tool, protopkg. No sign of the supposed Sparc port could be found at that site.

A number of posters to the discussion thread wondered if Slackware was responding to Red Hat's decision to drop Sparc support. However, this also turned out to be a rumor as Red Hat has not officially dropped support for Sparc. They simply didn't release a version of Red Hat 7 for that platform.

One Slashdot poster noted that the Slackware distribution actually did exist but the announcement regarding its availability was meant for Slackware developers only and that the distribution was available only via an rsync download. Attempts to contact Patrick Volkerding directly to confirm this possibility - and the existence of the Slackware Sparc port - were not successful.

Embedded Distributions

Lineo ports to IDT's RC32334 integrated processor. Lineo has ported their Linux product, Embedix, to the IDT RC32334 integrated processor, a MIPS based CPU with an on-chip PCI bus.

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

See also: last week's Development page.

Development projects

Browsers

Mozilla Chameleon Theme Builder makes progress. Progress is being made on the Mozilla Chameleon Theme Builder, a tool that is used for customizing the appearance of your browser screen. The screenshots of Chameleon look pretty interesting.

Databases

Oracle could face a Linux-like threat (CBS). CBS MarketWatch's Mike Tarsala discusses the threat of open-source databases on proprietary database companies. "'Databases have been overpriced for a long time,' said Michael Widenius, founder of MySQL, the most widely used open-source database. 'The bigger market we get, the more the commercial database companies don't get. Their profit returns are going to decrease rapidly.'"

Documentation

Linux Documentation Project updates. The LDP has received a slew of updates since the last time we reported on them. A stronger emphasis is being placed on categorizing and maintaining documents, and a summit was held to talk about future directions for the project.

Embedded Systems

Embedded Linux Newsletter (Linux Devices). The latest edition of the Embedded Linux Newsletter has been posted. Included is a feature article on the RedBoot open source BIOS, and profiles of several embedded devices. Check it out for news from the Embedded Linux world.

Trolltech to Add GPL Licensing to Qt/Embedded. Trolltech announced that the current version of Qt/Embedded will be licensed under the GNU General Public License (GPL) and also a commercial license. Linux Devices has a related article that discusses Qt/Embedded. "Thanks to application program interface (API) commonality between Qt/Unix and Qt/Embedded, Linux programs can easily be recompiled to run on embedded systems, making a large number of programs immediately available to newly developed embedded devices."

Interoperability

Wine 20001026 snapshot available. A new snapshot of Wine, dated October 26, 2000 has been announced. Visit the download site for your copy. This version includes many bug fixes, exec support from DOS mode, and header fixes for Winelib compiles.

Office Applications

Eazel Will Influence Re-vamped GNOME Interface Team (LinuxToday). LinuxToday covers the recent UI team reorganization over at GNOME. "Currently the team at Eazel is busy with the upcoming Nautilus release, but the efforts should be fully blended. While Eazel is currently focused on Nautilus, other people can look at other applications in the whole GNOME desktop and contribute to each application," [GNOME leader Miguel de Icaza] said.

What's New with GnuCash (LinuxNews.com). LinuxNews.com talks with GnuCash hacker Rob Browning. "'Right now we have four full-time developers, and we're about to hire a few more,' he said, attributing the growth of the staff--and the project--to financial backing from Gnumatic Incorporated, announced August 14, 2000."

Gimp 1.1.29 released. Release 1.1.29 of the Gimp is now available, this version is a release candidate for stable version 1.2, bug reports are requested should you find anything amiss.

On the Desktop

Candidates for GNOME Foundation Elections Announced. The candidates for the first GNOME Foundation board of directors election have been announced. The list includes a number of prominent names (de Icaza, Gettys, Levien, Pennington, Perens, Mena Quintero), but there are many other interesting candidates as well. There's still time - barely - to register to vote if you've contributed to the GNOME project. Eleven of the 33 candidates will be elected.

GNOME Documentation Project Status Report #3. The third GDP Status Report was just released. "Nautilus is getting even better at rendering SGML documents, ScrollKeeper is quickly approaching its first beta release, a bunch of new people have joined the GDP and started writing various documents, a solution to licensing issues has been found, a number of documents have recently been finished, more Sun contributors have trickled in and quietly started working, a GNOME style guide is slowly being prepared for discussion on the mailing list, and more."

New Plans for KDE Multimedia (KDE Dot News). A draft proposal concerning the update of KDE multimedia applications and infrastructure has been placed online. While "multimedia" seems to mean many things to many people, this proposal appears to be aimed mainly at audio issues.

People Behind KDE: Reginald Stadlbauer (KDE Dot News). This week The People Behind KDE interviews Reginald Stadlbauer, the programmer originally behind such things as KPresenter and KWord. "I posted to the KDE lists that I would write a PowerPoint clone. As I was new to C++ and Qt/KDE, nobody took me seriously."

KDE 2.0 Developer book online (Andamooka). A KDE 2.0 book for developers is scheduled for a November release both in print and online versions. The book is being published under an open content license.

Linux Mandrake KDE2 tutorial. Linux Mandrake has published an online beginner's tutorial for KDE 2.0 The tutorial provides a nice overview of KDE2 for beginners and is a good way to view the capabilities and features of KDE2.

Science

Will free software come to the rescue of the UK's health service? (ZDNet). ZDNet's UK division has an article that discusses the advantages of using open-source software in the British health service. "'Free software concepts make particular sense in medicine,' says Dr Douglas Carnall, associate editor of the Journal. 'Once a customer is "locked into" proprietary software, its makers can demand premium prices, safe in the knowledge that the client would find it even more expensive to change. Much better instead to invest time on a system licensed under the General Public License that will always be free,' he says."

Web-site Development

Zope Weekly News for November 1, 2000. The late breaking November 1 edition of the Zope Weekly News has been published. News includes the addition of the Python Labs group to Zope, progress on the Write Locking and HiperDom projects, and several new proposals.

Zope Weekly News for October 25, 2000. The October 25 edition of the Zope Weekly News is also available. The status reports of various Zope projects are featured. Michel Pelletier and Amos Latteier have published an alpha release of their upcoming Zope book and are interested in feedback. "Documentation has been an albatross for Zope for a long time and this book is a huge opportunity to rectify that - please do your part in making it the best it can be by taking an early look and contributing your thoughts or concerns!"

MoinMoin release 0.4. Release 0.4 of the MoinMoin collaborative hypertext environment has been announced. MoinMoin is a Python based clone of a WikiWikiWeb system.

Section Editor: Forrest Cook

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Programming Languages

Erlang

Erlang R7B available as rpm. An RPM packaged version of Erlang version R7B has been made available by Goeff Wong. If you are interested in getting Erlang on your system, this should be a quick route.

Perl

Larry Wall gives ALS Keynote. Larry Wall gave a keynote at the Atlanta Linux Showcase in which he discussed his current thinking on the state of Perl. An MP3 version of the talk is available as are the slides and the full text.

Simpleware vs hypeware - Why PERL isn't dead yet (CNET). Srikant Sreenivasan has written an interesting article that discusses the pitfalls of moving code from older, more stable languages to trendy new languages. "Don't get me wrong. I'm no frenzied zealot of an anti new languages or technologies movement. My only passion is technology. But I really see that all these so called new languages are not enhancing my productivity as a developer nor giving me any major benefits in a production environment." This article is worth reading even if you aren't working with Perl.

University of Perl Day 1.3 (Use Perl). Nathan Torkington has published Day 1.3 in his continuing series of journals from the traveling University of Perl classes. Check it out for a glimpse into the world of Perl culture.

PHP

PHP Weekly Summary for October 30, 2000. The October 30, 2000 edition of the PHP Weekly Summary is out. News includes Apache 2.0 support, and work on serializing references. A new feature wish list has been included as well.

Python

This week's Python-URL. Here is Dr. Dobb's Python-URL for November 1 with the latest in python development news, including Guido's announcement of the PythonLabs move and some discussions on locking mechanisms.

Call for Papers: Ninth Python Conference. November 6, 2000 is the deadline for submitting papers for the Ninth Python Conference which will be held from March 5 through 8, 2001 in Long Beach, California.

Python-dev summary, October 17-31, 2000. The October 17-31 issue of the Pythondev summary is out. Included are discussions of the Python team's migration to Digital Creations, and questions about the future of Python and Tcl/tk.

Tcl/tk

This week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for October 30 with the latest in Tcl development news, including a look at the acquisition of Ajuba Solutions and whether [incr Tcl] should be part of the core distribution.

XML

XML Matters #4 (IBM developerWorks). David Mertz has put together the fourth article in his series on XML Matters. He discusses the use of the DocBook XML dialect for pulling many document formats into a single standard XML format.

The XML Elements of Style (O'Reilly). O'Reilly author Steve Muench presents his own Elements of Style (ala Strunk and White) in this article on the rules for creating a well-formed XML document. "The first, outermost element in an XML document is called the document element because its name announces what kind of document it is--<FAQ-List>, <Book>, <Transaction>, <TrackingStatus>, etc. You must have only one document element per document."

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

Investing in Open Source. Here are a couple of companies that have found new investors. EBIZ, Inc. has acquired an equity investment from the Canopy group. EBIZ is the parent company of several Linux/open source related web sites, including TheLinuxStore.com and the recently acquired LinuxMall.com. The announcement states that the investment is for 2.5 million shares of EBIZ and creates $2.5 million in cash for the company. The investment will be used for debt reduction and future growth.

BSDi announced that they have received a $5 million strategic investment from Livin' On The Edge (The Edge), a Japanese Internet solutions provider. It seems The Edge uses FreeBSD extensively, and the company intends to work closely with BSDi to ensure the ongoing development and commercial viability of the BSD platform. BSDi will use the proceeds from the investment to continue to develop and market advanced BSD operating systems and its iXtreme Series line of Internet server computing systems and to provide ongoing backing for the FreeBSD Project.

OpenSales changes name, expands services. San Mateo-based OpenSales announced a name change - to Zelerate. The Zelerate AllCommerce e-business application suite is licensed under the GPL. Zelerate plans a December launch of an open source warehouse management system, which will also be licensed under the GPL. The company has also expanded its consulting services.

JYACC releases Open Source POSSL. A company called JYACC, Inc. announced the availability of the source code for its POSSL (Panther Open Source Software for Linux) technology and the establishment of a new open source online community at possl.org. POSSL is an enterprise application development environment that simplifies the building of transactional, component-based Web applications. CollabNet is providing its SourceCast environment as the infrastructure for the possl.org community site. POSSL's source code license is modeled after the BSD license.

Caldera releases Volution to beta. Caldera Systems Inc. announced Caldera Volution (Volution). Volution is a browser- and directory-based management product for Linux systems that utilizes the inherent strengths of LDAP directories. Formerly known by its internal codename "Cosmos", Volution is currently in open beta.

EFI Announces Fiery X3 Server, Minolta copier support. We noticed that EFI (Electronics for Imaging), a fairly well known printer solutions company, has released a new server for use with a large range of Minolta copiers in a networked environment. While the announcement doesn't stress the point, hidden inside is the part we wanted to hear: "Regardless of the size of most files, the Linux-based Fiery X3 Pi5500 drives the Di550 and Di450 at their full-rated speeds for greater overall throughput." Linux, it seems, does copiers too.

Indrema Offers Alternative to Hard-to-Find PlayStation2. Indrema has put out a humorous press release with ten reasons why people should buy its game console instead of the competition. "#2: Xbox says: 'We are Microsoft. Resistance is futile.' Indrema says: 'We are Open Source. Viva la resistance!'"

Press Releases:

Open Source Products

• Akopia (RESTON, Va.) announced the release of Interchange 4.6, "software that increases efficiency, improves productivity and simplifies the management of e-commerce."

• NuSphere (BEDFORD, Mass.) announced that it is partnering with the MySQL open source database community to develop a row-level locking capability for the MySQL database. Code-named "Gemini," this project will be part of MySQL Version 4, targeted for release in the spring of 2001.

Commercial Products for Linux

• Axis Communications (LUND, Sweden) announced an embedded system platform intended for running a native Linux environment. At the heart of this platform is the ETRAX 100LX, a newly optimized systems-on-a-chip processor appropriate for a wide range of networking and embedded applications.

• Computer Associates International, Inc. (ISLANDIA, N.Y.) announced the availability of ARCserve 7 for Linux, an automated, native data protection solution for Linux environments.

• Force Computers (SAN JOSE, Calif.) announced it will support the Linux operating system on its DECtalk Text-To-Speech (TTS) speech synthesis technology for StrongARM and Intel processor-based wireless devices.

• Intel Corporation's Dialogic subsidiary (MIAMI) announced that its broad range of CompactPCI (cPCI) building block products will now include full support for the Linux operating system.

• Linux2order.com (PROVO, UTAH) launched Priority Download, designed to provide users with access to all of its software, at download speeds up to 110Kbps.

• Macro 4 (Parsippany, NJ) launched its UniQPrint solution for Linux on the S/390.

• Metro Link Inc. (FORT LAUDERDALE, Fla.) is porting its X Window System products for use on Intel's IA-64 Itanium processor. This software will be ported to the IA-64 Linux and Monterey operating systems initially.

• MigraTEC, Inc. (DALLAS & AUSTIN, Texas) announced that the company has established the MigraTEC Migration Center to assist enterprises in porting applications to Intel's 64-bit Itanium processor platform.

• PartnerAxis (OREM, Utah), a wholly owned subsidiary of EBIZ Enterprises Inc., announced the availability of channel consulting services that are designed to help manufacturers and solutions providers take their products and services into the Linux channel.

• PortalSphere Inc. (OTTAWA) showcased its eSolutions at Linux Expo Toronto, including MyGOLFportal.com, a reservation system and MyCRMportal.com a suite of e-business products.

• Professo (New York) announced the release of AppStreamer, an application service management platform for ISPs and other businesses offering Internet and ecommerce services. AppStreamer runs on Red Hat Linux version 6.2 and Solaris 2.5.1 operating systems.

Products Using Linux

• Applied Data Systems (Columbia, Maryland) introduced the Tandem*, a two-headed single board computer system designed for multi-user applications and it runs Linux.

• Lineo, Inc. and IDT, Inc. (LINDON, Utah) announced the availability of Lineo's Embedix on IDT's RC32334 integrated processor, featuring a 32-bit MIPS instruction set architecture (ISA).

Products with Linux Versions

• Applied Information Systems (CHAPEL HILL, N.C.) announced that it has released version 5.0 of the XESS spreadsheet products. This includes the XESS spreadsheet, the xsBasic Macro Option, and the XESS Software Developers Kit (SDK).

• Bristol Technology, Inc. (DANBURY, Conn.) announced a new release of their cross-platform software, Wind/U.

• Command Software Systems Inc. (JUPITER, Fla.) introduced "Command On Demand," an online instant virus scanning and disinfection service for ISPs, ASPs and Web portals.

• ELSA GLADIAC has begun shipping the GLADIAC Ultra card. Based on the GeForce2 Ultra from NVIDIA and packing 64MB of DDR memory, it apparently will come with Linux drivers in the retail packaging.

• Inovie Software (SAN DIEGO) announced the availability of TeamCenter 4.0, an e-Workplace for managing complex, collaborative business endeavors.

• The iSpark Group (FORT WORTH, Texas) introduced BillMax Version 1.5.3, a turnkey billing application.

• Loki Software, Inc. and QERadiant.com released GtkRadiant 1.1 beta for Linux and Win32. GtkRadiant is a cross-platform version of the Quake III Arena level editor Q3Radiant.

• NetObjects, Inc. (REDWOOD CITY, Calif.) announced NetObjects Matrix, an integrated suite of online services for small businesses.

• Rainfinity (SAN JOSE, Calif.) introduced the first in a family of software modules for its RainFront multifunction platform: RainWall 2.0 for firewall high availability, and RainSLB 2.0 for server load balancing.

• Stonesoft Corporation (HELSINKI, Finland and ATLANTA) announced its vision for the Highly Available Enterprise and its strategic corporate initiatives designed to focus on emerging customer trends in the global eBusiness market.

• Swedish Xpedio and Japanese Access (STOCKHOLM, Sweden) formed a partnership to develop and market solutions for mobile Internet based on the cHTML format.

• TGS (SAN DIEGO, CA) announces the release and immediate availability of Amira Standard Edition and Amira Developer Edition version 2.2. Amira is an end-user visualization software tool for dynamic data.

• WARP Solutions, Inc. (NEW YORK) launched the WARP Performance Suite, initially consisting of WARP Intelligent Content Distributor, WARP Global Load Balancer and WARP Load Balancer.

Java Products

• NetDIVE (SAN FRANCISCO, CA) announced WeMessage Portal 5.0, an instant messaging software based on a Java client/server architecture.

• worldweb.net, Inc. (NEW YORK, NY) announced the launch of the beta version of its next-generation content management software, Expressroom I/O v2.0.

Books and Training

• NuSphere (BEDFORD, Mass.) announced that it will host Polycon's MySQL open source database training seminar from November 13- 17 at the NuSphere corporate office in Bedford, Mass.

Partnerships

• 1mage Software, Inc. (ENGLEWOOD, Colo.) and Omaha, Neb.-based Custom Computing Corporation jointly announced the formation of a strategic alliance to provide integrated document management (IDM) software to the insurance claims management industry. CCC will operate 1MAGE on a Linux platform.

• Coventive Technologies(SAN JOSE, Calif.) and Metro Link announced the formation of a strategic partnership that will combine Coventive's embedded Linux operating system kernel and Metro Link's graphic display technology to create a complete embedded Linux solution for Information Appliance (IA) manufacturers.

• Infoteria Corporation (BOSTON, and TOKYO) partnered with Digital Design Inc. to deliver an appliance available for accessing business-to-business (B2B) electronic marketplaces/exchanges. Infoteria provided XML software and Digital Design provided Linux-based hardware.

• Lutris Technologies Inc. (SANTA CRUZ, Calif. & TOKYO) announced an agreement with NECSoft Ltd. to distribute Lutris Enhydra, a commercially-supported Open Source Application Server, to the Japanese and Asian markets.

• MaximumLinux.com (BRISBANE, Calif.) has signed gaming Website Evil3D.net to become part of its growing affiliate network.

• MMC Networks (WASHINGTON) and MontaVista Software, Inc. announced a joint public demonstration of a high-speed Internet Protocol (IP) router reference design based completely on off-the-shelf network processing hardware and Linux-based software.

• OEone Corporation (Toronto, ON) and Tatung Co. of Canada Inc. announced that they have entered into a joint agreement to bring fully-integrated, Linux-based Internet Computer solutions to leading OEM customers.

• Point of Sale Limited (RA'ANANA, Israel) announced that it has finalized an agreement to provide TESCO PLC with key components of the web-based application software that powers Point of Sale's recent global Application Service Provider (ASP) initiative. The agreement also includes a corporate license for Point of Sale's soon to-be-released checkout system that runs on the Linux operating system.

• Red Hat (RESEARCH TRIANGLE PARK, N.C.) announced that it is working with Square D Company to design next generation, Internet-based power management solutions built on Red Hat Embedded Linux.

• Sendmail, Inc. (EMERYVILLE, Calif.) announced a global alliance agreement with EDS. Through the partnership, EDS will integrate its consulting services with Sendmail, Inc.'s Internet message routing and hosting technology.

• TurboLinux and VERITAS are partnering to include the VERITAS NetBackup Client with TurboLinux Workstation 6.1.

Financial Results

• internet.com (NEW YORK) reported record results for the quarter ended September 30, 2000.

Personnel/New Offices

• TimeSys Corporation (PITTSBURGH) launched TimeSys India Private Limited in the southern city of Coimbatore. TimeSys's technologies include TimeSys Linux/RT.

• Tucows Inc. (NEW YORK) announced that Robert F. Young, Co-Founder and Chairman of Red Hat, has been appointed to its board of directors. Tucows is LWN's parent company.

Linux At Work

• Blackstone Technology Group (WORCESTER, Mass.) announced that it will build a large-scale, Linux on Intel based, distributed computing solution for Biogen.

• Demon Server Hosting (UK) is using Linux on Cobalt RaQ 3i servers.

• MSC.Software Corporation (LOS ANGELES & COSTA MESA, Calif.) announced the delivery of a Linux cluster system to Dana Corporation's Spicer Light Vehicle Axle Group. The MSC.Software turnkey solution was based on Intel processors in Hewlett-Packard systems and included the company's simulation software.

• Oingo Inc. (LOS ANGELES) launched the second version of its domain name suggestion product, DomainSense 2.0, which uses Linux-clustered server farms to deliver millions of domain search results per day.

• Turbolinux, Inc. (SAN FRANCISCO) announced that Birkenstock.com is using Turbolinux Cluster Server 6 to cluster the Web application and database servers for its booming online store.

• Viata Online (HONOLULU, HI) is developing Linux-based internet solutions for the travel industry.

• Virtual Press Office, Inc. (SAN DIEGO) has selected BakBone Software's NetVault storage management software for Linux.

Other

• iMimic Networking Inc. (HOUSTON) announced that its DataReactor Core technology delivered the best combination of price/ performance, in the 3rd Web Cache-off. iMimic DataReactor Core supports both FreeBSD and Linux operating systems and runs on Intel x86 and Compaq Alpha.

• The Linux Professional Institute (LPI) released LPI News for October 24th, 2000.

• The Object Management Group (Needham, MA) announced that LogOn Technology Transfer GmbH has an expanded role as international representative to include all of continental Europe. LogOn produces trade shows, including the Linux@work European Days.

• Zona Research, Inc. (REDWOOD CITY, Calif.) announced its latest Zona Market Report, The New Religion: Linux and Open Source.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Triumph of the free-software will (Salon). The spirit of the open source world runs the gamut of emotion, from short chastising to verbal battery to praise and worship. Andrew Leonard takes a deeper look at himself and the movement in this Salon piece: "Accusations of betrayal cut pretty deep. And yet, even as I wince every time I check my mail, I am paradoxically heartened by the anger. I originally became obsessed with covering the free-software movement because I was fascinated by the passion that motivated so many free-software developers or advocates. The severity of their response to my article proved to me, once again, that I was playing with a fascinating holy fire."

Companies

Red Hat boss joins Tucows board. The word is out: this story in the National Post covers the appointment of Red Hat founder Bob Young to the Tucows board of directors. "Mr. Young has earned a reputation as a pioneer and respected activist in the Open Source and Linux communities. Because of that he will bring an additional degree of legitimacy and notoriety to Tucows, known to most consumers as a repository of popular software programs." Tucows is, of course, LWN's parent company. (Thanks to Gary Lawrence Murphy).

Riding on the open-source wagon (ZDNet). ZDNet looks at how e-commerce players Akopia and Zelerate (formerly OpenSales) are dealing with an open source business model. "There's no question that commercial versions of applications that are built in adherence to open-source development procedures are proliferating. To qualify as a true open-source product, software is expected to be licensed under the GNU General Public License. Any changes made to the base source code by vendors, service providers, and/or customers must be returned to the developer community."

Covalent mixes proprietary and open source software (Upside)