Slashdot Mirror

joestar writes "The new Mandrakelinux 10.0 Community has just showed up on Mandrake's FTP mirrors and through Bittorrent. MandrakeClub Members benefit from extra CDs downloads and even a DVD ISO for Corporate Memberships! Another good news for the Mandrake community is an announce from Mandrakesoft that due to the stock resumed trading on Euronext on last Monday, with a nice increase of +10.00% in three days." Update: 03/11 06:23 GMT by T : Cheap ISOs are also available from merchants like OSDisc.com and CheapBytes.

joestar writes "The new Mandrakelinux 10.0 Community has just showed up on Mandrake's FTP mirrors and through Bittorrent. MandrakeClub Members benefit from extra CDs downloads and even a DVD ISO for Corporate Memberships! Another good news for the Mandrake community is an announce from Mandrakesoft that due to the stock resumed trading on Euronext on last Monday, with a nice increase of +10.00% in three days." Update: 03/11 06:23 GMT by T : Cheap ISOs are also available from merchants like OSDisc.com and CheapBytes.

An anonymous reader writes "Mandrakesoft has lost a trial and has been condemned to change its name and its logo" The article is in French, but it says that King Syndicates owns a trademark on Mandrake the Magician. Update MandrakeSoft can use the logo during appeals, which may take up to 3 years. You can now read their official statement on the ruling.

joestar writes "MandrakeSoft has posted a statement about its product support policy on its website: 'At a time when some of the established Linux companies are turning away from their Open Source roots and progressively abandoning full-time commitment to Open Source Software, many people have asked MandrakeSoft to clarify its position regarding product-lifetimes and its Open Source development model.' As a result, this interesting reading provides 8 Golden Rules that lead Mandrake Linux development and product support lifetime. This certainly makes MandrakeSoft one of the most 'Open Source' Linux companies, and all Linux companies should maybe think about releasing such a statement."

joestar writes "MandrakeSoft has posted a statement about its product support policy on its website: 'At a time when some of the established Linux companies are turning away from their Open Source roots and progressively abandoning full-time commitment to Open Source Software, many people have asked MandrakeSoft to clarify its position regarding product-lifetimes and its Open Source development model.' As a result, this interesting reading provides 8 Golden Rules that lead Mandrake Linux development and product support lifetime. This certainly makes MandrakeSoft one of the most 'Open Source' Linux companies, and all Linux companies should maybe think about releasing such a statement."

joestar writes "MandrakeSoft's latest financial results have been posted to their website. Despite a slight decrease in revenues - mostly due to the dollar/euro rate and negative effects of the Chapter 11-like protection - first results seem impressive: "the company reduced operational expenses by a factor of 5, increased gross margins by a factor of 5 and reduced its losses by a factor of 7". As a result, MandrakeSoft has been cash-flow positive since January 2003, and expects its first positive result for the current quarter! Along with latest Mandrake Linux cool products, these are excellent news in my opinion because it shows that an appropriate business model can help Linux companies greatly."

joestar writes "MandrakeSoft's latest financial results have been posted to their website. Despite a slight decrease in revenues - mostly due to the dollar/euro rate and negative effects of the Chapter 11-like protection - first results seem impressive: "the company reduced operational expenses by a factor of 5, increased gross margins by a factor of 5 and reduced its losses by a factor of 7". As a result, MandrakeSoft has been cash-flow positive since January 2003, and expects its first positive result for the current quarter! Along with latest Mandrake Linux cool products, these are excellent news in my opinion because it shows that an appropriate business model can help Linux companies greatly."

joestar writes "MandrakeSoft's latest financial results have been posted to their website. Despite a slight decrease in revenues - mostly due to the dollar/euro rate and negative effects of the Chapter 11-like protection - first results seem impressive: "the company reduced operational expenses by a factor of 5, increased gross margins by a factor of 5 and reduced its losses by a factor of 7". As a result, MandrakeSoft has been cash-flow positive since January 2003, and expects its first positive result for the current quarter! Along with latest Mandrake Linux cool products, these are excellent news in my opinion because it shows that an appropriate business model can help Linux companies greatly."

joestar writes "MandrakeSoft just announced the release of the MandrakeMove release candidate, a special desktop version of the Mandrake Linux distribution that boots live from the CD and uses a USB key (included in the retail version) to automatically store personal data. It looks a bit like Knoppix, but comes with more features, such as the capability to eject the MandrakeMove CD-ROM during its use, in order to read audio or video files from another CD! The download release candidate is available here."

joestar writes "MandrakeSoft just announced the release of the MandrakeMove release candidate, a special desktop version of the Mandrake Linux distribution that boots live from the CD and uses a USB key (included in the retail version) to automatically store personal data. It looks a bit like Knoppix, but comes with more features, such as the capability to eject the MandrakeMove CD-ROM during its use, in order to read audio or video files from another CD! The download release candidate is available here."

joestar writes "Mandrake Linux 9.2 was released yesterday, and a first review is already available at ofb.biz! It focuses on the new desktop-oriented Mandrake 9.2 flavor, the Discovery, a 2-CD office/multimedia product for beginners which comes without any server capability. It seems that a new competitor to Windows is born, and according to Tim Butler, 'Another key to making a distribution novice friendly is insuring that everything works out of the box, and Mandrake Linux 9.2 succeeds there.(...) To the best of my knowledge the only other distribution presently including the Radeon drivers from ATI is Lindows.' Waiting for reviews of 'real' Mandrake 9.2 products (PowerPack, Corporate Server...), this review is nevertheless quite comprehensive and very interesting reading, and this new Mandrake Discovery thing should do well with the public, at least as an office desktop affordable solution in corporations."

thedarb writes "Mandrake has decided to sell ads to be seen during installation, web browsing and in screen savers. This all comes in their upcoming 9.2 release. Seven G's and you could put your face in their installer." Update: 09/12 18:07 GMT by M : Mandrake has a page about the ads.

RabidChipmunk writes "Mandrake 9.2RC1 is out. Go get it with bit-torrent and speed up my download. I like the idea that posting to Slashdot could actually speed up a download. It seems so wrong." If you're on a slow pipe, don't underestimate the throughput of the postal system. Mark Walker writes "Mandrake Linux 9.2 RC1 is appearing on mirrors as I type this. We're currently downloading it from Mandrake, for http://www.budgetlinuxcds.com."

Slashback tonight brings you updates on low-power hardware, unauthorized music distribution by buymusic.com, and more, including a reminder of the upcoming (now annual) Linux picnic at the conclusion of LWCE. (If you're not there, start your own local chapter ;)) Read on for more!

MenuetOS progresses. For those with a taste for esoteric tiny operating systems for low-power systems, the x86 release of Contiki wasn't the only news this week. Lgd writes "Menuet, the 100 % assembly OS, has made quite a few improvements since it was last reported at Slashdot. Menuet has now a simple tcp/ip stack with tiny http, mp3 and email servers, FASM 1.48 assembler and demo applications like the 3d maze."

Perhaps this will lead to a finer toothed comb overall. Jody Whitesides writes "Hello, I want to take a moment to update you about my situation that you posted recently... As of right now, I won my fight with BuyMusic and the Orchard. I have been promptly let out of a contract that was already terminated February 1st of 2001. It seems they had kept me in their catalog on a contract clause that had been overlooked when the contract was signed back in 1999.

As of 5 p.m. pst 07/31/2003 I was given notice that I was removed from the Orchard's distribution. In turn I have since checked with BuyMusic's website and have been swiftly removed from the website and now all has been set right in the world. It seems that even the big corporations don't wish to face copyright infringement.

I want to thank you for running the story as I have no doubt that it helped bring a swift decision in getting my music under my control so that I can best determine how fans will get it into their hands.

I harbor no ill will towards BuyMusic or the Orchard."

MandrakeSoft still not dead (wants to go for a walk). LinuxGeek8 writes "In their latest shareholder newsletter MandrakeSoft made a few statements about their financial position. Their retail sales decreased, while their high-margin sales (oem, club, online sales, etc.) increased. In total their revenue decreased somewhat, while the operating loss decreased. Since January they have been cash-flow positive.

Quoting about their "Chapter 11": "On January 27th, 2003, the Commercial Court granted MandrakeSoft a six month observation and protection period (similar to a U.S. Chapter 11 procedure). This period will end on July 27th, 2003. The company is pursuing an opportunity to be granted an additional six month observation and protection period. In the upcoming months, the company's objective is to exit the Observation Period with a 'Continuation Plan'."
Things seem to be looking good on the radar."

This is good news for those of us who like all the work that Mandrake has put into making Free software easy to install.

Video Capturing Part 2 at Ars Technica miskatonic alumnus writes "Recently, slashdot reported on an excellent article -- Part I: Video Capture -- of the 3-part series 'Guide to Capturing, Cleaning & Compressing Video' at Ars Technica. At last, Part II: Video Cleaning is now available."

The largest gathering, of a sort. Linda Denison links to these "several articles about GenCon, handily linked to one place!"

From the article: 'GenCon: Freaks & Geeks,' she excerpts: 'My wife wrinkled her nose in response. Computer geeks tend to be clean. They wear clean clothes, and bathe regularly. Usually this is because they live in their mother's house. Probably in their old room. Tabletop geeks tend to wear the same clothes they bought in their early twenties, roughly three belt sizes ago, and aren't well versed in the bathing arts. This is because they live in their mother's basement. The heat sort of exacerbated this problem.'

(We've run a couple of articles originating at this year's GenCon already.)

Sci-Fi Auction Followup... cjustus writes "The live auction mentioned earlier in the week is over... Here are the prices that items went for. The big item? Original George Reeves Superman Costume for $110K ... Harrison Ford's pistol from Blade Runner went for $17K... Any slashdotters bid / win?"

Matching hardware to actual needs is not crazytalk. Michael C. Barnes writes with a followup to the recent mention of his company's low-power MicroServer, which, it turns out, has a larger sibling. "One of the people reading your post did a review of the Microserver HP. ... The person doing the review benchmarked our Microserver High Performance and thought it did a reasonably good job with My SQL."

"Penguin dip" is just an expression. Bill Kendrick writes "This Saturday, August 9th (after the Linux World Expo) San Francisco Bay Area Linux lovers and the people who love them will be gathering at the Baylands Park in Sunnyvale for Picn*x12, the third annual Linux anniversary picnic. Organized by several local LUGs and sponsored by Oracle, this barbecue is a free event for the entire family."

Whether or not you can get to the picnic, FeeDBaCK writes "It has been almost 2 years since the Linux Counter has been mentioned on Slashdot. It was last mentioned in October of 2001 and brought on an impressive number of registrations. Accounts are deleted after 2 years of inactivity, so now is a good time for everyone to freshen up their account, or create a new one if they don't have one already."

DCowern writes "Mandrake today announced 9.2 beta 1 of their distribution. More interestingly, Mandrake has included a test version of kernel 2.6 in cooker (their development version). It's dated 27 July so it should be on all the cooker mirrors in the RPM2 directory by now. If you can't find it on your favorite mirror, it's definitely on ftp.sunet.se." Better yet, Bruha points to BitTorrent files for the 1st 2nd, and 3rd ISOs, and a link to the Mandrake 9.2 wiki, writing "Note that the beta1 installation uses the same kernel as 9.1 did, so if you had problems installing 9.1, you may want to wait for beta2 (which will use an updated kernel)."

DCowern writes "Mandrake today announced 9.2 beta 1 of their distribution. More interestingly, Mandrake has included a test version of kernel 2.6 in cooker (their development version). It's dated 27 July so it should be on all the cooker mirrors in the RPM2 directory by now. If you can't find it on your favorite mirror, it's definitely on ftp.sunet.se." Better yet, Bruha points to BitTorrent files for the 1st 2nd, and 3rd ISOs, and a link to the Mandrake 9.2 wiki, writing "Note that the beta1 installation uses the same kernel as 9.1 did, so if you had problems installing 9.1, you may want to wait for beta2 (which will use an updated kernel)."

DCowern writes "Mandrake today announced 9.2 beta 1 of their distribution. More interestingly, Mandrake has included a test version of kernel 2.6 in cooker (their development version). It's dated 27 July so it should be on all the cooker mirrors in the RPM2 directory by now. If you can't find it on your favorite mirror, it's definitely on ftp.sunet.se." Better yet, Bruha points to BitTorrent files for the 1st 2nd, and 3rd ISOs, and a link to the Mandrake 9.2 wiki, writing "Note that the beta1 installation uses the same kernel as 9.1 did, so if you had problems installing 9.1, you may want to wait for beta2 (which will use an updated kernel)."

DCowern writes "Mandrake today announced 9.2 beta 1 of their distribution. More interestingly, Mandrake has included a test version of kernel 2.6 in cooker (their development version). It's dated 27 July so it should be on all the cooker mirrors in the RPM2 directory by now. If you can't find it on your favorite mirror, it's definitely on ftp.sunet.se." Better yet, Bruha points to BitTorrent files for the 1st 2nd, and 3rd ISOs, and a link to the Mandrake 9.2 wiki, writing "Note that the beta1 installation uses the same kernel as 9.1 did, so if you had problems installing 9.1, you may want to wait for beta2 (which will use an updated kernel)."

DCowern writes "Mandrake today announced 9.2 beta 1 of their distribution. More interestingly, Mandrake has included a test version of kernel 2.6 in cooker (their development version). It's dated 27 July so it should be on all the cooker mirrors in the RPM2 directory by now. If you can't find it on your favorite mirror, it's definitely on ftp.sunet.se." Better yet, Bruha points to BitTorrent files for the 1st 2nd, and 3rd ISOs, and a link to the Mandrake 9.2 wiki, writing "Note that the beta1 installation uses the same kernel as 9.1 did, so if you had problems installing 9.1, you may want to wait for beta2 (which will use an updated kernel)."

DCowern writes "Mandrake today announced 9.2 beta 1 of their distribution. More interestingly, Mandrake has included a test version of kernel 2.6 in cooker (their development version). It's dated 27 July so it should be on all the cooker mirrors in the RPM2 directory by now. If you can't find it on your favorite mirror, it's definitely on ftp.sunet.se." Better yet, Bruha points to BitTorrent files for the 1st 2nd, and 3rd ISOs, and a link to the Mandrake 9.2 wiki, writing "Note that the beta1 installation uses the same kernel as 9.1 did, so if you had problems installing 9.1, you may want to wait for beta2 (which will use an updated kernel)."

theoddball writes "HP just announced a new PC model (HP Compaq d220) that's available preloaded with Windows or Mandrake 9.1. The machine appears to be targeted to business users, although it's on the lower-end of the scale - specs are here. Mandrake also has a press release announcing the deal, which will grow to include four other HP models. Is this a sign that top tier manufacturers are taking Linux more seriously, or at least seeing a profitable niche?" We commented on MandrakeSoft's status update yesterday.

joestar writes "MandrakeSoft today posted an update letter from its CEO about the company's health. Among other things, it's interesting to learn that the company seems to be on the good track to go out of the "chapter-11 protection" before the end of the year, that it's taking part to several publicly-funded research projects, and that Mandrake 9.1 is having a good success. They also thank for the warm support they received from the community. Worth a read for all Mandrake fans, like myself. Viva la Mandrake!"

joestar writes "MandrakeSoft today posted an update letter from its CEO about the company's health. Among other things, it's interesting to learn that the company seems to be on the good track to go out of the "chapter-11 protection" before the end of the year, that it's taking part to several publicly-funded research projects, and that Mandrake 9.1 is having a good success. They also thank for the warm support they received from the community. Worth a read for all Mandrake fans, like myself. Viva la Mandrake!"

joestar writes "Just released today at ISC2003, Germany, is "MandrakeClustering", a high-performance computing Linux distribution/solution, which sounds interesting, at least in the PR: Pentium support with optimizations made with the Intel compiler, 64-bit Opteron support (with in this case, up to 16 GB of RAM for each cluster's node!), parallelized URPMI (Mandrake's apt-get) and other dedicated tools. This product is based on a one-year research project "CLIC" involving MandrakeSoft and partners. A good snapshot of the product running a 3D real-time demo is available here. The interesting point now: MandrakeClustering's goal is to provide a system which is easy to deploy, easy to administer and use. Well... Mum would certainly love to play Quake with this toy."

joestar writes "Just released today at ISC2003, Germany, is "MandrakeClustering", a high-performance computing Linux distribution/solution, which sounds interesting, at least in the PR: Pentium support with optimizations made with the Intel compiler, 64-bit Opteron support (with in this case, up to 16 GB of RAM for each cluster's node!), parallelized URPMI (Mandrake's apt-get) and other dedicated tools. This product is based on a one-year research project "CLIC" involving MandrakeSoft and partners. A good snapshot of the product running a 3D real-time demo is available here. The interesting point now: MandrakeClustering's goal is to provide a system which is easy to deploy, easy to administer and use. Well... Mum would certainly love to play Quake with this toy."

Wister285 writes "Mandrake Linux has released a version of their operating system that is compatible with AMD's 64-bit x86 architecture. This version is based upon Mandrake 9.0. In addition to this, Mandrake announced Corporate Server 2.1 for AMD64 to be released in April 2003 and MandrakeClustering for Opteron in June 2003. Although they say that you can download the operating system now, I cannot find any FTP servers. The press release is located on Mandrake's website."

An anonymous reader writes "It's official: MandrakeSoft has filed a 'declaration de cessation des paiements' - the French equivalent of a U.S. Chapter 11 bankruptcy filing. From a statement issued by the company: 'This reorganization of liabilities enables MandrakeSoft to continue its current operations, which are showing increases in revenue and significant decreases in expenses. MandrakeSoft's strategic partners are supporting the company in this process and the MandrakeSoft team is focused on continuing to deliver high quality services and products to its customers.' Best wishes to MandrakeSoft as they work through this process."

DCowern writes "Mandrake yesterday released their FY2001-2002 earnings and I'm glad to say it's looking real good for them. They've cut operating costs by 42% and increased revenues by 31%. They're still not quite in the black yet but they're expecting to break even month-to-month beginning in February. The full report is here. In other news, Mandrake announced two new programs yesterday. The first is Multi Network Firewall, which looks like an extremely nice package for running small to medium-sized networks. The second program, and my favorite, is their "OS refugee" offer."

DCowern writes "Mandrake yesterday released their FY2001-2002 earnings and I'm glad to say it's looking real good for them. They've cut operating costs by 42% and increased revenues by 31%. They're still not quite in the black yet but they're expecting to break even month-to-month beginning in February. The full report is here. In other news, Mandrake announced two new programs yesterday. The first is Multi Network Firewall, which looks like an extremely nice package for running small to medium-sized networks. The second program, and my favorite, is their "OS refugee" offer."

DCowern writes "Mandrake yesterday released their FY2001-2002 earnings and I'm glad to say it's looking real good for them. They've cut operating costs by 42% and increased revenues by 31%. They're still not quite in the black yet but they're expecting to break even month-to-month beginning in February. The full report is here. In other news, Mandrake announced two new programs yesterday. The first is Multi Network Firewall, which looks like an extremely nice package for running small to medium-sized networks. The second program, and my favorite, is their "OS refugee" offer."

joestar writes "According to their website, Mandrake and partners (Bull, INPG/INRIA...) have launched an 'easy-to-deploy easy-to-use Linux Clustering solution,' that has already been tested on a 40-node cluster. Of course, it's published under the GPL, comes with parallel applications, and is available for download as an ISO. It seems the project is financed by French government. It's great because I've always dreamed of having my own supercomputer at home."

joestar writes "According to their website, Mandrake and partners (Bull, INPG/INRIA...) have launched an 'easy-to-deploy easy-to-use Linux Clustering solution,' that has already been tested on a 40-node cluster. Of course, it's published under the GPL, comes with parallel applications, and is available for download as an ISO. It seems the project is financed by French government. It's great because I've always dreamed of having my own supercomputer at home."

joestar writes "What else to say? I've tested the RCs and they were great... There are two very interesting links: the Press Release, and a very nice presentation. From the presentation: 'Affirming its leading position in the Linux desktop arena, Mandrake Linux 9.0 introduces many newly redesigned graphical desktops and configuration utilities. The famous "Mandrake touch" is evident throughout the many clean, attractive and friendly desktops to make everyday tasks easier for all users of a Mandrake system.' And apparently it's already LSB-1.2 certified!" Update: 09/25 23:57 GMT by T : Apropos new releases, an anonymous reader writes "Parts of Red Hat's next OS have been unofficially leaked, as news.com reports here. The official release date is scheduled for next Monday, 9/30/02." Update: 09/26 00:29 GMT by T : Gaël Duval points to less-swamped links to the press release and to the Presentation & Features page. Thanks, Gaël.

joestar writes "What else to say? I've tested the RCs and they were great... There are two very interesting links: the Press Release, and a very nice presentation. From the presentation: 'Affirming its leading position in the Linux desktop arena, Mandrake Linux 9.0 introduces many newly redesigned graphical desktops and configuration utilities. The famous "Mandrake touch" is evident throughout the many clean, attractive and friendly desktops to make everyday tasks easier for all users of a Mandrake system.' And apparently it's already LSB-1.2 certified!" Update: 09/25 23:57 GMT by T : Apropos new releases, an anonymous reader writes "Parts of Red Hat's next OS have been unofficially leaked, as news.com reports here. The official release date is scheduled for next Monday, 9/30/02." Update: 09/26 00:29 GMT by T : Gaël Duval points to less-swamped links to the press release and to the Presentation & Features page. Thanks, Gaël.

leviramsey writes "MandrakeSoft has released the first beta of the next version of its distribution. It features XFree86 4.2, KDE 3.0, GNOME 2.0, and is compiled with gcc-3.1, which (alas) makes it incompatible with a fair amount of commercial software."

An anonymous reader says "Mandrake's lastest community (spam) newsletter contains their explanation as to why they won't join in on UnitedLinux. Besides the obvious geek-fun of rolling their own distro, they claim that the underlying idea of UnitedLinux is based on a flawed comparison to the Unix world of the 80's. " I think the whole UnitedLinux thing is lame- the distros that want to be compatible already are. UL is just the 2nd tier distros trying to get attention and ink away from the "evil forces" in North Carolina. I'll just stick to the best distribution and watch the fun from afar ;)

Several readers have submitted the news that the GameCube is now officially for sale. With the GameCube and Xbox newly on offer, and the still-amazing PlayStation2 still hanging on, and dirt-cheap, high-power PCs on every corner, it looks like the predicted deaths of both console and PC are still some ways off. On the whole, I'd rather have the Mandrake Gaming edition (mentioned previously) than a new console.

Once in awhile a story comes along that warrants mention just so that people know to be careful. Mosfet is a KDE coder (who has had tension with KDE in the past and left some ill will over there). He was hired by Future Technology to continue work on his Liquid KDE style and theme (my personal favorite). But they never paid him, so he removed their name and mentioned it in the Changelog. Now FT is threatening legal action to get the Changelog off the net. But it's more bizarre because MandrakeSoft is the host, and the site remains up. Keep reading if you're interested in a few more bits.

I've been a huge fan of Liquid for some time. I've been compiling releases and using on my laptop. The project isn't nearly as ambitious as Enlightenment, but it has some interesting UI ideas and it looks good. I was really pleased when I found out that Mosfet was going to have a shot at continuing the development of the program for FT under the KDE License. At this point, FT ("The Total Linux Company," according to their website) mentioned a few of the features in Liquid as being part of the benefits of FT's distribution. This was to set them apart from "Other" distributions, although even at the time I found it funny, as The final decision in selecting one RPM based distribution over another would rarely be tipped in favor of the one with translucent menus ;)

Anyway the Changelog contains the following line:

* Future Technologies' name has been removed. They hired me to do KDE development, but failed to pay me after promising to do so three times over the span of several months :( I still haven't seen any of the paychecks they said they would send me, and they even went as far as sending me a fake FedEx number. Now they are saying they can't afford to pay their employees.

And soon after Mosfet's website announced that he was leaving Linux and Liquid was dead. Unable to afford to develop Liquid for free, he was seeking work in the windows world.

According to the site, on 10/28, Dr. Giovanni asked Mandrakesoft, the host of Mosfet.org to take down the site, under threat of legal action. But since I see the site still there, it looks like they are standing their ground which is a good thing.

Anyway, I don't know what the moral of the story is, beyond a warning to keep both eyes open. There is a lot of questionable stuff that goes on in this world. Be careful.

(I've emailed Giovanni from FT but have yet to hear back from him.)

Jens Lönn writes: "Linux seller MandrakeSoft has had to delay shipment of its newest version of Linux because of problems in moving manufacturing to the United States. Mandrake Linux 8.1 is available as a download, but the first CDs of the product were supposed to ship by the end of September. "Getting 8.1 production up and running in North America has been a slow and expensive process," the company said in a e-mail message to those who have ordered the CD." Since Mandrake makes certains things so easy (smooth installation), I hope they soon get their newest release again on Walmart shelves across the U.S.

Jens Lönn writes: "Linux seller MandrakeSoft has had to delay shipment of its newest version of Linux because of problems in moving manufacturing to the United States. Mandrake Linux 8.1 is available as a download, but the first CDs of the product were supposed to ship by the end of September. "Getting 8.1 production up and running in North America has been a slow and expensive process," the company said in a e-mail message to those who have ordered the CD." Since Mandrake makes certains things so easy (smooth installation), I hope they soon get their newest release again on Walmart shelves across the U.S.

Subscribers to Mandrake's weekly newsletter got the news earlier today that "MandrakeSoft is pleased to announce that the company is now listed on the Euronext Marché Libre. As a result of the successful Initial Public Offering, a total of 688.480 shares were sold at 6.2 Euros each. This results in an increase in capital of approximately 4.3 million Euros and represents 20.28% of the company's capital after issue." A good portion of the offering was completed in just the last half-day of availability, according to email received from Mandrake higher-ups, in part perhaps because of the confusion about who could participate in the offer, and how. There's also a story about the IPO at NewsForge, and a discussion at Mandrake's forum. If you're interested in picking up any stock in the company, there are some useful pointers (and more info) at their investor info page.

LiteForce writes: "MandrakeSoft are going public on July 30th on the European Stock Exchange. U.S. residents are not currently eligible to take part (only French residents are permitted). You can read the scoop on MandrakeSoft's site here." This is the IPO (then in progress) mentioned here shortly ago, but now they have the go-ahead; there's also an exchange on Mandrake's discussion forum. Congratulations over there!

Cpyder writes "LinuxFrench reports that Mandrakesoft (home of Mandrake Linux) are going public. Good luck to them!" The article is in French - use the fish for an...interesting...translation. Or try out GPLTrans.

CarrotLord asks: "Looking at the recent release of IBM's Small Business Suite for Linux got me wondering about distribution compatibility and standards. Personally, I run Debian, and am considering a move to Progeny. However, I am concerned by the fact that many products (particularly commercial ones) are available for only a particular subset of distributions (usually RedHat, Mandrake, SuSE, TurboLinux and Caldera, but rarely Debian-based distributions or the BSDs). What is the current state of play, particularly in regards to tools for developers to enable them to create and test installation packages for various distributions?" Such a tool would go a long way in removing the force behind the "Linux fragmentation" argument that most of Linux's detractors often refer to.

"How are the LSB and the FSSTND affecting consistency between distros? What about RPM and APT? What tools are there available for developers of software to ensure that their software runs on the widest variety of systems? Is there some software development or packaging tool to assist developers in making distribution-independant software, so they can create files in dpkg, RPM and tgz formats for any distribution without much additional effort on their part? What about tools to test their software installation on individual distributions, and assist with the resolution of problems? Should this be up to the individual distributions, or should be have a unified approach?"

Kevin Lawton, currently employed by MandrakeSoft, is the creator and driving force behind Plex86, the Open Source X86 virtualization software which runs under Linux and now boots several operating systems, including QNX and Windows 98. This is a tricky endeavor, because (among other things), as the plex86 site states: "The x86 processor is not 'naturally' virtualizable. That is to say, it was not designed to run multiple operating systems concurrently." But with enough feints and jabs, Kevin and company have cajoled it into doing so anyhow. He's agreed to answer your questions about virtualization (and / or emulation -- he is the guy behind the also-Open Source bochs project to emulate X86 processors), so please post your stumpers below. Make sure to check out the Plex86 website first, and perhaps read other things about Plex86 on Slashdot. (And "What's the point?" is not a stumper.)We'll forward the top questions on to Kevin, and hear back from him soon.

You asked, they answer. Jon Lasser and Jay Beale decided to kick their answers back and forth a few times in the style of Crossfire -- at least if Crossfire guests were security-obsessed, literate hackers with a knack for finding gaps in Linux and Unix security. And don't forget the book creds: Jon wrote the excellent Think Unix (want to buy it, huh?), and Jay is plugging away at (and just plain plugging) his upcoming tome from Addison-Wesley,Securing Linux the Bastille Way.

Jay Beale: Before we get to the questions, let me make an announcement. I've just recently been hired by MandrakeSoft (makers of Linux Mandrake) as their Security Team Director. They're sponsoring my work on Bastille and I'm working to better their distribution's general security. SecurityPortal.com interviewed me about this specifically.

Now, the questions:

1) Target audience
by DreamerFi

Bastille is a great project, but ultimately it targets people who sort-of know what they are doing. How do you feel about projects like the NetBSD/i386 Firewall Project who (whilst having all sources available) targets people who have no clue other than "I need security" by giving them a firewall that has an install that's about as simple as one can make it? Is this just a matter of defining the target audience different?

Jay: Really, it's not entirely targetted away from newbies. In fact, I sorta thought it was newbie-friendly. In designing the Bastille Linux hardening script, we originally sought to make a basic script, that would simply go through the sytem making changes. It could shut down unneeded programs/daemons, tighten up permissions and deactive bad protocols like telnet. At some point, we realized that this would leave many people believing we'd broken something... So, we decided we'd make the script interactive, asking the user before turning off telnet. Unfortunately, this meant that many of the target boxes never got hardened much. Since people didn't know why telnet was bad, they'd leave it on. So, I became a writer! Bastille carries a large number of explanations, targeted to the new user/sysadmin. By the way, the reasoning on deactivating telnet goes like this:

• Telnet is cleartext, allowing third parties to sniff passwords
• Telnet sessions can be intercepted and taken over by a man in the middle, using a simple tool like hunt.
• Finally, telnet can be replaced easily by the much safer Secure SHell, ssh.

Jon: Setting up a firewall for people with no clue is an interesting problem. It requires that the person do pretty much nothing nonstandard: once you need to punch a hole in the firewall, all of a sudden you need to know a lot of stuff again. Alternatively, you could leave the firewall pretty much wide-open and just block a couple of things, which is much easier to do but doesn't add all that much security. Setting up a firewall properly is hard work, and requires specialized skills to do it right: I'm not comfortable setting up a firewall for a company to protect secret stuff, and I tend to recommend hiring a (qualified, competent, specialized) consultant for the job.

For Bastille, we try to fulfill both of those possibilities with a single piece of software. We try to both make it simple to use (lots of defaults that won't break stuff) but make it possible to lock the system down tightly. In either case, user education is key.

Of course, most people don't read documentation, so it's all in the script. You can lead a horse to water, etc., so we try to do that. Bastille seems (to me, anyway) friendly to newbies who read carefully and take the time to understand. I'm not sure how to really help the others anyway.

2) Breaking out the cluestick ...
by mosch

Given the world's largest cluestick with which you could assault every single SysAd on the planet, what clues would you distribute, other than the use of bastille, and the knowledge that there's life outside computers?

Jay: I'd have one major clue that I think supersedes most: Educate yourself! In terms of security, there's few solutions that can beat a clueful sysadmin. On the other hand, any solution you choose for security usually turns to mush when a clueless admin makes the wrong mistake with it. For instance, you might have incredible encryption on your passwords and such, but if you choose "bob" for a password, your system can usually be brute forced!

Jon: Yeah, that's pretty much it. The only clue worth having is the one that allows you to find the other ones on your own.

3) Security is a process, not a thing.
by Skapare

How will Bastille allow users to treat their computer and network security as a "process" (as Bruce Schneier is quoted to say). Are there tools to help users deal with security "events"?

Jay: We're working on integrating this. Right now, we've got something very rudimentary that checks to see if a cracker's sniffer has been installed on your system. We're working on more. I'm currently hacking up a series of scripts, like Tiger, that will examine the current state of the system for anomalies.

Jon: Security is a process, there's no question about it. When I've got a process that works pretty much the same every time, I turn it into a checklist. Bastille, when it comes down to it, is essentially a checklist that performs the tasks listed on it. So Bastille lets you automate your existing process.

Jay: Yes. A checklist. Actually, in these days of rapidly upgrading (read replacing) your distribution every three-six months, the only way to use a checklist as long as Bastille's is to automate it!

Jon: Software development is also a process; Bastille is in a constant state of development. As we find new things that need fixing, we go to the software development part of the process, then the release part of the process, and then the users hopefully take it to the upgrading process. :-)

(Hint: for this process to work, you need to participate.)

4) "Missing" features?
by Coz

A two-part question:

What features do you feel are missing from Bastille as it stands today, and aren't in the roadmap you have for the immediate future?

What elements of system security do you feel should be part of the "core" (if not the kernel) of the operating system, and why (in your opinions) aren't they there already?

Jay: Part I is a tough one. I think I'd like to see an amazing intrusion detection system integrated in. I've also got some ideas for new offshoots of Bastille that I'll need some time to develop before I bring them up. Part II is somewhat easier. I think an operating system should implement seperated "compartments" so that one root-level program can't tromp all over another.

Further, we really should move away from this simple Unix distinction of "root" and "non-root." We can get a lot more granular than that. We're already seeing this latter bit, such that my web server runs as user www, my name server runs as user named, and so on... I wish we could take this farther, as it would really curb the potential for remote root compromise. As for why we don't have it all yet, consider the huge effort to move to these models... Now, we're getting this, through add-ons. Medusa DS9 is bringing us compartments and system call ACL's that apply even to root. The Linux capabilities work is getting us further to a point where we can confine root's actions.

5) Question
by JCCyC

What were the top 3 most asinine security holes you ever encountered on a GNU/Linux distro?

Jay: There have been a number of security holes that looked dumb in hindsight! I think the more interesting question is this, "what security holes right now are going to be seen as stupid later?" We're going to think that there shouldn't have been nearly so many world-executable setuid-root programs. We're going to seriously question having network-accessible system daemons (ftp, dns, web...) running with root authority. Luckily, we're just starting to question this now. Let's see where it goes...

Jon: I'm with Jay on this one. I don't think that any of the decisions that distributions make are particularly stupid, they're just aimed at different markets.

For example, I don't really think it's possible to completely secure either SuSE or Debian, due to the sheer number of packages included. That doesn't mean that this is the wrong decision to make, it's just aimed at a different population with different needs. (Of course, you can install either of those distributions perfectly well -- but you can't install everything, and you need some more knowledge to do it right than on some other platforms.)

6) Configuration
by FeeDBaCK

In what way does Bastille differentiate between different types of installs? Does it prompt the users about services? Will it shut off my apache service if I plan on making this machine a web server?

What third party tools do you install/recommend to help with the hardening of the system? Tripwire? tcpserver?

Do you incorporate any form of checking when doing your install to ensure that the box has not already been compromised, such as checking for common trojans/backdoors?

Jay: Oh no, another multiple-part question. OK, first, Bastille doesn't really do this distinguishing for you, when run in the default interactive mode. You make the choices, turning off services that you don't need, tightening the configuration on those you do. Second, I strongly recommend Tripwire. It's really the only way to know if your system has been compromised. I'd also recommend replacing your mail daemon with Postfix, as it's got an incredibly secure design. Third, no, we don't. Damn, that's a good idea. FeeDBaCK, want to help us develop that? E-mail me.

Jon: If the box has already been sufficiently compromised by a sufficiently capable and dedicated individual or group, it's a technical impossibility to detect it. Let's say you've cracked the box and installed some custom kernel modules that will report 'correct' file contents for, say, your PAM library even though it's been changed. Tough to do? Yeah. But possible. How would you defend against this?

That's not to say we shouldn't try, but I don't think we can provide adequate assurance on the issue ...

Jay: Jon's got a good point here. But we can, as FeeDBaCK suggests, do at least the trivial first measure of looking for known trojans.

7) Debian?
by luge

Do you guys have any plans to do something similar for Debian, or have others approached you about it? I'd love to apt-get install bastille, and have it do something similar to what I've heard it does for RH. Anyway, even if you don't, keep up the good work.

Jay: We are planning on it. I'm working on a new architecture, which makes it easy to extend Bastille to other distributions without doing the classical "porting" work. We'll include Debian and even Slackware! Watch freshmeat or our announcements list -- when we're in beta quality, I'll announce.

8) Not such a good name for a distro ...
by AFCArchvile

..especially if you want to convey security. Do you remember your late 18th century European history? Right. The Bastille in France was invaded and destroyed, prisoners were liberated, and the monarchy was overthrown by that terrible harbinger of death, La Guillotine.

I'd hate to see any Bastille Linux-oriented viruses or trojans. Maybe there will be one which triggers on July 14th of every year and echoes on the screen: "Libert=E9! Egalit=E9! Fraternit=E9!"

For more historical stuff on Bastille Day, check out this link to the French Embassy.

Jay: OK, so maybe it was a tough name. To tell you the truth, this year's July 14th LinuxSecurity.com interview hit on my birthday ... For the official answer, I'll let Jon pipe in here ...

Jon: Yup, all that bad stuff happened. But the building wasn't the problem: the building was incredibly secure by any standard. The problem was the administration.

So it is with computers.

Besides, we're not a distribution. :-)

9) Why is Bastille Necessary?
by DG

In a perfect world, the Bastille scripts would be unecessary, because the default installation of the distribution would have been hardened from the get-go.

Why do you feel that various distributions are so insecure by default? What are the most common mistakes they make? What kinds of changes need to happen at Red Hat to make your scripts unneeded?

Jay: Well, some of the insecurity comes from trying to reduce phone support costs. Consider for a second what would happen if Red Hat deactivated telnet on their machines, for the reasons I stated above. How many man-hours would go to the five-minute telephone calls, explaining to newbies that telnet was insecure and that ssh was a valid replacement? On top of this, remember that vendors are constantly being pushed to add more and more features. This often flies right in the face of effective security, which is generally much more minimalist.

The thing is, really, that it's not always as clear-cut as "mistakes." The most secure installation is utterly and completely useless. Much of what Bastille's actions make the system at least "inconvenient" and often require user/sysadmin education. Bastille-type hardening programs will always be necessary, especially for Red Hat, a company which has to keep its distribution featureful, easy to use, and convenient.

Jon: Convenience and security are almost always inversely proportional. Red Hat's target market has a whole bunch of people whose goal is to get a web server on the Internet in sixty minutes or less; higher security would only be a barrier to their customers' goals. They know their target market better than we do, but our market is for people who need something else.

Also, I think it's very unfair to single Red Hat out. We picked them as our first target due to their market penetration in the US and the relative ease of securing it, due to the limited quantity of stuff it installs.

Jay: I have to agree with Jon again here. I'll stop before I get on my rant, but companies develop where their users/customers ask them to. People are not asking Red Hat or MandrakeSoft or any other vendor for greatly enhanced security -- they're asking for more convienence, easy of use and a massive feature set -- and they're asking for it without much regard for the effect on security. This isn't intentional. The users just don't know better yet. This is where education must come in. (End rant)

10) Distribution specific, etc.
by matman

I have two questions actually.

The first: do you plan to make a non-distribution-specific hardening program/system/script? If so, how? It would be neat to have a consensus between distributions on file locations, etc to make this easier; do you plan on working with other distributions to come up with some sort of common interface or environment?

The second: do you plan on including any kernel-based capability, IDS, or ACL addons? A good default use of these features would greatly increase the security of linux in general, but they are prohibitively complex for most users. Thus, these are great things to have taken care of by the system -- do you plan on working on something to control these things (semi)automatically?

Jay: Yes, definitely. In fact, I'm currently working on a new internal architecture that easily supports this. In essence, we simply have to keep track of and store more data about each distribution. On top of this, we have to check the state of the system more thoroughly, looking for general files, instead of packages. We'll be able to support a lot more than just Red Hat Linux and Linux Mandrake.

Unfortunately, I don't think we'll ever get to the point where we can dictate file locations to the distribution makers. They're not even maintaining the same file locations from release to release! I think it's mostly an issue of preference for their individual package maintainers, really.

As for kernel-level capabilities/ACLs, I'm highly interested in this. I think the implementations are still immature, but it'll be exciting. Usability will be tough, but I think it can be achieved. We can make this optional for new users and perhaps only place restrictions on small parts of the system. This stuff shows a lot of promise.

A final meta-question
by Jay

The question everybody asks, in a million different ways (sorry, I'm not going through the thread again to pick out users; you know who you are):
Why do this? Why not just use OpenBSD?

Jon: Because people use Linux. Ultimately, standard is better than better. For most tasks, most of the time, assuming that the stuff meets minimum qualifications, it's better to have a single platform than multiple platforms that fulfill different needs.

Besides, a fair part of OpenBSD's security comes from its feature-limited default installation. They've been subject to the same FTP and DHCP exploits as everyone else, only the features aren't enabled by default. Heck, they're not enabled by default for most classes of Red Hat installs either. But people use them.

I'm not opposed to auditing, and I'm not opposed to more secure defaults. But most boxes sure seem to me to be hacked via holes that are known, that have been out for months, in services that aren't being used, and that haven't been patched. We speak to those systems first, since the low-hanging fruit is so extensive.

Jay: Yup. Further, Linux has room to surpass OpenBSD, in my opinion. Linux developers are doing more kernel-level security work, because of Linux's popularity as a standard. OpenBSD, as Jon points out, misses vulnerabilities, because their auditors are human and non-omniscient. Kernel-level security solutions, like Medusa DS9 or WireX's Immunix technology, are the only way to really stop the vulnerabilities that the audits miss. Linux can really rocket ahead here and I think the whole Bastille project will be eager to help.

In closing, please allow me to give some credit where it's due. You can read about this on the web pages: Bastille's and mine. Pete Watkins deserves serious praise for developing and sharing a great firewall. He's also helped take charge of Bastille 1.x enhancements. Sweth C. and Mike Rash have done great work in helping to build new modules and hack existing code. And Yoann V.'s ramping up the new architecture with me -- Bastille will be his baby too, soon. Bastille has benefited from a number of collaborators and sponsors, many of whom you'll find in future CREDITS files.

Kevin Lawton writes: "Plex86 just reached the 'Linux squared' state. I just got plex86 running on a Linux Mandrake 7.1 host, to boot an old RedHat 5.0 disk image file (installed with bochs some time ago). CVS updates coming in the next few days. Next on the chopping block are the MS Windows OSen! "

Direct from the mouth of Gael Duval, we've gotten word that MandrakeSoft (Yes, the folks who make Mandrake-Linux. No, it has nothing to do with Mandrake of Enlightenment fame. ) have purchased Bochs and hired Kevin Lawton. Now that Bochs is LGPLed, the Plex86 development can be speed up as well.

Recently, there was an article about a KDE 2.0 Technology overview here on Slashdot. Unfortunately, the article it linked to was missing some details and didn't give some necessary information, which caused a huge number of complaints and misunderstanding in issues like CORBA, DCOP etc. Now mofset has posted an updated Technology Overview with all the explanations about what's going on with KDE 2.0, CORBA, DCOM, KSycoca and other terms. What do you think?

Jacques Le Marois wrote in to plug Linux Mandrake which has just released v5.3 of their self dubbed "User-Friendly Linux Distribution". Probably best described as "Red Hat, KDE and some other nifty stuff".