Other stuff:
Daily Updates
Calendar
Linux Stocks Page
Book reviews
Penguin Gallery

Contact us
Archives/search
Use LWN headlines

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

Leading items and editorials

Talk about open documentation. O'Reilly and Associates has set up an online forum to discuss the best way to go about creating open documents. There are a lot of issues involved in the creation of such documents, including "...quality control, Internet-time release schedules, the big-picture thinking required to keep the book's balance and structure strong during updates, risks and benefits of forking, adequate compensation for writers and publishers, dealing with the natural tendency to want to hide work in progress with competitive publishers..."

This forum, as of this writing, has only seen about a dozen postings. It's time to get some more people involved. Free documentation for our free operating system has come a long way in the last year. Consider, for example, how much richer we are for having access to:

• Gimp: The Official Handbook
• Using Samba
• GTK+/GNOME Application Development

Free documentation is just as important as free software, and we have all too little of it. The process of producing free documentation is different from that which creates software. While free software developers have a whole set of tools, procedures, licenses, and experience to work with, those who would produce documentation on the same scale are still blazing the trail.

If you would like to see more free, high-quality documentation like the books listed above, please consider helping out the process somewhat. Head on over to the O'Reilly forum, think about the issues, and contribute your thoughts to the cause.

DVDCA and the Big Lie. Eric Raymond writes about DVDCA and the Big Lie - a look at how the DVD Control Association is trying to obscure the real issues in the whole DeCSS affair. "One can almost pity DVDCA. Like the feeble minds behind the misnamed 'Communications Decency Act' in 1996 and the NSA's key-escrow power grab back in 1994-95, they're about to find out what happens when you try to step on the Internet community's liberty."

We have gotten some mail contesting Eric's claim that it is not necessary to decrypt DVDs to be able to make illegal copies. In fact, as documented in this IEEE Spectrum article, a number of steps have been taken to make bit-for-bit copying of DVDs hard - including prerecording sections of blank disks so that the encryption key can not be copied onto them.

None of that changes the fundamental point, though: pirates determined to make illegal DVD copies will be able to do so without any need for the DeCSS software. Subverting a (hardware or software) player to get a clear bit stream, or finding a source of non-prerecorded disks are both entirely viable approaches. Trying to protect bits that are in the hands of users is a losing battle.

And the simple fact is that the writers of the DeCSS code had no interest in pirating disks. Users of DeCSS also have no interest in pirating disks. They simply want to play their (legally purchased) disks on their Linux systems. The DVD industry has gone to battle against its own customers.

The DVD case as a test of shrink-wrap licensing. LWN is pleased to run this feature article from Nathan Myers on the DVD case. Nathan has noted an interesting aspect of this case: it's likely to be the first court test of "shrink wrap" licenses. There is a definite possibility that shrink-wrap licenses could be held to be non-binding.

Should the court rule on the validity of these licenses, it will be interesting to consider how free software licenses differ legally - if at all - from the commercial shrink-wrap variety. This topic and shrink-wrap licensing in general are also discussed in this week's Letters to the Editor section.

One last DVD item: The Great International DVD Source Code Distribution Contest has been announced by Don Marti. Don and company are looking for the most imaginative and effective ways to get the DeCSS code distributed throughout the world. The prize will be, of course, movies on DVD...

More information on the whole DVD issue can be found at OpenDVD.org.

LWN 1999 Linux Timeline 1.0 released. Version 1.0 of our 1999 Linux Timeline is now available. The changes from the original version are relatively small. Thanks to everybody who wrote in with suggestions for improvements.

Inside this week's Linux Weekly News:

• Security: Denial-of-service attacks intensify.
• Kernel: The "2.3 things to fix" list, the year 2038 bug
• Distributions: XLinux: Multi-lingual support.
• Development: New Linux in Education report.
• Commerce: Corporate open source releases, Red Hat buys HKS
• Back page: Linux links and letters to the editor

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

Security

News and editorials

The issues are complex, so we won't try to reproduce the work of CERT and others, but instead direct your all to their advisory above for more information.

DNS Insecurity. No, this isn't a yet-another bind vulnerability. This issue is the use of email to allow modifications to your registered domain information. Email-spoofing is easy and now being actively used to modify domain name service information for registered domains. A number of such incidents were reported to the SANS Institute, during their Y2K alert program. SecurityPortal.com's Kurt Seifried has written this editorial on the topic, outlining your option to add password or PGP protection to your DNS records with your registrar, if you are working with Network Solutions.

Security Reports

PHP 3.X vulnerability. An exploitable vulnerability has been reported in PHP 3.X's 'safe_mode'. More information and a workaround can be found in the BugTraq database.

Zope security update released. A security update to Zope has been announced. The vulnerability looks like a nasty one; those running publicly-available Zope-based sites will want to apply it at the earliest opportunity.

vibackup.sh. The vibackup.sh script, reportedly used on OpenBSD, FreeBSD and Debian GNU/Linux, insecurely removes files. This has apparently been replaced in OpenBSD 2.6 and a fix for stable and current versions of FreeBSD has gone in. No word from Debian has been seen as of yet.

Commercial reports. Cisco reported a Kerberos Client Authentication Failure for Cisco products with Kerberos authentication enabled.

Netscape Fasttrack 2.01a is reported to have a vulnerability that makes the uid of the httpd daemon exploitable.

Altavista has provided a patch for the security vulnerability reported in BugTraq ID 896. This vulnerability can allow the password for the remote administration utility to be retrieved.

Updates

Resources

Intrusion Detection System Signature Database. Max Vision has announced the availability of arachNIDS, his free, CVE and BugtraqID compatible/searchable database of "attack" signatures.

SHADOW Intrusion Detection System y2k updates. Versions of the SHADOW IDS prior to 1.6 had difficulties with the January 1, 2000 date change. For those people that do not want to upgrade, a workaround has been posted, but an upgrade is recommended.

Saint 1.4.1. This latest minor update to SAINT has been updated to reflect recently reported vulnerabilities. "New checks have been added for an ODBC RDS bug, for an IIS 4.0 buffer overflow, for Calendar Manager service, for sadmind, for Trinoo and for DRAT backdoor. Updates have been made to the checks for DNS, ftpd, ssh, and QPOP...".

Section Editor: Liz Coolbaugh

Secure Linux Projects
Bastille Linux
Immunix
Khaos Linux
Secure Linux

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
Linux Security Audit Project
OpenSSH
OpenSEC
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

The current stable kernel version is (finally!) 2.2.14. This release has been long in coming, and should be well received - it contains a lot of important and useful fixes. See the release notes for the full scoop.

The first 2.3.x "things to fix" list has been posted by Alan Cox. The list covers a lot of ground - one wonders how all of that stuff is going to get done anytime soon. But, of course, the posting of a list like this causes an immediate flood of additions... The most popular items which did not appear on Alan's list would appear to be:

• 32-bit UID support. Linus has said in the past that he wants to incorporate 32-bit user ID's, so this one may yet happen.

• A journaling filesystem. None of the journaling filesystem alternatives are currently in a state that is ready for 2.4. Ext3 needs a fair amount of work on how it handles buffer memory before it can go in - too much for this release. Reiserfs, on the other hand, might just happen: Hans Reiser says a 2.3 port is close, and Linus has said that inclusion in 2.4 is a possibility. Meanwhile, XFS from SGI has still not been released (though they have begun to make small pieces available). Thus, the only journaling filesystem alternative for 2.4 is reiserfs, and that remains uncertain.

• Version 3 NFS. Another major kernel release with a sub-standard NFS implementation would be a shame. There's been no word on whether the NFSv3 work that has been done will be merged or not.

Linus had wanted to get a pre-2.4 series going before the end of the year. Not only did that not happen, but it appears that it is still rather distant at this point. Some things can not be rushed; 2.4 will come out when it is ready.

Now that Y2K has wimped out, it's time to worry about the year 2038 problem. 2038, of course, is when the 32-bit time_t value that Unix systems use to represent times overflows. Some people want to try to deal with the problem now; others feel less urgency.

One point of view says that we'll all be using 64-bit systems by then; at some point we just redefine time_t to be a 64-bit value, recompile everything, and the problem goes away. There are, however, a couple of problems with that approach:

• Old hardware has an amazing ability to hang around in crucial roles long past when it seems it should have been junked. That 32-bit Pentium doorstop in the corner of the machine room may still be doing something important when the rollover happens. Embedded applications, where size and power consumption are crucial, also tend to use less capable hardware for long periods of time.

• Making time_t into a 64-bit quantity and recompiling everything will make a lot of programs work. But it will do nothing for all of the databases and file formats which contain 32-bit quantities. Quite a bit of application fixup work will be required to deal with all of those problems.

The solution would seem to be to design a migration path now. With almost forty years in which to make things work correctly, one would assume the a reasonably painless transition could be made. In practice, many of us may well find ourselves being called out of retirement in 2037 to deal with the last-minute fixes...

A beta version of RealTime Linux V3.0 has been released. This version is based on the 2.3 kernel series, and does not (yet) contain much that is new at the API level. Note that RTLinux 2.x is still under active development as well...

A programming guide for Linux USB drivers has been released by Detlef Fliegl. It documents the structure of the Linux USB subsystem, and should be a valuable resource for those wanting to write USB drivers.

Other patches and updates released this week include:

• Jens Axboe released a set of patches to bring DVD support into the IDE driver. It works with the 2.2 kernel series.

• David Sauer released a driver for the MediaForte SF16-FMR FM Radio card.

• Devfs v152 was released by Richard Gooch.

• Randy Dunlap released a /proc tree viewer for the USB bus and attached devices.

• RSBAC 1.0.9a (Rule Set Based Access Control) has been released. RSBAC is an ambitious project to add a number of security mechanisms to the Linux kernel.

Section Editor: Jon Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• Linux 2.5.x Porting help

Other resources:

• Kernel Source Reference
• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Distributions

XLinux. Jyan-Min Fang dropped us a note to point out a possible new Linux distribution: XLinux. Unfortunately, the press releases he could provide to us were in Chinese and therefore not too informative, (unless you know Chinese, which we unfortunately do not). We checked out the website, but with little success, since it is under construction. At that point, we contacted them via email for more information, receiving this file (originally in Word format) in response. Despite the appearance that gave, it does appear that a real distribution is being supported, from a real company, formerly Taiwan Wahoo Cc, now XLinux.com. Whether the distribution is called "XLinux" or "Power Linux" is a bit less clear. In any case, it is being developed as a "Multi-Lingual" version of Linux, with initial support for twelve different languages using GCS (Giga Character Set) which they claim is technically superior to Unicode for multi-lingual support.

Please understand that the Word document in question has obviously been translated from Chinese and includes references that we have not yet researched. As a result, we currently have more questions than answers about this distribution. Nonetheless, it looks interesting and we hope to learn more about in the future.

Corel Linux

Debian GNU/Linux

Distribution reviews in LinuxPlanet. LinuxPlanet ran this review of Debian GNU/Linux 2.1. "Weighing in at over 2,000 packages, the Debian distribution provides the largest and most varied collection of software available on any distribution.... In spite of its size, Debian is remarkably coherent and stable. Linux exhibits these attributes largely due the open-development model. It's only natural that Debian should exhibit similar attributes for the same reason."

Definite Linux

Red Hat Linux

More last-minute Y2K updates. Red Hat has released updates to the groff and libtiff packages which fix "apocalypse-inducing" year-2000 bugs.

Slackware Linux

Spiro Linux

SuSE Linux

SuSE Linux for PowerPC available in beta form. SuSE has announced that a beta of its 6.3 distribution for the PowerPC is available.

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux

See also: last week's Development page.

Development projects

Education

Getting Linux into the Schools is the topic of this article from The Linux Gurus. It compares and contrasts the costs of using Linux versus Windows but also touches on one of the critical reasons for introducing it as an alternative. "Administrators believe that by teaching a student how to use a specific application that this somehow helps them function later in life. Too many times I have seen so called "tech" education classes as simple scripted classes where a student is simply led through the motions of pointing and clicking. We need to show administrators that this does not truly help a student, that we should teach a more broad understanding of the concepts involved. If we can teach those broad concepts then students can apply them to a broad range of situations, applications, and operating systems. " [From LinuxForKids.]

On the Desktop

Mosfet.org Debuts, for KDE Developer News. Mosfet has launched his mosfet.org site, with a focus on KDE 2.0 Development News.

Kurt Granroth has provided a tutorial on converting KDE applications to Konqueror browser plug-ins.

Mozilla developer chat. MozillaZine will be holding its next developer chat with Dave Hyatt on Thursday, January 6, at 3pm PST via IRC to talk about the customizability of the Mozilla UI.

Vertical Markets

FreeVet 1.1.1. In a similar area, this latest version of FreeVet "aims to provide the veterinarian with a complete solution for running a clinic, small or large."

Web Development

Midgard Weekly Summary. Here is this week's Midgard summary, thanks to Henri Bergius. It mentions that the Midgard 2 API has been frozen and both a stable 1.2.x release and an alpha release of Midgard 2 are expected "soon".

Zope Weekly News. This week's Zope Weekly News is now available, complete with a link to the previously mentioned security advisory, new programs, updates, patches and a discussion that may be of interest to other people just getting started developing Zope applications.

Netizen releases 'Xen'. Netizen (a Melbourne, AU consultancy) has announced the release of "Xen," an open-source, Zope-based task tracking system.

Wine

Section Editor: Liz Coolbaugh

Project Links
EmbedLinux.net
EMLAB
linux-embedded.com
Gnome
High Availability
ht://Dig
KDE
MagicPoint
Midgard
Mozilla
PHP
YAMS
Wine
Worldforge
Zope

More Information
AppWatch
Freshmeat
LinuxDev

Development tools

Perl

Applixware Perl API 0.2.0. An initial development version of a Perl API for Applixware has been announced.

Python

Tcl/tk

Section Editor: Liz Coolbaugh

See also: last week's Commerce page.

Linux and business

• Inprise is opening up InterBase. Inprise's open source announcement made perhaps the biggest splash of the week. InterBase may have had a hard time of it in the marketplace, but it is a serious database system and will be a valuable contribution to the open source portfolio.

  The source will be released later in this quarter. Meanwhile Inprise has not released any details on which open source license will be used.

• Macbird has been released by UserLand Software. MacBird is a Macintosh drawing program; it is being released under an MIT-style license. UserLand hopes to see a Linux port soon.

• MontaVista Software released its CompactPCI networking package as open source. This package will be useful for developers working on certain types of embedded systems; see the announcement for more.

• QLogic has announced that open-source Linux drivers are available for its Fibre Channel and SCSI adapters.

Red Hat has bought Hell's Kitchen Software, the makers of the widely-used CCVS credit card processing system for Linux. Evidently the HKS software will now be bundled with the "professional" version of Red Hat's distribution. The current CCVS license is far from open source - binary only, no reverse engineering, etc. Presumably some changes will come once Red Hat takes over, though evidently some of the code needs to remain closed-source due to its use of proprietary financial protocols.

This move helps to position Red Hat for sales into e-commerce settings. It may be cause for some concern for others, in that CCVS has been, for a long time, the only commercially-available credit card processing system for Linux. About the only alternative appears to be the open-source YAMS system; it can do credit card processing, but only through one clearinghouse. The OpenMerchant system provides a lot of interesting functionality, but says nothing about credit cards. Thus, to a great extent, Red Hat is now the only source for this capability.

HKS is being purchased for about $90 million in Red Hat stock. The final deal is contingent on approval from HKS's stockholders. More information in Red Hat's press release.

Red Hat will be carrying Salon's content on Wide Open News, thus helping to fill out the content on that site. Salon's stock price took off on this news, of course... See Salon's press release for more.

VA Linux Systems announces SourceForge. VA Linux Systems has put out this press release announcing SourceForge to the world. The Linux community has known about SourceForge for a bit - it seems like a dozen development projects move over there every day. But this announcement is the first much of the wider world has heard about this resource, and it has drawn some significant attention.

XFree86 wins IDG/Linus Torvalds Award. IDG World Expo announced that The XFree86 Project, Inc. is the recipient of the February 2000 IDG/Linus Torvalds Community Award.

More announcements from LinuxOne. LinuxOne may not be all that strong on revenue, but they have the press release game down. Recently, it has announced the opening of a Taiwan office, staffed by six people.

LinuxOne has also put out a somewhat suspicious press release claiming to have a $500,000 order from Power Source. A good counter to this release can be found on Technocrat.net, where Bruce Perens points out that Power Source, a tiny company, is not in much of a position to spend $500,000 on anything.

White Paper: Open Source and Microsoft. The Aurora Development Group has put up a white paper on open source software and Microsoft. They side strongly with Microsoft. "While Linux is reliable, free, and scalable, you should really consider sticking to NT. Love it or hate it, we all know how NT will behave in just about every situation. Since each person who uses it can modify Linux, it makes the OS harder to master. On a typical day, I visit three different client sites in New York City. Each of them are running Windows, so I know what to expect. What if they were each running a customized version of Linux? My support burden would dramatically increase."

OS X released. Apple has put out a press release announcing the rollout of OS X. "At the core of Mac OS X is Darwin, Apple's advanced operating system kernel. Darwin is Linux-like, featuring the same Free BSD Unix support and open-source model."

Section Editor: Jon Corbet.

Press Releases:

Commercial Products for Linux:
• Dataware Technologies, Inc. announced (Red Hat) Linux support for it's search technology components.

• Planet Intra announced that its "instant Intranet" software for small and medium-size enterprises will be bundled in Donovan's Penguin64 Lite - a 64bit server running the Linux operating system for under $2,000.

• PowerQuest Corp. announced the addition of SmartSector support for Linux ext2 and Linux Swap partitions in Drive Image Pro 3.01.

• Tux Games has gone live as "the first online store dedicated just to selling Linux gaming products."

  Java Products:

• Track Data Corporation announced the release of myTrack-Linux v1.0. myTrack is a Java-based stock trading system, apparently tied into Track Data's brokerage.

  Products with Linux Versions:

• Accrue Software, Inc. announced expanded platform options for Accrue Insight and Hit List for customers who choose Linux operating system deployments.

• Active Concepts announced the release of Funnel Web 3.6.

• Andover.Net announced Animation Factory Volume Two, a CD-ROM including over 60,000 clipart images.

• Alteon WebSystems announced the commercial availability of a Gigabit Ethernet adapters which can operate over common copper wiring.

• Connectix Corporation announced its expansion of the Virtual PC product line with two new versions, including Virtual PC with Linux.

• ECCS Inc. announced the availability of Linux support in its Synchronix family of fault-tolerant data storage products.

• InfoValue Computing, Inc. announced the development of a Linux version of its comprehensive suite of QuickVideo software.

• Lava Software announced Japanese WordMage v5.7, a complete Japanese application suite.

• OptiSystems Solutions Ltd. announced the availability of its Energizer PME for R/3 support for AS400 and Linux platforms.

• Performance Technologies, Inc. announced enhancements to its Synchronous/Serial and T1/E1 WAN communications adapters.

• PowerCerv Corporation announced that it will support the Linux operating system in the next release of its ERP Plus software suite.

• Progress Software Corporation announced that it is shipping its embedded database and other deployment products on the Linux operating system.

• Virtual eXecuting Environment protects Unix/Linux servers from intruders and hacker attacks. Product is free for non-commercial use.

  Partnerships, Investments and Acquisitions:

• Ariel Corp. announced that it has expanded its distribution and integration agreement with Trilogic Systems to encompass all of the U.S.

• Classics International Entertainment, Inc. announced the signing of the final documents for the purchase of IBP, Inc., a private company that specializes in Linux based data compression technologies.

• click2learn.com, inc. and ComputerPREP announced a strategic partnership to distribute ComputerPREP's e-courseware through click2learn.com.

• Cyber Merchants Exchange announced that it signed an agreement licensing its Linux-based Internet Sourcing Network software to C-ME.com./Taiwan.

• Midnight Cafe LLC announced the acquisition of Gamers Depot. It now plans to create a network of Linux, Macintosh and Console Gamer sites.

• Unibol announced a contract with RoTech Medical Corporation for custom software development and associated licenses that will allow RoTech to use Linux-based web servers to access corporate applications and data.

• VA Linux Systems, Inc. announced that NetLedger, a provider of Web-based applications for small business, has selected VA Linux to provide rackmount Linux servers and integration management services for its entire application server infrastructure.

  Other:

• Lehman Bros. has announced that it is starting its coverage of VA Linux with a "outperform" rating; they think it will hit $230/share.

• Simultaneously, W.R. Hambrecht + Co. has announced its coverage of Andover.net - also with an "outperform" rating.

• Andover.Net opened the balloting for the first-annual Slashdot Open Source Community Awards, a.k.a. Slashdot Beanie Awards.

• Applix, Inc. announced estimated 4th quarter results for 1999.

• Global Media announced that its Linux-based broadcast solution was featured in the January 2000 issue of Linux Journal.

• internet.com announced a re-launch of its homepage. Part of the re-design includes the addition of the Linux/Open Source channel.

• The Linux Business Expo has announced that it is expanding to four annual events in North America. An advisory board has also been named, with names like Larry Augustin, Mark Bolzern, Lyle Ball, Jon Hall, Dave Sifry, and a guy named Linus Torvalds.

• The LinuxPower folks asked us to put out a reminder of their ongoing membership contest. Create an account with linuxpower.org (make an account here) to be one of the winners of a t-shirt, a penguin hat and a chocolate bar from copyleft.net and linuxpower.org. Contest ends January 9.

• Track Data Corporation reported a new milestone for its myTrack online trading service. To download myTrack-Linux software, go to http://www.mytrack.com.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the news

Dan Gillmor writes about the DVD case in this San Jose Mercury column. "I don't know who'll win the legal case. But it's plain enough who's already won the war over access to DeCSS. In this case, the Net is acting as an antibody to what it perceives as a dangerous disease -- and the implications are clear."

More DVD Hack:

EE Times reports on the DVD lawsuit. "At stake, the plaintiffs assert, is the future of the DVD format itself. But supporters of the DVD hack disagree. They point out that the DVD encryption was cracked not for piracy but as part of a project to develop a Linux-based DVD player, something the DVD industry itself has yet to tackle."

VA Linux:

News.com reports on the announcement of SourceForge.net and other moves by VA Linux Systems. "SourceForge is hosting, at its launch, about 700 open-source projects, including the following: VA Linux's own Cluster Manager; Topaz, a next-generation version of the Perl programming language; and the Berlin Project, a graphical system for Linux and Unix."

From Inter@ctive Investor: a conversation with Larry Augustin about the Linux stock craze. "Sadly, most Linux-related press releases have been coming from companies that can hardly claim any sort of pure devotion. Whether it's 'K-tel International Selects Red Hat Linux as New Operating System' or 'Dunn Delivers Linux Servers' or 'Learn2.com Expands Courseware Offerings into the Linux Market', it's blather coming from companies that get hardly any Linux revenue now and likely won't get a large portion of their revenue from Linux in the foreseeable future."

The Red Herring takes a detailed look at VA Linux Systems. "Mr. Augustin's big challenge is not only selling the company's products and stock, but convincing people that VA Linux isn't just a hardware vendor. 'Because we sell systems, many people view us as a hardware company,' he says. 'That's a misnomer. We offer expertise in getting customers to open code.'"

Red Hat:

The E-Commerce Times looks at Red Hat's acquisition of Hell's Kitchen Software. "The Research Triangle Park, North Carolina-based Linux vendor will bundle the HKS credit card verification system software with the Professional Edition of its OS package, which will provide users with an e-commerce server and services solution."

ZDNet's Inter@ctive Investor reports on the Salon/Red Hat deal and the effect on Salon's stock price. "Salon used a proven formula -- company mentions Linux and/or Red Hat in a press release and surges as day traders go bonkers."

Business:

Here's an article in ZDNet about Intel's new, Linux-powered web appliance. "[Intel manager Claude] Leglise downplayed any split with Microsoft. He said customers asked Intel to use Linux, a free variant of the Unix operating system, because of its flexibility, reliability and ability to deliver much the same capability as PC software. The devices will use Intel's low-cost Celeron microprocessors, Leglise said. Microsoft officials didn't respond to calls requesting comment."

EE Times looks at Linux in the testing and measurement world. "'We like to jump into an area when we see a lot of requests,' said Carsten Puls, instrument control product manager at National [Instruments], 'so we're expanding our Linux-compatible products, which started as a grass-roots effort on the part of our own programmers.'"

Here's an article in the Ottawa Citizen about Inprise. "Inprise said that since it released its JBuilder 3 Foundation product on its Web page early in December, Web traffic has jumped four times. More significantly, demand for a Linux version was double that for a Windows version."

Linux distributors are moving away from direct retail sales and into VAR relationships, according to this Computer Reseller News article. "The fact that most of the Linux business still is going through retail indicates that developers are buying it with plans to build applications that are specifically for the Linux platform..."

Government Technology ran this article about Dallam County (Texas) and its use of free software for its web server. "'It came down to the bottom line for us,' admitted [County Treasurer] Ritchey. 'It's a good use of taxpayer money to use open-source software.' But, it isn't all about the Benjamins. 'If I was going to set up another server and I had money, I would still use Linux and Apache,' he said."

Computer Reseller News looks at Corel. "Despite its current financial woes, Corel Corp. is banking heavily on Linux."

News.com looks at LinuxOne's IPO. "LinuxOne is expected to launch its initial public offering as early as next month. But the upstart company faces a host of issues that were absent in the highly successful IPOs of Linux companies Red Hat, VA Linux, Cobalt Networks and Andover.Net."

ZDNet UK looks at the possibility of a Microsoft Linux. "Anybody tells you that Bill Gates is recruiting Linux programmers in order to launch MS Linux on the new Intel Itanium chip in the year 2000, can be safely sent away with a scornful flea in their ear." (Thanks to Mark Gravolin).

Finally:

News.com ran this retrospective, looking at Linux in 1999. "When the year began, Red Hat had 40 employees. Now, with the acquisition of Cygnus Solutions, Red Hat has grown tenfold to about 410..."

Time makes some predictions for this year. "Linux Gets Small. It was a great year for the Linux operating system and the Open Source community in general. Now it's time to face some hard facts: Linux owns only a tiny sliver of the desktop market, and that sliver isn't likely to get much bigger."

Nowadays, introductory Linux articles even show up in Playboy. "I believe that very soon the Linux OS will dramatically change the operating system as most of us now know it and thus the way we work and play on our computers. At least I hope so; I'm tired of rebooting."

This MacWeek column paints a pretty sad picture of Apple's attempts at open source thus far. "Apple boldly announced Darwin in mid-March and has released several tepidly received updates since then. The main problem is that all the source opened thus far can best be labeled 'mostly useless.' The so-called 'final version' of OS X will not be based on the Darwin source code available today. That means nothing Apple has released until now under the guise of the Darwin OS is much more than smoke screen." (Thanks to John Jensen).

Evan Leibovitch makes his predictions for 2000 in this ZDNet column. "Linux Magazine, in an attempt to increase its profile, decides to feature centerfolds. Their first (and last) one features Corel first lady Marlen Cowpland. As a result of the ensuing revenue from magazines and posters, Linux Magazine goes public, purchases IDG and fires Bob Metcalfe."

Salon has put up an amusing set of predictions for 2000. "Having resolved in a national referendum that it was high time that the country of Finland should be known for something more than saunas and the world's highest per-capita cell phone use, the Finns will declare an open-source country. Citizenship will be open to anybody who writes any portion of the new constitution."

Section Editor: Rebecca Sobol

See also: last week's Announcements page.

Announcements

Resources

LinSight has announced that interested parties can locate upcoming Linux events on the LinEvents site by zip code - in the U.S. at least.

Issue 49 of the Linux Gazette (January) is available.

Christian Scholz announced a project called GROUP.lounge. It is a groupware server which uses an enhanced filesystem model. User can share documents, notes with each other via either a web or a webdav interface.

Linux Facile is a Linux manual in Italian for entry-level users.

Events

Linux World/Linux Expo Paris will be held February 1-3, 2000.

Tuesday, February 8; Excelco, The Linux Store, Enhanced Software Technologies & AZSOFT.net present Linux for Business:
Overcoming the FUD Factor Seminar 8AM-12PM (Phoenix), For more information contact: Francine Hardaway (602) 331-0997,
URL: http://www.excelco.com/

O'Reilly announced that the keynote speaker for the O'Reilly Java Conference, March 27-30, 2000, is Simon Phipps, "IBM Corporation's Chief Java and XML Evangelist."

The Linux Show!! announced that it will be the official "Broadcast Sponsor" of LinuxFest2000, June 20 through 24, 2000 in Overland Park, Kansas.

The Libre Software Meeting #1 (French version) has been scheduled for July 5th through the 9th, sponsored by ABUL, (Linux Users Bordeaux Association). It will be held in Bordeaux, France, at ENSERB ( cole nationale sup rieure d lectronique et de radio lectricit de Bordeaux). All "libre" software developers are invited and the emphasis of the event will be non-commercial.

Web sites

User Group News

Help wanted

Software Announcements

Our software announcements are provided courtesy of FreshMeat

See also: last week's Back page page.

Linux links of the week

StepByStep is a different approach to providing Linux help and documentation. The StepByStep guides do not attempt to provide any sort of comprehensive coverage of a topic; instead, they are intended to be concise, quick guides to making something work.

Section Editor: Jon Corbet

Letters to the editor

 From: Larry McVoy <lm@bitmover.com> Date: Mon, 3 Jan 2000 18:08:22 -0800 To: editor@lwn.net Subject: you might want to read this Cc: lm@bitmover.com [hold] It appears to directly contradict what you are saying in http://lwn.net/2000/features/ncm-dvd.phtml The following court case, http://www.law.emory.edu/7circuit/june96/96-1139.html upholds shrinkwrap licenses, overturning a lower court's claim that shrink wrapis not enforcable. The basic summary is that the vendor can't do stuff like put a license inside that says "because you opened the box, you now owe us another $10,000, and paying us now is your only choice. Ha ha, gotcha.". However, the vendor _can_ put in the box, "your right to use this software is conditional on you obeying the following rules (spell out the rules). You can either agree to these rules or return your software for a full refund." In other words, a vendor can list rules, the court showed multiple examples - from insurance policies to prescription drugs to software - where such rules are listed and are expected to be obeyed. In addition, the court found that shrinkwrap does _not_ violate the UCC, as stated on your web site. The lawyer that OKed that web page appears to be sadly misinformed about the state of the law. And this isn't a recent case, this is from '96. --lm 

 To: letters@lwn.net From: ncm@nospam.cantrip.org Subject: Shrinkwrap Licensing This is an update to my feature on shrinkwrap licensing, http://lwn.net/2000/features/ncm-dvd.phtml in response to the LWN editors' and Larry McVoy's comments. LWN introduced the feature with a statement: Should the court rule on the validity of these licenses, it will be interesting to consider how free software licenses differ legally-- if at all--from the commercial shrink-wrap variety. Free Software licenses are based firmly on international copyright law. The UCC (Uniform Commercial code) doesn't apply, because the copyright holders aren't selling you anything. Red Hat doesn't own the copyright on (most of) the code in their box. The UCC places obligations on Red Hat, but not anybody who is not party to the transaction, so the UCC doesn't weaken the GPL. Larry McVoy introduces a more troublesome issue: the U.S. 7th Circuit Court overturned a district decision and upheld a shrink-wrap license: http://www.law.emory.edu/7circuit/june96/96-1139.html The decision is troublesome because its reasoning is very sloppy, reading more like an undergraduate business-school essay than a serious legal document. It dismisses the difference between a license and a contract in one line. It similarly dismisses the very real practical problems of actually getting a refund after a product box is opened. The examples the court takes as valid shrink-wrap licenses are drawn not from legal cases, but from other recent attempts at the same trick which happen not (yet) to have been fought all the way to a court decision. The judges note there is little case law, taking it to indicate that the public implicitly accepts shrink-wrap licenses, despite that (as noted earlier) software companies have routinely avoided trying to enforce such licenses for fear of producing such case law. Its basic argument is expediency: because it would be inconvenient for vendors to obtain agreement from customers to give up their rights under the law, it is sufficient (according to that court) for the vendor simply to assert that customers don't have those rights: Not trying to return the product for a refund constitutes "agreement". A customer who prefers to retain those rights has no recourse other than to try to get a refund (and good luck!). The decision doesn't go so far as to say that a failed good-faith attempt at a refund might negate such an "agreement". Fortunately for the DVD case, the 7th Circuit decision is (I believe) not binding in the 9th Circuit, where the DVD case is being tried. Furthermore, Norwegian law, which has jurisdiction where the reverse-engineering is said to have occurred, does not (according to Otto Skrove Bagge) allow a license to eliminate reverse-engineering rights. Even if a contract-o-matic is held to constitute a valid contract, legally-invalid parts of such a contract are not binding. (Similarly, paragraphs common in real-estate title deeds in Los Angeles, forbidding sale to non-Causasions, are legally meaningless.) The 7th Circuit precedent cries out for well-reasoned contradiction. The DVD case might be an opportunity to evoke one, if only in passing. I am not a lawyer, and the above has not been reviewed for legal accuracy. 

 Date: Tue, 4 Jan 2000 20:14:13 +0000 From: ruth@innocent.com To: lwn@lwn.net Subject: GPL as shrinkwrap license? [HOLD] As I understand it, the significant difference between say, the GPL and a typical EULA shrink-wrap license from a major proprietary vendor is that the GNU GPL is *not* an end-user license at all. Only distributors and software developers need to agree to the GNU GPL, the license itself says, in paragraph zero, "The act of running the Program is not restricted (...)" because the architects of the GNU GPL explicitly wanted everyone to be able to USE their software. This means that for the purposes of the UCC, GNU GPL software does not have any licensing restrictions applied to it. Purchasers of Gimp CDs are free to use them as frisbees, install and use them on as many machines as they like, and then re-sell the CD without any restriction. Similarly, purchasers of a book are free to read it, use it to prop up a table, discuss the plot with friends, then lend it to those same friends and finally sell it second hand. Other rights are reserved to the publisher, and there are extensive license agreements in place, but like the GNU GPL they DO NOT MATTER to end-users. 

 Date: Thu, 30 Dec 1999 02:21:59 -0800 (PST) From: Juergen Weber <weberjn@no-spam.yahoo.com> Subject: Buffer overflow protection To: letters@lwn.net Hello, in the security section of Dec,30,99 you write: > But Linus's main point has always been that a> non-executable stack is a band-aid solution which > does not fix the real> problem - poorly written applications.  In an ideal world where there are only wizards like Linus you could fix the poorly written applications problem. The great inventions of computer science made programming more error-prove. Of course memory leaks are signs of poorly written applications, but humans will always make mistakes. So the java approach of freeing the programmer of memory allocation was the way to go. So the real solution is to disallow the execution code on the stack. Juergen (please make my email address "anti-spammed") 

 Date: Thu, 30 Dec 1999 07:16:35 -0700 From: Ray Whitmer <ray@xmission.com> To: letters@lwn.net Subject: GNU/Linux I read your recent item on the name of: GNU/Linux versus Linux. At first, it sounded to me like a silly dispute. But after reviewing the GNU's page on this topic, I find that GNU's claims warrant consideration. Most developers understand that GNU has for years supplied many pieces, and Linux was "only" a plugged-in kernel, predating the Linux kernel by many years. I believe GNU claims 28% of the current size versus 4% in the Linux kernel, although it is not clear to me which pieces they count. There are also many other large valuable parts of the combined O/S without which the kernel would be much less useful -- I think especially of the XFree project. It is not easy to make sure everyone receives due credit as things evolve over time. Calling it just Linux may seem to trivialize those other efforts. While it is not clear how to make this fair to everyone, perhaps in the future multiple kernels will become available to plug in, and it will become even more obvious than ever that the Linux kernel itself, while quite important today, is only a small part. I have friends who value FreeBSD and other OS's -- there could be value in joining compatible parts of various movements under a more-generic banner. Ray Whitmer ray@xmission.com 

 Date: Mon, 3 Jan 2000 12:34:02 -0600 (CST) From: Dave Finton <surazal@nerp.net> To: info@auroradev.com, stevef@auroradev.com, letters@lwn.net Subject: Comment on your white paper I do disagree with your assertions about Linux vs. NT. In fact I will highlight a few "innacuracies" in your white paper (http://www.auroradev.com/whitepapers/open_source.htm) that need to be addressed. These aren't minor hiccups, but serious drawbacks to what I was hoping would be a serious commentary on open source vs. NT You said: Since Linux is a network operating system, Linux may be a threat to high-end NT, but not to desktop Windows: Microsoft Access, Office, and VB development will continue to flourish independently of the network architecture. I reply: NT *will* continue to flourish... even in the high-end and well as the low end. But you've seemed to miss the point that Linux is already flourishing at all these levels as well. Over 30% of all web servers use Linux. Linux is being taken seriously in our university (U of Minnesota Duluth) ITSS department, which has always been staunchly Netware-, Solaris-, and NT-centric. Linux is around you in all levels; you simply fail to see it. Also Linux is booming on the desktop. People who I didn't even think would consider using it (i.e. the "average joe") are telling their friends they've installed Red Hat or Mandrake Linux on their machines and really like it. And guess what? They're *using* it too, in increasing numbers. Frankly, your hypothetical situation does not exist in the real world. You said: The Palm Pilot was the last great hope in the anti-Microsoft camp. Microsoft responded with Windows CE, a lean and mean operating system designed to run on handheld computers, palm devices, car radios, and cell phones. This great new OS supports color screens (where is that color Palm Pilot?) and much superior handwriting recognition. There are CE versions of all your favorite Office Products, and a Visual Basic developer?s kit for CE. I could not tell you how to wirte an application for Palm Pilots (not even Java with its Write once Run many fame can run on a Palm without major modifications to the core language.), however, I can create a Pocket Access or VB application for the CE in minutes. I reply: Ah, so that's why Palm Pilot still is beating CE in virtually every market I know of, and has been doing so for *years*. Portability of apps to the CE devices cannot overcome Windows' flaws on the handheld devices. Palm is simply better. You said: Most Linux installations in production are UNIX shops that run $160,000 + SUN servers. You can get the same power, scalability and performance with Microsoft Cluster Services and NT for one third the price! I reply: Uh, Linux is free, and it comes with the same power, scalability, and performance with Beowulf Cluster services and Linux comes at zero thirds the price! Linux is making *serious* inroads into many markets, particularly in formerly NT-centric shops where Microsoft has disappointed IT managers one too many times. NT is simply not a cure-all. Mind you, neither is Linux, but I can't agree with your premises here. I find your "white paper" technically misleading and innacurate, and cannot take it seriously as such. I have to implore you to take a serious look into the marketplace. The results may surprise you. - Dave Finton p.s. On a final note, you're probably assuming that Microsoft is unbeatable. Remember when they said the same about IBM and DEC? Nobody's glory years last forever. --------------------------------------------------------- | If an infinite number of monkeys typed randomly at | | an infinite number of typewriters for an infinite | | amount of time, they would eventually type out | | this sentencdfjg sd84wUUlksaWQE~kd ::. | | ----------------------------------------------------- | | Name: Dave Finton | | E-mail: surazal@nerp.net | | Web Page: http://surazal.nerp.net/ | --------------------------------------------------------- 

 Date: Thu, 30 Dec 1999 08:17:56 -0500 To: letters@lwn.net From: "Gregor N. Purdy" <gregor@focusresearch.com> Subject: Fwd: An idea LWN-- I sent the following to the FSF after reading about the Amazon.com boycott. --------------------------------------------------------------------- Someone else has to have thought of this, but I haven't run across it anywhere in my "travels" yet. As long as the current PTO stance remains uncorrected, things like this will happen. If the past is any guide to the future, any correction to this will take a long time. Therefore, while pursuing a correction to the policies and practices of the PTO is vital, we should be looking for ways to relieve some pain in the interim. I suggest that we seek out "Angels" in companies that are making money from free software, such as Red Hat and VA Linux, and via fundraising through LPF and GNU to fund a legal entity that will file for and defend patents with automatic free license granting similar to the provisions of the GPL. So, we can put together patent applications for important techniques that we fear will be stolen from the community by companies through inappropriate PTO usage. Once patents are granted, usage of the techniques will fall under the license agreement mentioned above, which will state that no entity holding software patents that are not licensed under this license may use the technique (not even for a fee). As the portfolio builds, and hopefully with a lot of help from the commercial folks who live by free software both in funding and in generating patents, we can start to carve out some free territory. And, by setting an example, hopefully we can pull in other companies that *want* to play with the free software folks, convincing them to either (a) transfer their patents to this other entity or (b) retain official ownership, but permanently license them according to the GNU Intellectual Property License (GIPL), or whatever the thing is called. Stop software patents! But, in the mean time, take some defensive action. Besides, this would probably bring a lot of attention to the issue... If companies are creating the patents in order to get recognition of their achievements (an idea which fails for the "simple and obvious" category), then there shouldn't be any issue subsequently licensing them this way or transferring ownership. The free software community has always been big on giving credit where credit is due (and only where due). For those companies doing it for the purpose of protectionism (weak) or extortion (evil), hopefully we can create an uncomfortable environment for them between now and when the problem is fixed. --Gregor N. Purdy Focus Research, Inc. gregor@focusresearch.com 

 Date: Thu, 30 Dec 1999 12:29:07 -0500 From: atorrey To: letters@lwn.net Subject: Thoughts on the Amazon boycott This is likely to get me flamed, but I have serious doubts about the potential effectiveness of the Open Source community's call for a boycott of Amazon.com over the One Click software patent. While we like to tell each other how 'special' we all are, the practical hard fact is that the Open Source world, even if we include all our friends, is not all that big a percentage of the world. Even the most successful boycott is unlikely to have a major impact on Amazon's bottom line. (A similiar logic could most likely be applied to other calls for boycotts of other companies for S/W patents) Indeed, Amazon is big enough that there are often few on-line alternatives, especially if one also finds Barney igNoble obnoxious. While I am not saying to dump the boycott, to me it is not using our talents to their best advantage. Amazon is a marketting specialist, and a boycott is trying to beat them at marketing, why tackle them on their own turf? If you want to beat someone, it is best to work from your strongest position. Why not let Amazon keep their patent, just like we let another major corporation keep it's O/S, and go for 'world domination' with our strongest skill set. Go to Barnes & Noble, and offer to help them develop a non-patent infringing, improved, equivalent to One Click. (One possible idea - how about if the system enabled a single checkout from an entire shopping session, involving multiple e-stores?) Obviously it would have the string attached that it would be Open Source, perhaps with a limitation in the liscence that it was only open to companies that did not use software patents to limit competition... Which idea would you think would make Jeff Bezos more nervous - the thought that a few hundred geeks might take their business elsewhere? Or that those same geeks, who include some of the worlds best programmers, are going to go help the competion build a better website? ART (Please do not include my E-mail address, if you must, please anti-spam it...)