Conectiva: “The package shipped with Conectiva Linux 6.0 and older logs by default all queries made to the database to the /var/log/mysql file. This includes user creation, password changes via SQL commands and other queries. Our package incorrectly leaves the permissions of this file as world-readable (0644), thus allowing any user on the system access to potentially sensitive information.”

From:	 secure@conectiva.com.br
To:	 conectiva-updates@papaleguas.conectiva.com.br, lwn@lwn.net,
	 bugtraq@securityfocus.com, security-alerts@linuxsecurity.com
Subject: [CLA-2002:455] Conectiva Linux Security Announcement - MySQL
Date:	 Fri, 18 Jan 2002 16:17:54 -0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : MySQL
SUMMARY   : MySQL log file with world-readable permissions
DATE      : 2002-01-18 16:14:00
ID        : CLA-2002:455
RELEVANT
RELEASES  : 5.0, 5.1, 6.0

- -------------------------------------------------------------------------

DESCRIPTION
 MySQL is a very popular SQL database which is shipped by many linux
 distributions.
 
 The package shipped with Conectiva Linux 6.0 and older logs by
 default all queries made to the database to the /var/log/mysql file.
 This includes user creation, password changes via SQL commands and
 other queries. Our package incorrectly leaves the permissions of this
 file as world-readable (0644), thus allowing any user on the system
 access to potentially sensitive information.
 
 We believe this vulnerability[1,4] to be exclusive to our
 distribution of this package.
 
 Additionally, a few other problems[2,3] are also fixed in this
 update. Specifically:
 - logrotate now correctly restarts the server and rotates the logs.
 Previous packages failed to do that and the log file would just keep
 growing.
 - logging is now configurable via the /etc/sysconfig/mysql file. The
 default still has logging enabled, though.


SOLUTION
 We recommend that all MySQL users upgrade their packages.
 
 If an upgrade cannot be made at this time, please change the
 permissions of the log file manually:
 
 chmod 600 /var/log/mysql*
 chown mysql.mysql /var/log/mysql*
 
 
 REFERENCES
 1. http://distro.conectiva.com.br/bugzilla/show_bug.cgi?id=4201
2. http://distro.conectiva.com.br/bugzilla/show_bug.cgi?id=4220
3. http://distro.conectiva.com.br/bugzilla/show_bug.cgi?id=3674
4.
 http://distro.conectiva.com.br/pipermail/seguranca/2001-August/001870.html


DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/MySQL-3.23.36-14U50_1cl.src.rpmftp://atualizacoes.conectiva.com.br/5.0/i386/MySQL-3.23.36-14U50_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.1/SRPMS/MySQL-3.23.36-14U51_1cl.src.rpmftp://atualizacoes.conectiva.com.br/5.1/i386/MySQL-3.23.36-14U51_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/SRPMS/MySQL-3.23.36-14U60_1cl.src.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-3.23.36-14U60_1cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 Users of Conectiva Linux version 6.0 or higher may use apt to perform 
 upgrades of RPM packages:
 - add the following line to /etc/apt/sources.list if it is not there yet
   (you may also use linuxconf to do this):

 rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

(replace 6.0 with the correct version number if you are not running CL6.0)

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8SGbR42jd0JmAcZARAkN9AKDZBcA0+boe7nwmyg/06MWtavd+oACgrzGK
l9Q9ap2jT/qs06OWjHsFZsQ=
=sZ/e
-----END PGP SIGNATURE-----

Debian Planet: “[T]he 3.2.2 release of the base-passwd package into the “Sid” (unstable) tree indeed has a critical bug…. [D]uring the upgrade process, dpkg accidentally swaps the UIDs and GUIDs listed within the /etc/passwd file…. [T]his bug is highly likely to interrupt the operation of any daemons or services you may have running on an unstable box that rely on having their own unique accounts for secure operation.” Read more here.

Mandrake: “[Z]en-parse discovered a problem in the at command containing an extra call to free() which can lead to a segfault with a carefully crafted, but incorrect, format. This is caused due to a heap corruption that can be exploited under certain circumstances because the at command is installed setuid root. Thanks to SuSE for an additional security improvement that ads the O_EXCL (exclusive) option to the open(2) system call inside the at code.”

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           at
Advisory ID:            MDKSA-2002:007
Date:                   January 18th, 2002
Affected versions:      8.1
________________________________________________________________________

Problem Description:

 zen-parse discovered a problem in the at command containing an extra
 call to free() which can lead to a segfault with a carefully crafted,
 but incorrect, format.  This is caused due to a heap corruption that
 can be exploited under certain circumstances because the at command is
 installed setuid root.  Thanks to SuSE for an additional security
 improvement that ads the O_EXCL (exclusive) option to the open(2)
 system call inside the at code.
________________________________________________________________________

References:

________________________________________________________________________

Updated Packages:

 Mandrake Linux 8.1:
 066814fda6dfc8f74721861a90c1d167  8.1/RPMS/at-3.1.8-4.1mdk.i586.rpm
 8205596ce7b87d8dca57a6d9285dd1d1  8.1/SRPMS/at-3.1.8-4.1mdk.src.rpm

 Mandrake Linux 8.1/ia64:
 bc46bc259124e1de45063503d8be2940  ia64/8.1/RPMS/at-3.1.8-4.1mdk.ia64.rpm
 8205596ce7b87d8dca57a6d9285dd1d1  ia64/8.1/SRPMS/at-3.1.8-4.1mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):

________________________________________________________________________

To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:

   http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:

  rpm --checksig 

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:

  https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

   http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

   http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security@linux-mandrake.com
________________________________________________________________________

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  security@linux-mandrake.com>


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see  http://www.gnupg.org

mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA
BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP
WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w
Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPa5AQ0EOWnn
7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ9F77
9FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzRxBXV
Jb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z269s
+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN6SCX
Vl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZjTcl
3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo0NAi
RYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJEJGX
lA==
=0ahQ
-----END PGP PUBLIC KEY BLOCK-----

XFree86: XFree86 4.2.0 is now available for download. You may download it from the official ftp site or from one of the mirrors.

Below is a recent extract from the XFree86 change log. The full
change log can be found in the XFree86 source tree
(xc/programs/Xserver/hw/xfree86/CHANGELOG).

XFree86 development code can be accessed directly from
the CVS repository. Information about this can be found
on our CVS page.

Change log extracts are also available for the
following branches:
3.3, 4.0.2, 4.1, 4.2.

XFree86 4.2.0 (18 January 2002)
 690. Workaround for hardware bug that prevents older ATI 3D Rage adapters from
      being assigned to XF86Config device sections (Marc La France).

XFree86 4.1.99.7 (17 January 2002)
 689. Fix bug introduced in snapshot 4.1.99.5 causing XDarwin's PseudoramiX
      extension to always be disabled (Torrey T. Lyons).
 688. Disable the pipe check for stdout/stderr that was added in the previous
      snapshot because it looks like it might cause too many problems
      (David Dawes).
 687. Update the Arabic (ar) XKB keyboard map (#5145, Arabeyes team).
 686. Update the Russian (ru) XKB keyboard map, adding two new variants
      ("typewriter" and "phonetic") (#5143, Ivan Pascal).
 685. Remove the lt_a and lt_p XKB keyboard maps (#5139, Nerijus Baliunas).
 684. Disable the DRI and print a warning message for Radeon 8500 cards
      until they are supported (Kevin Martin).
 683. Properly detect when no BIOS is present on Radeon cards (#4978,
      Charles Hannum, Kevin Martin).
 682. Delay before restoring VGA registers for Radeons to "fix" VT switch
      problems (Kevin Martin).
 681. Add new PCI IDs from ATI (Kevin Martin).
 680. Update the Xinstall.sh script to create version compatibility links for
      shared freetype libraries when needed (David Dawes).
 679. Update Freetype2 shared library versions to match the versions libtool
      generates (Keith Packard).
 678. Doc updates (lots of people, includes #5142, 5144)

XFree86 4.1.99.6 (14 January 2002)
 677. Change the default verbosity level for stderr from 1 to 0 (David Dawes).
 676. Set the X server's stderr to non-blocking for non-root users
      (David Dawes).
 675. Don't allow the X server to start when stdout or stderr is a pipe for
      non-root users (David Dawes).
 674. Add OpenGL man pages.
 673. Avoid duplicate symbol problem with xkbevd on some platform (#A.769,
      Nicholas Leippe).
 672. Updated Ukranian XKB symbols file (#A.764, Andriy Rysin).
 671. Fix ELF loader for ARM architecture (#5138, Phil Blundell and
      Adam C. Powell IV).
 670. Fix a race condition in the Linux kernel DRM code (#5136,
      Arjan van de Ven).
 669. Fix DGA support in the s3virge driver (#5135, Kevin Brosius).
 668. Add XvBskew, XvRskew to adjust skew values for centering of an
      Xvideo window for the trident driver (Alan Hourihane).
 667. Fix loader for Motorola 68k machines (Alan Hourihane).
 666. Fix very high resolution modes (e.g. 1600x1200@16bpp) in the
      Trident driver (Alan Hourihane).
 665. -
 664. Quick hack to allow GLX to be included in non-XFree86 servers
      (Marc La France).
 663. More ROP_NEEDS_SOURCE fixes for Savage chipsets (Egbert Eich).
 662. Improvements to the SiS driver which should fix a lot of the 630
      issues (Thomas Winischhofer).
 661. In XDarwin IOKit mode, ignore screens sized 1x1 (Torrey T. Lyons).
 660. Some missing QNX fixes (#5121, Frank Liu).
 659. Update XDarwin man page and usage message for XFree86 4.2.0. Add
      XFree86 man page to XDarwin distribution (Torrey T. Lyons).
 658. Add bn_BD.UTF-8 to locale.dir (Taneem Ahmed).
 657. Fix luit not dropping priviledges when run with the -c flag (#5134,
      Juliusz Chroboczek).
 656. Fix unresolved symbol and loader symbol registration problems in the
      i810 driver that were introduced with the i830 support (David Dawes,
      Abraham vd Merwe).   
 655. Fix sparklies problem for other Trident *BladeXP chipsets 
      (Alan Hourihane).
 654. In XDarwin IOKit mode, ignore screens that can not provide the requested
      size, depth, or refresh rate instead of generating a fatal error
      (Torrey T. Lyons).

XFree86 4.1.99.5 (7 January 2002)
 653. Fix some typos in the DRI README (#A.757, Andreas Mohr).
 652. xon.sh path setting from 3.3.6 (#A.756, Marc Herbert).
 651. Fix a problem with the Radeon driver that was causing the sync polarity
      to be ignored (#A.753, Vedran Rodic).
 650. Set the max clock correctly for the G550 second head (#5133,
      Luugi Marsan).
 649. Fix a Radeon DRI lockup problem (#5128, Steven Pritchard).
 648. Back out some mga_g450pll.c changes that cause problems on at least
      some G450 configurations (#5122, David Woodhouse).
 647. Fix some xterm build warnings on *BSD (David Dawes, Thomas Dickey).
 646. Some QNX4 fixes/updates (#5121, 5124, 5130, 5131, Frank Liu).
 645. Prefer POSIX O_NONBLOCK to O_NDELAY (when defined) in lib/dps (#5121,
      Frank Liu).
 644. Fix portability problem with XpmI.h (based on #5121, Frank Liu).
 643. Only use SA_RESTART in xterm when it's available (#5121, Frank Liu).
 642. Work around Watcom compiler bug that shows up when building Mesa's
      stencil.c (David Dawes, based on #5121, Frank Liu).
 641. Handle __inline and __inline__ in compiler.h for non-GNU compilers,
      which makes it more likely that drivers will build with other compilers
      (David Dawes, based on #5121, Frank Liu).
 640. Build fixes for xedit/lisp. Don't define NEED_SNPRINTF when not needed.
      Avoid a double recursion into subdirs (#5123, Matthieu Herrb).
      Added code for systems without getpagesize.
 639. Fix the xdm's handling of keys, allowing keypad keys to work (#A.662,
      Servaas Vandenberghe).
 638. Fix hang when quitting XDarwin before starting X server
      (Torrey T. Lyons).
 637. Don't add XDarwin's PseudoramiX extension with only one screen
      (Greg Parker).
 636. Add Spanish localization of XDarwin help file (Pablo Di Noto).
 635. Improve XDarwinStartup's error reporting (Torrey T. Lyons).

XFree86 4.1.99.4 (28 December 2001)
 634. Update the ati/radeon driver to recognise the All-in-Wonder 8500's
      ID (#5117, Vladimir Dergachev).
 633. Fix bug where a pointer may be checked without being intialized in xman
      (#5120, Martin Husemann).
 632. Add an informational message to the radeon driver when LCD/DFP mode
      validation fails (#5118, Vladimir Dergachev).
 631. Handle the ATI Rage128 "PP" variant like the "PR" variant (#4982,
      Mike Harris).
 630. Fix a LynxOS on PowerPC build problem (#A.746, Stuart Lissaman).
 629. Fix the names of the Northern Saami keyboards (#A.742,
      Petter Reinholdtsen).
 628. Add Xinerama info to xdpyinfo (#A.741, Greg Parker).
 627. Fix an xdm problem caused by not handling an interrupted read (#A.728,
      Darren Marshall).
 626. Add functions completing text control for Render.  Bump XRender library
      minor version (Keith Packard).
 625. Add XKB layout info for a newer Logitech iTouch keyboard (#A.727,
      Dimitromanolakis Apostolos).
 624. Fix a problem that shows up with the summa tablet driver when using
      a Genius EasyPen (#A.714, Anders Melchiorsen).
 623. Fix for VT switch problem with the S3 driver (based on #A.677,
      Juergen Lesny).
 622. Remove some more spurious entries in the KSC 5601 encoding file (#A.678,
      Jungshik Shin).
 621. Fix for APM problem on devfs-based Linux systems with APM in a kernel
      module (#A.663, Denis Zaitsev).
 620. Update the mga Xv double buffering to match the more recent submission
      (#4976, Didier Gautheron).
 619. Fix a bug in the XKB Slovak (sk) layout (#A.621, Juraj Bednar).
 618. Fix a small window when a SIGIO may be received without a handler
      installed (David Dawes, based on #A.620, Michel Lespinasse).
 617. ISO 8859-{1,7,15} Compose file updates and fixes (#5114,
      Vasilis Vasaitis).
 616. In XDarwin multi-monitor IOKit mode, read screen location from the
      kernel (Torrey T. Lyons).
 615. Update XDarwin credits file (Torrey T. Lyons).
 614. Fix various XDarwin crashes in multi-monitor rootless mode by using
      a new "light" version of PanoramiX/Xinerama called PseudoramiX
      (Gregory Parker).
 613. Fix some typos in the X.Org INSTALL doc (#5113, Chris Pepper).
 612. Fix an bug that prevented the releasing of XvMC memory on exit (#5112,
      Matthew J. Sottek).
 611. Some Xprint build warning fixes (David Dawes).
 610. Xprt PCL3 support (#5111, Mark Snitily, from X11R6.6).
 609. Xprt PostScript bitmap cache (#5110, Chris Bare, from X11R6.6).
 608. Updates for the Romanian (ro) XKB map (#5108, Marius Andreiana).
 607. Update s3virge docs (#5107, Kevin Brosius).
 606. Disable pixmap24 option for Permedia3/4/R4 as the chip doesn't support
      this (Alan Hourihane).
 605. Fixed a infinite loop in the i2c code.
 604. Fixed a Sig11 problem in siliconmotion driver (Egbert Eich).
 603. Fixes to silicon motion driver:
	- gamma correction for 24 bit true color mode.
	- XAA: clipping rectangle was clipped to visible screen, so offscreen
	  pixmaps could not been drawn at with accelerated drawing functions.
	- in SMI_ScreenInit frame buffer size calculation for video changed.
	- smi_video: partly rewritten.
	  - Support for 7111
	  - interlaced video via
	    - XF86Config Option "Interlaced" or
	    - attribute XV_INTERLACED (Corvin Zahn).
 602. Add French localization of XDarwin help file (Olivier Verdier).

XFree86 4.1.99.3 (19 December 2001)
 601. Change the property Xprint uses to identify pmf printer internal fonts
      to avoid a clash with DPS (#5106, Chris Bare, from X11R6.6).
 600. Fix a C type aliasing bug in xkbcomp (#5104, Jakub Jelinek).
 599. Fix a bug in Xprint's PS output code that was over-optimizing out
      clip change requests (#5102, Chris Bare, from X11R6.6).
 598. Improved error handling for Xprint's -XpFile option (#5101, 5105,
      Chris Bare, from X11R6.6).
 597. Add higher resolution options to the Xprint postscript printer support
      (#5096, Chris Bare, from X11R6.6).
 596. BuildLoadableXlibI18n should be keyed off "SharedLibX11" rather than
      "BuildX11Lib" (#5095, Ernie Coskrey).
 595. Fix a luit inconsistency between the default data used when a
      locale is unknown and the data used by ISO 8859-1 locales (#5092,
      Juliusz Chroboczek).
 594. Add eo_EO locale entries, which is what GNU libc 2.2 uses for the
      Esperanto locale (#5091, Juliusz Chroboczek).
 593. Fix an Xprt page handling problem (#5090, Chris Bare, from X11R6.6).
 592. Update the X.Org release number from 6.5.1 to 6.6 in various
      documents and header files (#5089, 5100, Chris Bare, from X11R6.6).
 591. Recognise __SVR4 as an alternative for SVR4 in Xosdefs.h (#5087,
      Chris Bare, from X11R6.6).
 590. Cleanup some header files to make them more C++ friendly (#5086, 5088,
      Chris Bare, from X11R6.6).
 589. Update the driver status document (#5085, Branden Robinson).
 588. Fix the SiS drm driver (#5084, Torsten Duwe).
 588. Fix Trident driver pitch values when accelerator is in use, applies
      to Image and Blade series chips (Alan Hourihane).
 586. Minor bugfix to SiS driver, restructured VT switching code 
      (Egbert Eich).
 585. Attempt to fix flickering in 24bpp on Trident CyberBladeXPAi1
      (Egbert Eich).
 584. Fixed UTF8lib support (Mike Fabian).
 583. Re-instate makedepend's recognition of backslash line terminations
      (Marc La France).
 582. Add proper reference counting to the XvMCContext so that destroying
      the context before destroying associated surfaces is handled correctly
      (#5083, Matthew J. Sottek).
 581. Fix the xtt (X-TrueType) font module so that it will recognise
      fonts with upper-case suffixes (".TTF" and ".TTC") (#5082,
      ISHIKAWA Mutsumi).
 580. Use uname instead of hostname in rstart and xon scripts for portability,
      plus some other rstart and xon fixes (#5081, Chris Bare, from X11R6.6).
 579. Some newport driver cleanups and fixes (#5080, 5103, Guido Guenther).
 578. Fix XagNsingleScreen definition and some related side-effects (#5077,
      Chris Bare, from X11R6.6).
 577. Fix some doc typos, and remove references to the non-existent
      shadowfb(4) man page (#5076, David Krause).
 576. Pitch calculation updates for the r128 driver (#5074, Michel Dänzer).
 575. Updates for VMware SVGA programming documentation (#5073,
      Jeremy (VMware)).
 574. Fix cases where makedepend reports the wrong line number and file when
      an error occurs (#5072, Mark Snitily, from X11R6.6).
 573. Fix differences in libXt behaviour when using poll() compared with
      when using select() (#5071, Chris Bare, from X11R6.6).
 572. Some warning cleanups for Tru64 (#5069, Antti Tapaninen).
 571. Fix a typo in the mt_us keymap entry (#5067, Nerijus Baliunas).
 570. Add some missing UNDEFINE lines to the iso8859-11 and tis620-2
      encoding files (#5065, 5066, Theppitak Karoonboonyanan).
 569. Some Luxi font updates:
       - update the Type 1 versions to fix a UID-related bug and cover more
         glyphs
       - update the TTF fonts.scale file to include ISO 8859-13
       - update the docs to properly reflect the fonts' glyph coverage
      (#5064, B&H, Juliusz Chroboczek).
 568. Fix "The Open Group" copyright notices to reflect the change in
      post R6.4 licensing (#5093, Mark Snitily, from X11R6.6).
 567. Added debugging helpers (Egbert Eich).
 566. Added support for the Trident CyberBladeXPAi1 (Egbert Eich).
 565. Fixed Mono8x8Fill problem in S3 Virge and Savage drivers (Egbert Eich).

XFree86 4.1.99.2 (12 December 2001)
 564. Fix XDarwin GetImage bug on screens other than 0 in rootless mode
      (Gregory Parker).
 563. Fix acceleration, hw cursor and console restoration in the "nv" driver
      on PowerPC (Mark Vojkovich).
 562. Fix console switching on r128 & radeon drivers using FBDev (#5075,
      Benjamin Herrenschmidt (radeon), Michel Dänzer (r128) ).
 561. Implement double buffering for XVputimage in the mga driver (#A.601,
      Didier Gautheron).
 560. Fix a wheel emulation problem that prevented delivery of button
      events when the wheel button was the same as one of the emulated
      button (#A.600, Antonio Larrosa Jiménez).
 559. Fix some 'make install.sdk' problems (#A.586, Stanislav Brabec).
 558. Fix mga DGA when UseFBDev is enabled (#A.584, Wayne Whitney).
 557. Fix dri module build when BuildXinerama is set to NO (David Dawes,
      based on #A.599, Pontus Lidman).
 556. Fix libXext build when BuildLBX is set to NO (based on #A.582,
      Didier Gautheron).
 555. Fix typo in ms_MY locale name (was ms_NY) (Hasbullah Bin Pit).
 554. Fix incorrect code in signal handlers in most of the clients,
      xterm and xdm not done yet (Matthieu Herrb).
 553. Add Glint R4 and Gamma2 support to the glint driver (Alan Hourihane).
 552. Fix rotated display in the nv driver (Mark Vojkovich).
 551. By default, validate all available modes rather than only the largest
      such mode (Marc La France).
 550. Various XDarwin improvements:
      - Use all 8 bits of PseudoColor in full screen Quartz mode.
      - Write XDarwin version number to console log.
      - Move Alt/Option key back to Mod1 by default.
      (Torrey T. Lyons)
 549. Fix offscreen memory manager segfault (Jacques Gangloff).
 548. XDarwin Quartz mode cursor improvements:
      - Safely free QuickDraw cursors.
      - Fix disappearing cursor in rootless mode with multiple monitors.
      (Gregory Parker and Torrey T. Lyons)
 547. i810 XvMC fixes (#5078, Matthew J. Sottek).
 546. Downgrade DDC-related mode rejections to warnings as some monitors
      advertise their nominal, rather than actual, tolerances (Marc La France).
 545. Add Korean localization of XDarwin front end (Kyunghwan Kim).
 544. Allow XDarwin to launch from the Finder even if there are spaces, etc.
      in the path to its application bundle (Torrey T. Lyons).
 543. Add XvHsync, XvVsync to adjust skew values for centering of an
      Xvideo window for the trident driver (Geoffrey Hausheer, Alan Hourihane).
 542. Fixed xkb to avoid setting of AccessXTimeout to 0 (Egbert Eich).
 541. Added option to sync the logfile after every line written (Egbert Eich).
 540. Improved APM handling: 
      - Added disable of Input Handlers.
      - Added support for undo on failed APM requests.
      - Set vtSema to false (Egbert Eich).
 539. Improved detection of primary device especially for non-PC platforms
      (Egbert Eich).
 538. Silicon Motion driver Fixes: 
      - Removed separate loading of int10 code.
      - Added reset of graphics engine on EnterVT (Egbert Eich).
 537. Set flag ROP_NEEDS_SOURCE for CPUToScreenColorExpand for all
      S3 Savage chips (Egbert Eich).
 536. SiS driver: 
      - Added fix to restore fbdev mode properly on VT switch/exit.
      - Improved LCD handling on SiS 630.
      - fixed screen blanking in SiS driver to properly blank LCDs 
        (Egbert Eich).
 535. Trident driver: 
      - Fixed screen centering for 640x480 Modes.
      - Fixed video playback for BladeAi1.
      - Fixed hotkey internal/external switching for XPm8/16.
      - Added support for on-the-fly video recentering.
      - Attempt to fix contrast settings for video (Egbert Eich).
 534. Added reset code for PS/2 mice when replug events occurs
      (required for later Linux 2.4.x kernels) (Egbert Eich).
 533. xf86cfg: start AccessX controls even when started from a running server
      (Egbert Eich).
 532. Add support in glint driver for booting secondary cards that have
      the VGA disable jumper set (so no access to the BIOS) (Jay Estabrook).
 531. Add Spanish localization of XDarwin front end (Pablo Di Noto).
 530. Set the r128 DRI driver version back to 2.2 so that the major version is
      the same as for the version in XFree86 4.1.0.
 529. Fixes for DGA2.0 support in the radeon driver (#A.585,
      Shyouzou Sugitani).
 528. Fix mkfontdir's scanning of fonts.scale files to detect a bad file
      resulting from concatenating two fonts.scales files, and to avoid
      buffer overruns from over-long strings (#A.563, Jonathan Kamens).
 527. Avoid i810 VT switching problems on FreeBSD (David Dawes).
 526. Fix a possible SIGFPE in the X-TrueType fonts (#A.640, Nam SungHyun).
 525. Fix -probe and -configure to not clear the screen on exit on SunOS SPARC.
      (Marc La France).
 524. Fix support for ATI Graphics Pro Turbo 1600 adapters (Marc La France).
 523. Newport driver updates, including 24-bit support (#5062, Guido Guenther).
 522. Fix pixel info not being returned from the APPGROUP extension (#5061,
      Chris Bare, from X11R6.6).
 521. Remove debug message in the calcomp driver (#5060, Martin Kroeker).
 520. Replace "X Windows" with "X Window System" or "X" in various places
      (#5058, David Krause).
 519. Fix the size of some lbx struct members on 64-bit architectures
      (#5053, Chris Bare, from X11R6.6).
 518. Fix the size of some xXagGetAttrReply struct members on 64-bit
      architectures (#5052, Chris Bare, from X11R6.6).
 517. Add a NULL check that was missing in the CID part of the Type1 code
      (#5050, Mark Snitily, from X11R6.6).
 516. XKB AccessX LED beep feature (#5047, Chris Bare, from X11R6.6).
 515. Fix WriteToClient flushing bug (#5046, Chris Bare, from X11R6.6).
 514. Fix improper freeing of widget translations in libXt when
      REFCNT_TRANSLATIONS is defined (#5044, Chris Bare, from X11R6.6).
 513. Fix XPrint memory leak (#5042, Chris Bare, from X11R6.6).
 512. Local Authorization Fix (#5041, Chris Bare, from X11R6.6).
 511. Add locale entries for Sami (#5055, Børre Gaup).
 510. Fix XProcessInternalConnection man page duplication (#5040, Chris Bare,
      from X11R6.6).
 509. Minor xrx Imakefile fix (#5038, Chris Bare, from X11R6.6).
 508. Remove outdated xc/fonts/encodings/large/README (#5033,
      Juliusz Chroboczek).
 507. Enable XVideo support for the SuperSavage (#5031, Tim Roberts).
 506. Add some missing locale entries (#5026, Mike Harris).
 505. s3virge driver updates, including:

Slashdot has a link to an Oreillynet.com article suggesting an AOL buyout of Red Hat would not be a good thing. ”
About nine years ago, O’Reilly & Associates sold a service to AOL (before it
caught the slightly bigger prize of Time Warner.) AOL management clearly
impressed our negotiators as savvy go-getters; their success in recognizing the
Internet’s importance and leveraging the Internet to sell their own service was
just one piece of evidence. Yet a year after we sold Global Network Navigator to
them, it was dead.”

Scott Hartsell writes “Norcross GA – Green Light Advantage, a member of IBM’s PartnerWorld for Developers, has released their proactive system management software, AdminUX 8.8, for SuSE Linux and TurboLinux running on IBM* eServer zSeries and S/390 platforms. We are very excited about making AdminUX for Linux available on the IBM mainframe, said Scott Hartsell, President and CEO of Green Light Advantage.

IBM is currently running live versions of AdminUX on the eServer z900 mainframe at the e-business Briefing Center in Poughkeepsie, NY. AdminUX is being hailed as a Virtual System Administrator for Linux Guest on the z900. AdminUX automates 80% of the recommended, routine, system administration tasks for secure, reliable, Linux system operation.

Businesses everywhere are rolling out Linux on the mainframe in new implementations or using Linux to add new life and increased efficiency to their existing technology investment. The power and reliability of the mainframe, the cost savings benefits of the Linux operating system and virtual partitioning technology are prompting customers, business partners and academics to explore how Linux on the IBM mainframe solves business problems with unmatched reliability and efficiency.

A significant number of our enterprise customers are currently planning or implementing applications on Linux for zSeries and S/390, said Joann Duguid, director, Linux on IBM eServer zSeries. And as more and more customers embrace Linux on the mainframe, powerful system administration tools like AdminUX from Green Light Advantage become increasingly essential for business operations.

As more IBM customers move to install Linux into their enterprise, they are going to be looking for system administration products to assist in their transition and support their goal of reduced total cost of ownership. AdminUX has over a decade of system administration experience and offers a truly proactive system administration capability that fits in well with the “lights out” management that mainframe customers have come to expect. We look forward to helping IBM’s customers embrace the Linux operating system by giving them a high-quality, reliable system administrator like AdminUX, Hartsell stated.

As the mainframe and Linux combination make inroads in the e-commerce arena, Green Light Advantage looks forward to helping IBM’s customers embrace the Linux operating system by providing them with high-quality and reliable server management and administration capabilitiesAdminUX is currently available for most major Unix platforms and the major Linux distributions. For more information on AdminUX, contact Green Light Advantage at 800-878-3462 or visit http://www.gladvantage.com

About Green Light Advantage

Green Light Advantage (Norcross, GA) provides proactive system software that enables companies to move their system administration efforts from break/fix to a proactive approach. Green Light is privately held company with sales and marketing located in Norcross, Georgia and product development in Cape Canaveral, Florida. GreenLight is also a member of IBM’s PartnerWorld for Developers program.

AdminUX is a registered trademark of GreenLight Advantage, LLC. The IBM eServer brand consists of the established IBM e-business logo with the descriptive term “server” following it. The IBM e-business logo and zSeries are trademarks or registered trademarks of the IBM Corporation. Linux is a registered trademark of Linus Torvalds.

For more information:

Green Light Advantage, LLC
http://www.gladvantage.com

PO Box 920639
Norcross, GA 30010

Contact:
John Pezzino
Sales Director
Phone: (888) 411-8991
E-mail: jpezzino@gladvantage.com“

From Wired: “Some ICANN board members fear that the Sept. 11 attacks have slowed, and maybe even derailed, plans by the Commerce Department to yield control to the private sector.”

David Sugar submits this item: What’s new in GNU Bayonne (January 18, 2002).
See http://www.gnu.org/software/bayonne for general information.

1. Foundation and Empire
2. Audio prompts then and now
3. Call Queue’s and Joined Sessions
4. Card Exchange Program
5. New release of GNU Common C++

Foundation and Empire
~~~~~~~~~~~~~~~~~~~~~
No, I have not been re-reading Asimov recently. While writing this report, I am on the way to Boston to visit the FSF. The FSF should be well known to most people reading this, although I have noted some whom have question it’s relevance today.

Certainly the FSF’s core mission are both vital and as necessary today as at it’s founding. The FSF’s role as being a copyright holder is often overlooked but is one key to the survival and success of the free software community.

Having a copyright holder is of course essential for the GPL to work since it is in essence a copyright contract, not a license. As such, this is necessary, even essential, since a contract can be subject to rights of second sale, although some dirty proprietary vendors wish to strip the public of this long understood right.

In second sale doctrine, one can resell a product in a manner of their choosing. They could do so in ways that deprive the final customer of his rights. By using copyright law to preserve ownership rather than contract law to dissipate it, the reseller (or redistributor, if you will) of course cannot do so except under the same explicit terms as the software received, as per the GPL.

Individual copyright holders become very complex very quickly in a large project. Sometimes it is necessary to dispute a GPL violation, and while possible, it is more difficult proving standing with only one or a small portion of the holders. Surrendering copyright is of course something that can only be done once, but doing so to consolidate ownership can make it possible to enforce the GPL and even to make it possible to modify later if necessary because of some unforeseen legal twist or turn.

Transferring copyright is something that can only be done once. While there are many so called “open source” companies that receive code from the community and expect them to then assign copyright, there is always risk that such companies may later choose to release proprietary products based on contributed code. Indeed this is already happening and I fear will continue to.

With this in mind, the role of the FSF as a trustworthy community copyright holder is something all free software projects need. As far as I know it is the only copyright holder that engenders such trust. The FSF can neither be bought or compromised. One can think of it as the one copyright holder that assumes all of the burdens and exercises none of the so called privileges of copyright.

Even those that contribute code to companies should consider assuring that at least some of the code has copyright held outside the company and the FSF is and ideal for this. Even honest commercial free software companies can and do trust. Companies that may have secret plans to release proprietary code will naturally object to this, and this is one way to better identify such entities.

This is just one role the FSF plays that is still very relevant. There are other roles, including enforcement of the GPL. The latter is interesting in that often the FSF’s goal is to mearly bring about compliance. Compliance with the GPL, unlike that of proprietary licenses, costs nothing, and need to be done only once. One doesn’t need to audit each and every machine to prove full compliance, or have a vendor use such tactics to intimidate businesses to buy more products the way some shamelessly do. The GPL is simple and straightforward, and has no hidden compliance costs.

This is actually the second trip I have made this week. Earlier I was given a chance to speak to some senior policy people in DC. The situation there is most interesting. For years we have ignored the fed, and some have recently been disappointed by the feds response to the monopolist. However, things are changing and at a level we need as a community to address now.

I have dealt with Federal contracting many years before. For people to speak openly of disgust and even specific incidents of vendor intimidation not only in front of their own senior policy people, but, even more amazing, outsiders, this is unheard of, and clearly something significant has happened. Never have I seen this before. Similarly, never have I heard of a vendor selectively targeting individuals for selective intimidation, let alone on the apparent scale and scope this vendor appears to have.

Equally challenging, it is unfortunate how much lack of understanding there is at the most senior levels in government. When a senior administrator looks at GNOME, say, or KDE, he is shocked. For years, his “paid” buddy, his very best “paid” vendor friend, has been telling him that free software is ugly, that it involves command lines, that doing even basic word processing involves emacs (no offense, Richard 🙂 or vi. Show this person Koffice, open office, even abiSuite, and see the look of surprise. Best, is when the full realization dawns and he understands “I have been deceived”.

The enemies of free software require ignorance to sell their products. Therefore, we must enlighten. The enemies of free software use fear and terror. We must make it clear it is they alone that are true terrorists.

I plan to visit DC more often as what resources I have will allow. I have also been contacting people late this week from other projects who may be able to volunteer to provide basic presentations about their projects to an audience of senior govt people. There exists a venue and forum for this to be done, and the key is to find people who can do this without commercial ties or pitching any commercial products. If you have read this, are interested, and wish to learn more, feel free to contact me directly at sugar@gnu.org, and I will take the time to respond and consider how this can be done and when you might be scheduled.

Ah, but what does this have to do with GNU Bayonne exactly, and why am I going to Boston? Well, the answer for that is much simpler and shorter; the FSF will soon be running it for office services.

Audio prompts then and now
~~~~~~~~~~~~~~~~~~~~~~~~~~
Historically the process of using audio prompt libraries have been a bit confusing in GNU Bayonne. There have been odd notations, like *::playrec, or strange constructions like setting variable paths and then applying them in a play script to play a named file path. I have chosen to simplify this entire process and somewhat automate the way audio prompts are selected.

Consider the “simple” case of “play playrec1” in the 1.0 server. In the old server, this might have been collected from /usr/share/aaprompts/UsEngM/dyfet, which, in fact, is incorrect, since it’s a service specific prompt. Using “play *::playrec1” is more clumsy,

In 1.0, search is made, by /usr/share/prompts/UsEng/dyfet/playrec/playrec1.au because this appears in the “playrec” service script. If it’s not found there, a second search is made for it in /usr/share/prompts/UsEng/dyfet/common/playrec1.au. This makes it more natural and easy to group prompts together and avoid peculiar prompt naming conventions in the script files.

Foreign script prompts can still be done with the :: syntax, as in say play debit::enterpin, as before. However, this does not require a special “alt” prefix the way the old server did; this resolves cleanly to /usr/share/prompts/UsEng/dyfet/debit/enterpin.au.

Even better is the use of new keyword options in GNU Bayonne audio commands. For example:

record %session.digits prefix=prompts

This alone replaces what used to be typically written as:

set %var “prompts/%session.digits”
record %var

Also, consider this new syntax:

play press1 forspanish language=”Spanish”

This replaces what might have used to be written as:

set %audio.language “Spanish”
play press1 forspanish
set %audio.language $language # restore…

All of these things will make it much simpler to construct applications compactly, especially when mixing spoken languages in the same call session, both for Bayonne and Olorin.

Call Queue’s and Joined Sessions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
One important change has been for support of call queues for selection and syncrhonization of incoming and outgoing trunks. This will make it possible to do things like have the least busy port of a policy group selected when an outgoing request is made, or to have a limited resource pool of outgoing lines servicing a larger pool of incoming ones. This also ties into making join a standard operation in Bayonne and Olorin, and makes use of the existing ccScript queue symbol infrastructure.

Another possible use for queue control in GNU Bayonne is for ACD groups. I am considering a pure ccScript implimintation of agent queues. To a limited extent this can be simulated now by constructing queues in the global symbol space in the 1.0 server and then just manipulating them between scripts acting as “agent” scripts and those acting on behalf of callers. Ultimately, however, we need more sufistication. We need to be able to monitor average wait time and to provide real call statistics. This will come in time, either as part of the final 1.0 server, or in development after 1.0.

Card Exchange Program
~~~~~~~~~~~~~~~~~~~~~
Several people have asked me about the possibility of sharing telephony cards between free telephony developers. The idea is that sometimes someone has a card they no longer need or use but that might be useful for another developer to test with. Telephony cards are expensive and somewhat uncommon, so it’s hard to find them cheap.

The idea of the exchange program is to put telephony cards in the hands of developers that need them. For this goal we are looking at establishing a web site where people can provide notice of loaner or donated equipment and developers can express their interest and needs.

I have had one person come forward who may be willing to help put such a site together. I would like to see if we could host it either at gnu.org or alternately a site like voxilla. It need not be a very pretty site, it need only be functional to be effective for this mission.

New release of GNU Common C++
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This has not been a month with many releases. However, progress continues on the 1.0 server, and some bug fixes are being accumulated for a new stable server release. What has seen some recent activity is GNU Common C++.

I have been experimenting with cross compiling GNU Common C++ on a GNU/Linux hosted system. This proved quite workable for experimentation, and in fact it is possible to test native Microsoft Windows executables on such a platform with WINE. I am not generally suggesting this should be done, for I would rather see more Microsoft Windows developers choosing to work on free software rather than see more of us doing Microsoft Windows related development, however, it is possible to test some things this way and it may be useful for some to do so.

Redmond Linux Corp. announced today that it will be doing business as Lycoris. The name change is part of an ongoing effort to gain independence and brand recognition in the growing Linux software market. In addition, Lycoris’ desktop operating system, formally known as Redmond Linux Personal, is becoming Desktop/LX. The company is setting the stage for a wider rage of products and services that center around its flagship product.

“The Linux community, and desktop users in general, should have packaged software choices that integrate into their work environment. We are going to offer more than just a desktop operating system. We needed a company name that reflects that. Users are going to be able to buy packaged, easy to install applications made by us specifically for the Desktop/LX platform,” said Jason Spisak, who is on the Board of Advisors for Lycoris.

This announcement follows on the heels of the release of Redmond Linux Personal Update 1, which will henceforth be called Desktop/LX. The latest update includes fresh binaries of most major components in the operating system to include the current versions. Many users have already used the Redmond Linux Update Wizard feature to upgrade to this latest build at the click of a button. Lycoris is currently selling this new release as a box set with 60 days of e-mail support for $29.95 plus shipping. Within the product itself, the name Desktop/LX will emerge as the brand name of the operating system. Redmond Linux Update will become Desktop/LX Update, as will be the case with the all of the custom extensions Lycoris has built into its easy to use desktop.

By changing the name of it’s flagship product to Desktop/LX, Lycoris will be able to differenciate its product and use trademark to it’s advantage. De-localizing the name was also a concern as Lycoris prepares to partner with resellers around the world.

“Desktop/LX makes more sense from a product naming perspective as we prepare to enter the global marketplace,” says CTO and Founder Joseph Cheek. “While the name Redmond Linux has its appeal, the names Desktop/LX and Lycoris allow us to shed the connotations of being a software publisher in Redmond, Washington.”

About Lycoris
Lycoris, located in Redmond, Washington, was started in the year 2000 with a vision of making Linux easy enough for anyone to use. The company makes open source applications easy to use and integrates them into the linux desktop.

About Joseph Cheek (CTO and founder)
Joseph Cheek’s highly technical background has allowed him to work for companies such as Linuxcare (as a Senior Linux Consultant) and Microsoft (as a network and systems tester). He co-authored the book “Integrating Your Network with Caldera OpenLinux 2.3”, was a Technical Contributor to Microsoft’s Windows 98 Resource Kit, and writes a monthly Linux column for Computer Source Magazine. As an entrepreneur Joseph has worked as a freelance computer network consultant in both the Novell NetWare and Linux spaces.

About Jason Spisak (Board member)
Jason Spisak has a background in the entertainment industry, and uses his knowledge of marketing and aesthetic design to help Lycoris create and sell attractive, buyer-friendly products. His skills aid in positioning Lycoris as a player in the desktop software marketplace and his focus is to bring Open Source, profitability, and usability together under one roof.

For Additional Information
Web: http://www.redmondlinux.org
Info: info@redmondlinux.org
Sales: sales@redmondlinux.org
Lycoris
PO Box 2313
Redmond WA 98073-2313
USA
1+ 425 869-2313
1+ 425 671-0504 facsimile

– by Robin “Roblimo” Miller –
This editorial is purely speculative, based on an unconfirmed report in The Washington Post that says, “AOL Time Warner Inc. is in talks to buy Red Hat Inc.,” an idea I think would be wonderful for everyone who works with computers or the Internet — except Microsoft. For them, an AOL-owned Red Hat would be a disaster.The first and most obvious benefit of AOL getting involved with Linux would be an end to sites that require Microsoft Explorer or other Windows-specific software (like Windows Media Player) to access some or all of their content. All complaints about not being able to access secure bank or other financial transaction sites with Mozilla, Netscape 6.x or Linux would cease. Suddenly every company and organization in the world that decided to ignore browsers other than MSIE (and operating systems other than Windows and/or Mac) would be forced to remedy that mistake.

I’d like that.

Think, too, about the sudden explosion of demand for Web developers who know how to make real, properly-coded, cross-platform sites instead of depending on Front Page and other Microsoft-centered tools, which would suddenly become worthless. The biggest downside to this sudden explosion of need for Linux-hip workers would be an increase in recruiter spam to Linux-oriented email lists as companies scrambled to hire Linux developers, programmers and sysadmins. I think we can live with that problem, can’t we?

But we should also feel a little sorry for the people who deal with reader email at sites like MSNBC and all the rest that run stories online created with MS Word. They are going to get thousands of, “Your site is broken, there are question marks and funny symbols all over it, what is wrong with your site?” complaints from AOL users who suddenly discover that Microsoft’s word processors don’t use industry-standard text markup symbols.

Please try not to gloat if this happens, okay?

Now let’s deal with the fear of an AOL-backed Red Hat “taking over” Linux.

This isn’t going to happen. It can’t happen. Mandrake, OEone, SuSE, ELX, Stampede, Slack, TurboLinux, IBM, Debian, and all the other companies and groups that publish Linux distributions and software will see nothing but good from a major AOL/Linux marketing push.

I say this because, in my own personal experience as a business owner, it is always easier to sell a “better or cheaper than…” product or service against a strong competitor than to be a missionary; to be forced to explain to every potential customer what your product or service does before you can sell it to them. This goes totally against all the “first to market wins the race” business wisdom that drove the dot-com frenzy, but you will notice that most of the first-to-market companies in that crowd are now gone or swallowed, and that the second-to-market (or third or tenth) plodders are starting to take over.

Remember the first personal computer manufacturer? They’re gone! Others have taken their place. Lots of others.

I’m not saying AOL would kill Red Hat, either on purpose or accidentally. I think the combination of AOL, Red Hat and Netscape would be very powerful and successful for many years to come. We tend to forget that AOL’s many divisions have some very, very smart people in them, and Red Hat has plenty of its own. I doubt that it would take long for this combined crowd to come up with an auto-installed Linux variant running in a Windows partition, with a Mozilla-based front-end GUI fully integrated with AOL’s logon screen. Throw in just the word processor element of StarOffice 6 for free, and offer the total suite as a download (through AOL) for $29.95. That’d work. Think how huge an AOL-sponsored Linux software download repository could become, and how easily it could be integrated with Red Hat’s Red Hat Network,with a basic consumer-oriented version free with every AOL subscription.

With a suddenly huge market for commercial Linux software and a much-multiplied user and developer base for Free and Open Source Linux software, Microsoft CEO Steve Ballmer had better have a cardiologist standing by 24/7, because suddenly Microsoft would be faced with a level of competition the company has never seen before: a two-pronged approach with a powerful corporate empire on one point and hundreds of thousands of software idealists on the other. Microsoft might not curl up and die, but suddenly it would be forced to sell its software products on technical merit instead of marketing, which would force more and more major structural (and business strategy) changes at Microsoft than any proposed government actions.

Now let’s talk about the small-time Linux people — and next to AOL/Red Hat, everyone except IBM would be small-time.

AOL Time Warner has plenty of successful competition in both the ISP and the news/information delivery businesses. Their movies are not notably better or more successful than those from other studios. Their music labels have never succeeded in dominating their markets. CNN is not the world’s most popular source of TV news.

In other words, AOL Time Warner’s corporate hallmark is something we might call “good enough-ness.” Their magazines tend to be good, but not great. AOL does many things well (especially mass marketing), but many ISPs offer better and/or less-expensive services, to the point where AOL evangelizes “the Internet” like mad and brings a constant stream of new people to it, then those people gradually learn that they can get better Internet access elsewhere and move on.

I would expect to see the same pattern with AOL-sponsored Red Hat Linux: a decent, mass-market product, promoted constantly on TV and on AOL users’ logon screens. A good-enough product, in other words, with AOL-like 24/7 support, to eat heavily into Windows’ desktop market share.

How hard is it, really, to compete with “good enough” products and services?

Red Hat is not the only Linux company that has smart people working for it, and Debian’s volunteer crew has many brilliant members. A rising ice floe lifts all Penguins on it, every time.

While many Linux purists don’t want to admit the importance of desktop use to continued Linux enterprise market penetration, Microsoft’s marketing people have successfully proved that desktop market share is a major key to marketing server-level software products to the non-technical executives who hold the purse strings in most companies, large or small. Given a choice between something that looks like what they have on their office and home desktops — something “familiar” — and something that looks utterly alien, most people will opt for the familiar every time.

The more Linux out there, the merrier, no matter whose brand name is on it. If AOL Time Warner Red Hat manages to grab 20% of the world’s total desktop operating system market, how could that be worse than Microsoft holding (depending on whose figures you use) between 84% and 92%?

This is all speculation
I’m writing this on Saturday, January 19, 2002, at 1:35 p.m. US EST, and none of my calls to Red Hat or their PR agency have yet been returned. The only news stories I have seen so far about AOL possibly buying Red Hat are the one in The Washington Post and others based on it, and the Post story is totally unattributed. About halfway through it you’ll see the sentence, “Officials of AOL, Red Hat and Microsoft declined to comment,” which can mean anything. Or, just as likely, means nothing.

If we get any more concrete information, we’ll be sure to let you know. But until we do, please regard all “AOL might buy Red Hat” talk as nothing but a pleasant mind game to play during TV commercials, as substantial as a TV weather report that calls for snow while you look out your window and see a clear, sunny sky.