Slashdot Mirror

DCowern writes "Mandrake today announced version 9.1 of their distribution. While there are some interesting choices for new packages (like kernel 2.4.21pre2 and XFree86 4.3 beta) the most groundbreaking thing about this release is the way in which they decide which packages are "high priority" for development and inclusion in the standard install. Any registered user at MandrakeClub can vote. Their opinion is that no one knows where development effort needs to be spent better than the end-user." Update: 01/10 19:38 GMT by T : That's "distribution."

joestar writes "What else to say? I've tested the RCs and they were great... There are two very interesting links: the Press Release, and a very nice presentation. From the presentation: 'Affirming its leading position in the Linux desktop arena, Mandrake Linux 9.0 introduces many newly redesigned graphical desktops and configuration utilities. The famous "Mandrake touch" is evident throughout the many clean, attractive and friendly desktops to make everyday tasks easier for all users of a Mandrake system.' And apparently it's already LSB-1.2 certified!" Update: 09/25 23:57 GMT by T : Apropos new releases, an anonymous reader writes "Parts of Red Hat's next OS have been unofficially leaked, as news.com reports here. The official release date is scheduled for next Monday, 9/30/02." Update: 09/26 00:29 GMT by T : Gaël Duval points to less-swamped links to the press release and to the Presentation & Features page. Thanks, Gaël.

joestar writes "What else to say? I've tested the RCs and they were great... There are two very interesting links: the Press Release, and a very nice presentation. From the presentation: 'Affirming its leading position in the Linux desktop arena, Mandrake Linux 9.0 introduces many newly redesigned graphical desktops and configuration utilities. The famous "Mandrake touch" is evident throughout the many clean, attractive and friendly desktops to make everyday tasks easier for all users of a Mandrake system.' And apparently it's already LSB-1.2 certified!" Update: 09/25 23:57 GMT by T : Apropos new releases, an anonymous reader writes "Parts of Red Hat's next OS have been unofficially leaked, as news.com reports here. The official release date is scheduled for next Monday, 9/30/02." Update: 09/26 00:29 GMT by T : Gaël Duval points to less-swamped links to the press release and to the Presentation & Features page. Thanks, Gaël.

Rimbo asks: "I'm building a computer for a friend, who has three major requirements from his system: He wants an Athlon with a 333MHz FSB, he wants absolutely no Microsoft software anywhere near it, and he needs the ability to read and edit Chinese. I imagine Red Flag Linux has great Chinese support, but is it as easy to use as a desktop OS as Mandrake or Red Hat? How easy is Chinese text editing and entry under the major distributions? What "office" software for Linux is good for editing Chinese? Thanks!"

ulbador writes "From the Linux Mandrake PPC site: Mandrake Linux 8.2 PPC is now available for Macintosh users. This newest release offers G3 optimization, user-friendly configuration tools, and the most up-to-date software. Visit your local mirror."

ulbador writes "From the Linux Mandrake PPC site: Mandrake Linux 8.2 PPC is now available for Macintosh users. This newest release offers G3 optimization, user-friendly configuration tools, and the most up-to-date software. Visit your local mirror."

fabiolrs writes "Mandrake Linux has an article in response to the message they sent on march 11th. They claim that because of user help they are "cash-flow positive"! That is great news since Linux community is now sure it will continue using one of the nicest distros available!"

Tonight's Slashback features another string of updates, corrections, etc. to previous stories. In this case, that means more on the discoveries of America, the Mandrake-StarOffice connection, Joel Spolsky and more, all below.

Update: not everyone agrees on everything. ipoverscsi writes: "SoftwareMarketSolution has a followup interview with Joel Spolsky comprised mainly of rebuttals from the comments section of an older article on Slashdot. A quote I found interesting regarding re-writing software: 'Don't even talk to me about spending money replacing something that works. The only question that is relevant is -- what does it cost to fix it if it doesn't work?'"

'First' seems to be relative. MattJ writes: "A week or two ago, Gavni Menzies' theory about Chinese explorations preceding Columbus were mentioned on Slashdot. He has now made his presentation to the Royal Geographical Society. According to MSNBC, the response from historians who saw it was somewhat muted. They say they need to wait for his book to come out to treat the theory fairly, but right now it looks like a tower of suppositions."

"Or, to vote for 'irresponsible disclosure,' please press No ...". juliao writes: "The IETF has dropped the draft proposal for responsible disclosure of bugs."

Fax early and often. jd142 writes: "A follow up to Friday's CBDTPA story. Electronic petitions and e-mail are unlikely to sway a Senator. Dead trees do. Luckily you can easily have a message faxed to your Senators. Letters are good too, so send both. This is a case where the more paper we can swamp them with, the better chance we have of killing this. And take the time to personalize your faxes and letters."

A matter of phrasing? I mentioned that StarOffice 6.0 was due for retail release in April; Jacques Le Marois from Mandrakesoft (among many others) wrote to point out that "MandrakeClub is the first and only place in the world where you can get StarOffice 6.0 currently!" They've worked out an OEM deal with Sun to let those who've paid for a "Silver" membership to MandrakeClub ($120 annually) download the software.

Exactly which MandrakeClub members were eligible for the payware StarOffice was the cause of some contention. "We also answer to your previous post about the ZDNet controversy. It's an interesting case of mis-information spread."

phalse phace writes "Yahoo! News is carrying a ZDNet News article which reveals that Mandrake has decided to change its policy regarding its Mandrake Club. Previously, Mandrake stated that all membership levels would enjoy the same benefits. But since Mandrake Linux 8.2 will include StarOffice 6.0 and Sun is charging for it, they decided to only allow the download of SO 6.0 to Silver members and higher."

phalse phace writes "Yahoo! News is carrying a ZDNet News article which reveals that Mandrake has decided to change its policy regarding its Mandrake Club. Previously, Mandrake stated that all membership levels would enjoy the same benefits. But since Mandrake Linux 8.2 will include StarOffice 6.0 and Sun is charging for it, they decided to only allow the download of SO 6.0 to Silver members and higher."

Jester998 writes "Linux Mandrake 8.2 is out! Check out the official annoucement or head off to your closest mirror to grab the ISO images. The release is bound to be amazing, with the return of kernel-secure, a 65MB minimum install, hotplug device support, encrypted filesystems and more!"

Many people wrote in with this news: "Mandrake Linux today reports having a short-term money crunch. They call for users to become members to help float them through the short-term viability issue. Membership dues are the preferred method over budget/project cuts."

Many people wrote in with this news: "Mandrake Linux today reports having a short-term money crunch. They call for users to become members to help float them through the short-term viability issue. Membership dues are the preferred method over budget/project cuts."

belbo writes "On Friday, an article on MandrakeForum announced the immediate availability of the first beta of Mandrake Linux 8.2 for PPC. Apart from the features of the upcoming 8.2 release for i586, this beta offers network installation via AirPort, an AppleScript wrapper for passing parameters to BootX, a patched 2.4.17 kernel, support for 1394, support for Radeon/Riva cards (via XFree 4.2) and more." Great news. I run Yellow Dog Linux for PPC boxes, but am still waiting for a good Linux for PPC release that does everything well, and out of the box. Maybe this is the one?

joestar writes: "As seen at Mandrake's website, Mandrake Linux 8.2 Beta seems to be available for download at different places. The new features include the ability to install a Mandrake as small as 65Mb on the HD, and encrypted file-system support. I guess it's the good time to report all bugs we don't want to see in the final version. Very promising release, worth a look at!"

bcrowell asks: "We have an old Intel machine (166 Mhz pentium, 32 Mb), previously used only for playing Civilization, on which I've now got Mandrake running. The problem is, it doesn't seem possible to run KDE in this amount of memory. I've heard about Linux being a good way to run serious software gracefully on older hardware, but not having a GUI is pretty limiting, unless you just want a server. Has anyone used a more lightweight window manager that they could recommend? Are there ways of configuring X, KDE, or GNOME so as to cut down on the memory requirements?" Yes, a simple browse of Freshmeat will net you loads of answers, but I'm sure the submittor would appreciate some of your experiences with the numerous choices of WMs, out there.

Uttles asks: "I recently installed Mandrake 8.1 on my machine at home and as a Linux Newbie I have been having trouble getting all of my hardware to perform correctly. The Mandrake distribution comes with a config tool called HardDrake but I have not found it very useful. It displays every piece of hardware, but it doesn't give you the option to install or configure drivers for that hardware. In fact, the only functionality it has is a "run config tool" button that for some devices launches a configuration application. I have been told that Red Hat and other distributions have similar tools, and none are very powerful. So now I am asking Slashdot: What is the best hardware configuration tool, either GUI or text based, for Linux systems?"

Uttles asks: "I recently installed Mandrake 8.1 on my machine at home and as a Linux Newbie I have been having trouble getting all of my hardware to perform correctly. The Mandrake distribution comes with a config tool called HardDrake but I have not found it very useful. It displays every piece of hardware, but it doesn't give you the option to install or configure drivers for that hardware. In fact, the only functionality it has is a "run config tool" button that for some devices launches a configuration application. I have been told that Red Hat and other distributions have similar tools, and none are very powerful. So now I am asking Slashdot: What is the best hardware configuration tool, either GUI or text based, for Linux systems?"

The first slashback of normal time (not Daylight Savings) in a while, tonight with news of 3Dwm's continuing progress, ways brave OS X pioneers can bravely reclaim their lost MP3 files, and a word of caution on HP's upcoming digital-audio playbox.

Vivid Video, take note: NickElm writes: "The 3Dwm project, already featured twice before on Slashdot (the last time little more than a year ago), is still alive and kicking and making steady progress. This summer, we added CSG support, full VNC interaction, and our first real application (a 3Dwm clock). To top it off, Xybernaut recently donated two wearable computers to the project, perfect platforms for this kind of thing. 3Dwm packages have existed for Debian for quite some time, and we were just now adopted by Mandrake as well. What are you waiting for, download it and try it out for yourself! Still far from a complete user environment, but we're getting there..."

Do you want your iTunes iBack, little iBoy? pinqkandi writes "Apple has released some tips on getting back your data lost by the iTunes Installer for Mac OS X. If you haven't written to the partition where the loss occured, you should be able to get it back with Tech Tool Pro or Norton Utilities. Apple's tips warn to NOT use a Volume Recover feature in these utilities, but instead use their tools to recover lost data. Also, boot from a CD before recovering data, and also follow your utility's maker's directions. Unfortunately, no free utilities are listed for the recovery."

The sort of details you'll find on page 17 in small print. ARP writes "A while ago RatedPC brought us some scoop of HP's upcoming Digital Entertainment Center de100c. At first this unit seems to be a perfect addition to home theatre systems right? Well, you better forget about it if you think you are going to use it to share music or make your own CDs from your MP3 collection. What HP hasn't told us is they have been seriously whipped by DRM (Digital Rights Management). An internal FAQ has revealed that users will be unable to use CD-RWs to burn off their own CDs. You will need to buy "Digital Audio Discs" and royalties from these discs are distributed to artists via the RIAA. And you can't transfer your songs to your PC either. Without a doubt RIAA's foothold has extended much above just this. Don't be surprised if it won't play your MP3 collection because they are not digitally signed. The problem is that RIAA will be riding high on HP success with this product and their grip will be firmer when it comes to controlling what you will do with your music."

A similar problem affects the otherwise very cool-looking Terapin video recorder, which I would pick up in a heartbeat if it worked with regular CD-Rs. The HP website talks about burning tracks to CD, but makes no mention of such restrictions; I hope this is simply bad information, but it seems quite likely that "burning to CD" in this case will mean burning to industry-sanctioned CDs with their accompanying surcharge. Can anyone provide further information?

Loke and several others wrote in with notes about Mandrake Linux 8.1. Release notes are available, or download an .iso, or just order it. Looks like it includes KDE 2.2.1, which is pretty impressive...

Loke and several others wrote in with notes about Mandrake Linux 8.1. Release notes are available, or download an .iso, or just order it. Looks like it includes KDE 2.2.1, which is pretty impressive...

keegnotrub writes: "Mandrake just dumped 8.1 Beta on their servers. Along with updated software (KDE 2.2, kernel 2.4.8, etc) they have reworked their control center to include many new features." Word to the wise: there are some reactions to this beta -- as well as a list of known bugs and fixes -- at mandrakeforum.com. What I'd like to know is if a Wacom Intuos USB tablet will work out-of-the-box on 8.1, since I just bought a refurbed one ;)

Cpyder writes "LinuxFrench reports that Mandrakesoft (home of Mandrake Linux) are going public. Good luck to them!" The article is in French - use the fish for an...interesting...translation. Or try out GPLTrans.

John Buswell wrote a little opinion thing wrt Mandrake's Donations Page. He raises the arguable point: why would you donate money to a for-profit company? I've written my response too which is full of all sorts of pompous rhetoric to go along with it.

John Buswell writes "This morning I received an email from MandrakeSoft, developers of the Linux-Mandrake distribution. One article in this e-newsletter they sent around disturbed me, they were looking for donations. Now, don't get me wrong, I am all for giving back to the community, however, if you look at their site, they are looking for donations for Mandrake specific projects like their installer (DrakX), their support websites and most disturbing of all Quality Assurance. This would be fine except that MandrakeSoft is a company, and these elements they are looking for donations for don't help anyone but their customers and their product. I know they are under a little financial strain, laying off employees and asking others to take pay cuts, but to me, this looks like they are trying to take advantage of the goodwill of the Linux community and their customers who might be a little afraid their Mandrake is going south.

Wouldn't you be outraged if a car company came out and asked for donations to improve safety features or fuel economy? These are company expenses to improve their product, so people buy more and they make more money. It's not something you ask for donations for. While I appreciate the many things Mandrake has done for Linux, I don't think they have the right to ask for money from their customers. If they were taking donations and giving funds to projects like Gnome, KDE, Apache or FSF, that would be fine, but these are ways to fund their products.

I think there are many useful projects that you can donate your money to, that are just developers working in their spare time from home, or non-profit organizations, and donating to those projects will still improve Mandrake's product, because they will definitely incorporate them into their latest releases. What does everyone else think? Is Mandrake justified in asking for donations or are they desperately seeking funds they can't obtain from their investors?"

My opinion is that to many people want cheese with their whine. This attitude trivializes the work that the real programmers do, but also the generosity of many of the major Linux companies who pay programmers to write code, and then pay ISP bills to let people download that code for free.

I don't really know much about Mandrake's financial situation. I doubt that optional donations will provide them a significant source of revenue. But I certainly don't have any problem with them providing the option to send money back to them. My distribution is Debian, and as a non-profit, I can donate money to them without offending John. But if I bought a shrink wrapped copy of Red Hat, I'd be sending a few bucks to them. What's the big deal about giving a few bucks when you download an ISO? And Mandrake has gone so far as giving donators a choice as to where those dollars go. When I give Red Hat my $50 or whatever for that box, do I get to say "Develop GNOME, please"?

Section 3B of the GPL provides for charging the distribution cost for source code, but afaik, every major distribution gives binaries away for free. Hemos and Uriah worked out that it costs OSDN something like 7 cents per ISO download on SourceForge, so I imagine it's similiar for MandrakeSoft. They don't have to provide them. It's a free service. They could charge you 7 cents. They could charge you the distribution costs if you wanted source. They aren't doing either of these things, they are giving you the option to do so, if you want. Which leads me to my main thought about this question: the attitude.

Do you complain over those "Suggested Donation Bins" at the museum? Would you complain if toll booths were optional? Of course neither analogy is perfect, but you get my point. Museums and roads cost money.

The attitude that John presents above scares me. I don't mean any offense to John, he seems like a smart guy, but I've seen so many 31337 h4x0r Linux types who've never contributed a line of code rant on about the evils of various free software companies. Yet I know many guys who've actually contributed huge chunks of code and, well, they just don't care. It's a case where the fanboys have invented some sort of cause that isn't all that important instead of doing something relevant. Those who can, code, those who don't complain.

Of course, I'm just a tool of one of the largest Linux companies, so what do I know. I'm tainted, evil, and part of the same conspiracy designed to keep free software out of everyone's hands by giving it away for free. I also know who killed JFK. But god forbid that hackers eat. And let's all complain about suggested donations too so that the only way to get copies of free software is through gnutella. Hope that 600-meg ISO doesn't abort half way.

John Buswell wrote a little opinion thing wrt Mandrake's Donations Page. He raises the arguable point: why would you donate money to a for-profit company? I've written my response too which is full of all sorts of pompous rhetoric to go along with it.

John Buswell writes "This morning I received an email from MandrakeSoft, developers of the Linux-Mandrake distribution. One article in this e-newsletter they sent around disturbed me, they were looking for donations. Now, don't get me wrong, I am all for giving back to the community, however, if you look at their site, they are looking for donations for Mandrake specific projects like their installer (DrakX), their support websites and most disturbing of all Quality Assurance. This would be fine except that MandrakeSoft is a company, and these elements they are looking for donations for don't help anyone but their customers and their product. I know they are under a little financial strain, laying off employees and asking others to take pay cuts, but to me, this looks like they are trying to take advantage of the goodwill of the Linux community and their customers who might be a little afraid their Mandrake is going south.

Wouldn't you be outraged if a car company came out and asked for donations to improve safety features or fuel economy? These are company expenses to improve their product, so people buy more and they make more money. It's not something you ask for donations for. While I appreciate the many things Mandrake has done for Linux, I don't think they have the right to ask for money from their customers. If they were taking donations and giving funds to projects like Gnome, KDE, Apache or FSF, that would be fine, but these are ways to fund their products.

I think there are many useful projects that you can donate your money to, that are just developers working in their spare time from home, or non-profit organizations, and donating to those projects will still improve Mandrake's product, because they will definitely incorporate them into their latest releases. What does everyone else think? Is Mandrake justified in asking for donations or are they desperately seeking funds they can't obtain from their investors?"

My opinion is that to many people want cheese with their whine. This attitude trivializes the work that the real programmers do, but also the generosity of many of the major Linux companies who pay programmers to write code, and then pay ISP bills to let people download that code for free.

I don't really know much about Mandrake's financial situation. I doubt that optional donations will provide them a significant source of revenue. But I certainly don't have any problem with them providing the option to send money back to them. My distribution is Debian, and as a non-profit, I can donate money to them without offending John. But if I bought a shrink wrapped copy of Red Hat, I'd be sending a few bucks to them. What's the big deal about giving a few bucks when you download an ISO? And Mandrake has gone so far as giving donators a choice as to where those dollars go. When I give Red Hat my $50 or whatever for that box, do I get to say "Develop GNOME, please"?

Section 3B of the GPL provides for charging the distribution cost for source code, but afaik, every major distribution gives binaries away for free. Hemos and Uriah worked out that it costs OSDN something like 7 cents per ISO download on SourceForge, so I imagine it's similiar for MandrakeSoft. They don't have to provide them. It's a free service. They could charge you 7 cents. They could charge you the distribution costs if you wanted source. They aren't doing either of these things, they are giving you the option to do so, if you want. Which leads me to my main thought about this question: the attitude.

Do you complain over those "Suggested Donation Bins" at the museum? Would you complain if toll booths were optional? Of course neither analogy is perfect, but you get my point. Museums and roads cost money.

The attitude that John presents above scares me. I don't mean any offense to John, he seems like a smart guy, but I've seen so many 31337 h4x0r Linux types who've never contributed a line of code rant on about the evils of various free software companies. Yet I know many guys who've actually contributed huge chunks of code and, well, they just don't care. It's a case where the fanboys have invented some sort of cause that isn't all that important instead of doing something relevant. Those who can, code, those who don't complain.

Of course, I'm just a tool of one of the largest Linux companies, so what do I know. I'm tainted, evil, and part of the same conspiracy designed to keep free software out of everyone's hands by giving it away for free. I also know who killed JFK. But god forbid that hackers eat. And let's all complain about suggested donations too so that the only way to get copies of free software is through gnutella. Hope that 600-meg ISO doesn't abort half way.

John Buswell wrote a little opinion thing wrt Mandrake's Donations Page. He raises the arguable point: why would you donate money to a for-profit company? I've written my response too which is full of all sorts of pompous rhetoric to go along with it.

John Buswell writes "This morning I received an email from MandrakeSoft, developers of the Linux-Mandrake distribution. One article in this e-newsletter they sent around disturbed me, they were looking for donations. Now, don't get me wrong, I am all for giving back to the community, however, if you look at their site, they are looking for donations for Mandrake specific projects like their installer (DrakX), their support websites and most disturbing of all Quality Assurance. This would be fine except that MandrakeSoft is a company, and these elements they are looking for donations for don't help anyone but their customers and their product. I know they are under a little financial strain, laying off employees and asking others to take pay cuts, but to me, this looks like they are trying to take advantage of the goodwill of the Linux community and their customers who might be a little afraid their Mandrake is going south.

Wouldn't you be outraged if a car company came out and asked for donations to improve safety features or fuel economy? These are company expenses to improve their product, so people buy more and they make more money. It's not something you ask for donations for. While I appreciate the many things Mandrake has done for Linux, I don't think they have the right to ask for money from their customers. If they were taking donations and giving funds to projects like Gnome, KDE, Apache or FSF, that would be fine, but these are ways to fund their products.

I think there are many useful projects that you can donate your money to, that are just developers working in their spare time from home, or non-profit organizations, and donating to those projects will still improve Mandrake's product, because they will definitely incorporate them into their latest releases. What does everyone else think? Is Mandrake justified in asking for donations or are they desperately seeking funds they can't obtain from their investors?"

My opinion is that to many people want cheese with their whine. This attitude trivializes the work that the real programmers do, but also the generosity of many of the major Linux companies who pay programmers to write code, and then pay ISP bills to let people download that code for free.

I don't really know much about Mandrake's financial situation. I doubt that optional donations will provide them a significant source of revenue. But I certainly don't have any problem with them providing the option to send money back to them. My distribution is Debian, and as a non-profit, I can donate money to them without offending John. But if I bought a shrink wrapped copy of Red Hat, I'd be sending a few bucks to them. What's the big deal about giving a few bucks when you download an ISO? And Mandrake has gone so far as giving donators a choice as to where those dollars go. When I give Red Hat my $50 or whatever for that box, do I get to say "Develop GNOME, please"?

Section 3B of the GPL provides for charging the distribution cost for source code, but afaik, every major distribution gives binaries away for free. Hemos and Uriah worked out that it costs OSDN something like 7 cents per ISO download on SourceForge, so I imagine it's similiar for MandrakeSoft. They don't have to provide them. It's a free service. They could charge you 7 cents. They could charge you the distribution costs if you wanted source. They aren't doing either of these things, they are giving you the option to do so, if you want. Which leads me to my main thought about this question: the attitude.

Do you complain over those "Suggested Donation Bins" at the museum? Would you complain if toll booths were optional? Of course neither analogy is perfect, but you get my point. Museums and roads cost money.

The attitude that John presents above scares me. I don't mean any offense to John, he seems like a smart guy, but I've seen so many 31337 h4x0r Linux types who've never contributed a line of code rant on about the evils of various free software companies. Yet I know many guys who've actually contributed huge chunks of code and, well, they just don't care. It's a case where the fanboys have invented some sort of cause that isn't all that important instead of doing something relevant. Those who can, code, those who don't complain.

Of course, I'm just a tool of one of the largest Linux companies, so what do I know. I'm tainted, evil, and part of the same conspiracy designed to keep free software out of everyone's hands by giving it away for free. I also know who killed JFK. But god forbid that hackers eat. And let's all complain about suggested donations too so that the only way to get copies of free software is through gnutella. Hope that 600-meg ISO doesn't abort half way.

Nikato Muirhead writes: "Need I say more?" and points to this page at LinuxToday which says that Mandrake is preparing a beta -- for PPC. Considering the price of a used-but-decent G3, this sounds fun to get in on. (E-mailing sympa@linux-mandrake.com with "SUB cooker-ppc" in the body will start you on the road to beta-testerhood.)

More below on improving OS X security, AOL GPL SNAFUs, Mandrake's reputed layoffs (short answer: No.), Big Daddy's control over gaming in Connecticut, and more. All below in tonight's episode of Slashback.

We are from France! And we're doing fine ... PovRayMan writes "Mandrakesoft has denied rumors of it's recent layoffs and management change due to "financial liquidity." The article mentions how the former CEO, Henri Poole, agreed on the management change. The article even goes out to say that their "prospects never looked so good" with the recent release of Mandrake 8. Either way, I'm downloading Mandrake 8 iso's right now and look forward to playing with it."

Like Alar for the other kind of apple. Lots of people were interested in the possible security flaws in OS X; thanks to Alex Salkever of BusinessWeek, we have word from Apple SE Manager Jeff Gagne, who writes: "We have just posted a Mac OS security web page for people looking for information concerning security updates, security notifications, etc. involving Mac OS X. Please visit the following url for more information: http://www.apple.com/support/security/security.html."

Follow the bouncing lawyers, with a mallet and a browser. Mike Haisley of AOL watchdog Observers.net writes with an update to yesterday's AOL And The GPL story: "It seems that America Online has their legal team working overtime on this one, site was pulled, and back up, and we were just given notice that it's going down again." Here is the Emergency Mirror.

Go forth and legislate no more. mikey573, pointing to a Hartford Courant Article, writes: "It's nice to see that Connecticut governor John Rowland is protecting gamers' rights by vetoing a bill that would have limited access to arcade point-and-shoot games: "Asserting that government should not act as 'Big Daddy,' Gov. John G. Rowland said Thursday that he will veto a bill barring children under 18 from playing 'point-and-shoot' video games in public places." I'm going to play Duck Hunt now in celebration! My only concern is the Connecticut legislature got as far as passing the bill in the first place." Well said.

Erratus, errata, erratum. Jamie would like to make several corrections to Monday's story about Macromedia being blackholed:

(1) I really shouldn't have singled out Above.net in the headline. They're just one backbone that uses the MAPS RBL to block non-mail traffic from their subscribers. In fact, Teleglobe.net was the backbone that blocked web access from one of our submittors.

And (B), Paul Vixie, the co-founder of MAPS, is no longer the CTO of Above.net.

More below on improving OS X security, AOL GPL SNAFUs, Mandrake's reputed layoffs (short answer: No.), Big Daddy's control over gaming in Connecticut, and more. All below in tonight's episode of Slashback.

We are from France! And we're doing fine ... PovRayMan writes "Mandrakesoft has denied rumors of it's recent layoffs and management change due to "financial liquidity." The article mentions how the former CEO, Henri Poole, agreed on the management change. The article even goes out to say that their "prospects never looked so good" with the recent release of Mandrake 8. Either way, I'm downloading Mandrake 8 iso's right now and look forward to playing with it."

Like Alar for the other kind of apple. Lots of people were interested in the possible security flaws in OS X; thanks to Alex Salkever of BusinessWeek, we have word from Apple SE Manager Jeff Gagne, who writes: "We have just posted a Mac OS security web page for people looking for information concerning security updates, security notifications, etc. involving Mac OS X. Please visit the following url for more information: http://www.apple.com/support/security/security.html."

Follow the bouncing lawyers, with a mallet and a browser. Mike Haisley of AOL watchdog Observers.net writes with an update to yesterday's AOL And The GPL story: "It seems that America Online has their legal team working overtime on this one, site was pulled, and back up, and we were just given notice that it's going down again." Here is the Emergency Mirror.

Go forth and legislate no more. mikey573, pointing to a Hartford Courant Article, writes: "It's nice to see that Connecticut governor John Rowland is protecting gamers' rights by vetoing a bill that would have limited access to arcade point-and-shoot games: "Asserting that government should not act as 'Big Daddy,' Gov. John G. Rowland said Thursday that he will veto a bill barring children under 18 from playing 'point-and-shoot' video games in public places." I'm going to play Duck Hunt now in celebration! My only concern is the Connecticut legislature got as far as passing the bill in the first place." Well said.

Erratus, errata, erratum. Jamie would like to make several corrections to Monday's story about Macromedia being blackholed:

(1) I really shouldn't have singled out Above.net in the headline. They're just one backbone that uses the MAPS RBL to block non-mail traffic from their subscribers. In fact, Teleglobe.net was the backbone that blocked web access from one of our submittors.

And (B), Paul Vixie, the co-founder of MAPS, is no longer the CTO of Above.net.

Boban Acimovic writes "New Mandrake 8.0 is finally out. Official announcement will come today, but new ISO files are already on some of mirrors. Main improvements are kernel =2.4.3, KDE =2.1.1, GNOME 1.4, Nautilus 1.0, Evolution 0.9, XFree86 =4.0.3, RPM 4.0, improved installer with pictures and other nice stuff. Enjoy!" Thanks to Gael Duval, from Mandrake for letting me know - the main features are listed as well as the new features page. But one of the cooler parts is a new part with Mandrake-Linux that will let you donate to the Free Software project of your choice in Mandrake - that's at at Linux-Mandrake.com. Update: 04/19 12:27 PM by H :Newsforge has got a article with more mirrors as well.

Boban Acimovic writes "New Mandrake 8.0 is finally out. Official announcement will come today, but new ISO files are already on some of mirrors. Main improvements are kernel =2.4.3, KDE =2.1.1, GNOME 1.4, Nautilus 1.0, Evolution 0.9, XFree86 =4.0.3, RPM 4.0, improved installer with pictures and other nice stuff. Enjoy!" Thanks to Gael Duval, from Mandrake for letting me know - the main features are listed as well as the new features page. But one of the cooler parts is a new part with Mandrake-Linux that will let you donate to the Free Software project of your choice in Mandrake - that's at at Linux-Mandrake.com. Update: 04/19 12:27 PM by H :Newsforge has got a article with more mirrors as well.

Boban Acimovic writes "New Mandrake 8.0 is finally out. Official announcement will come today, but new ISO files are already on some of mirrors. Main improvements are kernel =2.4.3, KDE =2.1.1, GNOME 1.4, Nautilus 1.0, Evolution 0.9, XFree86 =4.0.3, RPM 4.0, improved installer with pictures and other nice stuff. Enjoy!" Thanks to Gael Duval, from Mandrake for letting me know - the main features are listed as well as the new features page. But one of the cooler parts is a new part with Mandrake-Linux that will let you donate to the Free Software project of your choice in Mandrake - that's at at Linux-Mandrake.com. Update: 04/19 12:27 PM by H :Newsforge has got a article with more mirrors as well.

Boban Acimovic writes "New Mandrake 8.0 is finally out. Official announcement will come today, but new ISO files are already on some of mirrors. Main improvements are kernel =2.4.3, KDE =2.1.1, GNOME 1.4, Nautilus 1.0, Evolution 0.9, XFree86 =4.0.3, RPM 4.0, improved installer with pictures and other nice stuff. Enjoy!" Thanks to Gael Duval, from Mandrake for letting me know - the main features are listed as well as the new features page. But one of the cooler parts is a new part with Mandrake-Linux that will let you donate to the Free Software project of your choice in Mandrake - that's at at Linux-Mandrake.com. Update: 04/19 12:27 PM by H :Newsforge has got a article with more mirrors as well.

Boiling rumors can now be set aside: Linux-Mandrake's 8.0 beta is ready for grabbing. Before you complain about Version Inflation (Slackware, Red Hat and others should come out with v10 just for fun), read the fine print indicating that by using this beta version, you're surrendering your machine to the winds of time, and French aliens may come kidnap you and your data for sheer sadistic sport. That is, especially if you have a VIA Apollo Pro or KT133 Chipsets and a WD drive greater than 8.4Gb in size. So the real 8.0 isn't ready yet (that will be the time to complain about version inflation proper), but like Red Hat's Fisher, this is a nice way to experience upgrades all around the mulberry bush, including a 2.4 kernel (2.4.2, actually) without building them all yourself.

A handful of updates and new nuggets await you below, on everything from Iraqi PlayStation purchases to package manager news of the week, in tonight's release of Slashback.

apt-get install common.sense According to this message from Pixel in the apt-rpm mailing list, Linux-Mandrake is the second RPM-based distro to use APT, after Conectiva's own distro. So, despite the existance of non-free similar products recently covered in /., APT is gaining acceptance to be the unified package manager front-end for Linux.

Can your parents install Debian?

Now there's some smidgeon of Justice for ya Foggy Tristan writes "

According to Wired news story, Uzi Nissan has won a battle, but not the war, against Nissan in a domain name dispute over nissan.com.

For now, however, Uzi Nissan must display a prominent banner on his site that tells people he has nothing to do with the car company and where people can find Nissan.

" You knew this was going to happen ... RobM9999 writes: "The BugTraq mailing list over at SecurityFocus is reporting what appears to be the first vulnerability in the NSA's Security-Enhanced Linux that was originally written about here. The original post to the BugTraq mailing list is here."

What would have been more surprising is if no security bugs were found when a project like this has its source opened to the world. Best to get that laundy clean, eh?

Could be they're just serious gamers tech81 writes "Here's an article on MSNBC that has an update to this story previously posted on Slashdot concerning Iraq possibly buying and stockpiling PS2's for military purposes. Looks like they weren't able to get an PS2's, so they grabbed the originals. . ."

So that's why the bidding on eBay went so high, eh?

Read 'em and weep The next part of our continuing reprint of Jon Katz' Hellmouth series is up.

Mayank points to this interview at FreeOS.com with Red Hat CTO Michael Tiemann, in which Tiemann discusses why the Hat shipped a development kernel with their 7.0 distribution, journaling filesystems, the openness of ecos, and the competition (no, not that competition). It's a good read, though it would be cool to see the same questions addressed at even greater length. Guess everyone has a time limit, though;) [Updated by timothy:] I flubbed, that should read "development snapshot of gcc," of course, not "development kernel." Stop hitting me.

You asked, they answer. Jon Lasser and Jay Beale decided to kick their answers back and forth a few times in the style of Crossfire -- at least if Crossfire guests were security-obsessed, literate hackers with a knack for finding gaps in Linux and Unix security. And don't forget the book creds: Jon wrote the excellent Think Unix (want to buy it, huh?), and Jay is plugging away at (and just plain plugging) his upcoming tome from Addison-Wesley,Securing Linux the Bastille Way.

Jay Beale: Before we get to the questions, let me make an announcement. I've just recently been hired by MandrakeSoft (makers of Linux Mandrake) as their Security Team Director. They're sponsoring my work on Bastille and I'm working to better their distribution's general security. SecurityPortal.com interviewed me about this specifically.

Now, the questions:

1) Target audience
by DreamerFi

Bastille is a great project, but ultimately it targets people who sort-of know what they are doing. How do you feel about projects like the NetBSD/i386 Firewall Project who (whilst having all sources available) targets people who have no clue other than "I need security" by giving them a firewall that has an install that's about as simple as one can make it? Is this just a matter of defining the target audience different?

Jay: Really, it's not entirely targetted away from newbies. In fact, I sorta thought it was newbie-friendly. In designing the Bastille Linux hardening script, we originally sought to make a basic script, that would simply go through the sytem making changes. It could shut down unneeded programs/daemons, tighten up permissions and deactive bad protocols like telnet. At some point, we realized that this would leave many people believing we'd broken something... So, we decided we'd make the script interactive, asking the user before turning off telnet. Unfortunately, this meant that many of the target boxes never got hardened much. Since people didn't know why telnet was bad, they'd leave it on. So, I became a writer! Bastille carries a large number of explanations, targeted to the new user/sysadmin. By the way, the reasoning on deactivating telnet goes like this:

• Telnet is cleartext, allowing third parties to sniff passwords
• Telnet sessions can be intercepted and taken over by a man in the middle, using a simple tool like hunt.
• Finally, telnet can be replaced easily by the much safer Secure SHell, ssh.

Jon: Setting up a firewall for people with no clue is an interesting problem. It requires that the person do pretty much nothing nonstandard: once you need to punch a hole in the firewall, all of a sudden you need to know a lot of stuff again. Alternatively, you could leave the firewall pretty much wide-open and just block a couple of things, which is much easier to do but doesn't add all that much security. Setting up a firewall properly is hard work, and requires specialized skills to do it right: I'm not comfortable setting up a firewall for a company to protect secret stuff, and I tend to recommend hiring a (qualified, competent, specialized) consultant for the job.

For Bastille, we try to fulfill both of those possibilities with a single piece of software. We try to both make it simple to use (lots of defaults that won't break stuff) but make it possible to lock the system down tightly. In either case, user education is key.

Of course, most people don't read documentation, so it's all in the script. You can lead a horse to water, etc., so we try to do that. Bastille seems (to me, anyway) friendly to newbies who read carefully and take the time to understand. I'm not sure how to really help the others anyway.

2) Breaking out the cluestick ...
by mosch

Given the world's largest cluestick with which you could assault every single SysAd on the planet, what clues would you distribute, other than the use of bastille, and the knowledge that there's life outside computers?

Jay: I'd have one major clue that I think supersedes most: Educate yourself! In terms of security, there's few solutions that can beat a clueful sysadmin. On the other hand, any solution you choose for security usually turns to mush when a clueless admin makes the wrong mistake with it. For instance, you might have incredible encryption on your passwords and such, but if you choose "bob" for a password, your system can usually be brute forced!

Jon: Yeah, that's pretty much it. The only clue worth having is the one that allows you to find the other ones on your own.

3) Security is a process, not a thing.
by Skapare

How will Bastille allow users to treat their computer and network security as a "process" (as Bruce Schneier is quoted to say). Are there tools to help users deal with security "events"?

Jay: We're working on integrating this. Right now, we've got something very rudimentary that checks to see if a cracker's sniffer has been installed on your system. We're working on more. I'm currently hacking up a series of scripts, like Tiger, that will examine the current state of the system for anomalies.

Jon: Security is a process, there's no question about it. When I've got a process that works pretty much the same every time, I turn it into a checklist. Bastille, when it comes down to it, is essentially a checklist that performs the tasks listed on it. So Bastille lets you automate your existing process.

Jay: Yes. A checklist. Actually, in these days of rapidly upgrading (read replacing) your distribution every three-six months, the only way to use a checklist as long as Bastille's is to automate it!

Jon: Software development is also a process; Bastille is in a constant state of development. As we find new things that need fixing, we go to the software development part of the process, then the release part of the process, and then the users hopefully take it to the upgrading process. :-)

(Hint: for this process to work, you need to participate.)

4) "Missing" features?
by Coz

A two-part question:

What features do you feel are missing from Bastille as it stands today, and aren't in the roadmap you have for the immediate future?

What elements of system security do you feel should be part of the "core" (if not the kernel) of the operating system, and why (in your opinions) aren't they there already?

Jay: Part I is a tough one. I think I'd like to see an amazing intrusion detection system integrated in. I've also got some ideas for new offshoots of Bastille that I'll need some time to develop before I bring them up. Part II is somewhat easier. I think an operating system should implement seperated "compartments" so that one root-level program can't tromp all over another.

Further, we really should move away from this simple Unix distinction of "root" and "non-root." We can get a lot more granular than that. We're already seeing this latter bit, such that my web server runs as user www, my name server runs as user named, and so on... I wish we could take this farther, as it would really curb the potential for remote root compromise. As for why we don't have it all yet, consider the huge effort to move to these models... Now, we're getting this, through add-ons. Medusa DS9 is bringing us compartments and system call ACL's that apply even to root. The Linux capabilities work is getting us further to a point where we can confine root's actions.

5) Question
by JCCyC

What were the top 3 most asinine security holes you ever encountered on a GNU/Linux distro?

Jay: There have been a number of security holes that looked dumb in hindsight! I think the more interesting question is this, "what security holes right now are going to be seen as stupid later?" We're going to think that there shouldn't have been nearly so many world-executable setuid-root programs. We're going to seriously question having network-accessible system daemons (ftp, dns, web...) running with root authority. Luckily, we're just starting to question this now. Let's see where it goes...

Jon: I'm with Jay on this one. I don't think that any of the decisions that distributions make are particularly stupid, they're just aimed at different markets.

For example, I don't really think it's possible to completely secure either SuSE or Debian, due to the sheer number of packages included. That doesn't mean that this is the wrong decision to make, it's just aimed at a different population with different needs. (Of course, you can install either of those distributions perfectly well -- but you can't install everything, and you need some more knowledge to do it right than on some other platforms.)

6) Configuration
by FeeDBaCK

In what way does Bastille differentiate between different types of installs? Does it prompt the users about services? Will it shut off my apache service if I plan on making this machine a web server?

What third party tools do you install/recommend to help with the hardening of the system? Tripwire? tcpserver?

Do you incorporate any form of checking when doing your install to ensure that the box has not already been compromised, such as checking for common trojans/backdoors?

Jay: Oh no, another multiple-part question. OK, first, Bastille doesn't really do this distinguishing for you, when run in the default interactive mode. You make the choices, turning off services that you don't need, tightening the configuration on those you do. Second, I strongly recommend Tripwire. It's really the only way to know if your system has been compromised. I'd also recommend replacing your mail daemon with Postfix, as it's got an incredibly secure design. Third, no, we don't. Damn, that's a good idea. FeeDBaCK, want to help us develop that? E-mail me.

Jon: If the box has already been sufficiently compromised by a sufficiently capable and dedicated individual or group, it's a technical impossibility to detect it. Let's say you've cracked the box and installed some custom kernel modules that will report 'correct' file contents for, say, your PAM library even though it's been changed. Tough to do? Yeah. But possible. How would you defend against this?

That's not to say we shouldn't try, but I don't think we can provide adequate assurance on the issue ...

Jay: Jon's got a good point here. But we can, as FeeDBaCK suggests, do at least the trivial first measure of looking for known trojans.

7) Debian?
by luge

Do you guys have any plans to do something similar for Debian, or have others approached you about it? I'd love to apt-get install bastille, and have it do something similar to what I've heard it does for RH. Anyway, even if you don't, keep up the good work.

Jay: We are planning on it. I'm working on a new architecture, which makes it easy to extend Bastille to other distributions without doing the classical "porting" work. We'll include Debian and even Slackware! Watch freshmeat or our announcements list -- when we're in beta quality, I'll announce.

8) Not such a good name for a distro ...
by AFCArchvile

..especially if you want to convey security. Do you remember your late 18th century European history? Right. The Bastille in France was invaded and destroyed, prisoners were liberated, and the monarchy was overthrown by that terrible harbinger of death, La Guillotine.

I'd hate to see any Bastille Linux-oriented viruses or trojans. Maybe there will be one which triggers on July 14th of every year and echoes on the screen: "Libert=E9! Egalit=E9! Fraternit=E9!"

For more historical stuff on Bastille Day, check out this link to the French Embassy.

Jay: OK, so maybe it was a tough name. To tell you the truth, this year's July 14th LinuxSecurity.com interview hit on my birthday ... For the official answer, I'll let Jon pipe in here ...

Jon: Yup, all that bad stuff happened. But the building wasn't the problem: the building was incredibly secure by any standard. The problem was the administration.

So it is with computers.

Besides, we're not a distribution. :-)

9) Why is Bastille Necessary?
by DG

In a perfect world, the Bastille scripts would be unecessary, because the default installation of the distribution would have been hardened from the get-go.

Why do you feel that various distributions are so insecure by default? What are the most common mistakes they make? What kinds of changes need to happen at Red Hat to make your scripts unneeded?

Jay: Well, some of the insecurity comes from trying to reduce phone support costs. Consider for a second what would happen if Red Hat deactivated telnet on their machines, for the reasons I stated above. How many man-hours would go to the five-minute telephone calls, explaining to newbies that telnet was insecure and that ssh was a valid replacement? On top of this, remember that vendors are constantly being pushed to add more and more features. This often flies right in the face of effective security, which is generally much more minimalist.

The thing is, really, that it's not always as clear-cut as "mistakes." The most secure installation is utterly and completely useless. Much of what Bastille's actions make the system at least "inconvenient" and often require user/sysadmin education. Bastille-type hardening programs will always be necessary, especially for Red Hat, a company which has to keep its distribution featureful, easy to use, and convenient.

Jon: Convenience and security are almost always inversely proportional. Red Hat's target market has a whole bunch of people whose goal is to get a web server on the Internet in sixty minutes or less; higher security would only be a barrier to their customers' goals. They know their target market better than we do, but our market is for people who need something else.

Also, I think it's very unfair to single Red Hat out. We picked them as our first target due to their market penetration in the US and the relative ease of securing it, due to the limited quantity of stuff it installs.

Jay: I have to agree with Jon again here. I'll stop before I get on my rant, but companies develop where their users/customers ask them to. People are not asking Red Hat or MandrakeSoft or any other vendor for greatly enhanced security -- they're asking for more convienence, easy of use and a massive feature set -- and they're asking for it without much regard for the effect on security. This isn't intentional. The users just don't know better yet. This is where education must come in. (End rant)

10) Distribution specific, etc.
by matman

I have two questions actually.

The first: do you plan to make a non-distribution-specific hardening program/system/script? If so, how? It would be neat to have a consensus between distributions on file locations, etc to make this easier; do you plan on working with other distributions to come up with some sort of common interface or environment?

The second: do you plan on including any kernel-based capability, IDS, or ACL addons? A good default use of these features would greatly increase the security of linux in general, but they are prohibitively complex for most users. Thus, these are great things to have taken care of by the system -- do you plan on working on something to control these things (semi)automatically?

Jay: Yes, definitely. In fact, I'm currently working on a new internal architecture that easily supports this. In essence, we simply have to keep track of and store more data about each distribution. On top of this, we have to check the state of the system more thoroughly, looking for general files, instead of packages. We'll be able to support a lot more than just Red Hat Linux and Linux Mandrake.

Unfortunately, I don't think we'll ever get to the point where we can dictate file locations to the distribution makers. They're not even maintaining the same file locations from release to release! I think it's mostly an issue of preference for their individual package maintainers, really.

As for kernel-level capabilities/ACLs, I'm highly interested in this. I think the implementations are still immature, but it'll be exciting. Usability will be tough, but I think it can be achieved. We can make this optional for new users and perhaps only place restrictions on small parts of the system. This stuff shows a lot of promise.

A final meta-question
by Jay

The question everybody asks, in a million different ways (sorry, I'm not going through the thread again to pick out users; you know who you are):
Why do this? Why not just use OpenBSD?

Jon: Because people use Linux. Ultimately, standard is better than better. For most tasks, most of the time, assuming that the stuff meets minimum qualifications, it's better to have a single platform than multiple platforms that fulfill different needs.

Besides, a fair part of OpenBSD's security comes from its feature-limited default installation. They've been subject to the same FTP and DHCP exploits as everyone else, only the features aren't enabled by default. Heck, they're not enabled by default for most classes of Red Hat installs either. But people use them.

I'm not opposed to auditing, and I'm not opposed to more secure defaults. But most boxes sure seem to me to be hacked via holes that are known, that have been out for months, in services that aren't being used, and that haven't been patched. We speak to those systems first, since the low-hanging fruit is so extensive.

Jay: Yup. Further, Linux has room to surpass OpenBSD, in my opinion. Linux developers are doing more kernel-level security work, because of Linux's popularity as a standard. OpenBSD, as Jon points out, misses vulnerabilities, because their auditors are human and non-omniscient. Kernel-level security solutions, like Medusa DS9 or WireX's Immunix technology, are the only way to really stop the vulnerabilities that the audits miss. Linux can really rocket ahead here and I think the whole Bastille project will be eager to help.

In closing, please allow me to give some credit where it's due. You can read about this on the web pages: Bastille's and mine. Pete Watkins deserves serious praise for developing and sharing a great firewall. He's also helped take charge of Bastille 1.x enhancements. Sweth C. and Mike Rash have done great work in helping to build new modules and hack existing code. And Yoann V.'s ramping up the new architecture with me -- Bastille will be his baby too, soon. Bastille has benefited from a number of collaborators and sponsors, many of whom you'll find in future CREDITS files.

Sam "Criswell" Hart asks: "I have been using Red Hat on my machines since RH4.2. The reasons were largely due to bandwidth issues and the fact that I could always get the latest RH ISOs for free. However, since 6.2 I have been disappointed with RH, and 7.0 with its not-quite compatible GCC would be very bad for my free-software projects. I have been thinking of switching to Caldera or possibly to Mandrake. However, I am spoiled by the fact that I can just pop in a new RH CD and upgrade my existing system quite painlessly. Because there are so many other RPM-based Linux distros out there, and they have update options, are there any (esp. Mandrake or Caldera) which can relatively easily update systems based on other distros? For example, anyone have any success or troubles trying to upgrade a RH6.2 system with Mandrake 7.2? Is it possible, or is there something significant blocking such a thing?" While updating a system with software intended for another distribution isn't necessarily good idea, are there utilities out there that can perform the necessary operations needed to convert an existing system from one flavor of Linux to another?

You've got to give Linux-Mandrake publisher Mandrakesoft credit; their distribution deal with MacMillan Software is spreading their latest release to places Linux has never gone before, including Wal-Mart and other major retail chain stores.

The word we got last week from Bill Gardner, MacMillan's product manager for Mandrake titles, was that the boxed Mandrake 7.2 "desktop" version wasn't supposed to show up on store shelves until around November 10, but it's already out there. I've spotted copies in my local Wal-Mart, and others have emailed me to say they've seen Mandrake's new "Penguin and Star" logo on software boxes in other Wal-Marts around the U.S.

Another thing on those boxes is this quote:

"Linux users have dozens of choices; after testing the most popular ones, Mandrake... seems best for a first timer."

--Robin Miller, The Washington Post, June 2000

Hey! That's me!

Back in June, of course, I was talking about Mandrake 7.1, and the version I was using was the "deluxe" package that came complete with virtually every free -- as in either speech or beer -- piece of software you could possibly want to run in Linux. I installed 7.1 glitch-free on a number of desktops and laptops, set up my printing, my networking and my dialup connections with no problem, and away I went, doing anything and everything I -- or almost any home or small office computer user -- could possibly want to do in the course of the average workday. I didn't need all the packages that came with the big 7.1, not by a long shot. But it was nice to know they were there if I did need them, and when code-developing friends stopped by I had their favorite compilers and other tools handy on my machines for them to use, which is nothing more than straight-up, down-home hospitality in the social circles in which I seem to move these days.

"Complete" 7.2 comes with none of these tools. In fact, it is so stripped and bare that it offers little more functionality than Windows. Perhaps that is the point: to be as Windows-like as possible; to offer nothing more than a low-cost desktop operating system alternative for Wal-Mart shoppers who might otherwise buy Windows ME. If so, this distro is a qualified success; a new user can probably get it installed and running without a whole lot more work than it takes to do a Windows install or upgrade, and with about the same (zero) amount of command line use.

This is good.

What is not so good is that the GUI installer seems less than totally stable. Three LUG-buddies and I have now installed retail 7.2 Mandrake on a total of four desktops and three laptops, at least three times on each computer, and our results have been inconsistent -- and generally unrepeatable, in that niggling problems we had with one install didn't crop up in the next one, even on the same machine. We also found that some of the things new users might think the installer will let them do -- like back up a step or two in the installation process -- are bad ideas. Indeed, one thing we learned early in our testing was that if we had any problem at all with an installation attempt, it was best to give up, shut down, and start over from scratch.

Our attempts to update previous Mandrake installations using the "upgrade" option presented in a handy dialog box were total failures. Perhaps this feature looked good in Mandrake's labs and caused no problems for MacMillan's quality assurance people, but we couldn't get it to work reliably.

The funny thing is, the downloadable version of Mandrake 7.2 that has been available since last weekend gave us no major problems with either raw installs or upgrades, and as long as we stuck to clicking "okay" on the defaults, the installation process was just as simple as with the retail version -- and we got a lot more usefulness for our efforts. Like Pine, and through Pine, Pico, the simplest and most basic text editor around for fast script or shell modification. Yes, I know the average Wal-Mart Linux buyer probably won't do a whole lot of CLI work, if any, but the second that theoretical person calls for help from a Linux-knowing friend or neighbor, he's going to hear, "Where's Pico? Or Emacs?" (At least vi is there, which is going to warm some hearts even while it leaves others a bit cold.)

When compared with Windows for stability and overall utility, there is no question that the retail "desktop" version of Mandrake 7.2 is a winner; it comes with and automatically installs StarOffice and other packages that will make Windows users feel right at home, including a whole stack of cool little games. But not all of these packages install on their own if you select the "normal" install. For some reason, the only way to get most of the included packages onto your hard drive during the installation is to use the "custom" option instead of the "complete" option, which doesn't seem to make much sense. (The official Mandrake justification for this is that Mandrake adjusts to available hard drive space and root partition size, but I found the same glitch even on a 30 GB hard drive with a 4 GB / partition, which ought to be more than enough space for every piece of user-level Linux software you could ever want to own.)

The only important thing (for an ordinary user) the boxed set included that we didn't find in the downloadable version was StarOffice -- because it isn't GPL-licensed, as is every single package included in the download. I had a copy around (on my 7.1 CD set), and almost every LUG probably has StarOffice CDs hidden away somewhere. If not, it can be downloaded from many mirror sites, and say what you will about StarOffoce, it is one of the easiest pieces of Linux software to install that has ever been released, so the fact that it isn't included in the Mandrake download is not a major inconvenience.

But one thing the boxed set did lack was KDE 2.0; the version it came with, no matter what the manual said, was one of the last prerelease betas, not the real thing. I don't know if this made much difference; I detected no flaws that affected my work in any way, but it still left a bit of a bad taste in my mouth.

There are a number of other silly little problems in both boxed and downloadable 7.2. One is with DrakSync, a GUI wrapper for rsync that allows point-and-click updating of files or directories between two computers, in my case the desktop I use at home and the laptop I carry when traveling. I could not get DrakSync to work. Steve Killen, one of the freshmeat appindex maintainers, couldn't get it to work. All-around Linux stud Nick Kosten couldn't get it to work. Mandrake developer Chmouel Boudjnah got it working after several tries, and claimed that he did nothing that we couldn't have done on our own. Perhaps this is true; with better onscreen instructions and a useful help file or man page, neither of which was provided, we probably would have had no problems.

Personally, I believe that including broken, incomplete or badly documented software in a commercial distro is wrong, even if you are rushing to meet a contract shipping deadline set by a retail giant like Wal-Mart. Like a Web site with broken links, it makes you wonder about the reliability of the rest of what you get. A contributed package that doesn't work quite right might be marginally acceptable, but a utility that has the company's name on it, and supposedly has the company's reputation behind it? It should work without problems, especially if it is a GUI utility aimed at simpleminded point/click users (like me).

CUPS, the Common Unix Printing System, was perhaps the greatest frustration. The only reason it works on my network at all is because Mandrake developer Chmouel Boudjnah sat here, in my home, and messed with it for several hours. And he had to call headquarters to get help. Without this level of support (which is only available to people who are quoted on the product box), I doubt that a typical user-level person would be able to configure CUPS across a network that runs on a server that also functions as a 'net gateway, which is a common home or small office network configuration. This may not be a big deal for a Wal-Mart shopper who only has one computer, but more and more of my neighbors have multiple computers in their households -- and this is in a blue-collar trailer park, not an upscale housing development, where multicomputer households are probably even more common than they are in my humble neighborhood.

The largest benefits Mandrake 7.2 offers over 7.1 at this point are KDE2 and the lovely KOffice. It also has more security options -- probably the widest range available to point and click Linux users -- a bunch of cool new games, and default 3-D acceleration support, something Chmouel says is currently offered by no other commercial Linux distribution.

If you are using a standalone computer (or don't need network printing), and you are eager to play with these new features -- and to get one of the prettiest bootup sequences you ever saw -- you may want to install 7.2 in its present state.

Otherwise, you'd be better off waiting until a more mature version is available for download. And if you prefer to get your software on CDs in factory-packed boxes, you will want to wait -- not long, Chmouel says -- until an updated version of the current 7.2 or the about-to-be-released "Power Pack Deluxe" set, hopefully with most of the current bugs and documentation problems repaired, is available either in stores or directly from Mandrake or MacMillan.

You've got to give Linux-Mandrake publisher Mandrakesoft credit; their distribution deal with MacMillan Software is spreading their latest release to places Linux has never gone before, including Wal-Mart and other major retail chain stores.

The word we got last week from Bill Gardner, MacMillan's product manager for Mandrake titles, was that the boxed Mandrake 7.2 "desktop" version wasn't supposed to show up on store shelves until around November 10, but it's already out there. I've spotted copies in my local Wal-Mart, and others have emailed me to say they've seen Mandrake's new "Penguin and Star" logo on software boxes in other Wal-Marts around the U.S.

Another thing on those boxes is this quote:

"Linux users have dozens of choices; after testing the most popular ones, Mandrake... seems best for a first timer."

--Robin Miller, The Washington Post, June 2000

Hey! That's me!

Back in June, of course, I was talking about Mandrake 7.1, and the version I was using was the "deluxe" package that came complete with virtually every free -- as in either speech or beer -- piece of software you could possibly want to run in Linux. I installed 7.1 glitch-free on a number of desktops and laptops, set up my printing, my networking and my dialup connections with no problem, and away I went, doing anything and everything I -- or almost any home or small office computer user -- could possibly want to do in the course of the average workday. I didn't need all the packages that came with the big 7.1, not by a long shot. But it was nice to know they were there if I did need them, and when code-developing friends stopped by I had their favorite compilers and other tools handy on my machines for them to use, which is nothing more than straight-up, down-home hospitality in the social circles in which I seem to move these days.

"Complete" 7.2 comes with none of these tools. In fact, it is so stripped and bare that it offers little more functionality than Windows. Perhaps that is the point: to be as Windows-like as possible; to offer nothing more than a low-cost desktop operating system alternative for Wal-Mart shoppers who might otherwise buy Windows ME. If so, this distro is a qualified success; a new user can probably get it installed and running without a whole lot more work than it takes to do a Windows install or upgrade, and with about the same (zero) amount of command line use.

This is good.

What is not so good is that the GUI installer seems less than totally stable. Three LUG-buddies and I have now installed retail 7.2 Mandrake on a total of four desktops and three laptops, at least three times on each computer, and our results have been inconsistent -- and generally unrepeatable, in that niggling problems we had with one install didn't crop up in the next one, even on the same machine. We also found that some of the things new users might think the installer will let them do -- like back up a step or two in the installation process -- are bad ideas. Indeed, one thing we learned early in our testing was that if we had any problem at all with an installation attempt, it was best to give up, shut down, and start over from scratch.

Our attempts to update previous Mandrake installations using the "upgrade" option presented in a handy dialog box were total failures. Perhaps this feature looked good in Mandrake's labs and caused no problems for MacMillan's quality assurance people, but we couldn't get it to work reliably.

The funny thing is, the downloadable version of Mandrake 7.2 that has been available since last weekend gave us no major problems with either raw installs or upgrades, and as long as we stuck to clicking "okay" on the defaults, the installation process was just as simple as with the retail version -- and we got a lot more usefulness for our efforts. Like Pine, and through Pine, Pico, the simplest and most basic text editor around for fast script or shell modification. Yes, I know the average Wal-Mart Linux buyer probably won't do a whole lot of CLI work, if any, but the second that theoretical person calls for help from a Linux-knowing friend or neighbor, he's going to hear, "Where's Pico? Or Emacs?" (At least vi is there, which is going to warm some hearts even while it leaves others a bit cold.)

When compared with Windows for stability and overall utility, there is no question that the retail "desktop" version of Mandrake 7.2 is a winner; it comes with and automatically installs StarOffice and other packages that will make Windows users feel right at home, including a whole stack of cool little games. But not all of these packages install on their own if you select the "normal" install. For some reason, the only way to get most of the included packages onto your hard drive during the installation is to use the "custom" option instead of the "complete" option, which doesn't seem to make much sense. (The official Mandrake justification for this is that Mandrake adjusts to available hard drive space and root partition size, but I found the same glitch even on a 30 GB hard drive with a 4 GB / partition, which ought to be more than enough space for every piece of user-level Linux software you could ever want to own.)

The only important thing (for an ordinary user) the boxed set included that we didn't find in the downloadable version was StarOffice -- because it isn't GPL-licensed, as is every single package included in the download. I had a copy around (on my 7.1 CD set), and almost every LUG probably has StarOffice CDs hidden away somewhere. If not, it can be downloaded from many mirror sites, and say what you will about StarOffoce, it is one of the easiest pieces of Linux software to install that has ever been released, so the fact that it isn't included in the Mandrake download is not a major inconvenience.

But one thing the boxed set did lack was KDE 2.0; the version it came with, no matter what the manual said, was one of the last prerelease betas, not the real thing. I don't know if this made much difference; I detected no flaws that affected my work in any way, but it still left a bit of a bad taste in my mouth.

There are a number of other silly little problems in both boxed and downloadable 7.2. One is with DrakSync, a GUI wrapper for rsync that allows point-and-click updating of files or directories between two computers, in my case the desktop I use at home and the laptop I carry when traveling. I could not get DrakSync to work. Steve Killen, one of the freshmeat appindex maintainers, couldn't get it to work. All-around Linux stud Nick Kosten couldn't get it to work. Mandrake developer Chmouel Boudjnah got it working after several tries, and claimed that he did nothing that we couldn't have done on our own. Perhaps this is true; with better onscreen instructions and a useful help file or man page, neither of which was provided, we probably would have had no problems.

Personally, I believe that including broken, incomplete or badly documented software in a commercial distro is wrong, even if you are rushing to meet a contract shipping deadline set by a retail giant like Wal-Mart. Like a Web site with broken links, it makes you wonder about the reliability of the rest of what you get. A contributed package that doesn't work quite right might be marginally acceptable, but a utility that has the company's name on it, and supposedly has the company's reputation behind it? It should work without problems, especially if it is a GUI utility aimed at simpleminded point/click users (like me).

CUPS, the Common Unix Printing System, was perhaps the greatest frustration. The only reason it works on my network at all is because Mandrake developer Chmouel Boudjnah sat here, in my home, and messed with it for several hours. And he had to call headquarters to get help. Without this level of support (which is only available to people who are quoted on the product box), I doubt that a typical user-level person would be able to configure CUPS across a network that runs on a server that also functions as a 'net gateway, which is a common home or small office network configuration. This may not be a big deal for a Wal-Mart shopper who only has one computer, but more and more of my neighbors have multiple computers in their households -- and this is in a blue-collar trailer park, not an upscale housing development, where multicomputer households are probably even more common than they are in my humble neighborhood.

The largest benefits Mandrake 7.2 offers over 7.1 at this point are KDE2 and the lovely KOffice. It also has more security options -- probably the widest range available to point and click Linux users -- a bunch of cool new games, and default 3-D acceleration support, something Chmouel says is currently offered by no other commercial Linux distribution.

If you are using a standalone computer (or don't need network printing), and you are eager to play with these new features -- and to get one of the prettiest bootup sequences you ever saw -- you may want to install 7.2 in its present state.

Otherwise, you'd be better off waiting until a more mature version is available for download. And if you prefer to get your software on CDs in factory-packed boxes, you will want to wait -- not long, Chmouel says -- until an updated version of the current 7.2 or the about-to-be-released "Power Pack Deluxe" set, hopefully with most of the current bugs and documentation problems repaired, is available either in stores or directly from Mandrake or MacMillan.

Yes, Mandrake 7.2 is ready for download. It hasn't been officially announced or spread to all the usual mirrors yet, but word crept out yesterday on mandrakeforum.com. Be patient if you can't get through at first; you know how these things go; and keep an eye on the official Mandrake site for further news. This release is nice advance over Mandrake 7.1 or 7.0, worth downloading and installing (if you're a Mandrake user) for KDE 2 and KDE Office alone, both of which are incorporated into it. I got a small head start and played with 7.2 a bit last night, and found both some neat stuff and a few small but interesting usability gaps.

The first thing I found myself wondering when I logged in as root was, "Where's my CD supermount icon?" It wasn't there in root. Only users see it. Yes, you can do the usual command line mount/unmount, but isn't the point of Mandrake to be as close to 100% pointy-clicky adminable as possible?

A new Linux user trying to install (say) StarOffice on Mandrake 7.2 from a CD is going to be doing a fair amount of needless head-scratching. It was frustrating to pop in a StarOffice CD as a user and try to install it, only to get a "KPACKAGE has to run as ROOT" error message, then to log in as root and not find an obvious, E-Z method of reading files from a CD. Whether this is the fault of KDE or Mandrake I do not know, but it is a needless bit of hassle.

Another thing that threw me and my friend Joe (who owns Amnet Computer and helped me with the test) was that not only was RealPlayer not included, let alone pre-installed as a Netscape plugin as it was on the previous Mandrake releases we have gotten used to using, but that no PDF reader was preset as a plugin. Mandrake has spoiled us in previous releases, we freely admit, but we wish they would keep us spoiled. It is not hard to install Netscape plugins, but we're busy people so the less time we take setting up a new system the happier we are.

CUPS, the new Common Unix Printing System, was dirt-simple to set up for the Epson Stylus Inkjets both Joe and I own -- as local printers. We were not able to get our printers running through our networks with CUPS. The GUI configuration tool looked simple, but apparently wasn't. Perhaps smarter people can get it to configure network printers, but someone used to Windows probably will probably give up on network printing with CUPS fairly rapidly.

KOffice has been well-described (and rightfully praised) elsewhere; it is a beautiful piece of work. All the Windows people who claim they can't switch to Linux because they need PowerPoint have just lost that excuse. I was able to make a nice-looking slide show in KPresenter after only a few moments of trial and error. Other KOffice components are just as slick, and the new KDE desktop is a thing of beauty, in my personal opinion far more attractive than the default Windows desktop.

The Mandrake 7.2 install itself was flawless; when we followed the defaults (which means about all you have to do is select a keyboard language, then click "yes" several times) and selected "all packages" we didn't have much more to do besides watch The Simpsons. We tested both a low-end desktop computer Joe had just assembled and my Sager (essentially generic) laptop, and had no problems with either of them. Even the laptop's sound and video autodetected correctly and started right up. The only grumble Joe had (in part because he likes to grumble) was that it's about time for Mandrake to start providing support for Winmodems whenever possible; the low-cost motherboard in the desktop we used for our test had a Winmodem built in, and Joe said it was one for which Linux support is now available.

All in all, this was about as fine and easy a newbie-level Linux install as you can get. Yes, we all know Mandrake's partition scheme is not as cool as the preferred Debian one, or even Red Hat's, but Mandrake isn't aimed at old Unix/Linux heads, and its default partitions seem to do the job just fine.

If you download and install Mandrake 7.2, I would appreciate it if you would either post your experience below or email me to let me know how it goes. A Mandrake developer is supposed to be at my house Wednesday to help figure out some problems we had installing and configuring the retail sale version of Mandrake 7.2 they sent me -- a level of service most users can't expect from any software vendor. But dealing with the "boxed set" (and the reason Mandrake is giving me this level of personal attention) is another story for another day, one I hope to have for you either late this week or early next week.

James Cownie asks: "The Linux kernel development is an open process, we all know that, but, as an unknown in the community it seems impossible to attract the attention of anyone on the kernel list. I'm not trying to reimplement huge kernel subsystems or do anything major, but I found a genuine kernel bug, documented it and submitted a patch on the kernel mail list; to be met with complete and utter silence. Just as if no-one had read my mail at all. I can stand and react to abuse, or requests to fix my patch, or whatever, but what can I do in response to silence?" UPDATED

"I can't mail Alan Cox (who seems the right person for a fix to 2.2) directly because he rejects all mail from folks he doesn't know. Since the bug causes problems for gdb I mailed the gdb developer list, but also met with silence. So, how can I get someone to take notice? If no-one does, what's the point of an 'open' process? I may as well not bother."

First off, a good deal of patience is necessary when dealing with developers, they can be extremely busy when it comes to dealing with the pressures not only from their day jobs, but also from their code, their other hobbies and whatever time is left over for them to have lives to themselves. Even on internet time, certain things (like bug reports) will slip thru the cracks and seemingly fall into the ether...a few times, this might be the case, most often though, it is not and the developer just hasn't gotten to your bug/comment/suggestion yet.

A suggestion to developers: If you haven't looekd into this, it might not hurt to automate some form of reply stating your situation so that you don't alienate users by your non-response.

Thoughts?

Update: 09/05 11:50 PM by C : Alan Cox had this to say via email:

"I can't mail Alan Cox (who seems the right person for a fix to 2.2) directly because he rejects all mail from folks he doesn't know."

This is wrong. I reject mail from sites in ORBS, RBL or other major spam block lists.

A few things I'd suggest:

1. There is a REPORTING-BUGS file in 2.2/2.3 kernels
2. You should start with MAINTAINERS in the kernel for kernel bug reports
3. If its a vendor supplied kernel start with the vendor bug report system such as http://bugzilla.redhat.com/bugzilla [for Red Hat]. ( C : There's also Debian's bug reporting system at http://www.debian.org/Bugs, and the one for Mandrake-Linux at http://www.linux-mandrake.com/bugs, for other flavors of Linux, check your vendor's homepage)

#3 is important. Vendor kernels rarely match the default due to timing issues, desire to ship stuff like USB, Reiserfs, 3D acceleration and more."

As I said, the developers are listening. You just might need to take the time to find the right communication channel. For a bug report to be worth something, it has to end up in the right place.

dclatfel writes "Just wanted to let everyone know that the latest beta of Mandrake for Intel is up - 7.2 Beta - and it's called Ulysses. (Now where is that Golden Fleece?)" They've got notes regarding it as well - KDE 2 Beta 4, and Gnome 1.2, as well as XFree86 4.01 as the default X server.

dclatfel writes "Just wanted to let everyone know that the latest beta of Mandrake for Intel is up - 7.2 Beta - and it's called Ulysses. (Now where is that Golden Fleece?)" They've got notes regarding it as well - KDE 2 Beta 4, and Gnome 1.2, as well as XFree86 4.01 as the default X server.

With a planned move to San Francisco next summer, last week saw San Jose's last Linux World Expo, at least for now. The future as always is stubbornly uncertain, but it's impressive that the serendipitous combination of Free tools (from GNU) and a Free kernel (from Linus) has inspired enough interest and prosperity to excite a larger group of people each year. If you've not had the chance to attend one of these expositions, we hope this article will give you a flavor of what it's like. Note: Here are a few pictures from the floor (Day 1 & Day 2) contributed by Sensei^); do you have any cool shots to link to in comments?

First, the prelude: If you've worked on the pre-show aspects of anything from a high-school play to a LAN party, you know all those booths, displays, people and computers don't materialize by themselves. For several days before the show floor opened on Tuesday, forklift crews zipped cargos of wooden, fiberglass, plastic, aluminum and steel cases from moving trucks to exhibit spaces. These contained banners, snap-together modules, computers, lighted signs -- and Yes, more gratis logo-imprinted toys than you can wave a TuxTops LED light at.

Spiderwebs of CAT-5 and electric cord (run beneath the show floor) sprouted from the centerpoints of many booths, with strands for each computer to be connected to the Net during the show. Rolls of padding and carpet came next, then the slow assembly of display booths. These ranged from no-nonsense fabric partitions that housed companies like TuxTops and Sendmail (and legions of volunteers from PerlMonks, the Simple End User Linux project, Flightgear, and many others), to elaborate constructions with motorized signs, projected lasers and huge illuminated logos. Note: Slashdot (the site) was put together last week mostly from the comfy chairs of the PerlMonks booth.

The "C" (as in conference) part of LWCE got started on Monday, and for the days that followed, attendees got instruction -- on everything from Linux security to evangelizing Free software to their bosses-- in half-day doses. Meanwhile, the setup work continued into the wee hours, as exhibitors raced the clock to make sure that at least their signs, if not their networks, were up for the next day. And at the OSDN booth (home of the red-carpeted Slashdot stage and beanbags), prep work included stacking thousands of boxed distributions of Debian, and attempted to pawn a few copies off on every passer by.

Tuesday morning, at a shade before 10:00, visitors willing to miss Michael Dell's keynote began to stream into the halls, on a quest to find new distros, old friends, and swag. It's amazing what companies will give away in order to snag a little nook in your brain. Besides the usual trinkets (keychains, T-shirts, stickers) and the distributions that a Linux show would be empty without, booth visitors were handed everything from knives (Sendmail) to cute monkeys (Helixcode) to embarrassing pictures of themselves (BSDi), as well as too many toys with embedded LEDs to bother counting. Rather than a full swag accounting (which would only annoy those unable to attend), let me just say that you won't hurt for toys when the chance presents itself. (CT:I just wanted to note that VA gave away 2300 pounds of shrink-wrapped boxed Debian. Like 5000 copies. It was beautiful)

The things on display around the LWCE floor were more interesting than the toys, though. (And unlike a museum, most were available for hands-on demonstration, not hidden behind glass.) Indrema showed a prototype player (not in the sleek black box you see on their Web site, but still sporting that cool blue LED) hooked up to a HDTV display, playing a very fast game of Quake. (CT:Actually it was an HDTV demo, they promised the real deal will be less vaporous before I have children) In the Intel booth were server clusters populated with quad Itanium processors, demonstrating failover when one system was rudely but intentionally shut down. The amazing-like-emacs-is-amazing Flightgear project showed a really nice looking demo which is enough incentive by itself to invest in a better video card for my system so I can play with it.

Both Helixcode and Eazel made their first LWCE appearance this time around, exciting for those filling their anti-FUD cannon for the perpetual "Linux is tough to use" argument. The Eazel folks showing off Nautilus seemed to be all but cackling as they showed off the smoothness of the zooming information available for documents and the cool music-integration abilities it contains. It would have been cool if they'd had some sample CDs, but they promise a developers' release soon. (CT:They also promised .deb's, but I'll believe it when I see it. The UI was awesome, I just hope that someone hacks in something like the GUI command line in EFM)

Considering that Sun was showing off the GNOME desktop on Solaris (hinting at its inclusion in stock Solaris systems sometime very soon, too) and that the GNOME project itself was not only in one of the small booths against the wall but the subject of a big announcement -- about the advent of the GNOME Foundation -- it looks it's showing up everywhere. Happily, there seems to be no shortage of room for window managers right now: the KDE folks were also there not only in their own booth, but showing up in software demonstrations all over the floor, as SuSE, Caldera and others demonstrated the very slick KDE 2.0. (Can't we all just get along, anyhow?)

SuSE, by the way, was the only distributor I noticed showing off Linux on Apple hardware, and their current distro was sweet and fast on a G4. Beyond the curious lack of Apples, and the obvious ubiquity of x86 machines, there were machines based on everything from microcontrollers to StrongArm, MIPS, Alpha, Itanium ... even the IBM S/390s which have gotten attention for the ridiculous number of concurrent Linux systems they can support.

For all the cool hardware and cusp-of-reality, bleeding-edge distros, it's interesting that the announcement which seemed to generate the most buzz of the entire show was the long-awaited release of Debian's Potato. Considering the reputation that Debian has for intelligent upgrading, stability, and diligence in guarding the license of the software which makes it up, it's not as surprising as it might otherwise be that Debian's new release made people sit up a bit more than the newest offerings from the large commercial distros.

(CT: Also extremely impressive was the Pocket Linux booth, where they actually had iPaq's running Linux. The first dude that demoed the box to me was very nice, but what I really wanted to see was X11 running on it ... oddly enough, I encountered one of his cohorts in the bar later that night who showed it to me: X, xeyes, xterm, and twm running on an iPaq. When they get the wireless action going on these things I'm totally there ... I'll just need to hack minimalist interfaces onto pronto and my MP3 player software and use the thing as a portable X terminal on the local 802.11 wireless lan. Yum.)

Oh, and there were people on the floor as well -- close to 20,000, all told. I met some folks I've known previously only through IRC, and quite a few I might never have otherwise encountered.

It's interesting to see in the space of a few hours many of the smart people who you may experience vicariously through writings, speeches, code, art or IRC chatter -- and it also belies the idea that software celebrities of the Free software world are becoming celebrities of the traditional variety, since everyone from ESR to Jon "maddog" Hall (and Linus himself) are willing to talk to anyone who catches up with them long enough to say hello. The atmosphere (especially outside the mondo corporate-castle booths) is mellow and accomodating, and suprisingly so even within most of those castles. There were undoubtably personality conflicts at work, but it seems like most people have the good grace to deal nicely with each other for these few days at least.

At the close of each day, people shuffle out to drop laptops, T-shirts and bags of stuff at their hotels, then thousands of them show up to parties sponsored by companies from AMD to Red hat to VA, which are full-blown events in themselves. Mandrake's party, for instance, had go-go dancers in cages, which may be the most bacchanal thing I have ever witnessed. Ironically, though, many coders couldn't attend even events sponsored by their own companies, or thrown in the honor of their projects, because of strict carding policies. Wouldn't a chem-free party or two be a thoughtful way to include people?

(CT: This has been a consistent problem for several years. Although I know at "Someones" party (no names *grin*) they weren't carding, and I recieved many a happy note from fellow attendees proclaiming that they were able to get in. The parties themselves weren't bad: the OSDN/Potato release party was fun, with San & Zak spinning the tunes (next time we'll force CowboyNeal to scratch for us under threat of death). They had 2 buildings: one was a pool hall, where we tormented The Pope for nearly an hour, carefully distracting him, and then returning his balls to the table. He never noticed. We also met up with Nitrozac from After Y2k, and I snuck accross the street to the Eazel party for a bit, and got to meet Dave "You might remember me from cheat codes in some first person shooter" Taylor.) Attendeees mostly filed out for flights or drives home Thursday and Friday, but some are still in San Jose for the Intel Developers Conference, or otherwise enjoying the Northern California weather. It's a strange familiarity that many of them will feel when the next big conference rolls around, to see many of the same fellow attendees or workers -- of course, by the time the next big conference happens, perhaps we'll all be too excited by the release of 2.4 to notice.

Frodo writes: "It seems that Mandrake 7.1 has started to appear on various mirror sites. No news on Mandrakes homepage so far." Update: 06/06 08:36 by CN : Alix from Linux-Mandrake just emailed me to tell me there's an official release note available now on their web site.

I've gotten the word from the Mandrake folks that the beta version of 7.1 is ready for download. You can check out the details from the source as well. The current name for it is Hydrogen.

I've gotten the word from the Mandrake folks that the beta version of 7.1 is ready for download. You can check out the details from the source as well. The current name for it is Hydrogen.

Gael Duval, one of the Mandrake developers, dropped me a line to say that "Linux-Mandrake 7.0 for UltraSPARC is finally available. Although it's a complete port (graphical installation included) of Linux-Mandrake 7.0/final, it could still have some bugs, so please consider the current UltraSPARC version as beta-software. You can download the ISO image from our Web site."

Direct from the mouth of Gael Duval, we've gotten word that MandrakeSoft (Yes, the folks who make Mandrake-Linux. No, it has nothing to do with Mandrake of Enlightenment fame. ) have purchased Bochs and hired Kevin Lawton. Now that Bochs is LGPLed, the Plex86 development can be speed up as well.