Category: Technology

By Jeffrey Carl

Boardwatch Magazine was the place to go for Internet Service Provider industry news, opinions and gossip for much of the 1990s. It was founded by the iconoclastic and opinionated Jack Rickard in the commercial Internet’s early days, and by the time I joined it had a niche following but an influential among ISPs, particularly for its annual ranking of Tier 1 ISPs and through the ISPcon tradeshow. Writing and speaking for Boardwatch was one of my fondest memories of the first dot-com age.

SuSE Linux is often referred to as “the European Red Hat,” since SuSE enjoys the kind of market domination there that Red Hat does in the U.S. For the record, SuSE is pronounced “SUE-zuh,” and the name was a catchy little acronym for the rather awkward “Gesellschaft für Software und Systementwicklung mbH.” A reader survey by a German Linux magazine found SuSE with about 75 percent market share to Red Hat’s 11 percent and Debian’s 8.5 percent. Although I wasn’t able to find figures, it’s also safe to say that SuSE enjoys a commanding market share in many other areas outside the U.S. as well.

A major factor cited for this is the fact that SuSE’s distribution includes six CDs with more than 1500 extra software packages to install. While many U.S. users with broadband connections don’t particularly care, it’s an important factor for users (especially for international users) who have slow connections, pay per-minute charges for their bandwidth or otherwise find it inconvenient to spend large amounts of time downloading new software.

Advantages frequently cited by SuSE users aside from the copious CD software collection include SaX, an excellent X Windows configuration tool; and YaST, SuSE’s LinuxConf-like administration tool. While these features are a favorite for some users, others complain that the enormous number of available applications in the install CDs makes installation cumbersome. And YaST, like LinuxConf, seems very much to be a “love it or hate it” application, with opinions varying widely by personal preferences.

SuSE distributions tend to be a little less “cutting-edge” than Red Hat’s, lagging a couple months behind with the “latest and greatest,” but as a result tending to have fewer bugs. Whether this tradeoff is acceptable is up to you; it should be noted that SuSE acquitted itself fairly well in the recent Security Portal Linux Distribution Security Report (http://www.securityportal.com/cover/coverstory20000724.html).

The current version of SuSE for x86 hardware (as of this writing) is 7.0. SuSE recently released a well-reviewed version of their 6.4 distribution for PowerPC-based Macintoshes, which includes the MOL (Mac on Linux) emulator among other goodies. To find out more, I asked SuSE Chief Technical Officer Dirk Hohndel and press representative Xenia von Wedel:

Carl: Could you give me a brief history of SuSE?

Hohndel: In 1992, the four founders ran into the (back then largely unknown) Linux operating system (or more precisely, the beginnings thereof). They quickly saw the need for Linux on “off-line media”, as Internet connections were not commonplace in Germany back then (and still are quite expensive). More importantly, a physical distribution made it easier to bundle documentation and support, and of course to make SuSE’s own developments for installation and configuration available as part of the package. Soon SuSE Linux became the standard Linux OS in Europe, and in the past few years SuSE has been quite successful outside Europe as well (less because of a strong marketing arm, but more due to its focus on sound technology and good engineering).

Von Wedel: SuSE Linux AG, headquartered in Germany, and SuSE Inc., based in Oakland, CA, are privately held companies focused entirely on supporting the Linux community, Open Source development and the GNU General Public License. With a workforce of over 450 people worldwide, SuSE has offices all over Europe, Venezuela and in the US. More than 50,000 business customers use SuSE Linux worldwide due to its stability and high quality.

SuSE received the “Show Favorites” award at LinuxWorld Expo in February 2000 and March 1999. SuSE contributes considerably to Linux development projects such as the Linux kernel, glibc, XFree86TM, KDE, ISDN4Linux, ALSA (Advanced Linux Sound Architecture) and USB (Universal Serial Bus). Additional information about SuSE can be found at http://www.suse.com.

Carl: What is included with the newest release of SuSE?

Hohndel: Linux kernel 2.2.17/PRE (2.2.16 plus the relevant patches for it) with enhanced raw device support and 4 GB main memory addressing, full USB support and ReiserFS XFree86 4.0 and SaX 2, the graphical installation tool for XFree86 4

SuSE Linux Professional includes more than 1500 apps such as StarOffice 5.2; Acrobat Reader; Samba 2.0.7; Apache 1.3.12  including PHP-4, Zope, Midgard, JServ, Tomcat, backhand and WebDAV; Lutris Enhydra 3.0; teleconferencing; Sendmail 8.10.2; Postfix 19991231pl08; Perl 5.005_03; Logical Volume Manager; PAM; KDE 1.1.2, KDE 2.0 Beta3, and GNOME 1.2.

SuSE Linux is known to be one of the richest and most complete versions of Linux, so almost all the important packages are there. One of the interesting new features is that SuSE Linux 7.0 can be installed and used using Braille; it can therefore be used and managed by the visually impaired.

Carl: What platforms does it support? What are the minimum requirements for SuSE?

Hohndel: At the moment, SuSE Linux is available as a shrink-wrapped product for Intel x86 and compatible processors (IA32), Motorola PowerPC and Compaq Alpha processors. A beta version for IBM mainframe S/390 can be taken from SuSE’s ftp server. Versions for SPARC and IA64 are under development and also available via FTP.

Von Wedel: Please see detailed information about some special hardware in our support database. Just search for the desired keyword at http://www.suse.com/support/hardware/index.html .

Carl: What are some configurations that SuSE would recommend, or it really excels with?

Hohndel: We have certified quite [a lot of] hardware with SuSE Linux, a current list can be found on our web site. I don’t think that it makes sense to point out specific configurations, as those tend to change all too frequently. 

Von Wedel: If you are running a NIS or simple file server, a slower Pentium or even a 486 would work fine. For a standard all-around machine, you would probably want the average machine found on the shelf at Best Buy or CompUSA [including] big hard drives, a Pentium III and at least 128 MB of RAM. This machine will allow you to run programs like Quake III and VMware without problem. We tell our customers to avoid any hardware where the manufacturer refuses to release open source drivers for it.

Carl: What would you say differentiates SuSE from other Linux distributions?

Hohndel: SuSE maintains consistent technical quality throughout all platforms and all languages. We also have an encyclopedic set of Linux tools, for which SuSE Linux is already famous. YaST and YaST2 are well known as solid and easy-to-use installation and configuration tools that are flexible enough to support a wide range of installation options for the enterprise environment.  Additionally, for optimized support for fully automated installation, SuSE’s new ALICE (Automatic Linux Installation and Configuration Environment) tool allows central configuration management for computer networks.

Carl: What is YaST? Where can I find more information about it?

Hohndel: YaST stands for Yet another Setup Tool. A white paper that covers some of the important features is available on the web at http://www.suse.de/de/linux/whitepapers/yast/Auto_Install_English_text.txt.

What is important to know about YaST is that it offers a central configuration and administration interface, but can be told to stay out of the way if the admin chooses to configure parts of the system “manually.” So, you can benefit from the flexibility and know-how that has been put into the tool without being stuck with it. Many typical administration tasks (adding printers, setting up accounts, adding software packages) can comfortably be done from within YaST.

Carl: For someone operating an ISP, what reasons could you give to choose SuSE over another Linux distribution?

Hohndel: SuSE has a strong focus on security within its distribution. We do not only have an internal security team within SuSE Labs that audits all major packages and closely follows all relevant information sources, but we also maintain an active dialogue with our customer base, through mailing lists and security alerts. 

Furthermore, SuSE is extremely well connected with numerous industry leaders, from both the technology and the business perspective. We maintain strategic alliances with IBM, Compaq, Fujitsu Siemens Computers, Oracle, SGI, and numerous other independent software vendors. And [since] SuSE supports the Free Standards Group, SuSE customers will be sure to use the widely spread Linux distribution that sets up the standards. Already today SuSE is compliant with all the draft standards from LSB [Linux Standards Base].

Carl: For someone operating an Internet server – what, if any, are the drawbacks for choosing SuSE?

Hohndel: Quite frankly, I don’t see any drawbacks in choosing SuSE. Our system is well tested for exactly this use case. Interestingly enough, while globally about 30 percent of all web servers run Apache on Linux, in Germany, our “home turf,” that number is above 40 percent. So SuSE Linux is in very heavy use for exactly that – an Internet server.

Carl: What advantages would you cite for someone choosing SuSE Linux over another server OS, like Windows 2000, Solaris or FreeBSD?

Hohndel: Open Source is by many seen as the software development methodology of the future. Especially in the area of infrastructure systems, for example Internet servers, Open Source has gained the respect and the trust of the companies deploying these systems.

Linux is finally keeping the old Unix promise. It is the first truly homogeneous OS in a heterogeneous hardware environment. At the same time, it is a very flexible environment that allows for easy customization and can be adapted to the needs of very different use cases, from tightly controlled firewall system to fully-fledged server to complete desktop.

And, of course, there are lots of companies that develop on Linux and for Linux, and there is plenty of companies supporting Linux and offering professional services around Linux. SuSE is obviously one of them.

Depending on the OS that you compare with, a different combination of these arguments apply. 🙂

Carl: Where could someone running an Internet server go for help and tips on SuSE?

Hohndel: We offer both support and professional services around SuSE Linux. A good place to start is http://www.suse.com/suse/news/PressReleases/proserv.html. We already offer 24×7 support here in Germany and will roll out this service globally, soon. 

And of course we offer the famous support database and component database (http://sdb.suse.de/sdb/en/html/index.html and http://cdb.suse.de/cdb_english.html).

Carl: What’s next for SuSE? What improvements are you planning for the future?

Hohndel: We continuously expand the hardware base that SuSE Linux supports. As I mentioned above, S/390, IA64 and SPARC are already in beta test (or close to production), and others will follow.

The installation and configuration tools are continuously being developed and will of course be one of the areas that we continue to focus on. Especially things like improved hardware detection, but also ergonomic aspects of the administration process.

And of course we are putting a lot of effort in many Open Source projects. [These include] “enterprise” features like high availability, improved SMP support or our work on directory services and better file systems, or desktop-oriented things like XFree86 and KDE.

An important focus of improvements is ISV [Independent Software Vendor] support. We are working closely with many ISVs to help them port their software to a standardized Linux environment to get the largest set of applications for Linux possible.

So there are a lot of things that you can expect from SuSE in the future. We are excited to be in this fast-growing industry and are looking forward to the things to come.

By Jeffrey Carl

Boardwatch Magazine was the place to go for Internet Service Provider industry news, opinions and gossip for much of the 1990s. It was founded by the iconoclastic and opinionated Jack Rickard in the commercial Internet’s early days, and by the time I joined it had a niche following but an influential among ISPs, particularly for its annual ranking of Tier 1 ISPs and through the ISPcon tradeshow. Writing and speaking for Boardwatch was one of my fondest memories of the first dot-com age.

This column was originally supposed to be about supporting FrontPage users on Unix, but Boardwatch’s editors edited all the swear words out of my 2,000 word column and were left with a total of 12. So instead, I turned to Macmillan’s Linux-Mandrake 7.0. 

The Basics

Linux-Mandrake 7 is earning rave reviews all over the place right now, and with pretty good reason. Linux-Mandrake is heavily optimized for Intel Pentium-family chips, but should run fairly well on AMD or Cyrix-based systems. System requirements are listed as any 586 (Pentium-equivalent) or higher CPU, 16 MB RAM (64 MB recommended), 500 MB disk space minimum (1 GB+ recommended), and a 3.5″ floppy drive or CD-ROM drive for installation.

Linux-Mandrake 7 is available free via FTP from http://www.linux-mandrake.com/en/ftp.php3. It comes in standard FTP install format, as well as a downloadable ISO 9660 CD image. MandrakeSoft itself sells distro CDs, and Macmillan also distributes and sells three shrink-wrapped versions of Linux-Mandrake 7.0: Complete, Deluxe and Secure Server (see below in the interview for more information on what the different packages contain). The Complete package retails for $29.95 (although I found mine at Wal-Mart for $25); Deluxe sells for $55-$60, and the Secure Server package sells for about $100.

The Distribution

The distribution is pretty up-to-date (at least as of this writing). It includes kernel 2.2.14, glibc 2.1.2, XFree86 3.3.6, and more. All of the defaults here are stable – you won’t find anything too bleeding edge in the included components, so if you want to wreck your system with the development kernel or XFree 4.0 beta du jour, you’ll need to go out and download it for yourself.

Most of the clamor for Linux-Mandrake 7 has been over the reports that it’s the easiest Linux distribution ever for a new user to install and set up. Mandrake’s efforts in this direction are focused on three new (or at least fairly new) tools. 

The first and second are DrakX, first introduced with Mandrake 6.1, and DiskDrake. DrakX is the new all-singing, all-dancing, all-graphical installation tool – and it’s certainly the most user-friendly install tool that I’ve seen for a Freenix (an install tool with themes?). It handles all of the basics you’d expect, as well as taking a good stab at autoconfiguring the LILO boot loader and X Windows (plenty of drivers for popular video cards are included). DiskDrake is the graphical disk-partitioning tool for use with DrakX, although you can also use good old fdisk or cfdisk. 

The third new tool is DrakConf, which bundles in LinuxConf as well as its own versions of hardware, software, networking and security tweaking tools. For a user or administrator new to the platform, DrakConf keeps a lot of common tools very handy. Also available are RPMdrake (for RedHat Package Manager installations) and Lothar, a nifty program for autoconfiguring sound cards and other audio-related devices.

So, what’s not to like? With all of the goodies in this distribution, Mandrake has its sights squarely focused on its intended consumer – and that consumer probably isn’t you. Linux newbies and desktop/workstation users are the target market here, and it isn’t evident that much has been done to optimize or enhance Linux-Mandrake’s performance specifically as an Internet server.

However, that last assessment may be a little too harsh (or too much to expect). Regardless of what type of user you are, good administration tools help everybody; and the Pentium optimization certainly helps if you’re running an Intel-based server. And to some extent, every Linux distribution uses some version of the same kernel, so there isn’t much you can expect Mandrake to do to increase the performance of the Linux TCP stack. 

The Questions

To find out more about the appeal of Linux-Mandrake 7 for ISP/webhosting users, I asked Steve Schafer, the Senior Title Manager for Linux at Macmillan.

Jeff: Can you give a brief history of Linux-Mandrake?

Steve Schafer: Linux-Mandrake started as a volunteer project to help make the standard Red Hat Linux distribution more robust and yet more user friendly. Approximately two years ago the principals of the project created a company, MandrakeSoft, to oversee and lead the project into a retail venture. Version 5.3 of Mandrake was built from the Red Hat 5.2 distribution and was distributed through outlets like LinuxMall. The distribution continued to gain a following for power and ease of use. Versions 6.0 and 6.1 went on to win the “Editor’s Choice: Product of the Year” award at LinuxWorld in 1999, and various kudos for being a “better Red Hat than Red Hat.” Mandrake 7.0 raises the bar even further as you will see below.

J: Why should I use Linux instead of another Freenix like FreeBSD or OpenBSD? 

SS: One word: support. Linux remains on the cutting edge of technology, with solid support both online and paid, the latter provided through retail purchase or a support contract through a dedicated Linux support organization like Linuxcare. The interface and standards continue to evolve, presenting a clean, more user-friendly environment for a technical OS.

J: What’s new with Linux-Mandrake 7? 

SS: The main differences in 7.0 come in the way of installation and configuration. The new graphical install (DrakX) can be tailored for each user’s tastes and technical level – the “Recommended” install provides for less decision making on the part of the user and makes various assumptions about the target machine to make the install fairly seamless, while the “Expert” install allows the user full-control over how the OS will be installed. Several new customization utilities allow the user to quickly and effectively change the configuration once the OS is installed, changing the interface, security options, adding and configuring hardware, and more. Mandrake continues their tradition of offering more base utilities and pre-configured desktops as well.

J: How does Linux-Mandrake perform for Internet serving tasks in relation to other Linux distros? Is the differentiation something other than performance (e.g., ease of use, pre-installed apps, etc.)?

SS: By and large, most Linux distributions perform the same types of serving tasks since they are all cut from basically the same mold. The difference Mandrake makes comes in two areas: customization and Pentium optimization. See the other section(s) for info on the customization (both what Mandrake does automatically, and what tools exist for the user). As for Pentium optimization: Mandrake recompiles ALL packages with Pentium optimization. Although the performance increase for workstations is slight, it is much more pronounced in the server environment. When a server is loaded with several users all utilizing resources, the faster the server can complete tasks, the better. (Of course, this is only true if the server’s processor is Pentium [or derivative] based.)

J: What are Linux-Mandrake’s different products, and whom are they intended for?

SS: Macmillan offers three distinct Linux-Mandrake products, geared toward specific Linux customers:

Complete: This value-packed product is geared toward the beginning user, or the user who is taking Linux for a “test drive.”  Macmillan adds the following components to the base Linux-Mandrake OS:

• PartitionMagic and BootMagic – for ease of installation on a Windows machine for dual-booting between OSes. (Recent research showed that 70% of retail Linux purchasers install Linux in a dual-boot configuration.)

• StarOffice 5.2 – This powerful office suite provides word processing, spreadsheet, presentation, and graphics functionality. Compatibility with Microsoft products ensures maximum data transportability.

• Linux Library – 3500 pages of additional Linux documentation (in electronic form) from the Macmillan imprints Que and Sams.

Deluxe: This six-CD set provides the most Linux content for the money. Geared to address the professional user, this product provides more of everything Linux. In addition to the base Mandrake OS and its sources, these additional 4 CDs are provided:

• Contributors CD: Close to 900 additional utilities, applications, documentation, etc from the Linux community.

• Contributors Source CD: Source code for the Contributors CD.

• Applications CDs (1 & 2): Over 30 commercial and demo applications, including StarOffice, WordPerfect for Linux, etc.

[Jeff’s Note: The Commercial Applications CDs (available with the Deluxe version) includes full and limited versions of some very tasty goodies including: Acrobat Reader 4; Executor (a MacOS emulator); IBM’s JDK, Lotus Notes and ViaVoice (voice recognition word processor). It also has demos of the games Civilization: Call to Power, Railroad Tycoon II and Myth II; an evaluation version of VMware; and WordPerfect. True, almost all of this is available via download – but if you’d like it all in one easy-to-install package, this is a mother lode.]

Secure Server: For the professional “with a purpose,” this product offers the base Mandrake OS bundled with a secure Web server for starting an e-commerce operation. Additional utilities and a custom Linux Library (over 4200 pages of electronic docs from Que and Sams) round out this product.

J: What are Linux-Mandrake’s particular strengths? What are its weaknesses?

SS: Mandrake’s strengths include:

• Red Hat compatibility

• Pentium optimization

• Cutting edge components (latest kernel, XFree, etc)

• Scalable graphical installation

• Pre-configured desktops and user interfaces

• Comprehensive graphical configuration tools

• Additional packages, drivers, utilities, apps and more

Honestly, it’s hard for me to think of weaknesses regarding Mandrake. This distribution has the depth to satisfy the hardcore user, but the simplicity (install and customization) to engage the beginner as well. Linux overall does have weaknesses, mostly surrounding the implications of open source and staying ahead of the technology curve. For example, there isn’t one multi-million-dollar firm behind the Linux distros (Microsoft) and the kernel has just begun to support technologies like USB. Keep in mind that these disadvantages exist across the spectrum of Linux, not just with Mandrake.

J: Why should I use Linux-Mandrake instead of another distro for my web, mail or dialup authentication server?

SS: All the reasons stated above, particularly the ability to support the latest hardware, ease of customization, bundled components, etc. This is true across the board of applications (web, mail, dialup authentication, etc).

J: What’s the recommended hardware for a Linux-Mandrake Internet server? Is there anything that works particularly well?

SS: The answer really depends on the workload and user load the particular box will experience. One prominent ISP (CiHost) uses Red Hat for their Web hosting servers which are dual-Pentium boxes. Recently LinuxWorld (February in New York) used Mandrake for their registration system, probably high-end Pentiums using dumb terminals (low-end boxes) for input. 

When considering Linux-Mandrake, it’s important to consider running on a Pentium or derivative due to the recompilation using Pentium optimization.

J: How easy/difficult is it to migrate from another Linux distribution to Linux-Mandrake? Is there anything I should know?

SS: It depends on what you are migrating from. Although most Linux distros are pretty much the same, some vary considerably in customization, installed tool sets, libraries, etc. Like migrating between Windows versions, you want to ensure that your added tools (applications, utilities, etc) are compatible with the new system. Red Hat and derivative Linux distros use some different libraries than other distros, requiring different base level support for some programs.

J: On the client side, can ISPs support Linux-Mandrake dialup users easily? Why?

SS: You should be able to with no problem. Linux speaks the Internet natively (TCP/IP) so utilizing a PPP dialup is almost second nature to the OS. It’s a bit tougher [for the user] to set up than [for the ISP to] support really … the ISP shouldn’t have to change a thing. 

The Conclusions

As Linux distributions go, Linux-Mandrake 7.0 is very good. Aside from some strange gaps in documentation (for example, my Macmillan Linux-Mandrake Complete “User Guide and Reference Manual” didn’t even mention DrakConf), it seems pretty solid.

For the ISP/web user, there are two groups that will find it particularly compelling. First are new users/admins who want the easiest, most pain-free installation and setup. Second are users with Pentium-based machines, who may see impressive speed gains over other distributions. Note: I wasn’t able to throw enough machine load at my test server to test this out reasonably; if someone out there does, please let me know the results. For anyone, though, Linux-Mandrake 7 is certainly worth a look.

By Jeffrey Carl

Boardwatch Magazine was the place to go for Internet Service Provider industry news, opinions and gossip for much of the 1990s. It was founded by the iconoclastic and opinionated Jack Rickard in the commercial Internet’s early days, and by the time I joined it had a niche following but an influential among ISPs, particularly for its annual ranking of Tier 1 ISPs and through the ISPcon tradeshow. Writing and speaking for Boardwatch was one of my fondest memories of the first dot-com age.

“Jabber” and “Zope” sound like two characters from “Alice in Wonderland.” Or maybe characters in Quake II (“jabber saw the light from zope’s BFG-10K”). Either way, what they really represent are attempts by the open-source community to beat commercial offerings in emerging critical Internet areas: instant messaging (IM) and web application development. 

Can they do it? On one hand, projects like Apache and Linux or *BSD have shown that open source software can lead the industry in performance. On the other hand, both projects face the perennial Achilles’ heel of open-source projects – lack of commercial distribution channels and a corresponding difficulty in gaining enough market share to become a standard. Let’s take a look at both projects, how ISPs can use them, and whether they can beat the big commercial packages.

Jabber

Once upon a time, there was Mirabilis ICQ (“I Seek You”). And lo, it was good. Then it was bought by AOL and became the basis for AOL Instant Messenger (AIM). Then Microsoft’s MSN and Yahoo! got into the act with similar programs that could communicate with the zillions of ICQ/AIM users. Then AOL said, “Oh no you don’t.” Then Hell froze over and Microsoft started complaining to AOL about “open standards” and MSN et. al. whined to Congress about it…

Right now, IM is a mess. AIM, with an astonishing 45 million users, holds tight to its grip on ICQ, keeping its service proprietary. Few people are inclined to shed tears for Microsoft because it’s being disadvantaged by proprietary systems. Still, many users are seeking an IM program that, like J.R.R. Tolkien’s “One Ring,” would “bind them all together.”

What is it?

There are plenty of open-source ICQ clones (like LICQ [www.licq.org], popular on Linux). Jabber is quick to point out that it isn’t just another ICQ clone. As the project’s FAQ page says: 

Put simply, Jabber is an open source, cross-platform, completely extensible, end-all to Instant Messaging as we know it. Never again will you have to worry about finding the right client to talk to your friends, nor will you have to concern yourself with having three or four different clients open so that you can chat with all of your associates. And all you have to do is pick the client that you like for the platform you want!

Jabber is genuinely different from other instant-messaging products, although the differences are “under the hood.” A Jabber user gets an account with a Jabber server, and the server then takes care of all the “heavy lifting” – communicating with other servers and translating the protocols of other IM systems into Jabber’s own XML (eXtensible Markup Language)-based messaging protocol. In theory, server modules can be written to parse any other IM protocol, and connectivity to those systems is then automatically provided to the client. 

How does it work?

Joe User gets an account with a Jabber server. He also gets accounts with AIM and Yahoo! Pager. His Jabber server stores his account info and “buddy lists” (roster) for each IM service, allowing him to access all of them through his one server and one client. Assuming that the server has the requisite protocol “transports,” he can then communicate with users of any of these services from his Jabber client. 

The native Jabber protocol is an XML stream over a TCP socket, allowing for a number of possibilities for how and over which port it can be sent (a bonus for its potential ability to evade firewalls, critical to the success of any IM protocol). The Jabber client communicates only with its server, which then handles all of the protocol-translation and communication issues. 

What’s so great about it?

Obviously, the ability to communicate with any IM protocol is a huge plus, potentially making Jabber the “holy grail” of IM platforms. Also, its reliance on the server model simplifies matters for users significantly.

While it promotes unity among IM protocols, Jabber also promotes competition within its own ranks, and Jabber users can choose from a number of different Jabber clients, each with their own foci, strengths and weaknesses. Its open standard and protocol means that anyone who would like to create a new client or offer new features can do so with (relative) ease.

Also, Jabber is intended to be cross-platform. Work on clients is reportedly underway for *nix on command line and X-Windows, Win32, MacOS, browser-based, and even Newton.

What still needs work?

As of this writing in mid-April, just about everything. Jabber is still very much a work in progress (its server has yet to reach 1.0 status or implement working transports for other IM systems), and it remains to be seen a.) how well its compatibility with other IM protocols will work, and b.) how well it will work by itself. Most of the clients are still missing some user-interface niceties, and a working standard for security/encryption of Jabber messages has yet to be implemented.

Jabber is like Rambus – one of those long-shot bets which will either take over the world or be a perennial also-ran. It has all of the right ingredients, but only time will tell whether it fulfills its promise. 

A critical hurdle is the same interoperability issue which has plagued other IM clients: will AOL try to block it? AOL’s ICQ users are such a tremendous asset to AOL that it’s hard to imagine that AOL won’t try to block Jabber out if it gains much share of the market. The jury is still very much out on Jabber’s eventual success … and whether, if it can’t communicate with others, it can succeed on its own.

Zope

Zope (the “Z Object Publishing Environment”) is … well, it’s hard to describe in a hurry. But it’s very cool.

What is it?

It describes itself as an “application server,” and its goal is to provide a framework for creating and maintaining large websites with advanced functionality like site users, feedback and content databases. Elements of Zope (currently at version 2.1.6) compete with both higher-end commercial software like WebObjects or Cold Fusion, as well as open-source site spinoffs like slash (the source code for the backend to  slashdot.org). 

Zope is portable, since it’s written in Python (with some performance-critical parts in C); currently, it runs on Windows NT and nearly any Unix. Installing and running Zope requires that you have Python (http://www.python.org) version 1.5.2 or higher installed on your server. It requires Python to be built with threads support; if you’re installing Python to use Zope, be sure to run the pre-installation configure script with the –with-thread option.

Zope began life in the Bobo Web Object System, developed by a company called Digital Creations (http://www.digicool.com). The Bobo framework was open-sourced, while the company sold a commercial application server based on it, which was named Principia. 

Seeing that the application server market was dominated by big names whose marketing muscle Digital Creations could never compete with, the company decided in December 1998 to combine Principia and Bobo, rename it Zope, and open-source the whole shebang. Zope began to gain recognition and users, while Digital Creations shifted its business model to providing commercial support and consulting for Zope.

How does it work?

The heart of the system combines an ORB (Object Request Broker) with an object database, allowing pages to be simply and dynamically created. The main components of Zope are: 

• the ORB, which extracts information from the database

• the object database itself 

• the publisher, which interfaces with a web server

• the template system, for dressing up content in your customized page templates

• the management structure, which handles authoring/access permissions 

Here’s the short, short version: you download Zope to the server where its content will be server from. Zope is available as a Windows executable, in RPM format for Linux, or tar-gzipped source archives for Solaris, Linux or any other *nix. For a quick start, just run the Zope setup script, then run the start script it builds, and away you go. Zope launches its own web server on the port of your choice (default 8080), although you can easily configure it to use Apache, IIS or another server.

You can then use a web browser to view pages or go to its “manage” interface. Using these controls, you can create new folders and add content to them. You also use the manage interface to assign basic functionality (who can access or alter the contents, HTML templates and error messages, etc.). This interface also provides “approval” and “undo” functionality as well.

The content comes in the form of … well, lots of things – users, images, or other items usable by the database. Primarily, though, it will be DTML (Document Template Markup Language) objects, which can contain XML, DTML or good plain old HTML. DTML works like server-parsed HTML on steroids, offering very advanced functionality. An example might look like this:

<!–#var my_header–>

<!–#if “AUTHENTICATED_USER==’Jeff'”–>

<h3>Here is the customer list:</h3>

<table>

<!–#in showCustomers–>

<tr>

<td><!–#var cust_name–></td>

<td><!–#var cust_type–></td>

<td><!–#var acct_balance–></td>

</tr>

<!–#/in–>

</table>

<!–#else–>

<em>Sorry, you can’t read this!</em>

<!–#/if–>

<!–#var my_html_footer–>

And there, you have a complete, well-formatted HTML page. The DTML page above calls in an external HTML page header that you uploaded named my_header, checks to see if the user has permission to view a table, and if so calls an object which is a SQL query that you defined earlier called “showCustomers” and displays the results in a table. If the user viewing the page isn’t the one it expected, it prints an innocuous HTML message. For everyone, it then prints the external HTML footer you named my_footer.

All of this can be easily done with CGI, but learning the DTML syntax is significantly easier for most people than learning Perl or C. Furthermore, the ability to integrate this into a sitewide management structure is a big plus.

So, essentially, with Zope you don’t so much build pages of a site as you build objects of content – FAQs, stories, other information – which get stuffed into a database. You then create folders and pages that are DTML frameworks which can include one simple content object (for a simple, non-dynamic page) or make complicated queries (the last five news objects submitted, all objects submitted by a certain author, the most recent graphic of a certain type, SQL queries, etc.). If you’re unfamiliar with the process, it takes a while to “wrap your head around it,” but it provides a tremendous amount of possibilities.

A very readable introduction that lays out the functional aspects of using Zope (as well as giving a much better explanation of DTML examples like the one above) can be found at http://www.devshed.com/Server_Side/Zope/Intro/. An in-depth look focusing on Zope’s database model is at http://webreview.com/pub/1999/03/05/feature/index2.html. There is an excellent library of pre-built and member-contributed projects that provide example code to learn from at http://www.zope.org/Products, as well.

What’s so great about it?

First, Zope provides an interface to adding/administering the site’s content which is accessible through a web browser. It allows for relatively complex security/permissions setups, which allow the administrator to set access privileges for various groups of contributors (administrators, writers, designers, etc.). Zope makes use of the emerging WebDAV (“Web-based Distributed Authoring and Versioning”[www.webdav.org]) standard to collaboratively manage and handle versions of pages or objects on a site. This also allows for good integration with existing software which supports WebDAV, like Microsoft Office 2000 or Internet Explorer 5 on the client side or Apache with mod_dav on the server side. 

Zope provides its own transactional object database, which means that you won’t need to add another database (e.g., MySQL, Oracle, MS SQL, etc.) to provide a back-end. One of the primary benefits to using a transactional (keeping track of additions/changes as “transactions”) database like the one Zope provides is that it allows you to “undo” changes if you need to. The database is optimized to match the needs of most web databases, which are frequently being queried but only occasionally have new data written to them. The Zope database is also easy to back up, and is designed to work with “simple URLs” (unlike those created by WebObjects).  

One of Zope’s strong features is interoperability with existing SQL databases. You can set up a Zope database connection to an existing database and apply SQL queries from a Zope DTML page to the older database. Zope also makes good use of XML, allowing interoperation with XML data sources. The Zope database stores a great deal of information besides just your primary content objects; it also keeps track of user postings and threaded discussions, user logins and permission settings, and allows users to customize the way they view the site.

Like any good open-source product, Zope makes very good use of open standards. Aside from WebDAV, SQL and XML, Zope supports HTML 4 and CSS, HTTP 1.1, FTP, FastCGI, DOM, LDAP and other goodies. 

Lastly, it was announced in late March that Digital Creations would be open-sourcing its ZEO (Zope Enterprise Option), which can turn Zope into a distributed system. Allowing Zope to scale to multiple machines should make it a feasible choice for high-demand sites which need to be served from multiple machines. Zope has also announced interoperability with Microsoft’s SOAP (Simple Object Access Protocol) sort-of-standard. Whether this will become a “big deal” remains to be seen.

What still needs work?

At first glance, Zope is just plain difficult to understand for most people. The Zope feature tour (http://www.zope.org/Tour/ar01.html) is a good start, and the Zope Guides (http://www.zope.org/Documentation/Guides) are helpful (if understandably incomplete) but some more “hand-holding” higher up in the online documentation might convince more users to “get their feet wet” with Zope.

Zope is certainly on the right track with the emerging standards it uses, but some of these standards will take time to build the user base to allow Zope to really shine (for example, when WebDAV publishing will work from more applications than just IE 5 and Office 2000). The WebDAV standard itself isn’t fully fleshed out yet, and I have to admit that any standard which Microsoft has taken a strong interest in makes me worry a bit.

Lastly, Zope simply isn’t for everyone. If you have a relatively small or simple site, the overhead of learning and serving Zope will probably be a waste of time. If you’re willing to put in the time, using Zope from the get-go will help you scale your site if you need to – but in many cases, using Zope is swatting a fly with a sledgehammer.

The Verdict: Jabber, Zope and You

What can Jabber and Zope do for you? Well, in the short term, you can offer support for them and promote them to your customers. With Zope, ISPs can offer Zope support and make a presence in the small (but growing) market for Zope site-hosting. 

With Jabber, ISPs can run their own local Jabber servers. In the short term, it can be used by supplying your NOC with a Jabber nick through which clients can contact them; in the long term, if Jabber meets its promise, your local Jabber server can be a great way to tie users to you (to be Machiavellian, your Jabber server will hold all of their IM contacts and make it a pain to migrate elsewhere).

Will either of these projects ever gain the ubiquity of Apache, sendmail or Linux/BSD? Probably not. But Jabber holds an extraordinary amount of promise, and can be an excellent value-added tool for ISPs – and it’s free – so there’s little reason not to be an early adopter. Zope will almost certainly remain a limited-interest project, but it can be of use to you for your own web sites as well as providing a differentiating service for site hosting. 

Can Jabber and Zope beat out the commercial competition? Only time will tell. But, considering the cost (nothing but your time), it’s almost a no-brainer for you to “do the right thing” and support open standards, and to investigate providing support for both with your ISP. 

Who knows? If you bet on enough long shots, one of them might turn out to be a winner.

By Jeffrey Carl

Boardwatch Magazine was the place to go for Internet Service Provider industry news, opinions and gossip for much of the 1990s. It was founded by the iconoclastic and opinionated Jack Rickard in the commercial Internet’s early days, and by the time I joined it had a niche following but an influential among ISPs, particularly for its annual ranking of Tier 1 ISPs and through the ISPcon tradeshow. Writing and speaking for Boardwatch was one of my fondest memories of the first dot-com age.

Are you looking for an easy web-based GUI to administer Unix servers? Want to provide your Unix clue-challenged hosting customers with an easy way to administer their machines? 

If so, try Webmin (http://www.webmin.com/webmin/), a free application which allows you or your users to easily administer their Freenix system through a web interface. You can use it yourself, or you can offer it to clients with dedicated web or mail servers to do some of their own administration and take the burden off of you.

Installation and Setup

Webmin is a Perl 5 program that allows you to configure everything from user accounts to DNS and Samba filesharing and more. Webmin is free, and runs on a wide variety of Linuxes (including Caldera OpenLinux, RedHat, S.u.S.E., Slackware, Debian, TurboLinux, Mandrake, Delix DLD, Apple MkLinux) as well as FreeBSD and OpenBSD. It has been most thoroughly tested on Caldera OpenLinux, RedHat and FreeBSD, but it should run fine on other systems with potentially a bit of tweaking. 

To install, go to ftp://ftp.webmin.com, and select the most recent version of Webmin (webmin-0.78.tar.gz at the time of this writing). Unzip and untar the file, then run the included setup.sh to install Webmin. Answer a few questions about your system setup, create a username and password for yourself, select a port for Webmin to run on, and you’re ready to go. To upgrade, download the source for a new version and specify the source file’s location in the Webmin interface’s Webmin Configuration -> Webmin Upgrade option.

Webmin is modular in nature, and comprises a “core” Webmin server with a number of default modules. Each module (like Cron, BIND, Syslog, etc.) provides administration functionality for its specified service. At installation time, all default modules are installed; you can remove modules through the Webmin interface, or download new third-party modules from a link on the Webmin home page. Webmin stores configuration files for all of its modules inside directories located (usually) in /etc/webmin/modulename/. The start and stop scripts for Webmin are also stored (somewhat confusingly) in /etc/webmin, rather than in /usr/local/sbin or in the Webmin home directory. Its logs are by default stored in /var/webmin/, rather than in /var/log/webmin/.

Webmin includes its own “miniature” webserver, so you don’t need to alter your Apache (or other web server) configuration to use it. The mini server is also a Perl script (/usr/local/webmin-0.78/miniserv.pl or something similar), which runs (owned by the root user) until the process is killed. This isn’t a terribly elegant solution, and it eats up about 3 MB of RAM as long as Webmin is running, but we’re assuming here that convenience is more of an issue here than absolute maximum performance.

If the idea of running a root-owned process over unencrypted HTTP scares you, you’re right. Webmin includes functionality to use Perl’s Net::SSLeay module to run its miniserver through HTTPS. If you don’t have this Perl module installed (and you’ll need to have the C libraries included with OpenSSL to get SSLeay to work), you’ll find download links and (relatively) helpful instructions for OpenSSL and SSLeay on the Webmin home page. Keep in mind, however, that setting SSLeay up can sometimes be, to use the technical term, a “major pain in the butt.”

Even better for security, you can also use Webmin’s interface to specify specific IP addresses from which Webmin can be accessed. This isn’t a foolproof setup, but it should be good enough for many system administrators.

Fun with Modules

Webmin’s interface is no-frills. It has very plain and simple graphics, loads quickly and gets the job done – a very wise choice, in my opinion. All functionality is provided in HTML tables instead of through a contrived graphical user interface.

As mentioned before, Webmin’s functionality is based on its included modules, each of which provides an interface to a specific service, application or daemon. The default installation includes all of the Webmin modules, which include such helpful items as MySQL, WU-FTPD, NFS, Apache, Users, Groups and Passwords, and a large number of other actions (for a complete list, see www.webmin.com/webmin/standard.html). Some default modules are OS-specific, like LinuxRAID, Linux Boot Loader and Network Configuration (for Linux and Solaris). Third-party modules which are available for Webmin (including ones for QMail, VNC and one which allows SSH logins in place of Webmin’s telnet tool) are available at www.webmin.com/webmin/third.html. There’s also a “wish list” of modules currently planned or under development at www.coastnet.com/~ken/webmin/wish.html.

Of course, having all of these modules available doesn’t mean that all of these services are available to you. Despite the fact that there’s a Samba Windows File Sharing module, for example, you’ll still need to manually download and install Samba on your machine before you can use Webmin to configure it. 

Each of the included modules is well written, and provides a wide range of functionality. For example, the Apache module allows you to set up or alter virtual hosts, set permissions, add or modify MIME types, change Apache’s process limits and more. Even better, the module-writing spec is open, allowing you to write your own modules if you have a good knowledge of Perl and the application or service that you’re writing your module for. 

One exception to this is the included Telnet Login module, which offers up a Java applet allowing you a telnet login through the web browser. This module is (surprise!) unfortunately dependent upon the Java Virtual Machine (JVM)/ Just-In-Time compiler (JIT) your browser is using, and can be unreliable in some cases. For example, it runs fine with the Apple JVM/JIT used by Netscape/MacOS, but is unusable with the Symantec JVM/JIT used by Microsoft Internet Explorer/MacOS. 

Overall, however, Webmin’s functions are well defined and easily accessible. If you are at all familiar with the service that you’re configuring, Webmin provides a simple point-and-click interface that absolves you from needing to remember file locations and command-line switches.

Fun with Configurability

Through the Webmin Configuration option on its index page, you can set up a variety of options, including Webmin logging, port/address for Webmin, and interface look and feel. Perhaps unsurprisingly, this is a significant improvement over command-line based programs which often leave no clues as to where their configuration files are. Also, most of these configuration options can be set manually via the command line in /etc/webmin/miniserv.conf.

Another handy feature if you’re using Webmin to administer a number of machines is its Webmin Servers Index function (available from your Webmin index page). Choose a central machine where you do most of your administration, and then fill out the forms to “register” the other servers you’re running Webmin on. Alternatively, you can set up a list of servers on one machine, then copy the files in /etc/webmin/servers/ from that server to all of your other servers and have those links automatically established. 

Every time thereafter that you click on the Servers Index button, you’ll be presented with a quick link to all of your other Webmin-enabled servers. You can specify a username and password to quickly log in to the other servers for convenience, or you can create a normal connection that will prompt you for a username and password for extra security.

An especially useful configuration option on the index page is Webmin Users. Through this, you can set up a variety of username/password logins for Webmin, and the modules that they’re allowed to access. This is particularly worthwhile if you want to set up one user for you (allowing access to all modules) and another user for your customer (only allowing access to modules for adding/removing users, Sendmail, Apache, etc.). With this setup, you can allow customers access to commonly used features but keep them from doing anything which might seriously “hose” their system. 

This isn’t a completely secure setup, however, since information about the modules that users can access is store in a plain text file as /etc/webmin/webmin.acl (usernames and passwords are stored in /etc/webmin/webmin.users), and a user with root access could easily change this.

You Can Lead a User to Man Pages, But You Can’t Make Them Think

Webmin provides a great deal of functionality in the modules it provides; but what it doesn’t provide is help in understanding them. This is almost certainly too much to ask from a free admin program, but it does limit Webmin’s usefulness in some ways (at least for users who are not already very familiar with Unix). For example, it can allow a user to enable or disable the chargen service or edit /etc/fstab, but it provides no information about what those things are, or why you might want (or might not!) want to change them. 

While a truly novice-friendly administration interface is too much to ask for, clickable keywords with glossary listings probably aren’t too much to ask for. The lack of documentation and help defeats one of Webmin’s primary benefits: the ability for a Unix novice to easily administer their system. While Webmin certainly aids new users by removing the burden of needing to know command-line options, it certainly won’t help them to configure Apache options if they don’t know what “Maximum requests per server process” means. Novice users are one of Webmin’s potentially largest markets, and it would be a shame if they didn’t provide explanatory text for their options in a future release version.

Still, this is a very forgivable gripe for a program which still isn’t even at release 1.0. What isn’t forgivable, however, is Webmin’s severe lack of documentation about itself, what it does, and how it does what it does. While this won’t deter the experienced system administrator, it limits how useful Webmin can be to administrators who would like an explanation of what they’re doing to their system, but don’t have the skills or knowledge to examine Webmin and its modules closely.

On the positive side, the Webmin site answers many frequently asked questions, and each built-in module also contains its own help information. A Webmin mailing list (frequently posted to by the authors) is also available; subscription information and a searchable archive are available from the Webmin home page. Even better, a Webmin Helpoption is always available from the index screen. Unfortunately, the help that is available appears to have been written as an afterthought, and the regexp searches that Webmin appears to do when you’re looking for help aren’t always very useful. 

The installation doesn’t even include a documentation directory or man page, and users are left to figure out for themselves how the system works and what goes on. Most of the information I managed to gather about Webmin’s internal workings was from reading the source for the installer shell script and the Perl code of the individual modules. If you’re like me (and I feel bad for you if you are), you will want lots of documentation about any third-party tool that runs as root.

Conclusions: Good, But Not Perfect

Is Webmin worth downloading, installing and trying? Absolutely – it offers excellent features, and the price (none) can’t be beat. Is it worth deploying for your technical support staff or customers? It depends on whether you’re willing to accept its limitations (and potential security or system integrity risks).

Nonetheless, Webmin has tremendous potential to provide a great web interface for Unix control. If your needs match its strengths and you aren’t too concerned about its weaknesses, then it’s something you should add to your administration arsenal right away. Even if it doesn’t meet your needs now, it certainly is a tool worth watching for the future.