Slashdot Mirror

psychonaut writes "Long-term readers of Slashdot may be familiar with The Linux Counter, which attempts to measure (through surveys and statistics) the number of people using GNU/Linux operating systems. The project started in 1993 and shot to fame six years later, largely as a result of three Slashdot articles (two of which brought the Counter to its knees). After four years of stagnation, project founder Harald Tveit Alvestrand has handed over the reins to a new maintainer, Alexander Mieland. Over the past few months, Mieland has completely redeveloped the project, with a modernized design and support facilities (including a bug tracker, mailing list, RSS feed, and Twitter account). The New Linux Counter is now up and running, with all the data for active users from the old counter. The old site will continue to operate for a time but will soon be shut down and requests redirected to the new site."

corso64 writes "Ohio Linux Fest 2005, a free conference/event for Linux and OSS enthusiasts, looks to be every bit as good, if not better than Ohio Linux Fest 2004. Last year, IBM, Novell, Apache, Beowulf, Mozilla, along with Jon "Maddog" Hall made Ohio Linux Festival 2004 a huge success along with tons of swag, freebies, and door prizes (including a Linus-autographed cdrom of the original source release of Linux). This year IBM, Novell, Apache, Digium, KDE and others will be doing sessions on Asterisk, KDE, Digital Forensics,Unified Threat Management, Ubuntu, Server Farms and lots of other topics. Check it out this October 1st!"

Anonymous Coward writes "Registration is now open for the 2005 Southern California Linux Expo. SCALE is a grass roots Linux and open-source conference in Los Angeles, CA. SCALE's mission is promote open-source and free software. Demonstrations and exhibits are targeted at everyone from beginners to experts. Speakers include: John 'maddog' Hall (Linux International), John "Maddog" Hall - Linux International, Larry McVoy (BitKeeper), Randy Dunlap (OSDL / Kernel Developer), Kevin Foreman (Helix Project, RealNetworks), Jason Schultz (Electronic Frontier Foundation) and more."

hta writes "In a testament to the fact that Linux has been around for a while, the Linux Counter turned turned ten last month. The site has been counting a few of the users of Linux since September of 1993, and currently lists more than 130.000 names. It's still waiting for Linus Torvalds to claim registration #1, which has been reserved for him for the last ten years. Among the events that have happened in 10 years of running the counter, the Slashdot events are some of the more memorable."

hta writes "In a testament to the fact that Linux has been around for a while, the Linux Counter turned turned ten last month. The site has been counting a few of the users of Linux since September of 1993, and currently lists more than 130.000 names. It's still waiting for Linus Torvalds to claim registration #1, which has been reserved for him for the last ten years. Among the events that have happened in 10 years of running the counter, the Slashdot events are some of the more memorable."

hta writes "In a testament to the fact that Linux has been around for a while, the Linux Counter turned turned ten last month. The site has been counting a few of the users of Linux since September of 1993, and currently lists more than 130.000 names. It's still waiting for Linus Torvalds to claim registration #1, which has been reserved for him for the last ten years. Among the events that have happened in 10 years of running the counter, the Slashdot events are some of the more memorable."

Slashback tonight brings you updates on low-power hardware, unauthorized music distribution by buymusic.com, and more, including a reminder of the upcoming (now annual) Linux picnic at the conclusion of LWCE. (If you're not there, start your own local chapter ;)) Read on for more!

MenuetOS progresses. For those with a taste for esoteric tiny operating systems for low-power systems, the x86 release of Contiki wasn't the only news this week. Lgd writes "Menuet, the 100 % assembly OS, has made quite a few improvements since it was last reported at Slashdot. Menuet has now a simple tcp/ip stack with tiny http, mp3 and email servers, FASM 1.48 assembler and demo applications like the 3d maze."

Perhaps this will lead to a finer toothed comb overall. Jody Whitesides writes "Hello, I want to take a moment to update you about my situation that you posted recently... As of right now, I won my fight with BuyMusic and the Orchard. I have been promptly let out of a contract that was already terminated February 1st of 2001. It seems they had kept me in their catalog on a contract clause that had been overlooked when the contract was signed back in 1999.

As of 5 p.m. pst 07/31/2003 I was given notice that I was removed from the Orchard's distribution. In turn I have since checked with BuyMusic's website and have been swiftly removed from the website and now all has been set right in the world. It seems that even the big corporations don't wish to face copyright infringement.

I want to thank you for running the story as I have no doubt that it helped bring a swift decision in getting my music under my control so that I can best determine how fans will get it into their hands.

I harbor no ill will towards BuyMusic or the Orchard."

MandrakeSoft still not dead (wants to go for a walk). LinuxGeek8 writes "In their latest shareholder newsletter MandrakeSoft made a few statements about their financial position. Their retail sales decreased, while their high-margin sales (oem, club, online sales, etc.) increased. In total their revenue decreased somewhat, while the operating loss decreased. Since January they have been cash-flow positive.

Quoting about their "Chapter 11": "On January 27th, 2003, the Commercial Court granted MandrakeSoft a six month observation and protection period (similar to a U.S. Chapter 11 procedure). This period will end on July 27th, 2003. The company is pursuing an opportunity to be granted an additional six month observation and protection period. In the upcoming months, the company's objective is to exit the Observation Period with a 'Continuation Plan'."
Things seem to be looking good on the radar."

This is good news for those of us who like all the work that Mandrake has put into making Free software easy to install.

Video Capturing Part 2 at Ars Technica miskatonic alumnus writes "Recently, slashdot reported on an excellent article -- Part I: Video Capture -- of the 3-part series 'Guide to Capturing, Cleaning & Compressing Video' at Ars Technica. At last, Part II: Video Cleaning is now available."

The largest gathering, of a sort. Linda Denison links to these "several articles about GenCon, handily linked to one place!"

From the article: 'GenCon: Freaks & Geeks,' she excerpts: 'My wife wrinkled her nose in response. Computer geeks tend to be clean. They wear clean clothes, and bathe regularly. Usually this is because they live in their mother's house. Probably in their old room. Tabletop geeks tend to wear the same clothes they bought in their early twenties, roughly three belt sizes ago, and aren't well versed in the bathing arts. This is because they live in their mother's basement. The heat sort of exacerbated this problem.'

(We've run a couple of articles originating at this year's GenCon already.)

Sci-Fi Auction Followup... cjustus writes "The live auction mentioned earlier in the week is over... Here are the prices that items went for. The big item? Original George Reeves Superman Costume for $110K ... Harrison Ford's pistol from Blade Runner went for $17K... Any slashdotters bid / win?"

Matching hardware to actual needs is not crazytalk. Michael C. Barnes writes with a followup to the recent mention of his company's low-power MicroServer, which, it turns out, has a larger sibling. "One of the people reading your post did a review of the Microserver HP. ... The person doing the review benchmarked our Microserver High Performance and thought it did a reasonably good job with My SQL."

"Penguin dip" is just an expression. Bill Kendrick writes "This Saturday, August 9th (after the Linux World Expo) San Francisco Bay Area Linux lovers and the people who love them will be gathering at the Baylands Park in Sunnyvale for Picn*x12, the third annual Linux anniversary picnic. Organized by several local LUGs and sponsored by Oracle, this barbecue is a free event for the entire family."

Whether or not you can get to the picnic, FeeDBaCK writes "It has been almost 2 years since the Linux Counter has been mentioned on Slashdot. It was last mentioned in October of 2001 and brought on an impressive number of registrations. Accounts are deleted after 2 years of inactivity, so now is a good time for everyone to freshen up their account, or create a new one if they don't have one already."

An Yong Zheng writes "Linuxfest Northwest is being held on Saturday, April 26 at Bellingham Technical College in Bellingham, Washington. LFNW is a grassroots event put on by a coalition of Pacific Northwest Linux user groups to showcase what Northwest Linux users are doing with Linux and Open Source software. It features a keynote speech by Jon "maddog" Hall from Linux International, lots of great presentations and tutorials, displays of the various cool things that Linux can do, Free Stuff, etc. Click here for more information and here for the schedule of events!"

An Yong Zheng writes "Linuxfest Northwest is being held on Saturday, April 26 at Bellingham Technical College in Bellingham, Washington. LFNW is a grassroots event put on by a coalition of Pacific Northwest Linux user groups to showcase what Northwest Linux users are doing with Linux and Open Source software. It features a keynote speech by Jon "maddog" Hall from Linux International, lots of great presentations and tutorials, displays of the various cool things that Linux can do, Free Stuff, etc. Click here for more information and here for the schedule of events!"

hta writes "Over the 7 years that the Linux Counter has been operative, a lot of people have registered who can no longer be verified. We do not want to publish false data to the world. So we have to remove the data when it is too old, and have decided to give two grace periods." See below for more information - but go out and get counted!

• Two years for entries with an email that might be valid
• One year for entries without a valid email entry

More technical details are available from the Counter.

Since there has not been any routine for this before, there is a backlog of almost 100.000 entries.
We have decided to pull the whole backlog at once on November 1.
After this date, the aged-out entries will not be included in the Linux Counter user count, and will not receive email notifications from the counter.

If you registered with the Linux Counter long ago, go over there and log in in order to make sure your entry stays counted."

hta writes "Over the 7 years that the Linux Counter has been operative, a lot of people have registered who can no longer be verified. We do not want to publish false data to the world. So we have to remove the data when it is too old, and have decided to give two grace periods." See below for more information - but go out and get counted!

• Two years for entries with an email that might be valid
• One year for entries without a valid email entry

More technical details are available from the Counter.

Since there has not been any routine for this before, there is a backlog of almost 100.000 entries.
We have decided to pull the whole backlog at once on November 1.
After this date, the aged-out entries will not be included in the Linux Counter user count, and will not receive email notifications from the counter.

If you registered with the Linux Counter long ago, go over there and log in in order to make sure your entry stays counted."

hta writes "Over the 7 years that the Linux Counter has been operative, a lot of people have registered who can no longer be verified. We do not want to publish false data to the world. So we have to remove the data when it is too old, and have decided to give two grace periods." See below for more information - but go out and get counted!

• Two years for entries with an email that might be valid
• One year for entries without a valid email entry

More technical details are available from the Counter.

Since there has not been any routine for this before, there is a backlog of almost 100.000 entries.
We have decided to pull the whole backlog at once on November 1.
After this date, the aged-out entries will not be included in the Linux Counter user count, and will not receive email notifications from the counter.

If you registered with the Linux Counter long ago, go over there and log in in order to make sure your entry stays counted."

hta writes "Over the 7 years that the Linux Counter has been operative, a lot of people have registered who can no longer be verified. We do not want to publish false data to the world. So we have to remove the data when it is too old, and have decided to give two grace periods." See below for more information - but go out and get counted!

• Two years for entries with an email that might be valid
• One year for entries without a valid email entry

More technical details are available from the Counter.

Since there has not been any routine for this before, there is a backlog of almost 100.000 entries.
We have decided to pull the whole backlog at once on November 1.
After this date, the aged-out entries will not be included in the Linux Counter user count, and will not receive email notifications from the counter.

If you registered with the Linux Counter long ago, go over there and log in in order to make sure your entry stays counted."

Slashback tonight with another assortment of corrections, amplifications, looks backward (and even looks forward to looks backward). In this last case, it looks like you may even get fed.

You mean we have to reprint all the invitations? Reader Ian Cowley wrote with a slight correction about the end of an era:

"Your article on slashdot.org about the billionth second of the epoch is sort of (but not entirely) flawed.

Yes, UNIX systems will report 1000000000 seconds at 01:46:40 on 9th September. Which of course means the 1 billionth number will be 01:46:39.

But, these systems do not account for leap seconds. According to TAI (international atomic time), the 1 billionth second since the beginning of January 1st 1970 will occur at 01:46:17 on 9th September 2001, as 22 leap seconds have been inserted since 1970 (the first was 1972, the last 1999).

So celebrations of the 1000000000th second should be at 01:46:17, whilst 01:46:40 can be reserved for celebrating 1000000000 displayed on UNIX system clocks."

Errr ... thanks. We'll just have to start at "Unix Day, Observed."

What price the capture and humiliation of virus spreaders? JayHerrick writes: "We have posted a small bit of JSP that reports the number of times our server has been queried for a 'default.ida' page. It's stylish, it's cool, and it'll probably get Pepsi all mad at us because we ripped the Code Red logo off one of the bottles." Equally stylish, despite the name, is a small tool named codeRedNeck, described by reader mindriot thus: "As CodeRed probes port 80 of a machine, CodeRedNeck first answers on that port and then goes silent, thus forcing the worm to wait until the connection times out." He advises: "Read the original idea by Tom Liston. Heise also has more on this."

Even More Auspicious dates. No matter which date you choose to mark it, Linus' little kernel-that-could is about to mark its tenth birthday. ikluft writes:

"The "Linux10" Linux 10th anniversary picnic and BBQ will be held on Saturday, August 25 from 11AM to 6PM at Sunnyvale Baylands Park in Sunnyvale, California. Details and directions can be found at Linux10.org. If you can attend, please use the RSVP form so the organizers know how much food and soft drinks to provide (only provided if you RSVP.)

Linux10 is being organized as a family event -- bring the kids. In support of that goal, it is also a no-media event. Linux and Open Source enthusiasts who work for the media may attend and participate while off-duty.

Linux10 will gladly link to other Linux 10th anniversary events. Let us know the URLs for those events."

Reader big_drew adds: "The event is free (food, softdrinks, cds -- sorry, no free beer, but byo is ok)" and says "If you can't make it out to CA, you can still get the t-shirt (profits will be used to fund the picnic)."

Anyone want to organize a picnic in the vicinity of Knoxville, TN? :) I can bring some pasta salad and watermelon.

Ten candles all around here, too. Simon Spero writes: "As noted in http://www.w3.org/History.html, today, August 6th, is the 10th anniversary of the first public release of the CERN Web Software."

porkrind writes: "Linux International is launching a program designed to show all the different areas where Linux is used. It's the case study project. We figure this is a good place to start on our road to marketing Linux. What do you guys think about Linux vendors pooling resources via LI to launch marketing campaigns for Linux? In the end, whatever we come up with, we want to be used by all Linux communities: business, development, advocacy, et al."

porkrind writes: "Linux International is launching a program designed to show all the different areas where Linux is used. It's the case study project. We figure this is a good place to start on our road to marketing Linux. What do you guys think about Linux vendors pooling resources via LI to launch marketing campaigns for Linux? In the end, whatever we come up with, we want to be used by all Linux communities: business, development, advocacy, et al."

porkrind writes: "Linux International is launching a program designed to show all the different areas where Linux is used. It's the case study project. We figure this is a good place to start on our road to marketing Linux. What do you guys think about Linux vendors pooling resources via LI to launch marketing campaigns for Linux? In the end, whatever we come up with, we want to be used by all Linux communities: business, development, advocacy, et al."

Chris DiBona, a man of many titles (Linux Community Evangelist, VA Linux Systems; President, Silicon Valley Linux Users Group; Grant Chair, Linux International) passed to us this reminder that for all the (occasionally legitimate) claims of standards compliance out of Redmond, subtly breaking standards in the name of "improvement" can be far worse than more blatant attempts. Hint: supplanting ASCII is a bad idea. (More below.)

Chris writes: " So here's an interesting feature from our friends at MicroSoft. They've decided that Outlook 2000 users by default really don't want to communicate with the rest of the world, preferring to communicate only with other OL2000 users.

Now, while I don't have any problem with people extending the content of an e-mail with attachments, i.e. sending html-ized version and v.cards, it seems downright stupid to make the default behavior of ol2000 to send it's e-mail only in MS's proprietary TNEF format.

Now, It's clear that they've had some support calls on this, as proven by this KB Entry. So that means that they caught some flak for it. But they haven't changed it.

Fun Quotes from the KB entry:

• In addition to the receiving client, it is not uncommon for a mail server to strip out TNEF information from mail messages as it delivers them. If a server option to remove TNEF is turned on, clients will always receive a plain text version of the message. Microsoft Exchange Server is an example of a mail server application that has the option to remove TNEF from messages.

This means in essence that unless you are using a 'TNEF Aware' server -- like, say, hmm, MS Exchange -- you may not be able to read your mail. I may be reading a bit much into this paragraph, but it seems to me that this paragraph says 'if your friends can't get your email, it's their servers fault, not yours.'

And to take this the further, go join the EFF if you haven't already, step, suppose somone were to circumvent the protections on the TNEF format and write a program that could understand it, would you be liable under the DMCA section on anti-circumvention? Admittedly, I'd be surprised if MS took this route, but it's worth considering every single time you think about decoding proprietary formats. Does this mean strings is now a circumvention tool?

Anyhow, if there are any microsofties out there, do the right thing and cut down your support costs by making ascii the ol2000 default transmission behavior for text. And for anyone using Outlook 2000, you should switch to a program that your friends can actually recieve email from. Or at least shut off that option."

Jacob Javits Convention Center, New York - Despite the overwhelming Windows orientation of PC Expo (Apple didn't show up at all), there have been a few signs of Linux life. Today's 11:30 a.m. keynote speech was given jointly by Mark Bolzern of LinuxMall.com and John "Maddog" Hall of Linux International. This was not a well-attended keynote. About ten minutes after it started I counted 144 seated attendees. The previous presentation (which ran close to half an hour longer than scheduled), by scientist and inventor Ray Kurzweil, had at least twice as large an audience, and the room could easily have held close to 1000 people -- if that many had been willing to tear themselves away from the New! Exciting! Revolutionary! Windows and Palm-oriented product display on the main exhibit floor.

The important thing about the PC Expo Linux presentation, though, wasn't audience size, but that it wasn't the typical "preaching to the converted" situation we see at Linux and Open Source conferences. This was an audience that had to be told what Linux was, and what it could do, almost from scratch. The whispers I heard as I sat at the back of the room, taking notes, indicated that most of the people seated near me knew that Linux was an operating system for computers, but little more than that. They paid attention -- and many of them took notes.

Indeed, some of the people listening to Mark and Maddog took more notes than I did, because to them the idea of a Beowulf system was brand-new, as was Mark's claim that 99% of Fortune 2000 companies -- including Microsoft -- use Linux in one way or another. Most of the material in Mark and Maddog's presentations was pretty old hat to long-time Slashdot readers. But to the people in that room, almost all of them Windows users, it was all worth hearing.

The LinuxMall.com "Linux Summit" held Monday was even smaller than today's Linux keynote -- Mark estimated attendance as "about forty" --but both events had good crowds, in the sense that most of the people sitting there, finding out about Linux for the first time, had paid between $200 and $1300 to attend PC Expo, and felt that learning about Linux was a worthwhile use of their limited time at the show.

We've mentioned the Borland/Inprise Linux Developers Surveys before. Kinda like the The Linux Counter, it's a way for the needs of the community to be codified and show the corporate folks that we really do count - in numbers and in skills. So, check out the latest survey and we'll probably post the results in a few weeks.

Update: 02/15 01:46 by michael : Readers will notice that one of your fellow readers is abusing the system. Take my word for it that CmdrTaco is well aware of the situation and is preparing to Take Steps. It is frankly a shame that Slashdot's loose authentication system which is designed to allow people to participate without providing your name, SSN and mother's maiden name like so many other forums is also subject to abuse. Fixes are at hand in the very near future, so don't e-mail, don't call, don't post complaining that Slashdot is going to the dogs -- we're on it. Well, I'm not on it, but you know what I mean. :)

Jon "maddog" Hall is the head honcho at Linux International. Monday we asked him questions about the future of Linux, his beer preferences, and other burning issues. Today, as our premier interview guest in the last year of the 20th century, maddog answers with his usual wit and candor.

1) What NEW directions do you see Linux going in?
by coreman

There have been lots of articles on what is the future of the current Linux projects... What do you see as the NEW, non-current directions that Linux will embark on in the near future/next century?

maddog:

Holy cow!! Linux is already being used in ubiquitous computing, embedded computing, turnkey systems, desktop systems, server systems, and Beowulf Supercomputers...how many more directions do you think it should turn?

True, I have been vocal about not telling people to use linux as a "highly available" system, due to its current lack of things like a log-based file system, hot-swap hardware, better hardware error detection and other things that a highly available system would need for a 366 day a year uptime.

And true, many people have noted a lack of NUMA memory capabilities, allowing expansion of processors past the single ultra-high-speed memory bus limitations of cost vs performance.

And a lot of different countries would LOVE to have true internationalization and localization done, so just by changing a message catalog (or adding to it) an operating system or application could be localized for a particular culture.

And then there is the perennial lack of applications, device drivers, etc to make Linux a truly viable desktop.

All of these are bad news, but the good news is that each of them is being addressed at "Linux speed".

In the past, and as short a time as ten years ago, these were all seen as lacking in the commercial Unix operating system space. I heard these same issues as reasons to use systems such as MPE, MVS and VMS, and that Unix systems "could never" do these things. Now most of these needs can be met through these same commercial Unix systems. The Linux community can now take the best of these solutions and designs for this work and re-implement them to meet the needs of the Linux community.

Since visualization of solutions is the hardest thing, and architecting a solution is the second hardest thing, if we pick the best implementation and re-implement it, we should have solutions to these (and other) issues very quickly.

2) Linux vs. HURD
by Gurlia

Do you think GNU/HURD might one day take over Linux's place? It certainly has a more modern design, although it is currently still in the works. Do you think it's a plausible alternative to Linux when it is ready for general consumption?

Or does Linux have a drive in the Open Source community that HURD doesn't? Linux seems to have generated a lot of enthusiasm, fandom, (and zealotry?). Could it be this drive that made Linux so successful and the lack thereof make HURD take such a long time to get developed?

(Disclaimer: I am NOT trying to start a flamewar between Linux and HURD supporters.)

maddog:

I think that if the technical goodness of a kernel was the defining issue, then one of the *BSDs would certainly be where Linux is today.

It is hard to say why Linux caught on, and the *BSDs did not, but I definitely think it has to do with the community spirit that the Linux community has managed to garner.

I have known of the FSF for years. I fought to have free software delivered with Digital's Unix systems since 1984. I have tried to donate equipment to the FSF. Unfortunately for reasons dealing with Richard Stallman's ideals of Free Software, and Digital's inability to create a licensing agreement (in those days) that he could sign, I was limited in what I could do. After a while, it was JUST TOO HARD.

With the Linux community I have never run into an issue yet that was JUST TOO HARD. Most of the time the people agree with what has to be done, and that their goals and ideals are much the same as mine.

I will also say that I am REALLY GLAD that Richard Stallman is the way he is, and has the ideals he has, because he continues to show me the path that I SHOULD be going, even though I may only get halfway there. Without his lead, I would have no epitome to reach.

Now, will HURD take over from where Linux is when HURD is ready? Perhaps. If it really is a better-performing kernel than Linux. Remember that a "more modern design" does not guarantee better performance, or even easier maintenance.

I have not looked at the HURD's design, but I understand that it is based on a microkernel, and from this you may get the idea that it is a "more modern design". But OSF's code was based on a microkernel, and so was MkLinux and a variety of other systems that have come out. None of these have shown a performance improvement over what can be done with a well-structured monolithic kernel with loadable device drivers and loadable kernel modules.

Since my customers sort of sit around with stop watches measuring performance in SPEC-marks and SPEC-rates, TPC numbers, etc., it is hard to give up performance for other issues.

Still, if the HURD comes out, and if it is system-call compatible with Linux, there would be a good case for substituting the HURD kernel for the Linux kernel. I make the one stipulation because I think that ISVs are TIRED of porting applications from one system to another, and really want to see ONE binary interface from the Linux/HURD community for each hardware architecture. This is why I think that one of the most important aspects of the Linux community is the Linux Standard Base (LSB) project.

3) Chasing the taillights?
by Wiktor Kochanowski

Linux, and in general the Open Source development model, has been accused in the past of "chasing the taillights" -- of always catching up to features that other commercial programs have, because they are results of vision rather than of a creeping evolution.

Myself, I think there may be something in this view, when I look e.g. at the emerging UI input methods like voice recognition and pen input/handwriting recognition on the client side, and various goodies on the server side.

Do you agree with this? If so, is Linux condemned to always be a few steps behind of the current state of the art of OS design, at least as far as features go?

If not, what examples of vision and features unique to Linux would you provide as examples?

maddog:

You are talking to someone who has been in the computer field for thirty years, so for the most part all I have seen is "chasing the tailights". Sure there have been some innovations in networking, but most of the operating systems have taken a lot of their "innovation" from systems such as the Whirlwind, SAIL, Xerox STAR and "re-implimented" them.

[I am sure I pissed off a lot of people with that last statement, but I purposely made it that way to get people to really take a look at what these older systems have done, and to marvel at what they did so long ago.]

I think that a lot of the features of an "operating system" you are talking about (i.e. input/handwriting, voice recognition, etc.) are things that were developed as layered product projects, and "integrated" into a certain operating system by a certain company we all know as part of "THAT COMPANY's innovations" (DON'T GET ME STARTED ON THAT TOPIC).

As the Linux worldwide market grows, I think you will find that more and more of this innovation will happen on Linux, due to both the Open Source concept and the worldwide virtual groups of minds who will work on it. The difference will be that the Open Source model will show where the innovation actually came from, and not where it was bought from.

4) certification
by Zurk

Regarding the recent community linux certification efforts etc, can we expect to see LI take a part in this? Are we going to get free community certification for Linux? Especially since all PHB's now seem to want certification...

maddog:

Ahem.

It was members of LI that started the LSB effort, and a lot of our members are very active in the pursuit of this standard.

LI members encouraged both Sair and the LPI in their standards efforts, feeling that (particularly in the early stages) two or more open certification efforts would be useful, since the community would decide (in the end) which of the certification efforts was best. The voting on this would be by how many people signed up for that certification, and which certification was judged best by the hiring managers of the certified people.

In the case of hardware certification, LI has been encouraging an emerging distribution and hardware manufacturer neutral certification group which has the goal of determining what the steps should be for certification rather than any set rules of certification itself.

I do not believe that there will be a "Free Certification" simply because there is a lot of boring, mundane work in marking answer forms, administering certificates, etc, but it can be made as inexpensive as possible by making it open, with openly published standards that have to be met.

5) Linux feature growth
by ajs

As I mentioned in a recent article thread, the Linux kernel is braving new waters in several areas which UNIX has traditionally shunned in the kernel (graphics support, http server, game support for network management, etc). These features raise the eyebrows of many people, but is this the way you see operating system design moving in the future? Are we so bound by the dreaded user-mode context switch that we have to plow every service as deep into the kernel as it will go?

Mind you, I'm all for the khttpd idea as a single example, but it seems like the beginning of a trend that will end up making the original Linux kernel look like a wristwatch driver, and leave a lot of low-end users in a bind....

maddog:

I still remember the time we placed the X window server inside the Ultrix kernel. This created a few problems, not the least of which meant that a mistake in code that (with a user-space based kernel) would normally only cause the X-server to crash, the person to be forced off the system, and the login-prompt to re-appear, NOW would cause the whole system to crash due to some type of "kernel panic". We also noted that the X-server (which managed its own memory) would grow without bound, using all of the available kernel memory in a few hours under specific graphics loads. In a user-based X-server, this was (at least) tolerable, but in a kernel-based X-server, it caused the whole system to hang.

All of this was to save a few microseconds of system context switch time and to give better "feel" to the X-server. Then an engineer got almost exactly the same "feel" with the user based X-server by raising the scheduling priority on both the X-server and the window manager.

And I might point out that since that time kernel-based scheduling of lightweight threads has made this type of issue even less of an argument.

My personal belief is that there are certain things that an operating system kernel should do, which is schedule resources among hardware and processes, including memory and CPU time. All other things should be put out in user space. But the last time I wrote kernel code was twenty-five years ago for a PDP-8....

[and speaking of time....as I typed this last part of the answer, the clock on my Linux system turned to:

[maddog@localhost maddog]$ date
Sat Jan 1 00:00:01 EST 2000

...so you can see that Linux is Y2K compliant]

6) How can you afford development?
by joshkerr

I don't understand how Linux can complete in the upper end server market, especially against competitors like Microsoft and Sun.

Microsoft is about to release Windows 2000 datacenter which will allow up to 64gig of ram and 32 processors. How can any one company afford that kind of equipment for the development of Linux?

Do you have any plans to recruit companies like Compaq and Dell so that they are major players in the development efforts of Linux? It seems to me that it would be benificial to have companies like this helping to direct the future development of Linux in terms of large scale applications. I realize that these companies are developing drivers and the such, but that isn't really what I'm talking about..

Apache running on Linux on a machine with 32 processors and 64gig of ram, able to out perform anything MS can throw at it. That is what I'm talking about...

maddog:

First of all, let me point out that Sun has two major divisions, SunSoft and Sun Microsystems. While SunSoft MAY see Linux as a competitor, Sun Microsystems sees it as another operating system to help it sell SPARCS and Intel PCs, which Sun makes. Even SunSoft can look at Linux as helping to maintain the Unix marketplace, and perhaps re-creating the Unix desktop. This will, in the long run, benefit SunSoft.

As to the other large vendors such as SGI, IBM, HP and Compaq, each of these companies have engineers working on internal projects to help Linux xpan the larger types of hardware platforms. Unfortunately, as you get into these very large systems, there are several basic differences that can occur just in the support of NUMA memory alone. Different internal bus structures and architectures might make it very hard for one kernel to be delivered across all these platforms.

At the last Comdex show, in his keynote speech, Linus acknowledged the fact that these larger systems might have a radically different kernel (or kernels) developed for them, but that the kernel programming interfaces would probably remain the same.

Ergo, when you bought your distribution of Linux on a CD-ROM, for certain machines you may have to get your 'boot diskettes" from the people who ship you the machine. Or perhaps certain of the kernel functions might be included in the boot ROMS that come with the machine, and linked into the Linux kernel as it boots.

I know a lot of you think of Compaq as a "Microsoft Shop", but they also sell about 1 Billion USD of Unixware every year, and support 11 different operating systems on their Intel platforms. As long as Linux helps them sell a significant number of hardware platforms, they will make the investment in supporting Linux on them.

7) How about the software no one wants to write?
by moonboy

How about the software no one wants to write? By this, I mean the software that most programmers would consider "boring", yet is truly essential to the further growth of Linux as a desktop and server OS. It's great that we have so many window managers, office suites, browsers, etc. both existing and coming down the pike, but what about the other stuff that's just not as exciting? The stuff you really have to pay people to write? Maybe third party vendors with paid employees are the answer, but will all of those companies want to make their software truly Open Source?

madog:

There are several projects underway which are looking at the funding of "boring" Open Source tasks. Some of them are quite interesting in their approach. One might be to fund scholarships for college students based on how much documentation they write, or have written. Or perhaps making it a co-op assignment. On the other hand, perhaps we have to be more prudent in how we make these "boring" tasks attractive. We all like to listen to the person who wrote the code, but what about listening to the person who wrote the documentation? Perhaps more people would write good documentation, if they were the ones invited to the many conferences and trade events occurring around the world, freeing up the developers to spend more time at home writing code (or even at workshops writing code).

8) Beer?
by Mike Hall

I have had the chance to meet you at several LinuxWorldExpo's and USENIX etc.. At each of these events, you were always present at the parties with a large glass of beer.

My question: What is your favorite beer? and why?

maddog:

I am not a great fan of the darker beers such as porter or stout, although this is not a hard and fast rule. For instance, I do like Guiness draught, and particularly when it comes from Temple Bar in Dublin.

As to the lighter beers and ales, I admit to being a beer snob, and I like few of the "national brands". Anchor Steam was my first "micro-brew", and still retains its unique flavor. Pete's Wicked Ale was a long-time favorite, but I feel my tastes have drifted away from it (or vice versa).

There are a lot of micro-brews that I like, and a lot that I really hate. Do not put any fruit in it, or strange spices, or "non-beer" things (such as hot mexican peppers). And PLEASE don't hand me a beer that you feel has to be improved by sticking a lemon or lime into it. Save it for watering the plants.

9) How you get the nick name?
by Kamelion

What ever happened to get the nick name "maddog"? Must have a pretty interesting story behind that, eh?

maddog:

(SIGH) I have told this story so many times.....but perhaps this will curtail telling it a few thousand times more....

Once upon a time I taught in a small two-year technical college. The Dean of Instruction was a fine gentleman, but we did not see eye-to-eye in teaching students, Often we would have arguments, and often the arguments would get heated. During these arguments, often the entire school would hear both the Dean and my opinions on many topics. And sometimes these arguments would get REALLY heated (like the time the Dean hired and fired me four times on the same day). It was during these times that the arguments were too hot for maddogs and Englishmen. The Dean was British....

Finally, my own question and answer:

Q: Why do you like Linux so much? Why do you spend time evangelizing it?

The computer industry has been very good to me over the past thirty years. I have seen computers go from room-sized monsters to things that would fit on your wrist, or at least in a small pouch on your side. Yet I feel that there are still a lot of answers that have to be found and even tougher problems that have to be solved by users.

I am fond of talking about the applications that I have seen running on Linux as I have traveled around the world. People working on understanding how the Universe works in places like Fermilab or Brookhaven National Labs, people working to find new paints, new sources of energy, and other research projects using Beowulf systems. I am interested in seeing people reduce the cost of embedded systems projects by using a well-written operating system that is scalable and free.

And finally I really enjoy seeing people working in the Health-care space, trying to disseminate information that can help cure diseases such as AIDS or cancer.

As I saw Linux spreading over the planet, and being used in places like Sao Paulo, Brazil, or Korea, or China, I knew that the planet earth had to take every chance to find the next great mind in computer science, and that it was less likely to find this mind in a closed-source environment that had all of computer development funneled through Redmond, Washington. We had to have a mechanism for finding the next "Albert Einstein" of computer science, and I see Linux as a magnifying glass, waiting to help us locate that person.

And so to you, Mr, (or Ms.) Einstein, wherever you are... become involved with Open Source projects, and give the world a hand. It desperately needs you.

md - at the beginning of the new century

Monday: Steve Wozniak. Tuesday: two special "surprise" interview guests.

This week's "main" interview guest is L0pht Heavy Industries as a group. (We hope to have answers from Linux International head Jon "maddog" Hall tomorrow). Many insightful questions for the L0pht guys were posted Monday. Today, lots of insightful answers on everything from political controls on the Internet to hardware hacking. (Click below to read.)

1) Which do you consider more dangerous
by Gleef
Which do you consider more dangerous to personal liberties on the Internet, national governments or multinational corporations, and why?

L0pht
While both Governments and multinational corporations are detrimental to personal liberties on the Internet, one must not overlook the greatest danger of them all. The uninformed citizen. In democracies, this is problematic, where governmental policy typically follows public opinion. In the case of the Internet, one will find that most citizens of the world are willing to give up personal liberties in exchange for perceived safety and piece-of-mind. For the safety of the children, is cited commonly.

Many people believe that anonymous access to the Internet is criminal behavior. Government would like you to think privacy is an "anti-social" behavior. You should have nothing to hide, should you? You wouldn't be reading up on the consecration of explosives, looking up security holes in various operating systems, or possibly downloading the latest crypto software, would you? Only terrorists do that.

Governments are lobbied by uninformed citizens, or citizens which are easily manipulated and swayed by various groups across the gambit of our modern civilization. Multinational corporations have their hand in the fray by funding these groups or by participation in Associations which provide counsel to government officials on technical matters. Often recommending legislation which will better the profit taking over the sanctity of "personal liberties."

Multinational corporations are problematic in that they operate in a proprietary world. Often outside parties will scrutinize the technological fabric of a communciations service being provided. Should a flaw be found, and published, the corporation claims that the flaw itself is detrimental to the service being provided and litigation is dispatched on the party disclosing the flaw. This has been the case in the Cellular communications venue. Cloning a cellular telephone was a real thorn in the side of the Cellular Industry. They took their gripes to the US Government. The CTIA and their ilk successfully swayed Washington to pass legislation to combat the cellular fraud. Result: A portion of the radio spectrum was made _forbidden_ to reception. Possession of an eprom programmer, a computer, and a cellular telephone became a crime. Meanwhile, the cellular network REMAINS open to eavsdropping. Money is power, and with power comes influence. However, in the end it was the Government, sucking up to industry, which passed the law.

Law Enforcement and Intelligence gathering communities dwell within the governmental domain. Both are lobbying lawmakers to pass laws to give them greater powers to combat crime in this high tech world. Surveillance is paramount. They will convince the lawmakers that without the keys to all communications, a bomb may be set outside Parliment or Congress or .

The government pursuades the people, the people pursuade the government. Who planted the seed first? Those who understand the technology are too busy working on the next cool widget. Meanwhile the technological world rushes toward a global dictatorship and the populace embraces it under the guise of security.

2) The net: strip mall or unlimted human potential?
by garagekubrick
The halcyon days of the net are gone. With ubiquity - the underground vanishes. Is it well on its way, with people like the CEO of Amazon being worshipped by the mainstream press, to becoming an enormous cyber strip mall, marketing tool, PR exercise in control of perception...

Or is there still an underground? Does it still have a potential to be the one true medium with liberation? Will governments and coroporations end up controlling it? Cause they are winning small, important victories relentlessly...

L0pht
The Internet has changed dramatically over the last year or two and with it the underground has also changed. Back in the good ole days (1995+6) every web site was underground, hell the entire internet was underground.

As the web increasingly encroaches onto the mainstream and large portal and corporate sites take over feeding you only the information they want you to see, the underground will evolve and change and morph to suit its surroundings.

There is definitely still an underground. In some aspects it is a lot larger than it used to be and in others it seems to be much much smaller. I think labeling the underground as 'the one true medium with liberation' is laying it on a little thick. The internet underground has been nothing but the exploration for knowledge, if you are looking to it to save mankind from itself your looking in the wrong place.

Governments are increasingly encroaching on personal liberties and freedoms of the average citizen, this is unfortunate. How much longer before the population as a hole realizes what is going on and says enough? Maybe they will never wake up. Will the governments eventually control the internet? Possibly. It is hard to tell but there will always be those who will resist that control and the underground will continue in one form or another.

While the web, as you put it, may become 'an enormous cyber strip mall' I can't help but think of the trash dumpsters behind that mall and what secrets they may hold.

3) Internet Worm II
by tilly
Several months ago I began predicting that someday someone would find a buffer overflow in the various Windows TCP-IP stacks and use it to write a worm that would bring down the Microsoft part of the Internet and cause so much traffic as to effectively shut down everything else. I further predict that until an event of this magnitude happens, the general public will not really learn the basic lessons about security that the *nix world was forced to learn from the first worm.

What are your thoughts on this prediction? (Timeline, reasonableness, etc.)

L0pht:
I believe your prediction is right on track. However, I don't feel that an Internet Worm II is necessary to teach Microsoft, its customers, or its vendors, about security. There are three ways to implement a security model, the slow way, the fast way, and the right way. The slow way involves making a bunch of little mistakes and fixing them over time as you find them, correcting your policies and implementations. The fast way involves having a major disaster occur, after which the faulty parts of the system are completely torn apart and reimplemented. In practice, the slow way often leads to the fast way.

Which brings us to the right way: To design software with a security policy in mind, and with extra caution, care, and expenditure during the implementation. OpenBSD's model of proactive security measures is a classic example of 'the job done right'. Retroactively applied security measures are a recipe for disaster.

Rant off.

As for when Microsoft is going to learn about these things, they'll first have to learn that 'bigger isn't necessarily better'. They need to stop believing their own FUD before they can actually make change over there. When I read things like the article at http://www.microsoft.com/ntserver/nts/news/msnw/LinuxMyths.asp, particularly the parts about Linux being less 'secure' than Windows NT, I'm appalled at the ridiculous 'facts' that are being used to back up their claims. For example, they claim that:

"Linux only provides access controls for files and directories. In contrast, every object in Windows NT, from files to operating system data structures, has an access control list and its use can be regulated as appropriate."

While this statement is true, they neglect to mention the fact that under a unix operating system, most things that correspond to Windows NT kernel objects, file, data structures, etc, are represented as files. Hence, the coverage of the security model for Linux is just as extensive, even more so, than Windows NT. This is a particularly bad statement, simply because it's not only incorrect, but the converse is true. Linux is more flexible in terms of permission management. Try setting the access controls on who can bind to a particular port under Windows NT, with the ease of chmod and portfs under Linux, and you'll fail miserably. And the list goes on.

(And as for 'access control lists', we've noticed that Windows can't seem to get the right default ACLs anyway, and that the complexity of managing them has outweighted the value of their 'flexibility'.)

As for your comments on the Windows NT TCP/IP stack being vulnerable to attack (possibly, who knows :P) and the possibility of a worm destroying Windows systems, the possibility is very real. And again, this possiblity is not unique to Windows. They're just a likely target at this point in time.

It would take a feat of dedication and great skill, but the possibility is there. My advice to anyone who's worried about this, is this: If you're going to use Windows NT, you should probably keep that firewall in place between those Windows service ports and the rest of the world. Microsoft loves to add services and open ports to your computer when you're not looking. And it's probably not going to be the IP stack, it'll probably be some goofy listening service, like anonymous share enumeration or something. Or maybe remote access to NetDDE. Or some authentication protocol that doesn't like large Netbios fields. Or possibly even some undocumented functionality in the named pipe filesystem used for RPC. Who knows. Personally, I'm not going to wait around to find out.

4)The Public's Perception of Hacking
by dmuth
First, I should probally preface this geek for several years, and love playing with technology, so I feel I am able to relate to the hacking community.

Anyway, my question is, how do you deal with the way the public (including the media) percieves "hackers"? I've seen some clueless people use the term to describe *anyone* who does anything with a computer that they find > objectionable. I've even heard the term applied to spammers!

Needless to say, the misue of the term makes my blood boil, because I feel a certain respect towards the real hackers, such as yourselves, because you guys do know what you're doing, unlike all of the script kiddies out that that either have the term applied by clueless reporters, or they use it on themselves.

So, I'd be interested in knowing how you cope with this sort of problem, as I've noticed this sort of perception of the hacking communtiy for some time.

L0pht:
The first thing you need to do is refer to yourself as a hacker and be prepared to educate the person you are talking to what you mean by that. It doesn't matter if you are talking to someone from the media, or the government, or the business world. People need to know the real meaning of hacking, its history, and what a positive thing it is.

A lot of the time we talk to the media just because we are afraid that if we don't there will be no one they talk to who will describe hacking in a positive light. No one to describe it as other than defacing web pages or breaking into .mil sites. This was one of the reasons we wanted to talk to MTV. We were afraid their story would be all about criminal hackers. If you saw the MTV show you saw that sometimes resistance against the media memes is futile. The show was 95% about illegal activity.

Yet the world of hackers is 95% non-criminal. Probably a better percentage of people behaving positively than most segments of society. It is a world of people exploring the edges of technology and building things. The crazy thing is the government is making more and more of that exploration illegal.

Reverse engineering security mechanisms is being considered a crime. Receiving digital radio signals is a crime. We can't let them wall off part of the world we inhabit from investigation.

Hackers have a positive role to play both as builders and critics of the digital world. Unless we speak up and refer to ourselves in that light we have only ourselves to blame. Everyone who can should educate. Its not easy changing perceptions. But sometimes a passionate personal explanation of what hacking means to you can make someone change their mind.

5)security of capability-based operating systems
by sethg
What do you think of capability-based systems, such as EROS? The folks who are working on these systems say they are fundamentally more secure (against both malicious code and heisenbugs) than Unix derivatives, Windows NT, and other ACL-based operating systems. Do you agree with this assessment? Do these systems have security weaknesses that Unix-like systems don't have?

L0pht:
It's nice to see work such as EROS comming out of DARPA funded projects. Capability-based systems are quite interesting. However, one must be quite careful when making statements such as the one that these systems are more fundamentally secure that others. One has to keep in mind that Windows NT made a similar claim. Was NT fundamentally more secure that Unix as was presented to the general public? Well, it did have a security model that Unix lacked and it's internals were much more akin to VMS which had various strengths that Unix lacked. Yet we all saw that the implementation is where it matters.

In reality the implementation is key. Things can look great on paper and be a real bear to implement (look at communism for example). Another key component that is often overlooked is the functionality. This is a double edged sword. If the system is not universal and generic enough in nature to exist in a plethora of environments then it is difficult, if not impossible, to gain wide scale acceptance and use. Of course, this notion is directly opposed to creating a secure operating system. If it has to work in a multitude of environments then it needs to be relatively open and flexible or else the skill set and support for integrating it into one specific environment is beyond most peoples abilities (ie it won't get used). Sun Microsystems ran in to this problem with older versions of SunOS (now retroactivly named Solaris 1.x) when they used to consistently ship with a '+' in /etc/hosts.equiv. After several years they received enough requests to take it out of the distribution for security reasons. Unfortunately, taking it out caused so many installations to not be "plug-n-play" that they promptly put it back in.

When I look at an operating system such as EROS the following pops out at me when thinking security (this should not be viewed as condemnation by any means).

. RTOS modeled.
Real Time Operating Systems can be very useful for directed applications but suffer in general use often times. In addition, certain security notions at extremely low levels of a system (ie hash signing memory blocks that are passed between processors or ASICS) incur overhead that is quite unwelcomed in most of the "general public's" acceptance in RTOS.

. Emulated POSIX and Unix environments
I love Unix. However, it's difficult for someone to maintain the claim that they are more secure than another operating system and then emulate it's behaviour. A good emulation is going to have the good and bad aspects on the security front or many things won't work.

. implementation from the ground up can be painful
Often times it is required. But heaven help the "vendor" that decides that in order to be their own maker they will do it from scratch without looking at the mistakes that others have made. We see it all too often that people decide to reinvent the wheel and foist square versions on people the first time around.

With all of that being said I believe that in the future, should people start to wake up and really appreciate the notion of security and privacy in a way that really influences the market... we will see more dedicated systems and fewer general purpose ones. In order to go that route projects such as EROS are invaluable.

6)Security Through...Unpredictability?
by Effugas
Would you agree that security and stability are but different sides of the same coin? In other words, a security exploit is truly nothing more than an expertly controlled failure?

If so, how much stock can we put into the "metadesign" of limiting the damage an exploit can create by attacking the ability of a failure to be controlled? Should operating systems incorporate such "unpredictability engines" when being run in a production, non-debugging manner? Or is such a design not worth pursuing, for various reasons?

L0pht:
You must be a kindred spirit :) We have been preaching the approach that most stability problems are security problems that have not been looked into enough for quite some time. By fixing security problems you enhance the stability.

Now, with that said, it is important to shoot for the pinultimate solution to problems and this ends up being a wonderful academic excercise (out of which great things come). Do we shun any notions that merely raise the bar instead of being the silver-bullet? No. Each elevation in design is a step in the right direction. It is apparent that we have many steps in front of us but this does not mean we should stop progressing until a magic cure is found.

Unpredictability in systems, such as loaders or interpreters that recurse random times to throw off "static" frame location and other mechanisms (ie canary values) etc. are some of the finer points that I see coming out of the security approach to implementations. Are they ready for production systems? It all depends upon what your production system must be capable of. In many cases the answer is yes. In some cases the answer is no.

7) Future of Hardware Hacking?
by Tackhead
Two questions (Well, three, really, but I'm a hardware geek, and I love trying to squeeze three things in the space of two):

A) Wireless.
Lots of folks have been asking today about the wireless network project. "Me too"; the page has been up for years, it's a fascinating and extremely powerful idea, but for those of us who aren't RF engineers...

> When do we get to see some hardware projects to build, or is it the case that -- due to regulatory restrictions on what can and cannot be transmitted on US airwaves -- work is being done independently on the notion of a secure wireless IP-based network but isn't being released so that those of us who aren't RF engineers can't gum up the works by screwing things up before it's ready? :-)

L0pht:
The Gnet project has been in progress for many years now. Mainly the problem had been lack of funds, but now time allocation and lack of dedicated participants hold back expansion.

There is a lot of interest, but no one seems to be willing to put up the nodes. There are 2 sites currently on the network. One at l0pht and one at a residence. This has been the state of the network for the past 2 years. Unfortunately no one with enough initiative in either state has been found to setup other nodes. There has been interest in other states but the long haul capability has yet to be worked out. Encrypted tunneling over the Internet may help span the network over long distances. Once the fabric of the network expands, landlines could be replaced with wireless links/nodes.

High-density, low-power networks sound great in theory, but until the interest level rises above its present state, the cellular structure will remain the dominant topology.

To get the network off the ground, we have been trying to go the Amateur radio route. Going this route does have its drawbacks. Encryption is forbidden, however compression is not. I have been running ssh in compression-only mode for years. The initial ssh authentication is allowed under FCC guidelines, as long as the communications is not encrypted, you are within the rules.

The move off the Amateur frequencies will be made once the cost of National Information Infrastructue (NII) part-15 devices drop under $500 dollars for a pair of nodes. These devices fall operate in the 5Ghz frequency range. The breakdown is as follows:

• 200 milliwatts EIRP (5.15-5.25 GHz) - indoor
• 1 watt EIRP (5.25-5.35 GHz) - inter-campus/neighborhood
• 4 watts EIRP (5.725-5.825 GHz) - Point-to-point, few miles, terrain permitting.

Other devices which are useable in the project are ISM band Part-15 devices which operate in the 900Mhz and 2.3Ghz frequency range, and dwell in the Wireless lan arena. Wavelan(Roamabout) http://www.wavelan.com, and rooftop networks (just purchased by Nokia) among others, players in the 900Mhz and 2.3Ghz arena. Older wavelan equipment can be found by searching auction sites and used equipment dealers. Early wavelan 2Mbps/sec ISA/PCMCIA cards can be found for ~$125.00 US Dollars. The problem with these cards is they don't conform to the IEEE 802.11 Wireless Ethernet specification. This is one inherent problem with building the network out of old equipment. It becomes costly to replace eqiupment once the entropy ball starts rolling.

The path to build custom equipment is equally as challenging. For example, the TAPR (Tucson Amateur Packet Radio) group has been in the forefront of Amateur packet radio for the past 15 years. While they have an established base of dedicated users, they continue to have problems developing new hardware. They have been prototyping a Frequency Hopping Spread Spectrum (FHSS) system for 3 years now, with still a protoype just passing a design review. Hopefully this project will come to fruition soon!

Some very talented folks over in Slovenia have developed some BPSK transceivers and a no IF SSB transceiver which will work on 1296, 2304 and 5760MHz. None are in kit form but the schematics, theory, construction notes, and equipment checkout is available in english. (schematics are not in english.). These radios are not for beginners or even intermediate kit builders. It would be nice if someone could kit these units. I started to convert the 23cm BPSK design to utilize a chipset family put out by RF Microdevices, but then my time got sucked into other projects. I may find the time to persue this once again, but I would like to get some semblence of a network greater than 2 nodes up and running first. *sigh*

B) The future of hardware hacking.
With the trend towards more and more functionality becoming embedded into ASICs and single-chip solutions, the golden age of "just desolder this", or "reverse-engineer the schematics and jumper that", or "replace [PROM| EPROM| EEPROM| PIC| FPGA] with one with the following special programming, and here's the [CPU| microcontroller]'s instruction set and a memory map of the embedded system" appears to be drawing to a close. Anyone can desolder a 24-pin DIP EPROM and hack it, but trying to desolder a 100-pin PQFP is a real bear without $500+ worth of specialized equipment, and knowing what to do with the chip after you've desoldered it is well-nigh impossible.

Do you see a time when "hardware hacking" (as we've traditionally known it) will have to fall by the wayside? If so - what, if anything, do you see as taking its place? (Perhaps users taking advantage of the vastly more-powerful gear out there today and building their own hackable hardware, eliminating the need to hack other people's hardware?)

I suppose that's tangentially related to the wireless.net question - for mass distribution of the tools needed to build such a network, for instance, it seems to me that re-purposing cheap, widely-available stuff that others have junked is a better path than having to build things from scratch. But if the cheap, widely-available stuff of the future isn't gonna be re-usable... where does one go from there?

L0pht:
It is true that the Electronics industry is moving toward much denser Multi-chip module like IC's. System-on-a-chip (SOC) is beginning to make inroads in communications equipment. Celluar/GSM/PCS phones are beginning to sport such technology. SOC will also revolutionize the security coprocessor industry.

What we see here is the bar being raised in the HW hacking arena. Remember cost still drives much of the industry and you will continue to see many devices still using microcontrollers. There are many, many internet appliances using standard Embedded Processors and peripheral IC's. The hackers are just going to have to bone up on thier FPGA hacking skillz. Monitoring the inputs of an FPGA and then the outputs, and hacking together an FPGA to drop inbetween isn't unheard of.

Hardware hacking today does require a bit more than the standard weller solding iron, a 50Mhz scope, and a multimeter. With processor speeds moving up into the 800Mhz range, you fall flat on your face with those stoneage tools. The trend in general is hardware which is becoming more and more abstracted and described by high-level programming languages such as verilog and VHDL. One must stay abreast of the latest tools in his trade. There are also relatively inexpensive "soft" tools, in that a spectrum analyzer, logic analyzer or a scope utilizes the modern PC as the guts of the device and an inexpensive physical interface module is purchased along with software for the host. The interface is typically a data acquisition pod for converting the sampled analog data into the host PC for processing and the presentation.

The security of FPGA's is definately going to become more of a target in the future. I can't think of anyone that doesn't set the security bit of FPGA before programming a device. Ummm.. Hmmm.. maybe I shouldn't say that. ;^) It does happen. There are also some not so well known ways around "securty bits" on FPGA's. Also, most FPGA's will allow you to reprogram them in circuit whether or not the security bit is blown. You just better be sure you can reproduce what you monitored before squirting in your own code.

Remember there are many more ways to fry an egg, such as voltage margining, or operating a circuit over/under current and temperature specifications. Hitting HW with various RF emissions (above and beyond what stantard emissions/immunities tests test for.) can also produce interesting results and insights.

And as you alluded to in your question, hackers will build their own hardware which will interface to the service/system under attack, which will allow for variable, marginable, modules to provide the flexibilty which the stock standard HW didn't provide. Study communications test equipment. Many secrets lie inside.

A lot of today's "hardware hacking" isn't strictly limited to hardware, due to the fact that most products are embedded systems - meaning there is a union of hardware and software. Those who are strictly "hardware guys" will fall by the wayside and those who are strictly "software guys" will also fall. You will need to have a decent knowledge of both the software and the hardware environment you are programming for. I have seen companies struggle because they hire CS folks to write firmware for a product. These particular folks could not grasp that they were writing for a platform other than a PC or desktop. They didn't understand how interrupts worked, how to write to a port, how to write low-level drivers to control external memory or other devices on an SPI, I2C or other inter-chip protocol. What ended up happening is the company called in the hardware engineer (me) to write all the low-level functionality. In order to properly design a product (and reverse engineer the product), you need to be able to grasp all facets...

The industry today is really in a sad state and I am fearful of the quality of the products that are due to come out on the market - the hardware and circuitry is sound and well-structured, but the software will have major fault and, because of this, many possibilities for vulnerabilities.

C) The future of l0pht.
(At least publicly), there's been a lot more activity on the software side of l0pht than on the hardware side.

To the extent that you can discuss it openly, do you see l0pht's main activities over the next 3-5 years as continuing to revolve around the "expose weaknesses in software" side or the "work on next-generation hardware projects" side?

L0pht:
Both. Hardware projects, since the beginning of time, are more costly, require more tools than software, and mroe often than not, more time consuming. Due to this, the amount of publicly-known activity appears to be less. As mentioned before, there will be more and more projects that require the knowledge of both hardware and software sides, where L0pht fits the bill perfectly. There are so many products and technologies to look at, there is no way we can limit ourselves by saying what activities we will and will not do. If something comes out, be it hardware or software, that we want to attack, we will.

8)What engines/sites do you use to scour the 'Net?
by Bacteriophage
Seriously, I would like to know. When you sometimes don't have all the answers (I assume that would be more than never), where do you guys go on the 'Net to find what you need concerning computer security, **/*acking, or even just news? Do you ever come to /.? This answer shouldn't take very long, and it'd be nice to get the seperate preferences of each crew member, as well as the general preferences of the group.

L0pht:

Generic search:

Altavista or NorthernLight for a spider based search Yahoo for a topic search.

Ask Jeeves when I don't really know what it is I am looking for.

security/hacking: altavista - word sequences work well. A recent example would be a search for the PCI specification by looking for "pci spec".

yahoo - when altavista doesn't help

Hacker search:

• The Hacker News Network Search Engine Page - Lots of undergound spiders http://www.hackernews.com/search.html
• attrition stats - http://www.attrition.org/mirror/attrition/stats.html
• eEye stats - http://www.eeye.com/html/Databases/Statistics/os.html
• NMRC - Good Novell NT and Unix info. www.nmrc.org
• counterpane - for books (through amazon) and lots of free information on crypto too.
• www.jya.com/crypto.htm - for the good cypherpunk info

------

Next week: Steve Wozniak (and a special pair of *surprise* guests Tuesday).

As head of Linux International, Jon Hall is one of the highest-profile people in the Linux community. He's also one of the nicest. He's wanted to do this interview for a long time, and we've wanted to have him as a guest for just as long. Finally we got the schedules to match. Yay! Suggested interview theme: "The next 100 years of Linux," but what you actually ask is up to you. One note to clear up a name misunderstanding that has been causing problems for Jon "maddog" Hall lately: Please do not confuse him with VA Linux Vice Presedent (and recent "on paper" mega-millionaire) John T. Hall. (Note the spelling difference!) They are not, repeat not, the same person! Anyway, usual interview rules - with one difference: we're going to post Jon's answers Saturday instead of Friday. Who could be better (and what topic could be better) to kick off the New Year?

meni writes "The Linux Counter Project now has over 120,000 Linux users listed worldwide. And with their brand new AlphaServer machine, they're ready to get slashdotted. If you haven't registered yet, please go over there and do." Okay, I just tested it out. W-a-y faster than it was in the past. I'm registered, and you should be, too.

Chris Farris writes "The Atlanta Linux Enthusiasts, in cooperation with USENIX and Linux International, is pleased to announce the 3rd Annual Atlanta Linux Showcase. The Atlanta Linux Showcase will be held at the Cobb Galleria Centre in Atlanta on October 12-16 1999. Interested exhibitors should contact exhibits@linuxshowcase.org More details will be coming via our website soon. " If its anything like last years-- hell who am I kidding? I ate half a tin of Penguin Mints. I don't remember anything except the head ache and dave and nate drinking 151.

Yesterday we totally nuked the Linux Counter by linking it on these pages. Steve sent us a link to a detailed page on the Slashdot Experience contains logs and the like, documenting the server going crunch. I'm reposting it because yesterday the server spent several hours down and I'd like more people to have a chance to register their Linux box. Drop on in, fill out the form and let the world know that you run Linux. When you can't track sales to determine an OSs market share, things get tricky. Update: 02/25 11:47 by CT : That didn't take long. Guess you guys have more work to do over there (sigh).

Yesterday we totally nuked the Linux Counter by linking it on these pages. Steve sent us a link to a detailed page on the Slashdot Experience contains logs and the like, documenting the server going crunch. I'm reposting it because yesterday the server spent several hours down and I'd like more people to have a chance to register their Linux box. Drop on in, fill out the form and let the world know that you run Linux. When you can't track sales to determine an OSs market share, things get tricky. Update: 02/25 11:47 by CT : That didn't take long. Guess you guys have more work to do over there (sigh).

We mention this occasionally, and its listed anywhere this sort of thing would be mentioned, but I figure now is as good a time as any to rerun a link to the Linux Counter. As you might have guessed, this site aims to count the total number of Linux installations on the planet. Go fill out the forms. It'll take a minute, but those numbers are essential to convincing the PHBs. Thanks to Mattias Sörlin for sending in the URL. (and yes I know, there are a dozen similiar efforts)

We mention this occasionally, and its listed anywhere this sort of thing would be mentioned, but I figure now is as good a time as any to rerun a link to the Linux Counter. As you might have guessed, this site aims to count the total number of Linux installations on the planet. Go fill out the forms. It'll take a minute, but those numbers are essential to convincing the PHBs. Thanks to Mattias Sörlin for sending in the URL. (and yes I know, there are a dozen similiar efforts)

Feynman writes "Digital Metrics has released the first level of certification for the Linux community. The dmCLA--Digital Metrics Certified Linux Administrator--is a non-distribution specific Linux certification for system administrators. " Who is Digital Metrics? Red Hat might be aligned with a distribution, but they have a name. I mean, if I start a certification program does that make it meaningful? Should Linux International do this sort of thing? That's at least an impartial group with a valid name. Anyway, its to early on a monday for this many questions *grin*.

Chris DiBona wrote in to tell as that Linux International is sporting a Big Blue new Member in the form of IBM Software They've been supporting Apache for awhile, and now DB2 comes to Linux. Wonder what else they might have in store.

Jason Lango writes "Silicon Graphics, Inc. is now a Sponsoring Corporate Member of Linux International. Go us! An official press release from Linux International can be found here. " Sun, Intel, Adaptec, now SGI. Who's next?

Well, a friendly bird over at IDG has dropped me a line saying that a LinuxWorld press release has come. It's so new, it's not even up on the web site-click below for details. Exhibitors are signing up, and things are starting to take a more concrete shape-looking good. Rob and I will definitely be there-maybe more. Click below to read more-and to find out who the keynote speakers are.
Contact:Caren Wagner, TSI for IDG
Account Supervisor
(212) 696-2000 ext. 266
wagnerc@tsipr.com

Kristin DeAngelis, IDG World Expo
Marketing Manager
(508) 424-4823
kristin_deangelis@idg.com

KEYNOTES ANNOUNCED FOR 1999 LINUXWORLD CONFERENCE & EXPO Key Linux Influencers Partner with IDG

FRAMINGHAM, MA, November 23, 1998 - IDG World Expo announced today its partnership with key Linux influencers who will be attending, presenting and exhibiting at the upcoming LinuxWorld Conference & Expo, March 1 - 4, 1999 at the San Jose Convention Center in San Jose, CA. Dr. Michael Cowpland, President and CEO, Corel Corporation, Mark Jarvis, Senior Vice President of World Wide Marketing, Oracle and Linus Torvalds, Creator of Linux, the open source operating system, will be the featured keynote speakers on Tuesday, March 2. Keynotes are open to all registered attendees.

"Having earned its reputation as a very efficient and fast-performing system making inroads as a server operating system, I am pleased to see IDG get so deeply involved in the Linux community with this new global event and online magazine. The audience of Linux professionals will be well served by these new initiatives," said Linus Torvalds.

"We fully expect this to be a landmark event for IDG as well as the Linux community due to the support of our advisory council," said Charlie Greco, President, IDG World Expo. The council includes Larry Augustin, President and CEO of VA Research, Inc., Scott McNeil, President of S.u.S.E Inc., Bob Young, President and CEO of Red Hat Software, Inc., Jon "Maddog" Hall,

Director of Linux International, Patrick McGovern, President of My-Website, Inc., Alan Fedder, President of UniForum Association, Bob Berger, President of Internet Bandwidth Development, Nick Petreley, Editor-In-Chief of LinuxWorld Magazine, Dan Shafer, Senior Editor of C/Net and Gary Beach, Publisher, CIO Magazine and Senior Vice President of IDG.

The show's official Web site offers valuable information including facts about respected industry leaders becoming Linux partners and research that strongly indicates sales are climbing for businesses using this revolutionary operating system. It also illustrates the key industry service providers and solution integrators that will be demonstrating all of the above on the exhibit floor. Additional information includes descriptions on the over 40 conference sessions and 13 tutorials exploring topics like Linux security, Advanced Perl Programming, and GNOME just to name a few. To register or inquire about exhibiting at LinuxWorld Conference & Expo, and learn about today's hottest and fastest growing operating system, visit www.linuxworldexpo.com.

IDG's LinuxWorld Conference & Expo, sponsored by LinuxWorld Magazine, Linux Journal, InfoWorld, Macworld, Network World and Sys Admin, is expected to draw over 8,000 independent and corporate Linux developers and business professionals.

For exhibit availability and other promotional opportunities please contact Jim Donovan via email at jim_donovan@idg.com or call 508-424-4814 (EST). To be added to our mailing list, please email your name and mailing address to linuxinfo@arcadiap.com .

About IDG World Expo

IDG World Expo, a business unit of IDG, the world's leading IT media, research and exposition company. IDG publishes more than 290 computer magazines and newspapers and 700 book titles and offers online users the largest network of technology-specific sites around the world through IDG.net, which comprises more than 240 targeted Web sites in 55 countries. IDG is also a leading producer of 168 computer-related expositions worldwide, and provides IT market analysis through 49 offices in 41 countries worldwide. For more information, please visit IDG's Web site at www.idg.com.

About VA Research

VA Research is the oldest and largest Linux systems company. Founded in 1993 by electrical engineering doctoral students at Stanford University, VA Research pioneered high performance workstations and servers based on Linux. In 1997, VA Research became an affiliate of Umax. For more information, please visit VA Research's Web site at www.varesearch.com.

About Red Hat

Founded in 1994, Red Hat Software is based in Research Triangle Park, NC, where it builds and maintains the award-winning Red Hat Linux operating system. Red Hat Linux for Intel, DEC Alpha(TM), and Sun SPARC platforms continues to gain recognition in the computer industry: From 1996 to the present, Red Hat Linux was twice named InfoWorld's Product of the Year, was given a Productivity accolade in Software Development's "Jolt" Awards, and was named an Environment/Desktop finalist in the Ziff-Davis European Excellence Awards.

For more information, please visit Red Hat's Web site at www.redhat.com.

About Caldera, Inc.

Caldera, Inc. designs, develops and markets a line of full-featured, economical system software for the Internet providing stable, high-quality alternatives to Windows® NT, Sun® Solaris and SCO® UNIX®. Caldera uses its own technological and marketing resources to leverage technologies including the Linux operating system created by independent developers worldwide. Caldera is a registered trademark; and Caldera OpenLinux, Caldera Network Desktop, Caldera Solutions CD and Caldera OpenDOS are trademarks of Caldera Inc. UNIX is a registered trademark, in the United States and other countries, licensed exclusively through X/OPEN Company Limited. For more information, please visit Caldera Inc.'s Web site at www.caldera.com.

About S.u.S.E., Inc.

S.u.S.E. is the No. 1 distribution channel for Linux in Europe. S.u.S.E. Linux is highly acclaimed for setting new standards in ease of installation, ease of use, and ease of maintenance. S.u.S.E. has consistently maintained full services and support to meet the needs of individuals and businesses of all sizes - from SOHO to IT departments of large enterprises. The proven quality, stability, and comprehensiveness of S.u.S.E. Linux have made S.u.S.E. the choice of over 30,000 business customers. S.u.S.E. has recently placed new emphasis on its North American operations, and is quickly gaining popularity in the United States and Canada among newcomers, seasoned professionals, and home users alike. For more information, please visit S.u.S.E., Inc's Web site at www.suse.com.

UniForum Association

UniForum, the International Association of Open Systems Professionals, is a not-for-profit organization founded in 1980. Today, it represents many thousands of vendors and users of open systems. UniForum's mission is to help individuals and their organizations increase the effectiveness of their information systems through the use of open systems, based on shared industry standards. Central to UniForum's mission is the delivery of high-quality educational programs, trade shows and conferences, publications, on-line services, and peer group discussions. For more information, please visit UniForum's Web site at www.uniforum.org.

Linux International

Linux International was established to promote the development and use of Linux. The people at Linux International know how good Linux is and want it to become an accepted competitor to products from even the largest computer companies. Among other things, it serves as a bridge between the dedicated and skilled community of developers, and the general world of commerce and industry. Linux International is a non-profit organization run by volunteers, many of whom are high-profile Linux developers or activists. For more information, please visit Linux International's Web site at www.li.org.

LinuxWorld Magazine

LinuxWorld is the first online publication dedicated to providing an open discussion forum where members of the Linux community can further their understanding of the technical and business issues. Led by Michael McCarthy, President of Web Publishing Inc., LinuxWorld fills the technical and strategic needs of this rapidly growing market with a mix of in-depth technical information, real-world scenarios of Linux in the enterprise, features, reader forums, product reviews, reader-submitted links, and guidance for making purchasing decisions. For more information, please visit LinuxWorld's Web site at www.linuxworld.com.

Note to Editors:

All trademarks, registered trademarks, and service marks are property of their respective owners. If you are interested in attending LinuxWorld Conference & Expo please check us out at www.linuxworldexpo.com.

Redhat has now announced that Intel, Netscape, Greylock and Benchmark Partners have invested in it. Intel wants to target ISPs with their Linux strategy. Intel will also be joining Linux International. It will be interesting to see in which way Red Hat will react to UDI given the discussion about it on the kernel list, summarized by Linux Weekly News. (updated) Further info at news.com which is sporting Tux today.

This is fairly sizable. Michael McLagan, better known to most readers as the brave soul responsible for Linux.org has written a response to the criticism he has recieved lately about the web site. I feel Linux.org is an important resource and Michael is working hard to do a good job. I think it's important that we work together to make sure that Linux.org is all it should be. I guess the first step is to hit the link below and read what he has to say, and talk about it. The following is written by Michael McLagan to help address the issues at linux.org

Recently there has been controversy over the new site layout and design, as well as the Ziff Davis article. To address some of these issues, I am making a public statement about linux.org and Linux Online in general. I hope to address the various points raised in the discussions from last week, and head off a few questions which will no doubt come.

Below is the first page of our advertising material sent out to companies who ask us about placing banner ads up on the web site. I believe it will answer a lot of the questions about how/why/where the domain is going. Please take some time, as repetative as it may seem, to read it thru.

Most of you probably don't even know who I am. I'll take that as a blessing, because being famous isn't my desire. I will say that there isn't a single one of you out there with the kernel tree installed that doesn't have my work on your hard drive. I've made several kernel contributions, one large, several small. I've also worked with several commercial operations in getting Linux drivers available for their equipment, most notably DigiBoard serial products.

Does that make me more important than any other kernel contributor? Absolutely not. It doesn't even put me into the same league as gentlemen like Linus Torvalds, Alan Cox, Remi Card, Leonard Zubkoff, Theodore Tso and a whole list of others who I can't take the space to mention. Does it make me more important than the user of Linux? Again, i don't feel so. What it does, though, is give me some standing in establishing a corner of the Linux world and maintaining it.

The long and the short of it is the buck stops here. As much as some do not believe it, there is a person (other than myself) responsible for the day to day business of maintaining the site. As far as the design and graphics go, they are my work. It's my hardware, my configurations, my cgi software, my bandwidth and my money. Despite all of that, I dedicate my time and effort and that of the webmaster, to the promotion of an OS that I believe in.

I'm doing my level best, in my opinion, to achieve the goals outlined in the advertising materials we distribute. If you have contributions you want to make, comments that you feel are important, topics that you don't think we are covering then I encourage you to step forward and fill the webmaster@linux.org mailbox with those comments. We welcome them, and we act on them. I've had this discussion with our largest detractor, Vincent Jannelle over the last few days, and he seems intent to do his own thing. I told him, as I tell you, we will give his work all due consideration, and take from it what fits in with our own goals.

I apologize for the length of this, but I beleive that it goes a long way to clarifying my position as the maintainer and controller of the linux.org domain. I hope it has answered some of your questions, and addressed some of your concerns. I will respond, time permitting, to comments that are sent to me at Michael.McLagan@Linux.Org. I thank you for taking the time to read these comments.

Issues from recent discussions

• The Logo.

  The unfortunate problem I had was the inability to get the font used in the original work. With the new site up, and people noticing/commenting on the penguin, I put in 3 days to get the Dubiel font working so I could re-create the logo. As you will all notice now, there's a new image online now which is a faithful reproduction of Larry Ewing's penguin.

• The background.

  Within a day of it going online, I replaced the background image of the penguin with one that was much lighter in appearance. This made it less emposing on the background, and comments to the webmaster began to fall off about it.

• The colours.

  Some of you wonder if I'm colour blind, or just plain blind. Well, I would invite you to visit (for the next 2 days only) the test site where we posted up some different versions of the homepage you see now. These are all identical except for the colour choices. Over 2 dozen people were asked to visit the site and provide feedback, selecting the colour of graphic, headers, and background they prefered, and what would make the best combination. The result was the site you see online today.

  I have no intention of revealing who participated in the viewing of these choices, or what their comments were. One of them, Jeff Claggett, identified himself as a participant in his post about the site. The others may and will probably remain anonymous. I will go so far as to say that very prominant members of the Linux community were invited and responded in our survey.

• Pages are slow.

  Claims the pages were slow on the 4th are entirely true. That day, the server jumped from delivering it's average of 650k accesses, 72k page views to 800k accesses and 85k page views. Additionally, there were massive numbers of 404 errors for people accessing graphics on cached pages, causing our badurl document to be presented.

  The machine itself is nothing less than a Dual Pentium 90, 128M of RAM, 2.1G SCSI drive. On it's normal days, it sings along like a well oiled top and generally delivers pages in a timely fashion. The one day everyone was busy looking at it, it didn't handle the load. As our numbers of accesses grow, we are planning to create a dual server situation, which will alleviate the problem.

• The page looks crappy in ...

  Taken directly from the server's log files, we have the following:

       Access
    Hits  Percent  ID
  -----------------------------
  413266   62.99%  Mozilla
  221824   33.81%  MSIE
    5253    0.80%  Opera/3.0
    2183    0.33%  Teleport Pro
    1693    0.26%  Lynx
    1467    0.22%  Wget
    1224    0.19%  GETWWW-ROBOT
    1074    0.16%  Konqueror
     657    0.10%  SQA SiteCheck
  
   ...
  
  ------  ------
  656116  100.00%
  

  Seems to me that we should be addressing the needs of the majority of the clients that come to the site. I believe we do.

• Poor content

  This, I must admit, confounds me. I believe the content we have here is a good general reference to what's out there for information on Linux. It is undergoing a bit of a re-organization into some more manageable sections, and hopefully will be more useful/accessible to people in the future.

  We host what I believe to be the most up to date and complete list of Linux user groups worldwide. That, in and of itself, makes Linux Online a valuable resource to the new Linux user, to see where they can meet like minded people in their corner of the world. The list is kept up to date by a constant stream of user input and our own research on search engines and the like.

  Even if after all that has been said, we are here to support the community. If there's a piece of content that is missing, please send it in as a submission. It will usually show up at the next week's update unless something busy is going on and it takes an extra week. We incorporate every project, application, distribution and general link brought to our attention.

• Site doesn't change

  Oh that it were true that the site could be neglected for some short period of time. Unfortunately, if the email to webmaster is left even for a day, it reaches into the unmanagable range. A week would present enough email to drown an individual trying to deal with it. Linux Online maintains 2 web sites, www.linux.org and a development site. The latter is blocked from access to the pubic appropriate security checks. During the week, ongoing changes are made to the development site. Monday morning, at 4:45AM Eastern time, context diffs are created from last week's site, and the diff and images are copied onto www.linux.org as the week's update. After this process is done, URLWatch is run and the email notices are sent out.

• Banner ads? How dare he...

  Lets face it. We all have families to feed. The guy we buy our computers from, the backbone Internet providers, the electical companies, etc. As outlined above, in the very material that you can get by sending an email to sales@linux.org. I'd like to get costs covered as a bare minimum. I honestly can't see how any one of you out there can consider it inappropriate or unusual that having the site pay for it's hardware, T1, power, space and staff time is a problem.

  Over and above that, I believe that some non-distribution centric marketting would be a very good thing. That's where the next level of cash gained from the ads would go. FreeBSD has Walnut Creek CDROM buying banners for it on various search engines and the like. My intention is to gather the resources of the commercial companies in the Linux field, take some of their marketting money, and use it to market the IDEA OF LINUX, something that will help us ALL.

• Other sites

  I've never suggested that the world should look to any specific site to get their Linux information. In fact, centralization like that would be almost impossible. I am trying to do what I can to make that happen with an internet spider/search engine and thru our own efforts.

  Even with that, we will never be SlashDot or FreshMeat or any other live, minute to minute news/information site. It's not part of our current goals. Our direction is towards new users. I've recently put a "Getting Started" area on the home page with the top few questions that the webmaster gets in email daily. The subpage contains a growing list of other similar questions that are, we believe, one of the big reasons people will come to the site.

  If you want to link to another site, then by all means do so. I'm not holding a gun to people's head demanding they provide their main link to us, nor will I ever do so. As with the poll done here recently, we all have differing opinions, and it's our diversity that makes us what we are.

• PC Week Article

  Several pieces of information were quoted in the article by John Dodge in PC Week. The webmaster followed links off the web site and found the following information, which is the most likely source of his information.

  1. Linux Counter http://counter.li.org/

     Text from the top of the page:

     62481 users registered
     29458 machines registered
     My guess at the number of Linux users: Six million

  2. Linux Myth Dispeller http://www.KenAndTed.com/KensBookmark/linux/index.html

     This is the clumsily produced FAQ he refers to. The grammer is poor, but it DOES dispell a lot of myths IF someone actually reads it.

Advertising Introduction

In 1991, Linus Torvalds quietly started a revolution in the computer industry. With his first postings to usenet and release of source code on his ftp site, Linux was born. Over the course of time a myriad of different programmers, designers, and others have worked with Linus to build an industrial strength kernel, and surrounded it with all the tools necessary to turn it into a complete operating system.

Sometime in 1992, Michael McLagan became involved with Linux as a user. After downloading and installing one of the very early distributions (SLS for those who remember), it was clear that there was serious potential for Linux to grow. He began developing drivers and networking code for the Linux kernel. Over time, other companies developed distributions, and Linux began gaining acceptance around the world. However, Linux lacked a central organization to give it a presence on the internet, and to promote its use in corporate environments.

LINUX.ORG was registered with the InterNIC in May 1994. The web site went online with a single page via a 28.8k modem. Links pointed to a site maintained by Liem Bahneman at the University of Washington. This material was eventually moved to Specialized Systems Consultants. In August 1997 Linux Online designed an entirely new site with local content and a broader coverage of the activities in the Linux community.

The mission of Linux Online is to promote Linux to the world. Outlined below is the plan to accomplish this goal. Phase 1 is currently ongoing. Future phases will be funded in part by the banner ad programs outlined below.

1. Create and maintain a comprehensive website. An updated design to be released on June 1st. Updates to the site are done weekly. As staffing allows, more frequent updates are planned.
2. Purchasing general Linux advertisements in trade magazines, internet search engines, and other highly visible web sites on the
3. Purchasing general Linux advertisements in trade magazines, internet search engines, and other highly visible web sites on the Internet. These advertisements will promote Linux as a viable platform for corporate MIS environments, without making reference to any particular vendors.
4. Organize and present seminars in various U.S., Canadian, and International cities, aimed at information technology and management level decision makers within the business community. These one to two day seminars will present information showing Linux in use in large organizations, the benefits of using an Open Source product, various products from Linux vendors, and local information on consultants who can assist in a smooth transition to Linux.

Linux Online believes that widespread promotion will assist all organizations involved with Linux, from application developers, help desk and installation/setup consultants, kernel developers, hardware manufacturers, and other commercial endeavours. In much the same way that the kernel developers have worked together on source code, working together on promoting Linux will exceed the sum of individuals acting alone.

Slashdot Exclusive - Sun Microsystems has officially joined Linux International. While Sun has no plans to begin bundling Linux with their workstations, they realize their customers have taken an interest in the OS. Read on to find out more, including the upcoming announcment from Sun regarding the company's official position on all things Linux. David Andrew will represent Sun on Linux International board. He has stated the following things:

• Sun has no plans to bundle Linux with any of its SPARC workstations
• Sun will not support end-users directly, but will support vendors which "package" Linux

He has listed the following reasons as to why Sun will be joining Linux International:

• "Availability of our new low-cost Ultra5 and Ultra10 workstations, designed to run Unix OS very well."
• "Support for other Unix participants against NT is in our interest."
• "Appreciation of the people who are doing the UltraPenguin port for SPARC."

Certainly sounds like Linux has gained an important ally. Linux, Sun, Netscape, and millions of others. Linux is a powerful player, indeed.

Andy Tai writes "The Linux Weekly News is reporting that Sun will join Linux International. No other info is available. " Can anyone confirm or deny this? If this is true, it is very cool.

Bart Blanquart sent us a report from CeBIT. He says "I just got back from CeBIT and thought I'd share these things:

Digital didn't think it would be nice/necessary/neat to have a Linux-box on their display (but they did like to show off with Titanic-was-rendered-on-Alpha-stuff). Linux International had a booth there which got quite some attention, but S.u.S.E. got lots more (I don't know what they had in their booth - it was always too crowded to get near it) Besides L.I. and S.u.S.E. there where some other Linux-vendors (or vendors of Linux-based products) present, so the penguins seemed to be omni-present".