Jeff Gerhardt writes: Tuesday — no, we mean Thursday, December 27th, 2001, from the home of Wayne’s World, Aurora IL, it’s Tonight LIVE on www.thelinuxshow.com
At 6pm pt, 7pm mt, 8pm ct, and 9pm et…. Kevin Hill, Jeff Gerhardt, PJ Hyett, Doc Searls(Linux Journal), Arne Flones and Russ Pavlicek; have another great show lined up tonight on The Linux Show!! Because of the fact that BOTH Christmas and New Year are on Tuesday, we will be having our final show of 2001 on a Thursday evening.

In Segment One – Hot News: We will be covering the hot Linux news of
the last few (several) weeks.

In Segment Two- The Best of 2001-
Tonight we will have the second installment of a 2 part show discussing the most important stories, events, products and companies that have impacted linux and Open Source during 2001. It will be titled The Best of 2001- A Look Forward. Tonight we want to hear from YOU.
All opinions are welcome at GeekCast. If you would like to join us on the show, check our IRC Chat(irc.thelinuxshow.com #linuxshow). Some of you will be invited to call in and voice your opinion.

Remember tune in at 6pm pt, 7pm mt, 8pm ct, and 9pm et.
Catch the Linux show at www.thelinuxshow.com

_NoDDingDog writes: “With the online holiday-shopping rush already over, some consumers might be chagrined to learn now how easy it is for hackers to trick Microsoft’s Internet Explorer browser into accepting bogus certificates for what should be secure access to e-commerce Web sites. Germany-based E-matters, a Web development company, announced Saturday that it had found a hole in IE’s authentication of secure sockets layer (SSL) exchanges that allows Webmasters to use stolen or expired SSL certificates. More at:
NEWSBYTES.COM.”

– by Robin “Roblimo” Miller –
No, that’s not a typo. I know 2002 is the year that’s going to start right after midnight, December 31. But 2003 is the year Microsoft is going to stop full support for Windows 98 and NT, and generally slow down patch and bugfix activity for all pre-XP Windows versions. In 2003 an awful lot of Windows users are going to be faced with the choice of either buying new hardware that will run XP or moving away from Windows. And at least some of these people (and companies) are going to look at Linux as an alternative.

When potential new users look at Linux in 2003, what will they see?

To begin with, they’re almost certainly going to see easier installations and more hardware drivers. Commercial Linux distribution publishers are racing to see who can come up with the simplest and most complete GUI-based install utilities. So far, the winner is … users.

Advances in Linux installation ease over the past two or three years have been nothing short of fantastic. Those who complain about too much diversity in Linux, and wish there was only one “main” Linux distribution and one Linux desktop GUI choice — a la Windows — overlook the benefits of competition. This competition has driven, and is still driving, the rapid pace of Linux usability improvement.

Another major advance, at least on the “ordinary user” usability front, is the increasing acceptance of commercial software for Linux.

I know this flat statement is going to cause some howls, but companies like Red Hat, MandrakeSoft, and SuSE are asking users and potential users, “What do you want from us?” more often than the early, fragmented groups of Open Source itch-scratching developers ever did. Someone who has no commercial interest in a program’s success can say, “It’s free. Don’t expect us to make it easy, too.” A for-profit software company can’t afford to do this. If it wants to make money, it must accommodate customers’ needs. If potential customers say, “We need a word processor that does thus and so before we can switch to Linux,” a commercial Linux software publisher had better either develop that word processor or throw some support toward developers who are already working on something similar.

The marketplace — the Bazaar, if you will — dictates this behavior. Those who see Linux as a Cathedral only Software Priests should be allowed to enter can say, “We already have Emacs and vi, and everyone should learn to use these existing tools instead of wanting someone else,” as loudly as they want, but they are going to find themselves preaching to a smaller percentage of the population every year while the Bazaar thrives and continues to grow in all its messy, mercantile splendor.

Some of the Software Priests will catch on to this new order and will descend into the bazaar; Ximian Gnome, for example, is actively reaching out to the masses. They are still locked in some hacker-to-hacker thought patterns, but this will change — or else Ximian will disappear, replaced or marginalized by more market-oriented companies that offer products and services similar to the ones Ximian is trying to offer today.

So far, KDE developers, many of whom work for commercial Linux publishers, seem more “in touch” with the marketplace than Gnome developers, which may be why KDE is the most popular Linux desktop among people who use Linux as a “work” operating system rather than as a hobby. We seem to be moving toward a split, with KDE becoming the standard “ordinary user” Linux desktop, with Gnome as the leading GUI desktop choice among Linux cognoscenti. There is room for many Linux GUIs and window managers — as long as new users are presented with an obvious choice for their first Linux exposure so that they don’t get confused while they are still in the beginning phases of their Linux experience.

Productivity applications

Some of the biggest news on the “Linux for the masses” front is coming from OpenOffice/StarOffice and theKompany. StarOffice 5.2 — the current version — can work with documents generated by Microsoft Office or WordPerfect, but has too many flaws to become truly popular. OpenOffice and its close relative, StarOffice 6 (now in beta), seem to have eliminated most of StarOffice’s famous deficiencies. A well-publicized free (or very low cost) professional level office suite that can run on either Windows or Linux, backed by a well-known IT company like Sun, is going to turn a lot of corporate heads. If nothing else, people who say, “I have to use Windows at home so I can take work home, and our company uses Microsoft Office like mad,” won’t have to say this any more. They’ll be able to use Linux and StarOffice — or OpenOffice — to handle those pesky Microsoft Office files in their home offices.

TheKompany’s Kapital personal finance manager is a commercial product that looks like it may be able to go head-to-head with Quicken and other user-level Windows financial management programs. GnuCash is adequate for many Linux users’ needs, but the latest version has so many dependency problems that it is nearly impossible for “ordinary” users to install. Kapital is a product designed to capture end user market share, and is much easier to install and start using than GnuCash. GnuCash, as its name implies, is a GNU product. Kapital is licensed under a “hybrid” system; while theKompany retains intellectual property right and expects to be paid for each copy of the software, users get the source code and are free to modify it however they like for their own use, other than the copyright provisions and registration keys. This license style may or may not become widely accepted for Linux-based commercial software. If it does, it may someday be seen as theKompany’s single most important contribution to Linux development. But that won’t be apparent as early as 2003.

Where’s the “soft” software for Linux?

I’m using the made-up phrase “soft software” to cover all the programs you don’t have to have but make computing easier or more enjoyable. Games fall into this category, and there are suddenly lots of new games (and rehashed Windows games) for Linux coming out. By 2003 there will probably be enough Linux games available that it will be hard for anyone who works or goes to school to find time to play even a small percentage of them all the way through.

Now what about all the other “soft software” you see on computer store shelves? The special purpose desktop publishing programs that supposedly turn newsletter publishing into a click-click-click job anyone can do? Programs that help small entrepreneurs make their own business cards? Interior decorating and home design software? Even — although it’s a necessity, not a “soft” need, for many professionals — 3D CAD capability? There are very few specialty applications available for Linux. They will be written only if Linux becomes popular enough that they become profitable to write or enough capable Free Software developers choose to work on them (which may require significant expansion of the Linux user and developer base), but without lots of specialty software there is no way Linux can become a true “mass market” desktop operating system. Not that this is news; this chicken/egg conundrum, often called the “network effect,” has been discussed to death since personal computers first had operating systems.

My personal take on specialty apps and “soft software” is that they’re rapidly moving onto the Web and increasingly browser-based, so the operating system on your local machine is gradually getting less important as a factor in their use. Unfortunately, Microsoft is also aware of this phenomenon, and is working to dominate the online ASP (application service provider) market through .NET. Microsoft currently claims .NET is operating system-agnostic, but in light of past Microsoft actions this will probably not be true for long. There are several industry coalition groups working on .NET alternatives. It is possible that massive companies like IBM, Sun, and perhaps AOL, working together, may be able to out-muscle Microsoft. In this clash of titans, the rest of us can’t do much besides staying out of the way. I pity all the small software developers who are going to be harmed because they rooted for the wrong side. Perhaps this will serve as a wake-up call to those who have decided to work only on Windows software, and a growing number of canny applications developers will start offering their products for multiple operating systems instead of just for one. Perhaps by 2003 we’ll start to see a significant percentage of boxed software CDs in stores showing “Linux, kernel 2.X or higher” among the supported operating systems printed on the sides of their boxes. That would be nice, wouldn’t it?

Advertising and publicity

This is the area where a distributed, “many choices” development model is at its greatest competitive disadvantage against a single large company. IBM runs TV spots that mention Linux briefly as a server operating system, but that’s just about the only commercial mass media exposure Linux gets right now. We get email addressed to Linux.com suggesting that “we” should advertise on TV. Some of that email includes scripts for commercials. But Linux.com only furnishes information about Linux, and has no budget for mass media ad buys. Red Hat, SuSE, and all the other commercial Linux distribution publishers put together probably couldn’t raise enough cash to put together a TV campaign large enough to be noticeable next to the endless Windows XP ads that are all over U.S. network TV.

But what are the chances of all these companies coming together, pooling their resources, and making mass media ad buys to promote Linux in general? Zero? A bit higher than zero? Not enough higher than zero to matter, I’m sure.

There’s an organization called Linux International out there, but lately it hasn’t been doing much in the way of mass-market Linux promotion that we can see.

So who is going to promote Linux?

So far, the answer seems to be this: “You and me, both as individuals and as Linux User Group members,” are the most effective Linux promoters out there. I personally believe the most effective Linux outreach takes place at local or regional computer shows and IT trade group meetings, and I believe LUG presences at these events should be sponsored by commercial Linux vendors in the form of financial assistance if at all possible, and if that isn’t feasible, in the form of “demo” CDs and printed material.

Linux International has some help available on the printed material front, in the form of (.pdf format) downloadable brochures groups can print themselves. But the printing and distribution is up to the LUG or other local organization, so it still comes back to Linux being something that is primarily evangelized by volunteers.

Hopefully, this will change, at least a little, over the next year. There are enough companies now working to market Linux-based products and services that at least a few of them are bound to spend a few advertising and promotion dollars not only to support Linux-specific media, but also to reach beyond the Linux community into the “mainstream” media one way or another. Sure, each company is going to boost its own wares, but a rising Penguin lifts all …

(That metaphor doesn’t work quite right, but you get the idea.)

Anyway, we hope a few other companies will follow IBM’s lead and at least mention Linux to the so-called general public now and then.

On the software development and general usability fronts, Linux is advancing at a spectacular rate; it looks like it will be usable for, and used by, lots more people in 2003 than it is now, at the end of 2001.

And with that, I am going to stop typing — and take a few days off before getting into the swing of a new year, one I sincerely hope is full of exciting Linux and Open Source news we can bring to you on NewsForge and Linux.com.

NewsFactor Network writes “There’s a movement that is gaining momentum and beating major wireless service providers. The movement aims to provide free or cheap(er) wireless access to everyone in a community. These pockets of homegrown wireless LANs are sprouting up in major cities and small towns from Sydney, Australia to Green Bay, Wisconsin.Thanks to the widely adopted 802.11b (or Wi-Fi) wireless standard and its ease of implementation, anybody could start a wireless LAN for less than US$300.”

From PC Advisor: Researchers at Toshiba have developed an LED (light emitting diode) capable of firing a single photon at a time, which could make sending encrypted messages truly secure.”

NewsFactor Network writes “In the last few months, we have seen incredible violations of civil rights, all in the name of public safety and national security. The arguments for Free Software come into play here, and proprietary software companies face an uphill battle when defending themselves. In the meantime, the Free Software movement has produced superior products and will continue to compete furiously in the software marketplace, but only by continuing to do what is right and by taking the high road even when competition is stiff”

Craig writes, “What’s your first thought when you hear “Redmond”? You probably don’t think of Linux, but a new company is trying to change that. Redmond Linux Corp. is trying to make Linux more usable for Windows users. Joseph Cheek, CTO and founder of Redmond Linux Corp. talks to searchWin2000 about how Redmond is making Linux more user-friendly. That other software firm in town also came up. You can get the interview here at searchwin2000.techtarget.com.”

InfoWorld Magazine: “So what is the verdict? The harsh financial climate of 2001 may have put the squeeze on open-source companies, as it did on most computer companies, but it did not dampen the adoption rate of open source in business. In fact, 2001 was the first year when an open-source solution could be proposed without drawing snickers or aghast
looks from management.”

Red Hat: “Updated namazu packages are available for Red Hat Linux 7.0J. These packages fix cross-site scripting vulnerability.”

From:	 bugzilla@redhat.com
To:	 redhat-watch-list@redhat.com
Subject: [RHSA-2001:162-04] Updated namazu packages are available
Date:	 Mon, 24 Dec 2001 22:05 -0500
Cc:	 bugtraq@securityfocus.com, linux-security@redhat.com

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated namazu packages are available
Advisory ID:       RHSA-2001:162-04
Issue date:        2001-12-03
Updated on:        2001-12-07
Product:           Red Hat Linux
Keywords:          namazu cross-site scripting
Cross references:  
Obsoletes:         
---------------------------------------------------------------------

1. Topic:

Updated namazu packages are available for Red Hat Linux 7.0J. These
packages fix cross-site scripting vulnerability.

2. Relevant releases/architectures:

Red Hat Linux 7.0J - i386, noarch

3. Problem description:

namazu may inadvertently include malicious HTML tags or script in a
dynamically generated page based on unvalidated input from untrustworthy
sources.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):



6. RPMs required:

Red Hat Linux 7.0J:

SRPMS:
ftp://updates.redhat.com/7.0/ja/os/SRPMS/namazu-2.0.9-0j1.src.rpmftp://updates.redhat.com/7.0/ja/os/SRPMS/perl-File-MMagic-1.13-1.src.rpm

i386:
ftp://updates.redhat.com/7.0/ja/os/i386/namazu-2.0.9-0j1.i386.rpmftp://updates.redhat.com/7.0/ja/os/i386/namazu-devel-2.0.9-0j1.i386.rpmftp://updates.redhat.com/7.0/ja/os/i386/namazu-cgi-2.0.9-0j1.i386.rpm

noarch:
ftp://updates.redhat.com/7.0/ja/os/noarch/perl-File-MMagic-1.13-1.noarch.rpm



7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
f91af7ba66f038d4a6ba310843ff8a47 7.0/ja/os/SRPMS/namazu-2.0.9-0j1.src.rpm
2e625ba5c4903cc7323bb47c5ecae74e 7.0/ja/os/SRPMS/perl-File-MMagic-1.13-1.src.rpm
3ccdb16142a0ae0db0a1abf1985d037e 7.0/ja/os/i386/namazu-2.0.9-0j1.i386.rpm
7de1feeb554ab8ce7c8ec8fc52d177f2 7.0/ja/os/i386/namazu-cgi-2.0.9-0j1.i386.rpm
e34d70e1b82e2625a2b9f58998bbb7c1 7.0/ja/os/i386/namazu-devel-2.0.9-0j1.i386.rpm
7f68abfae1549924effa98fb3ce194f8 7.0/ja/os/noarch/perl-File-MMagic-1.13-1.noarch.rpm
 

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

8. References:




Copyright(c) 2000, 2001 Red Hat, Inc.

Gnome: “Documentation and translation are seeing steady improvement and the application is working smoothly. We have returned to a state with no known crashes, or data corruptions. Barring new reports this release will become 1.0.0 on Sunday Dec 30/2001.”

From:	 Jody Goldberg <jody@gnome.org>
To:	 gnumeric-list@gnome.org, gnome-announce-list@gnome.org
Subject: Gnumeric 0.99.1 (Release Candidate 2)
Date:	 Wed, 26 Dec 2001 02:53:22 -0500

Gnumeric 0.99.1 aka 'Release Candidate 2' is now available.

	This is a bug fix release.  Many thanks to all the testers.  People
	were obviously in a festive mood and thankfully reported lots of issues
	big and small.  Even better they did it _before_ the release !

	Documentation and translation are seeing steady improvement and the
	application is working smoothly.  We have returned to a state with no
	known crashes, or data corruptions.  Barring new reports this release
	will become 1.0.0 on Sunday Dec 30/2001.

* New Features

	* Implement merges and spans in html exporter			(Andreas)

* Bug fixes & Polishing

	* Improve documentation and regenerate images			(Adrian)
	* Improve documentation incl. analysis tools, files & worksheet	(Andreas)
	* Make output from HTML4.0 and HTML3.2 exporters validate 	(Andreas)
	* Fix copy multiple cells to single merged cell (#67298)	(Andreas)
	* Fix expr entry widget: used to get confised on mouse clicks	(Andreas)
	* Add insert Graph menu item & icon				(Jody)
	* Fix Exit icon for bonobo build.				(Jody)
	* Delete the CAPS lock feature from autocorrect.		(Jody)
	* Fix Chema's sneaky cursor grab.				(Jody)
	* Applix import for v4.41, add it to the mime types.		(Jody)
	* Inter-Gnumeric pasting support for merges, and shares.	(Jody)
	* Fix life cycle of validation styles.				(Jody)
	* Undo for pasting a cut was saving too much.			(Jody)
	* Parser was not honouring requests to ensure absoluteness.	(Jody)
	* Transparent makes no sense for lines & arrows.		(Jody)
	* Improve help tokenizer.					(Jody)
	* Don't prompt for sheet delete if it is pristine.		(Jody)
	* Autofill includes autoformats for expressions.		(Jody)
	* Edit position after undoing a merge.				(Jody)
	* Partial fix for del col/row undo with dependent objects.	(Jody)
	* Support some additional forms of #!REF in XL import.		(Jody)
	* Fix XL importing of graphs with embedded graphs.		(Jody)
	* Improve autofill handling of merges & arrays.			(Jody)
	* Support pasting transposed merges.				(Jody)
	* Ensure that cell sizes never violate absolute minima.		(Jody)
	* Fix format leak (thanks Morten)				(Jody)
	* Fix data validation.						(Jody)
	* Dirty workbook when modifying summary info.			(Jody)
	* Invalidate names refering to deleted expressions.		(Jody)
	* Fix row height resize when undoing changes to JIT rendering.	(Jody)
	* Fix DATE.							(Morten)
	* Fix a pile of leaks in financial functions.			(Morten)
	* Fix COUPNCD, YIELD, PRICE.					(Morten)
	* Fix overflow issues.						(Morten)
	* Search and search-replace history persistence.		(Wayne)
	* Improve documentation: intro and printing			(Wayne)
	* Make bound errors for INDEX consistent.			(Tino)
	* Support importing multi-byte text.				(Nakai)

* Translations

	Andreas Guelzow (de), Christian Meyer (de), Christian Rose (sv),
	Dan Damian (ro), Duarte Loreto (pt), German Poo-Caaman~o (es),
	Gustavo Maciel Dias Vieira (pt_BR), Morten Welinder (da),
	Roy-Magne Mo (nn), Stanislav Visnovsky (sk),,
	Takeshi Aihana (ja), Yukihiro Nakai (ja), Zbigniew Chyla (pl)

* Availability

	http://download.gnome.org/GNOME/stable/sources/gnumeric