Other stuff:
Daily Updates
Calendar
Linux Stocks Page
Book reviews
Penguin Gallery

Contact us
Archives/search
Use LWN headlines

Recent features:
-RMS Interview
-2001 Timeline
-O'Reilly Open Source Conference
-OLS 2001
-Ga�l Duval
-Kernel Summit
-Singapore Linux Conference
-djbdns

Here is thepermanent site for this page.

Leading items and editorials

Talk about open documentation. O'Reilly and Associates has set upan online forum todiscuss the best way to go about creating open documents. There are a lotof issues involved in the creation of such documents, including"...quality control, Internet-time release schedules, the big-picturethinking required to keep the book's balance and structure strong duringupdates, risks and benefits of forking, adequate compensation for writersand publishers, dealing with the natural tendency to want to hide work inprogress with competitive publishers..."

This forum, as of this writing, has only seen about a dozen postings. It'stime to get some more people involved. Free documentation for our freeoperating system has come a long way in the last year. Consider, forexample, how much richer we are for having access to:

• Gimp: The Official Handbook
• Using Samba
• GTK+/GNOME Application Development

Free documentation is just as important as free software, and we have alltoo little of it. The process of producing free documentation is differentfrom that which creates software. While free software developers have awhole set of tools, procedures, licenses, and experience to work with,those who would produce documentation on the same scale are still blazingthe trail.

If you would like to see more free, high-quality documentation like thebooks listed above, please consider helping out the process somewhat. Headon over to the O'Reilly forum, think about the issues, and contribute yourthoughts to the cause.

DVDCA and the Big Lie. Eric Raymond writes aboutDVDCA and the Big Lie - a look at how the DVD ControlAssociation is trying to obscure the real issues in the whole DeCSS affair."One can almost pity DVDCA. Like the feeble minds behind the misnamed'Communications Decency Act' in 1996 and the NSA's key-escrow power grabback in 1994-95, they're about to find out what happens when you try tostep on the Internet community's liberty."

We have gotten some mail contesting Eric's claim that it is not necessaryto decrypt DVDs to be able to make illegal copies. In fact, as documentedinthis IEEESpectrum article, a number of steps have been taken to make bit-for-bitcopying of DVDs hard - including prerecording sections of blank disks sothat the encryption key can not be copied onto them.

None of that changes the fundamental point, though: pirates determined tomake illegal DVD copies will be able to do so without any need for theDeCSS software. Subverting a (hardware or software) player to get a clearbit stream, or finding a source of non-prerecorded disks are both entirelyviable approaches. Trying to protect bits that are in the hands of usersis a losing battle.

And the simple fact is that the writers of the DeCSS code had no interestin pirating disks. Users of DeCSS also have no interest in pirating disks.They simply want to play their (legally purchased) disks on their Linuxsystems. The DVD industry has gone to battle against its own customers.

The DVD case as a test of shrink-wrap licensing. LWN is pleased torunthis feature article from NathanMyers on the DVD case. Nathan has noted an interesting aspect of thiscase: it's likely to be the first court test of "shrink wrap" licenses.There is a definite possibility that shrink-wrap licenses could be held tobe non-binding.

Should the court rule on the validity of these licenses, it will beinteresting to consider how free software licenses differ legally - if atall - from the commercial shrink-wrap variety. This topic and shrink-wraplicensing in general are also discussed inthis week's Letters to the Editorsection.

One last DVD item:The Great International DVD Source Code DistributionContest has beenannounced by DonMarti. Don and company are looking for the most imaginative and effectiveways to get the DeCSS code distributed throughout the world. The prizewill be, of course, movies on DVD...

More information on the whole DVD issue can be found atOpenDVD.org.

LWN 1999 Linux Timeline 1.0 released. Version 1.0 of our1999 Linux Timeline is now available.Thechanges from theoriginal version are relatively small. Thanks to everybody who wrote inwith suggestions for improvements.

Inside this week's Linux Weekly News:

• Security:Denial-of-service attacks intensify.
• Kernel: The "2.3 things to fix" list, the year 2038 bug
• Distributions: XLinux: Multi-lingual support.
• Development:New Linux in Education report.
• Commerce: Corporate open source releases, Red Hat buys HKS
• Back page: Linux links and letters to the editor

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also:last week's Security page.

Security

News and editorials

The issues are complex, so we won't try to reproduce the work of CERT andothers, but instead direct your all to their advisory above for moreinformation.

DNS Insecurity. No, this isn't a yet-another bind vulnerability.This issue is the use of email to allow modifications to your registered domain information. Email-spoofing is easy and now beingactively used to modify domain name service information for registereddomains. A number of such incidents were reported to theSANS Institute, duringtheir Y2K alert program. SecurityPortal.com's Kurt Seifried has writtenthis editorial on thetopic, outlining your option to add password or PGP protection to yourDNS records with your registrar, if you are working with Network Solutions.

Security Reports

PHP 3.X vulnerability.An exploitable vulnerability has been reported in PHP 3.X's'safe_mode'. More information and a workaround can be foundin theBugTraqdatabase.

Zope security update released. A security update to Zope has beenannounced. The vulnerability looks like a nasty one; those running publicly-available Zope-based sites will want to apply it at the earliest opportunity.

vibackup.sh. The vibackup.sh script, reportedly used onOpenBSD, FreeBSD and Debian GNU/Linux, insecurely removes files.This has apparently been replaced in OpenBSD 2.6 and a fix for stableand current versions of FreeBSD has gone in. No word from Debianhas been seen as of yet.

Commercial reports. Cisco reported aKerberos ClientAuthentication Failure for Cisco products with Kerberos authenticationenabled.

NetscapeFasttrack 2.01a is reported to have a vulnerability that makes theuid of the httpd daemon exploitable.

Altavista has provideda patch forthe security vulnerability reported inBugTraq ID896. This vulnerability can allow the password for the remoteadministration utility to be retrieved.

Updates

Resources

Intrusion Detection System Signature Database.Max Vision hasannounced the availability ofarachNIDS, his free,CVE and BugtraqID compatible/searchable database of "attack" signatures.

SHADOW Intrusion Detection System y2k updates. Versions ofthe SHADOW IDS prior to 1.6 had difficulties with the January 1, 2000 datechange. For those people that do not want to upgrade, aworkaround has been posted, but an upgrade is recommended.

Saint 1.4.1. This latestminor updateto SAINT has been updated to reflect recently reported vulnerabilities."New checks have been added for an ODBC RDS bug, for an IIS 4.0 bufferoverflow, for Calendar Manager service, for sadmind, for Trinoo and for DRAT backdoor. Updates have been made to the checks for DNS, ftpd, ssh, and QPOP...".

Section Editor:Liz Coolbaugh

Secure Linux Projects
Bastille Linux
Immunix
Khaos Linux
Secure Linux

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
Linux Security Audit Project
OpenSSH
OpenSEC
Security Focus
SecurityPortal

See also:last week's Kernel page.

Kernel development

The current stable kernel version is (finally!) 2.2.14. Thisrelease has been long in coming, and should be well received - it containsa lot of important and useful fixes. Seethe releasenotes for the full scoop.

The first 2.3.x "things to fix" list has beenposted by Alan Cox. The list covers a lot of ground- one wonders how all of that stuff is going to get done anytime soon.But, of course, the posting of a list like this causes an immediate floodof additions... The most popular items which did not appear on Alan's listwould appear to be:

• 32-bit UID support. Linus has said in the past that he wants to incorporate 32-bit user ID's, so this one may yet happen.

• A journaling filesystem. None of the journaling filesystem alternatives are currently in a state that is ready for 2.4. Ext3 needs a fair amount of work on how it handles buffer memory before it can go in - too much for this release. Reiserfs, on the other hand, might just happen: Hans Reisersays a 2.3 port is close, and Linus hassaid that inclusion in 2.4 is a possibility. Meanwhile,XFS from SGI has still not been released (though they have begun to make small pieces available). Thus, the only journaling filesystem alternative for 2.4 is reiserfs, and that remains uncertain.

• Version 3 NFS. Another major kernel release with a sub-standard NFS implementation would be a shame. There's been no word on whether the NFSv3 work that has been done will be merged or not.

Linus had wanted to get a pre-2.4 series going before the end of the year.Not only did that not happen, but it appears that it is still ratherdistant at this point. Some things can not be rushed; 2.4 will come outwhen it is ready.

Now that Y2K has wimped out,it's time to worry about the year 2038problem. 2038, of course, is when the 32-bittime_t valuethat Unix systems use to represent times overflows. Some people want totry to deal with the problem now; others feel less urgency.

One point of view says that we'll all be using 64-bit systems by then; atsome point we just redefinetime_t to be a 64-bit value, recompileeverything, and theproblem goes away. There are, however, a couple of problems with thatapproach:

• Old hardware has an amazing ability to hang around in crucial roles long past when it seems it should have been junked. That 32-bit Pentium doorstop in the corner of the machine room may still be doing something important when the rollover happens. Embedded applications, where size and power consumption are crucial, also tend to use less capable hardware for long periods of time.

• Makingtime_t into a 64-bit quantity and recompiling everything will make a lot of programs work. But it will do nothing for all of the databases and file formats which contain 32-bit quantities. Quite a bit of application fixup work will be required to deal with all of those problems.

The solution would seem to be to design a migration path now. With almostforty years in which to make things work correctly, one would assume the areasonably painless transition could be made. In practice, many of us maywell find ourselves being called out of retirement in 2037 to deal with thelast-minute fixes...

A beta version of RealTime Linux V3.0 has beenreleased. This version is based on the 2.3 kernelseries, and does not (yet) contain much that is new at the API level. Notethat RTLinux 2.x is still under active development as well...

A programming guide for Linux USB drivers has beenreleased by Detlef Fliegl. Itdocuments the structure of the Linux USB subsystem, and should be avaluable resource for those wanting to write USB drivers.

Other patches and updates released this week include:

• Jens Axboe releaseda set of patches to bring DVD support into the IDE driver. It works with the 2.2 kernel series.

• David Sauerreleased a driver for the MediaForte SF16-FMR FM Radio card.

• Devfs v152 was released by Richard Gooch.

• Randy Dunlapreleased a /proc tree viewer for the USB bus and attached devices.

• RSBAC 1.0.9a (Rule Set Based Access Control) has been released. RSBAC is an ambitious project to add a number of security mechanisms to the Linux kernel.

Section Editor:Jon Corbet

See also:last week's Distributions page.

Distributions

XLinux. Jyan-Min Fang dropped us a note to point outa possible new Linux distribution:XLinux. Unfortunately, thepress releases he could provide to us were in Chinese and thereforenot tooinformative,(unless you know Chinese, which we unfortunately do not). We checked out thewebsite, but with little success, since it is under construction.At that point, we contacted them via email for more information,receivingthis file (originally in Word format) in response. Despite theappearance that gave, it does appear that a real distribution is being supported, from a realcompany, formerly Taiwan Wahoo Cc, now XLinux.com. Whether thedistribution is called "XLinux" or "Power Linux" is a bitless clear. In any case, it is beingdeveloped as a "Multi-Lingual" version of Linux, with initialsupport for twelve different languages using GCS (Giga Character Set)which they claim is technically superior toUnicode for multi-lingual support.

Please understand that the Word document in question has obviously beentranslated from Chinese and includes references that we have not yetresearched. As a result, we currently have more questions thananswers about this distribution. Nonetheless, it looks interestingand we hope to learn more about in the future.

Corel Linux

Debian GNU/Linux

Distribution reviews in LinuxPlanet. LinuxPlanet ranthis review of Debian GNU/Linux 2.1. "Weighing in at over 2,000 packages, the Debian distribution provides the largest and most varied collection of software available on any distribution.... In spite of its size, Debian is remarkably coherent and stable. Linux exhibits these attributes largely due the open-development model. It's only natural that Debian should exhibit similar attributes for the same reason."

Definite Linux

Red Hat Linux

More last-minute Y2K updates. Red Hat hasreleased updates to the groff and libtiff packages which fix "apocalypse-inducing" year-2000 bugs.

Slackware Linux

Spiro Linux

SuSE Linux

SuSE Linux for PowerPC available in beta form. SuSE hasannounced that a beta of its 6.3 distribution for the PowerPC isavailable.

Section Editor:Liz Coolbaugh

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux

See also:last week's Development page.

Development projects

Education

Getting Linux into the Schools is the topic ofthis articlefromThe Linux Gurus.It compares and contrasts the costs of using Linux versus Windowsbut also touches on one of the critical reasons for introducingit as an alternative. "Administrators believe that by teaching a student how to use a specific application that this somehowhelps them function later in life. Too many times I have seen so called "tech"education classes as simple scripted classes where a student is simply led through themotions of pointing and clicking. We need to show administrators that this does nottruly help a student, that we should teach a more broad understanding of the conceptsinvolved. If we can teach those broad concepts then students can apply them toa broad range of situations, applications, and operating systems."[FromLinuxForKids.]

On the Desktop

Mosfet.org Debuts, for KDE Developer News. Mosfet haslaunched hismosfet.org site,with a focus on KDE 2.0 Development News.

Kurt Granroth has providedatutorial onconverting KDE applications to Konqueror browser plug-ins.

Mozilla developer chat.MozillaZine will be holdingits nextdeveloperchat with Dave Hyatt on Thursday, January 6, at 3pm PST via IRCto talk about the customizability of the Mozilla UI.

Vertical Markets

FreeVet 1.1.1. In a similar area, thislatestversion of FreeVet "aims to provide the veterinarian with a complete solution for running a clinic, small or large."

Web Development

Midgard Weekly Summary. Here isthis week's Midgard summary, thanks to Henri Bergius. It mentions that the Midgard 2 API has been frozen and both a stable 1.2.x release and analpha release of Midgard 2 are expected "soon".

Zope Weekly News.This week'sZope Weekly News is nowavailable, complete with a link to the previously mentionedsecurity advisory, new programs, updates, patches anda discussion that may be of interest to other people justgetting started developing Zope applications.

Netizen releases 'Xen'. Netizen (a Melbourne, AU consultancy) hasannounced the release of "Xen," an open-source, Zope-based task tracking system.

Wine

Section Editor:Liz Coolbaugh

Project Links
EmbedLinux.net
EMLAB
linux-embedded.com
Gnome
High Availability
ht://Dig
KDE
MagicPoint
Midgard
Mozilla
PHP
YAMS
Wine
Worldforge
Zope

More Information
AppWatch
Freshmeat
LinuxDev

Development tools

Perl

Applixware Perl API 0.2.0. An initial development version of aPerl API forApplixware has been announced.

Python

Tcl/tk

Section Editor:Liz Coolbaugh

See also:last week's Commerce page.

Linux and business

• Inprise is opening up InterBase. Inprise'sopen source announcement made perhaps the biggest splash of the week. InterBase may have had a hard time of it in the marketplace, but it is a serious database system and will be a valuable contribution to the open source portfolio.

  The source will be released later in this quarter. Meanwhile Inprise has not released any details on which open source license will be used.

• Macbird has been released by UserLand Software.MacBird is a Macintosh drawing program; it is being released under an MIT-style license. UserLand hopes to see a Linux port soon.

• MontaVista Software released its CompactPCI networking package as open source. This package will be useful for developers working on certain types of embedded systems; seethe announcement for more.

• QLogic hasannounced that open-source Linux drivers are available for its Fibre Channel and SCSI adapters.

Red Hat has bought Hell's Kitchen Software, the makers of thewidely-usedCCVS credit card processingsystem for Linux. Evidently the HKS software will now be bundled with the"professional" version of Red Hat's distribution. Thecurrent CCVS license isfar from open source - binary only, no reverse engineering, etc.Presumably some changes will come once Red Hat takes over, though evidentlysome of the code needs to remain closed-source due to its use ofproprietary financial protocols.

This move helps to position Red Hat for sales into e-commerce settings. Itmay be cause for some concern for others, in that CCVS has been, for a longtime, the only commercially-available credit card processing system forLinux. About the only alternative appears to be the open-sourceYAMS system; it can do credit cardprocessing, but only through one clearinghouse. TheOpenMerchant system provides a lot ofinteresting functionality, but says nothing about credit cards. Thus, to agreat extent, Red Hat is now the only source for this capability.

HKS is being purchased for about $90 million in Red Hat stock. The finaldeal is contingent on approval from HKS's stockholders. More informationinRedHat's press release.

Red Hat will be carrying Salon's content on Wide Open News, thushelping to fill out the content on that site. Salon's stock price took offon this news, of course... SeeSalon'spress release for more.

VA Linux Systems announces SourceForge. VA Linux Systems has putoutthispress release announcingSourceForge to the world. The Linuxcommunity has known about SourceForge for a bit - it seems like a dozendevelopment projects move over there every day. But this announcement isthe first much of the wider world has heard about this resource, and it hasdrawn some significant attention.

XFree86 wins IDG/Linus Torvalds Award. IDG World Expoannounced that The XFree86 Project, Inc. is the recipient of theFebruary 2000 IDG/Linus Torvalds Community Award.

More announcements from LinuxOne. LinuxOne may not be all thatstrong on revenue, but they have the press release game down. Recently, ithasannouncedthe opening of a Taiwan office, staffed by six people.

LinuxOne has also put out a somewhat suspiciouspressrelease claiming to have a $500,000 order from Power Source. A goodcounter to this release can be found onTechnocrat.net, where BrucePerens points out that Power Source, a tiny company, is not in much of aposition to spend $500,000 on anything.

White Paper: Open Source and Microsoft. The Aurora DevelopmentGroup has put upa whitepaper on open source software and Microsoft. They side strongly withMicrosoft. "While Linux is reliable, free, and scalable, you shouldreally consider sticking to NT. Love it or hate it, we all know how NT willbehave in just about every situation. Since each person who uses it canmodify Linux, it makes the OS harder to master. On a typical day, I visitthree different client sites in New York City. Each of them are runningWindows, so I know what to expect. What if they were each running acustomized version of Linux? My support burden would dramaticallyincrease."

OS X released.Apple has put outa press release announcing the rollout of OS X. "At the coreof Mac OS X is Darwin, Apple's advanced operating systemkernel. Darwin is Linux-like, featuring the same Free BSD Unix supportand open-source model."

Section Editor:Jon Corbet.

Press Releases:

Commercial Products for Linux:
• Dataware Technologies, Inc. announced (Red Hat) Linux support forit's search technology components.

• Planet Intra announced that its "instant Intranet" software forsmall and medium-size enterprises will be bundled in Donovan'sPenguin64 Lite - a 64bit server running the Linux operating system forunder $2,000.

• PowerQuest Corp. announced the addition of SmartSector support forLinux ext2 and Linux Swap partitions in Drive Image Pro 3.01.

• Tux Games has gone live as"the first online store dedicated just to selling Linux gamingproducts."

  Java Products:

• Track Data Corporation announced the release of myTrack-Linuxv1.0. myTrack is a Java-based stock trading system, apparently tiedinto Track Data's brokerage.

  Products with Linux Versions:

• Accrue Software, Inc. announced expanded platform options forAccrue Insight and Hit List for customers who choose Linux operatingsystem deployments.

• Active Concepts announced the release of Funnel Web 3.6.

• Andover.Net announced Animation Factory Volume Two, a CD-ROMincluding over 60,000 clipart images.

• Alteon WebSystems announced the commercial availability of aGigabit Ethernet adapters which can operate over common copper wiring.

• Connectix Corporation announced its expansion of the Virtual PCproduct line with two new versions, including Virtual PC with Linux.

• ECCS Inc. announced the availability of Linux support in itsSynchronix family of fault-tolerant data storage products.

• InfoValue Computing, Inc. announced the development of a Linuxversion of its comprehensive suite of QuickVideo software.

• Lava Software announced Japanese WordMage v5.7, a completeJapanese application suite.

• OptiSystems Solutions Ltd. announced the availability of itsEnergizer PME for R/3 support for AS400 and Linux platforms.

• Performance Technologies, Inc. announced enhancements to itsSynchronous/Serial and T1/E1 WAN communications adapters.

• PowerCerv Corporation announced that it will support the Linuxoperating system in the next release of its ERP Plus software suite.

• Progress Software Corporation announced that it is shipping itsembedded database and other deployment products on the Linux operatingsystem.

• Virtual eXecuting Environment protects Unix/Linux servers fromintruders and hacker attacks. Product is free for non-commercial use.

  Partnerships, Investments and Acquisitions:

• Ariel Corp. announced that it has expanded its distribution andintegration agreement with Trilogic Systems to encompass all of theU.S.

• Classics International Entertainment, Inc. announced the signingof the final documents for the purchase of IBP, Inc., a privatecompany that specializes in Linux based data compression technologies.

• click2learn.com, inc. and ComputerPREP announced a strategicpartnership to distribute ComputerPREP's e-courseware throughclick2learn.com.

• Cyber Merchants Exchange announced that it signed an agreementlicensing its Linux-based Internet Sourcing Network software toC-ME.com./Taiwan.

• Midnight Cafe LLC announced the acquisition of Gamers Depot. Itnow plans to create a network of Linux, Macintosh and Console Gamersites.

• Unibol announced a contract with RoTech Medical Corporation forcustom software development and associated licenses that will allowRoTech to use Linux-based web servers to access corporate applicationsand data.

• VA Linux Systems, Inc. announced that NetLedger, a provider ofWeb-based applications for small business, has selected VA Linux toprovide rackmount Linux servers and integration management servicesfor its entire application server infrastructure.

  Other:

• Lehman Bros. hasannounced that it is starting its coverage of VA Linux with a"outperform" rating; they think it will hit $230/share.

• Simultaneously, W.R. Hambrecht + Co. hasannounced its coverage of Andover.net - also with an "outperform"rating.

• Andover.Net opened the balloting for the first-annual SlashdotOpen Source Community Awards, a.k.a. Slashdot Beanie Awards.

• Applix, Inc. announced estimated 4th quarter results for 1999.

• Global Media announced that its Linux-based broadcast solution wasfeatured in the January 2000 issue of Linux Journal.

• internet.comannounced a re-launch of its homepage. Part of the re-designincludes the addition of the Linux/Open Source channel.

• The Linux Business Expo hasannounced that it is expanding to four annual events in NorthAmerica. An advisory board has also been named, with names like LarryAugustin, Mark Bolzern, Lyle Ball, Jon Hall, Dave Sifry, and a guynamed Linus Torvalds.

• The LinuxPower folks asked us to put out a reminder of their ongoingmembership contest. Create an account with linuxpower.org (make anaccounthere) to be oneof the winners of a t-shirt, a penguin hat and a chocolate bar fromcopyleft.net and linuxpower.org. Contest ends January 9.

• Track Data Corporation reported a new milestone for its myTrackonline trading service. To download myTrack-Linux software, go to http://www.mytrack.com.

Section Editor:Rebecca Sobol.

See also:last week's Linux in the news page.

Linux in the news

Dan Gillmorwrites about the DVD case in this San Jose Mercury column. "I don't know who'll win the legal case. But it's plain enough who's already won the war over access to DeCSS. In this case, the Net is acting as an antibody to what it perceives as a dangerous disease -- and the implications are clear."

More DVD Hack:

EE Timesreports on the DVD lawsuit. "At stake, the plaintiffs assert, is the future of the DVD format itself. But supporters of the DVD hack disagree. They point out that the DVD encryption was cracked not for piracy but as part of a project to develop a Linux-based DVD player, something the DVD industry itself has yet to tackle."

VA Linux:

News.comreports on the announcement of SourceForge.net and other moves by VA Linux Systems. "SourceForge is hosting, at its launch, about 700 open-source projects, including the following: VA Linux's own Cluster Manager; Topaz, a next-generation version of the Perl programming language; and the Berlin Project, a graphical system for Linux and Unix."

From Inter@ctive Investor:a conversation with Larry Augustin about the Linux stock craze. "Sadly, most Linux-related press releases have been coming from companies that can hardly claim any sort of pure devotion. Whether it's 'K-tel International Selects Red Hat Linux as New Operating System' or 'Dunn Delivers Linux Servers' or 'Learn2.com Expands Courseware Offerings into the Linux Market', it's blather coming from companies that get hardly any Linux revenue now and likely won't get a large portion of their revenue from Linux in the foreseeable future."

The Red Herringtakes a detailed look at VA Linux Systems. "Mr. Augustin's big challenge is not only selling the company's products and stock, but convincing people that VA Linux isn't just a hardware vendor. 'Because we sell systems, many people view us as a hardware company,' he says. 'That's a misnomer. We offer expertise in getting customers to open code.'"

Red Hat:

The E-Commerce Timeslooks at Red Hat's acquisition of Hell's Kitchen Software. "The Research Triangle Park, North Carolina-based Linux vendor will bundle the HKS credit card verification system software with the Professional Edition of its OS package, which will provide users with an e-commerce server and services solution."

ZDNet's Inter@ctive Investorreports on the Salon/Red Hat deal and the effect on Salon's stock price. "Salon used a proven formula -- company mentions Linux and/or Red Hat in a press release and surges as day traders go bonkers."

Business:

Here'san article in ZDNet about Intel's new, Linux-powered web appliance. "[Intel manager Claude] Leglise downplayed any split with Microsoft. He said customers asked Intel to use Linux, a free variant of the Unix operating system, because of its flexibility, reliability and ability to deliver much the same capability as PC software. The devices will use Intel's low-cost Celeron microprocessors, Leglise said. Microsoft officials didn't respond to calls requesting comment."

EE Timeslooks at Linux in the testing and measurement world. "'We like to jump into an area when we see a lot of requests,' said Carsten Puls, instrument control product manager at National [Instruments], 'so we're expanding our Linux-compatible products, which started as a grass-roots effort on the part of our own programmers.'"

Here'san article in the Ottawa Citizen about Inprise. "Inprise said that since it released its JBuilder 3 Foundation product on its Web page early in December, Web traffic has jumped four times. More significantly, demand for a Linux version was double that for a Windows version."

Linux distributors are moving away from direct retail sales and into VAR relationships, according tothis Computer Reseller News article. "The fact that most of the Linux business still is going through retail indicates that developers are buying it with plans to build applications that are specifically for the Linux platform..."

Government Technology ranthis article about Dallam County (Texas) and its use of free software for its web server. "'It came down to the bottom line for us,' admitted [County Treasurer] Ritchey. 'It's a good use of taxpayer money to use open-source software.' But, it isn't all about the Benjamins. 'If I was going to set up another server and I had money, I would still use Linux and Apache,' he said."

Computer Reseller Newslooks at Corel. "Despite its current financial woes, Corel Corp. is banking heavily on Linux."

News.comlooks at LinuxOne's IPO. "LinuxOne is expected to launch its initial public offering as early as next month. But the upstart company faces a host of issues that were absent in the highly successful IPOs of Linux companies Red Hat, VA Linux, Cobalt Networks and Andover.Net."

ZDNet UKlooks at the possibility of a Microsoft Linux. "Anybody tells you that Bill Gates is recruiting Linux programmers in order to launch MS Linux on the new Intel Itanium chip in the year 2000, can be safely sent away with a scornful flea in their ear." (Thanks to Mark Gravolin).

Finally:

News.com ranthis retrospective, looking at Linux in 1999. "When the year began, Red Hat had 40 employees. Now, with the acquisition of Cygnus Solutions, Red Hat has grown tenfold to about 410..."

Timemakes some predictions for this year. "Linux Gets Small. It was agreat year for the Linux operating system and the Open Source community in general. Now it's time to face some hard facts: Linux owns only a tiny sliver of the desktop market, and that sliver isn't likely to get much bigger."

Nowadays, introductory Linux articles even show up inPlayboy. "I believe that very soon the Linux OS will dramatically change the operating system as most of us now know it and thus the way we work and play on our computers. At least I hope so; I'm tired of rebooting."

This MacWeek column paints a pretty sad picture of Apple's attempts at open source thus far. "Apple boldly announced Darwin in mid-March and has released several tepidly received updates since then. The main problem is that all the source opened thus far can best be labeled 'mostly useless.' The so-called 'final version' of OS X will not be based on the Darwin source code available today. That means nothing Apple has released until now under the guise of the Darwin OS is much more than smoke screen." (Thanks to John Jensen).

Evan Leibovitch makes his predictions for 2000 inthis ZDNet column. "Linux Magazine, in an attempt to increase its profile, decides to feature centerfolds. Their first (and last) one features Corel first lady Marlen Cowpland. As a result of the ensuing revenue from magazines and posters, Linux Magazine goes public, purchases IDG and fires Bob Metcalfe."

Salon has put upan amusing set of predictions for 2000. "Having resolved in a national referendum that it was high time that the country of Finland should be known for something more than saunas and the world's highest per-capita cell phone use, the Finns will declare an open-source country. Citizenship will be open to anybody who writes any portion of the new constitution."

Section Editor:Rebecca Sobol

See also:last week's Announcements page.

Announcements

Resources

LinSight hasannounced that interested parties can locate upcoming Linux events on theLinEvents site by zip code - in the U.S. at least.

Issue 49 of the Linux Gazette (January) is available.

Christian Scholzannounced aproject called GROUP.lounge. It is a groupware server which uses anenhanced filesystem model. User can share documents, notes with each othervia either a web or a webdav interface.

Linux Facile is a Linuxmanual in Italian for entry-level users.

Events

Linux World/Linux Expo Paris willbe held February 1-3, 2000.

Tuesday, February 8; Excelco, The Linux Store, Enhanced SoftwareTechnologies & AZSOFT.net present Linux for Business:
Overcoming the FUD Factor Seminar 8AM-12PM (Phoenix), For more informationcontact: Francine Hardaway (602) 331-0997,
URL:http://www.excelco.com/

O'Reillyannounced that the keynote speaker for the O'Reilly Java Conference, March27-30, 2000, is Simon Phipps, "IBM Corporation's Chief Java and XMLEvangelist."

The Linux Show!!announced that it will be the official "Broadcast Sponsor" ofLinuxFest2000, June 20 through 24, 2000 in Overland Park, Kansas.

TheLibre Software Meeting#1 (French version)has been scheduled for July 5th through the 9th, sponsored byABUL, (Linux Users BordeauxAssociation). It will be held in Bordeaux, France, atENSERB ( cole nationale sup rieure d lectronique et deradio lectricit de Bordeaux). All "libre" software developers areinvited and the emphasis of the event will be non-commercial.

Web sites

User Group News

Help wanted

Software Announcements

See also:last week's Back page page.

Linux links of the week

StepByStep is adifferent approach to providing Linux help and documentation. TheStepByStep guides do not attempt to provide any sort of comprehensivecoverage of a topic; instead, they are intended to be concise, quick guidesto making something work.

Section Editor:Jon Corbet

Letters to the editor

From: Larry McVoy <lm@bitmover.com>Date: Mon, 3 Jan 2000 18:08:22 -0800To: editor@lwn.netSubject: you might want to read thisCc: lm@bitmover.com[hold]It appears to directly contradict what you are saying inhttp://lwn.net/2000/features/ncm-dvd.phtmlThe following court case,http://www.law.emory.edu/7circuit/june96/96-1139.htmlupholds shrinkwrap licenses, overturning a lower court's claim thatshrink wrapis not enforcable.The basic summary is that the vendor can't do stuff like put a licenseinside that says "because you opened the box, you now owe us another$10,000, and paying us now is your only choice.  Ha ha, gotcha.".However, the vendor _can_ put in the box, "your right to use this softwareis conditional on you obeying the following rules (spell out the rules).You can either agree to these rules or return your software for a fullrefund."In other words, a vendor can list rules, the court showed multipleexamples - from insurance policies to prescription drugs to software -where such rules are listed and are expected to be obeyed.  In addition,the court found that shrinkwrap does _not_ violate the UCC, as stated onyour web site.  The lawyer that OKed that web page appears to be sadlymisinformed about the state of the law.  And this isn't a recent case,this is from '96.--lm

To: letters@lwn.netFrom: ncm@nospam.cantrip.orgSubject: Shrinkwrap LicensingThis is an update to my feature on shrinkwrap licensing,http://lwn.net/2000/features/ncm-dvd.phtmlin response to the LWN editors' and Larry McVoy's comments. LWN introduced the feature with a statement:  Should the court rule on the validity of these licenses, it will be  interesting to consider how free software licenses differ legally--   if at all--from the commercial shrink-wrap variety.Free Software licenses are based firmly on international copyright law.The UCC (Uniform Commercial code) doesn't apply, because the copyright holders aren't selling you anything.  Red Hat doesn't own the copyright on (most of) the code in their box.  The UCC places obligations on Red Hat, but not anybody who is not party to the transaction, so the UCC doesn't weaken the GPL.Larry McVoy introduces a more troublesome issue: the U.S. 7th Circuit Court overturned a district decision and upheld a shrink-wrap license:http://www.law.emory.edu/7circuit/june96/96-1139.htmlThe decision is troublesome because its reasoning is very sloppy, reading more like an undergraduate business-school essay than a serious legal document.  It dismisses the difference between a license and a contract  in one line.  It similarly dismisses the very real practical problems of actually getting a refund after a product box is opened.  The examples the court takes as valid shrink-wrap licenses are drawn not from legal cases, but from other recent attempts at the same trick which happen not (yet) to have been fought all the way to a court decision.  The judgesnote there is little case law, taking it to indicate that the publicimplicitly accepts shrink-wrap licenses, despite that (as noted earlier)software companies have routinely avoided trying to enforce such licensesfor fear of producing such case law.Its basic argument is expediency: because it would be inconvenient for vendors to obtain agreement from customers to give up their rights under the law, it is sufficient (according to that court) for the vendor simply to assert that customers don't have those rights:  Not trying to return the product for a refund constitutes "agreement".  A customer who prefers to retain those rights has no recourse other than to try to get a refund (and good luck!).  The decision doesn't go so far as to say that a failed good-faith attempt at a refund might negate such an "agreement".Fortunately for the DVD case, the 7th Circuit decision is (I believe) not binding in the 9th Circuit, where the DVD case is being tried.  Furthermore, Norwegian law, which has jurisdiction where the reverse-engineering is said to have occurred, does not (according to Otto Skrove Bagge) allow a license to eliminate reverse-engineering rights.  Even if a contract-o-matic is held to constitute a valid contract, legally-invalid parts of such a contract are not binding.  (Similarly, paragraphs common in real-estate title deeds in Los Angeles, forbidding sale to non-Causasions, are legally meaningless.)The 7th Circuit precedent cries out for well-reasoned contradiction.The DVD case might be an opportunity to evoke one, if only in passing.I am not a lawyer, and the above has not been reviewed for legal accuracy.

Date: Tue, 4 Jan 2000 20:14:13 +0000From: ruth@innocent.comTo: lwn@lwn.netSubject: GPL as shrinkwrap license?[HOLD]As I understand it, the significant difference between say, the GPL and atypical EULA shrink-wrap license from a major proprietary vendor is thatthe GNU GPL is *not* an end-user license at all.Only distributors and software developers need to agree to the GNU GPL,the license itself says, in paragraph zero, "The act of running theProgram is not restricted (...)" because the architects of the GNU GPLexplicitly wanted everyone to be able to USE their software.This means that for the purposes of the UCC, GNU GPL software does nothave any licensing restrictions applied to it. Purchasers of Gimp CDsare free to use them as frisbees, install and use them on as manymachines as they like, and then re-sell the CD without any restriction.Similarly, purchasers of a book are free to read it, use it to propup a table, discuss the plot with friends, then lend it to those samefriends and finally sell it second hand. Other rights are reserved tothe publisher, and there are extensive license agreements in place,but like the GNU GPL they DO NOT MATTER to end-users.

Date: Thu, 30 Dec 1999 02:21:59 -0800 (PST)From: Juergen Weber <weberjn@no-spam.yahoo.com>Subject: Buffer overflow protectionTo: letters@lwn.netHello,in the security section of Dec,30,99you write:In an ideal world where there are only wizardslike Linus you could fix the poorly writtenapplications problem.The great inventions of computer sciencemade programming more error-prove.Of course memory leaks are signs of poorly writtenapplications, but humans will always make mistakes.So the java approach of freeing the programmer ofmemory allocation was the way to go.So the real solution is to disallow the execution codeon the stack.Juergen(please make my email address "anti-spammed")

Date: Thu, 30 Dec 1999 07:16:35 -0700From: Ray Whitmer <ray@xmission.com>To: letters@lwn.netSubject: GNU/LinuxI read your recent item on the name of:  GNU/Linux versus Linux.  Atfirst, it sounded to me like a silly dispute.  But after reviewing theGNU's page on this topic, I find that GNU's claims warrantconsideration.  Most developers understand that GNU has for yearssupplied many pieces, and Linux was "only" a plugged-in kernel,predating the Linux kernel by many years.  I believe GNU claims 28% ofthe current size versus 4% in the Linux kernel, although it is not clearto me which pieces they count.  There are also many other large valuableparts of the combined O/S without which the kernel would be much lessuseful -- I think especially of the XFree project.  It is not easy tomake sure everyone receives due credit as things evolve over time.Calling it just Linux may seem to trivialize those other efforts.  Whileit is not clear how to make this fair to everyone, perhaps in the futuremultiple kernels will become available to plug in, and it will becomeeven more obvious than ever that the Linux kernel itself, while quiteimportant today, is only a small part.  I have friends who value FreeBSDand other OS's -- there could be value in joining compatible parts ofvarious movements under a more-generic banner.Ray Whitmerray@xmission.com

Date: Mon, 3 Jan 2000 12:34:02 -0600 (CST)From: Dave Finton <surazal@nerp.net>To: info@auroradev.com, stevef@auroradev.com, letters@lwn.netSubject: Comment on your white paperI do disagree with your assertions about Linux vs. NT.  In fact I willhighlight a few "innacuracies" in your white paper(http://www.auroradev.com/whitepapers/open_source.htm) that needto be addressed.  These aren't minor hiccups, but serious drawbacks towhat I was hoping would be a serious commentary on open source vs. NTYou said:Since Linux is a network operating system, Linux may be a threat tohigh-end NT, but not to desktop Windows: Microsoft Access, Office, and VBdevelopment will continue to flourish independently of the networkarchitecture.I reply:NT *will* continue to flourish... even in the high-end and well as the lowend.  But you've seemed to miss the point that Linux is alreadyflourishing at all these levels as well.  Over 30% of all web servers useLinux.  Linux is being taken seriously in our university (U ofMinnesota Duluth) ITSS department, which has always been staunchlyNetware-, Solaris-, and NT-centric.  Linux is around you in alllevels; you simply fail to see it.Also Linux is booming on the desktop.  People who I didn't even thinkwould consider using it (i.e. the "average joe") are telling their friendsthey've installed Red Hat or Mandrake Linux on their machines and reallylike it.  And guess what?  They're *using* it too, in increasingnumbers.  Frankly, your hypothetical situation does not exist in the realworld.You said:The Palm Pilot was the last great hope in the anti-Microsoftcamp. Microsoft responded with Windows CE, a lean and mean operatingsystem designed to run on handheld computers, palm devices, car radios,and cell phones. This great new OS supports color screens (where is thatcolor Palm Pilot?) and much superior handwriting recognition. There are CEversions of all your favorite Office Products, and a Visual Basicdeveloper?s kit for CE. I could not tell you how to wirte an applicationfor Palm Pilots (not even Java with its Write once Run many fame can runon a Palm without major modifications to the core language.), however, Ican create a Pocket Access or VB application for the CE in minutes.I reply:Ah, so that's why Palm Pilot still is beating CE in virtually every marketI know of, and has been doing so for *years*.Portability of apps to the CE devices cannot overcome Windows' flaws onthe handheld devices.  Palm is simply better.You said:Most Linux installations in production are UNIX shops that run $160,000 +SUN servers. You can get the same power, scalability and performance withMicrosoft Cluster Services and NT for one third the price!I reply:Uh, Linux is free, and it comes with the same power, scalability, andperformance with Beowulf Cluster services and Linux comes at zero thirdsthe price!Linux is making *serious* inroads into many markets, particularly informerly NT-centric shops where Microsoft has disappointed IT managers onetoo many times.  NT is simply not a cure-all.  Mind you, neither is Linux,but I can't agree with your premises here.I find your "white paper" technically misleading and innacurate, andcannot take it seriously as such.  I have to implore you to take a seriouslook into the marketplace.  The results may surprise you.                          - Dave Fintonp.s.  On a final note, you're probably assuming that Microsoft isunbeatable.  Remember when they said the same about IBM and DEC?  Nobody'sglory years last forever.---------------------------------------------------------| If an infinite number of monkeys typed randomly at    ||   an infinite number of typewriters for an infinite   ||   amount of time, they would eventually type out      ||   this sentencdfjg sd84wUUlksaWQE~kd ::.              || ----------------------------------------------------- ||      Name:      Dave Finton                           ||      E-mail:    surazal@nerp.net                      ||      Web Page:http://surazal.nerp.net/              |---------------------------------------------------------

Date: Thu, 30 Dec 1999 08:17:56 -0500To: letters@lwn.netFrom: "Gregor N. Purdy" <gregor@focusresearch.com>Subject: Fwd: An ideaLWN--I sent the following to the FSF after reading about the Amazon.comboycott.---------------------------------------------------------------------Someone else has to have thought of this, but I haven't run acrossit anywhere in my "travels" yet.As long as the current PTO stance remains uncorrected, things likethis will happen. If the past is any guide to the future, anycorrection to this will take a long time. Therefore, while pursuinga correction to the policies and practices of the PTO is vital, weshould be looking for ways to relieve some pain in the interim.I suggest that we seek out "Angels" in companies that are makingmoney from free software, such as Red Hat and VA Linux, and viafundraising through LPF and GNU to fund a legal entity that willfile for and defend patents with automatic free license grantingsimilar to the provisions of the GPL.So, we can put together patent applications for important techniquesthat we fear will be stolen from the community by companies throughinappropriate PTO usage. Once patents are granted, usage of thetechniques will fall under the license agreement mentioned above,which will state that no entity holding software patents that arenot licensed under this license may use the technique (not even fora fee).As the portfolio builds, and hopefully with a lot of help from thecommercial folks who live by free software both in funding and ingenerating patents, we can start to carve out some free territory.And, by setting an example, hopefully we can pull in other companiesthat *want* to play with the free software folks, convincing themto either (a) transfer their patents to this other entity or (b)retain official ownership, but permanently license them accordingto the GNU Intellectual Property License (GIPL), or whatever thething is called.Stop software patents! But, in the mean time, take some defensiveaction. Besides, this would probably bring a lot of attention tothe issue...If companies are creating the patents in order to get recognitionof their achievements (an idea which fails for the "simple and obvious"category), then there shouldn't be any issue subsequently licensingthem this way or transferring ownership. The free software communityhas always been big on giving credit where credit is due (and onlywhere due). For those companies doing it for the purpose of protectionism(weak) or extortion (evil), hopefully we can create an uncomfortableenvironment for them between now and when the problem is fixed.--Gregor N. PurdyFocus Research, Inc.gregor@focusresearch.com

Date: Thu, 30 Dec 1999 12:29:07 -0500From: atorrey To: letters@lwn.netSubject: Thoughts on the Amazon boycott This is likely to get me flamed, but I have serious doubts about thepotential effectiveness of the Open Source community's call for aboycott of Amazon.com over the One Click software patent.  While we like to tell each other how 'special' we all are, thepractical hard fact is that the Open Source world, even if we includeall our friends, is not all that big a percentage of the world.  Eventhe most successful boycott is unlikely to have a major impact onAmazon's bottom line.  (A similiar logic could most likely be applied toother calls for boycotts of other companies for S/W patents)  Indeed,Amazon is big enough that there are often few on-line alternatives,especially if one also finds Barney igNoble obnoxious. While I am not saying to dump the boycott, to me it is not using ourtalents to their best advantage.  Amazon is a marketting specialist, anda boycott is trying to beat them at marketing, why tackle them on theirown turf?  If you want to beat someone, it is best to work from yourstrongest position. Why not let Amazon keep their patent, just like we let another majorcorporation keep it's O/S, and go for 'world domination' with ourstrongest skill set.  Go to Barnes & Noble, and offer to help themdevelop a non-patent infringing, improved, equivalent to One Click. (One possible idea - how about if the system enabled a single checkoutfrom an entire shopping session, involving multiple e-stores?)Obviously it would have the string attached that it would be OpenSource, perhaps with a limitation in the liscence that it was only opento companies that did not use software patents to limit competition... Which idea would you think would make Jeff Bezos more nervous - thethought that a few hundred geeks might take their business elsewhere? Or that those same geeks, who include some of the worlds bestprogrammers, are going to go help the competion build a better website? ART  (Please do not include my E-mail address, if you must, pleaseanti-spam it...)