Advertisement
Front, Kernel, Security, Distributions, Development. See your byline here on LWN.net.
LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for September 9, 2004The X.org 6.8 releaseFor a project which did not exist one year ago, X.Org has come a long way. In early 2004, X.Org became the landing place for the bulk of the X Window System development community after XFree86 imploded over longstanding disagreements and an abrupt licensing change. The X.Org version of the X Window System is now shipped by most major distributors, while XFree86 sinks into relative obscurity. More importantly, X.Org has become the focus for a reinvigorated and excited development team which is bringing new life to a long neglected - but crucial - piece of free software infrastructure.The X11R6.8 release (not formally announced as of this writing, but due any time now) will be, for most users, the first look at what is happening in X.Org; it is the first X.Org release with significant new functionality. While much of the new code in 6.8 is not yet ready for truly widespread use, this release should still result in more attractive and more functional desktops for Linux users. The 6.8 release does not, yet, incorporate one of the project's major goals: splitting the release into a modular distribution made up of several packages. An X release is a big thing, consisting of the X server, fonts, libraries, applications, and more. Someday it will be possible to get an upgraded server without pulling down all the rest, but not quite yet. A great deal of software has been updated in this release. There are new versions of FreeType2, Xprint, Mesa, DRI, and lots of driver updates. The core of this release, however, is in the addition of four new protocol extensions. The X11 protocol was, from the beginning, designed to incorporate extensions and evolve over time. X.Org 6.8 has made use of this extensibility to add a number of new features:
Some screenshots from the 6.8 release are available. Where to from here? The next major X.Org release is likely to be called X11R7, and, with luck, it will be a modular release. There will probably be significant changes to Composite and XEvIE in response to current, known problems and feedback received from wider testing. The input subsystem is due for a rework to make it properly responsive to hotplug events, among other things. What actually goes into the next X.Org release will depend on what actually gets done between now and then. Predicting future free software releases is always a risky proposition. What is clear, however, is that the fun has returned to X development, and we will be seeing interesting things on our desktops in the coming years.
A look at Scribus 1.2With the release of Scribus 1.2, we thought we would take it for a test-drive and see whether Scribus was up to the task of professional desktop publishing (DTP). This writer used QuarkXPress fairly heavily a number of years ago and missed QuarkXPress quite a bit after moving to Linux. It took a while, but Scribus has finally matured into a suitable replacement.The first thing any user will notice, of course, is the interface. Anyone familiar with popular DTP programs like QuarkXPress should be able to pick up Scribus in no time. Scribus also offers a few features that weren't available natively in QuarkXPress years ago -- such as PDF and SVG export, CYMK preview and the ability to edit lines as bezier curves, to name just a few.
One feature that is particularly nice for repetitive publishing tasks is
the ability to create paragraph styles to apply frequently used styles to a
The ability to easily create tables is also a welcome addition. Rather than needing to group together multiple text boxes, a user can create a table in two easy steps. It's also possible to easily ungroup a table, if it becomes desirable to create separate objects out of the table's columns and/or rows. Scribus's "Story Editor" is also a handy tool that makes it much easier to edit and format text inside Scribus. It also makes it easy to save a document's text as a separate document. Combined with the paragraph styles feature, it's very easy to mark up a document for publication from plain text. The only tool that seemed awkward is Scribus' tool to to link text frames so that text will "flow" from one text box to another, something that's pretty easy to do in a program like QuarkXPress. Only one thing comes to mind that may hinder adoption of Scribus, aside from the lack of a huge advertising budget to compete with Adobe or Quark, is that one cannot import from a QuarkXPress or InDesign file. There's good reason for this, as documented in the Scribus FAQ, but it may prove to be an issue for companies with a number of documents in proprietary DTP formats. However, Scribus does offer the ability to import SVG, Encapsulated PostScript (EPS) and PostScript files. Scribus also allows the user to export documents in SVG, EPS, PDF, or as one of several image formats. Scribus' SVG import features are quite excellent, allowing users to import an SVG file and use it whole or to ungroup the object and manipulate the component parts of the object. Unfortunately, my system's version of gs was not quite up-to-date, so importing EPS and PS files failed. This is in no way a flaw on Scribus' part -- just the fact that it requires a later version of gs than is installed on my desktop. Scribus is capable of creating some fairly complex documents, but it's also easy to use to create simple documents as well. It's suitable for creating a family newsletter, or for creating a complex document for distribution as a PDF or to be printed professionally. Users who lack a background in DTP applications will find the beginner's tutorial quite useful.
Security Disclosure or secrecy?The free software community operates under the assumption that security problems are best addressed through full disclosure. Keeping vulnerabilities secret is seen as a recipe for slower development and deployment of fixes and the recurrence of the same mistakes in new contexts. Many other groups, such as military organizations, take a different approach: secrecy is a key part of how they maintain security. The two approaches would appear to be contradictory; which is the right one? Peter Swire has just published a paper which attempts to answer this problem.The paper sets the stage by trying to come up with ways of characterizing the costs and benefits of disclosure. In any situation, how much does disclosure of information benefit attackers and defenders? One of the core observations made is that secrecy is most beneficial against first-time attacks. When the defense has something unique or unknown (be it a defensive technique or a vulnerability), secrecy can be effective. But when it is possible to repeatedly probe defenses, and when defenses are not unique, security through obscurity buys little. For this reason, computers and networks tend to be more secure when operated in a full disclosure mode. Some exceptions are made, however. The paper goes to some lengths to make the point that keys and passwords should be kept secret; it should not be too hard to convince most readers of that. Mr. Swire also points out that surveillance techniques can be a good candidate for secrecy; attackers can often learn very little about monitoring systems by probing, so it is best to keep them in the dark. In the end, the paper takes few positions; the author will not commit himself, for example, on whether free software is more or less secure than proprietary software. As a framework for evaluating the value and costs of disclosure, however, the paper may be a useful contribution.
New vulnerabilities cdrecord: failure to drop privilege
eGroupWare: cross site scripting vulnerabilities in modules
gallery: temp file vulnerability in upload code
httpd: mod_ssl input filter denial of service vulnerability
imlib2: buffer overflows
lha: stack-based buffer overflow
Midnight Commander: extfs vfs vulnerability
multi-gnome-terminal: Information leak
star: failure to drop privilege
xv: image handling buffer overflows
Updated vulnerabilities acrobat: errors in uuencode
Apache mod_proxy: denial of service
apache2: stack-based buffer overflow in ssl_util.c
aspell: bounds checking problem
Filename disclosure vulnerability in fam
flim: insecure file creation
Gaim: remote code execution vulnerability
gaim: arbitrary code execution
glibc: Information leak with LD_DEBUG
gnome-vfs: backend script vulnerabilities
gtkhtml: malformed messages cause crash
iproute: local denial of service
kdebase: multiple vulnerabilities
kernel allows unauthorized changes to the group ID
kernel information leak
kernel: integer overflow
kernel-utils: setuid vulnerability
krb5: double-free and ASN.1 parsing
libpng: multiple vulnerabilities
libxml2 - arbitrary code execution
logcheck: symlink vulnerability
mikmod: buffer overflow
mod_python: denial of service vulnerability
MoinMoin: Group ACL bypass
mpg321: format string vulnerability
MySQL: temporary file vulnerability
neon: buffer overflow
netpbm: insecure temporary files
openssh: timing attack leads to information disclosure
OpenSSL: denial of service vulnerabilities
pavuk: buffer overflow
php: remotely exploitable memory errors
PuTTY: pre-authentication arbitrary code execution problem
python: buffer overflow
qt3: BMP image parser heap overflow
rsync: path-sanitizing bug
ruby: insecure file permissions
samba: potential buffer overruns
sox: buffer overflow
SpamAssassin: Denial of Service vulnerability
squid: buffer overflow
SquirrelMail cross site scripting vulnerabilities
Subversion: Remote heap overflow
sysstat: temporary file vulnerability
File overwrite vulnerability in tar and unzip
tcpdump: ISAKMP payload handling denial-of-service vulnerabilities
Multiple vendor telnetd vulnerability
vpopmail: multiple vulnerabilities
wv: buffer overflow
XChat 2.0.x SOCKS5 Vulnerability
xine-ui - insecure temporary file creation
zlib: denial of service
Page editor: Jonathan Corbet Kernel development Kernel release statusThe current 2.6 prepatch remains 2.6.9-rc1; no new prepatches have been released since August 24.The flow of patches into Linus's BitKeeper repository continues, however, and a new prepatch could come out at any time. That repository now contains the removal of the ancient, unused "busmouse" driver, infrastructure for cluster-wide file locking, a number of DRM subsystem cleanups, the out-of-line spinlock patch, AMD dual-core support, more filesystem conversions to the new symbolic link resolution code (which will eventually allow an increase in the maximum link depth), a new waitid() system call implementing the POSIX call by the same name, a "fake NUMA" mode for x86-64 testing, a small-footprint tmpfs implementation, the base KProbes patch, a set of IDE updates, support for scheduler profiling (seeing where context switches come from), automatic TCP window scaling calculation, a kobject change (it uses kref now), a USB gadget interface update with "On The Go" support, a big ALSA update, the removal of the Philips webcam driver, numerous network driver updates, some random number generator fixes, a fix for the audio CD writing memory leak, some VFS interface improvements, executable support in hugetlb mappings, the Whirlpool digest algorithm, some virtual memory tweaks, a number of asynchronous I/O fixes and improvements, a User-mode Linux update, the "flex mmap" user-space memory layout (covered here last June), a number of scheduler tweaks, the removal of the very last suser() call, and lots of fixes. The current tree from Andrew Morton is 2.6.9-rc1-mm4. Recent changes to -mm include CacheFS (covered here last week), the removal of lockmeter (it got broken by the out-of-line spinlock patch), special code for handling misrouted interrupts on x86 systems, the new sysfs event layer patch (see below), and M32R architecture support. The current 2.4 prepatch remains 2.4.28-pre2; no prepatches have been released since August 25.
Kernel development news Figuring out kernel event reportingRobert Love's kernel event notification patch was covered here last July. This patch enables the reporting of events to interested user-space software, which can then communicate with the user and generally respond to the events. As the Linux desktop projects become more capable and all-encompassing, they need to know more about what is going on with the system; the events layer is meant to be the mechanism which makes that information available.Robert has recently posted a new version of the patch which changes the proposed interface significantly. It looks, however, like the patch will change yet again. As it turns out, there is still a fair amount of uncertainty about how best to represent and report kernel events. The initial version of the patch required four pieces of information for each event: the type (a general class, like "hotplug"), the object generating the event, the signal (saying what is happening), and an explanatory string. The new version eliminates the descriptive string, and turns the object into a proper kobject, which will be communicated to user space as its location in sysfs. This interface is simpler, and it solves the problem of how to generate predictable and consistent object names, but there are still questions on how events should really be represented. The easier part of the discussion has to do with the "type" parameter, which allows user-space applications to filter out events which will not be of interest. Kernel-generated events are expected to be relatively rare, however, so there will be little cost in simply receiving all of them and ignoring the uninteresting ones. So the type value associated with events may go away. The more interesting question has to do with the representation of the "signal" parameter. That signal is currently a verb, describing something which has happened with the object of interest. If the object is a CPU, the signal might be "overheating". An alternative implementation would be to replace the signal with an attribute of the object; for a processor event, the temperature attribute would be passed. User space would then read the value of that attribute in sysfs to figure out what is really going on. This approach would force a structure onto the signal names, and would point user space to where it needs to go to learn more about what is going on. On the other hand, there may not always be attributes available to describe a given event, and the approach could be seen as overly restrictive. Meanwhile, Greg Kroah-Hartman pointed out that the simplified send_kevent() interface strongly resembles another, existing kernel interface:
int send_kevent(struct kobject *kobj, const char *signal);
void kobject_hotplug(const char *action, struct kobject *kobj);
Given that kobject_hotplug() is also an event reporting mechanism, why not unify the two? The big difference, at this point, would seem to be that send_kevent() uses the netlink interface to communicate with user space, while the hotplug code runs /sbin/hotplug and passes the relevant information via the environment. Perhaps the best thing to do, says Greg, is to have the hotplug code also send a copy of its events via netlink, and use it for everything? The idea of sending the same events out by way of two different transports does not appeal to many developers, however; it seems better to decide which is best and go with it. The netlink transport is strongly favored by the desktop crowd, which dislikes the unpredictable delays and ordering associated with event handling via /sbin/hotplug. On the other hand, netlink is not available early in the boot process, but it is important to be able to handle hotplug events then. In the end, the hybrid approach may persist for some time. A future system might use /sbin/hotplug at boot time, then turn it off once everything is up and running. The one sure conclusion is that this is an area in need of further thought and experimentation.
NETIF_F_LLTXOne of the key network driver methods is called hard_start_xmit(); its job is to put a network packet onto the wire (or, at least, queue it for transmission). The networking subsystem protects calls to this method with a lock (xmit_lock) in the net_device structure so that only one call will be happening at any given time. This lock also protects a few configuration operations.As it turns out, quite a few network drivers implement their own locking internally as well. There are contexts (such as in interrupt handlers) where the xmit_lock will not be held, so some other provision must be made for mutual exclusion. So the hard_start_xmit() method, in those drivers, is called with a redundant lock held. It all works, but it adds overhead to a performance-critical path. Andi Kleen has put together a patch which addresses this duplicate locking. With this patch (which appears likely to be merged), drivers which do their own transmit locking can set the NETIF_F_LLTX "feature" flag. When a packet is to be handed to an interface with that flag set, no additional locking is performed by the networking code. As an added feature, the driver can attempt to take its internal lock with spin_trylock(), and immediately return -1 if that attempt fails; the networking subsystem will then retry the transmission later. In this way, the driver can avoid stalling the CPU while waiting for the lock; there should be, after all, no slowdown if the packet is added to the transmission ring a little bit later.
Kswapd and high-order allocationsThe core memory allocation mechanism inside the kernel is page-based; it will attempt to find a certain number of contiguous pages in response to a request (where "a certain number" is always a power of two). After the system has been running for a while, however, "higher-order" allocations requiring multiple contiguous pages become hard to satisfy. The virtual memory subsystem fragments physical memory to the point that the free pages tend to be separated from each other.Curious readers can query /proc/buddyinfo to see how fragmented the currently free pages are. On a 1GB system, your editor currently sees the following:
Node 0, zone Normal 258 9 5 0 1 2 0 1 1 0 0
On this system, 258 single pages could be allocated immediately, but only nine contiguous pairs exist, and only five groups of four pages can be found. If something comes along which needs a lot of higher-order allocations, the available memory will be exhausted quickly, and those allocations may start to fail. Nick Piggin has recently looked at this issue and found one area where improvements can be made. The problem is with the kswapd process, which is charged with running in the background and making free pages available to the memory allocator (by evicting user pages). The current kswapd code only looks at the number of free pages available; if that number is high enough, kswapd takes a rest regardless of whether any of those pages are contiguous with others or not. That can lead to a situation where high-order allocations fail, but the system is not making any particular effort to free more contiguous pages. Nick's patch is fairly straightforward; it simply keeps kswapd from resting until a sufficient number of higher-order allocations are possible. It has been pointed out, however, that the approach used by kswapd has not really changed: it chooses pages to free without regard to whether those pages can be coalesced into larger groups or not. As a result, it may have to free a great many pages before it, by chance, creates some higher-order groupings of pages. In prior kernels, no better approach was possible, but 2.6 includes the reverse-mapping code. With reverse mapping, it should be possible to target contiguous pages for freeing and vastly improve the system's performance in that area. Linus's objection to this idea is that it overrides the current page replacement policy, which does its best to evict pages which, with luck, will not be needed in the near future. Changing the policy to target contiguous blocks would make higher-order allocations easier, but it could also penalize system performance as a whole by throwing out useful pages. So, says Linus, if a "defragmentation" mode is to be implemented at all, it should be run rarely and as a separate process. The other approach to this problem is to simply avoid higher-order allocations in the first place. The switch to 4K kernel stacks was a step in this direction; it eliminated a two-page allocation for every process created. In current kernels, one of the biggest users of high-order allocations would appear to be high-performance network adapter drivers. These adapters can handle large packets which do not fit in a single page, so the kernel must perform multi-page allocations to hold those packets. Actually, those allocations are only required when the driver (and its hardware) cannot handle "nonlinear" packets which are spread out in memory. Most modern hardware can do scatter/gather DMA operations, and thus does not care whether the packet is stored in a single, contiguous area of memory. Using the hardware's scatter/gather capabilities requires additional work when writing the driver, however, and, for a number of drivers, that work has not yet been done. Addressing the high-order allocation problem from the demand side may prove to be far more effective than adding another objective to the page reclaim code, however.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Kernel building
Memory management
Networking
Architecture-specific
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials SUSE LINUX Enterprise Server 9Without much fanfare, Novell unveiled its SUSE LINUX Enterprise Server (SLES) 9 in early August during the LinuxWorld Conference & Expo 2004 in San Francisco. Surprisingly, the new release has yet to attract any in-depth coverage in the Linux media. Despite that, SLES 9 is possibly one of the most significant Linux product releases of the year, with a potential to become the only enterprise-class Linux server distribution able to effectively compete with the current runaway market leader - Red Hat Enterprise Linux (RHEL).Before we examine the features of SLES 9, let's take a look at the product's pricing structure. The cost depends on the processor architecture and the number of CPUs, with the cheapest option being a $349 subscription per server with up to 2 CPUs, per year. This happens to be exactly the same price as one would pay for the Basic Edition of Red Hat Enterprise Linux ES, which is the cheapest of any server products made by Red Hat (excluding Fedora Core). The two products differ in the level of included support: while the RHEL Basic Edition offers a 30-day installation and basic configuration support, SLES 9 comes with one year of installation support (a rather dubious value given that most users won't take a year to install their newly acquired operating system). As always, these products tend to have complex pricing structures, so consult the SLES 9 price list and the RHEL pricing and support options for more details. Interested parties can obtain a free 30-day evaluation edition of SLES 9 from Novell.com. One noteworthy advantage of SLES 9 over RHEL 3 is the 2.6 kernel. SLES 9 ships with kernel 2.6.5, which brings significant performance and scalability advances to the end user. While some will argue that the 2.6 kernel series has not matured enough to be considered reliable and well-tested for deployment on mission-critical production systems, this is probably more of a concern on desktops and workstations rather than servers, which typically are less demanding in terms of hardware and driver support. In contrast, Red Hat's first kernel 2.6-based distribution will be RHEL 4, which is not expected until the first quarter of 2005. (Of course, it should be noted that the 2.4 kernel shipped by Red Hat includes a great many backported 2.6 features). With SLES 9, Novell has also expanded its support for different processor architectures. Besides the commonly used x86 processors, the distribution is also available for AMD64 (Athlon and Opteron), Intel's EM64T, Intel's IA-64 (Itanium), and IBM's Power, zSeries and S/390 processors. Now that we have established that, in terms of features and architectural support, SLES 9 is superior to RHEL 3 (unfair, as it may be, to compare two products whose respective code bases were finalized 12 months apart), many system administrators and IT decision makers will be asking: what does the $349/year SUSE LINUX Enterprise Server 9 offer over and above the $90 SUSE LINUX 9.1 Professional? Wouldn't the cheaper edition be adequate for our needs? While most small businesses would indeed be better served by the Professional edition, many large enterprises will find valid reasons for going the SLES route. As an example, SLES comes with a range of features designed to protect data privacy, including encrypted file systems and Certificate Authority (CA) management. The latter can be set up during installation and it has been integrated into YaST as a module that allows creation and management of a public key infrastructure using X.509 certificates and Certificate Revocation Lists. These can be stored either on a hard disk or on a LDAP server. Large organizations with remote offices and telecommuting employees will find Virtual Private Networks with IPsec indispensable: they provide tools for secure connections from remote locations or untrusted networks. Companies with a large number of servers will be pleased to know that SLES 9 offers support for Novell's ZENworks Linux Management Server, a tool for setting up an in-house update server for an entire network. These are just some of the many features described in detail in this SLES Technical Feature List (in PDF format). SLES 9 is based on SUSE LINUX 9.1. The standard installation includes a full graphical environment with KDE, although other options, such as minimal, minimal graphical (with FVWM2), and full installation options are also available. Interestingly, SUSE has adopted some of the features found in certain competing products: the "Switch User" feature first developed by Xandros, and the update notification tray icon present in all recent Red Hat and Fedora releases are now integrated into SLES. There is a also device management tray icon for a quick access to hardware configuration modules. One noticeable change, reflecting Novell's increased branding influence, is a new KDE start button - the original SUSE chameleon on a green background has now been replaced with a bright red letter "N" (see screenshot). Overall, there is little doubt that Novell has brought out a serious contender for the enterprise server market, a product that has a potential to make a dent in (or at least slow down) Red Hat's impressive financial performance of the past year. SUSE LINUX Enterprise Server 9 is a solid product, with a feature list that won't be matched by Red Hat until we are well into 2005. But perhaps most importantly, Novell's new product means that, for the first time, Red Hat has a sophisticated, powerful, and high-profile competitor on the North American market. And that can't be a bad thing.
Distribution News Debian GNU/LinuxThe Debian Project has sent out a release stating that it will be unable to include the patented "Sender ID" technology in its distribution.
We believe the current license and
resulting encumbrances are incompatible with the DFSG, unlike other
Internet standards that Debian is able to support. Therefore, we cannot
implement or deploy Sender ID under the current license terms. Indeed, we
would be forced to remove SenderID support from software we ship that does
support Sender ID upstream according to the terms of our social
contract.
The Debian Weekly News for September 7, 2004 covers a Debian translation party in Milan, an updated lessons document on project management, Debian used by the Hong Kong Aircrew Officers Association, sparc upgrade problems, testing migration scripts, and more. Preparation for the third stable (woody) revision, v3.0r3 is ongoing. Here's a status report. Here are some details about the inner workings of the testing scripts that are used to help the preparation of the upcoming sarge release.
Mandrakelinux Community NewsletterThe latest Mandrakelinux Community Newsletter is out, with a look at GlobeTrotter, the release of Mandrakelinux 10.1 Beta2, and more.
Gentoo Linux - Resigning GWN editorshipYuji Kosugi has resigned from the Gentoo Weekly Newsletter. Thanks go to Yuji for all his work on GWN.
Red Hat upgrades security (News.com)News.com reports that Red Hat has released an update to its enterprise product with security upgrades, support for IBM Power5 servers, new driver support and bug fixes. "The security upgrades in Enterprise Linux 3 Update 3 include Exec-shield and Position Independent Executable (PIE) features to protect against stack, buffer or function pointer overflows and other exploits that involve overwriting data structures in memory. No-execute (NX) support will now be available for Intel x86, Intel EM64T and Advanced Micro Devices AMD64 processors."
FedoraFedora has kudzu updates available for FC1 and FC2. These updates rework the network device detection in kudzu and fix various reported bugs.
Slackware LinuxThe slackware-current changelog shows upgrades to hdparm, zsh, GNU m4, glib, gtk+, gnupg, lftp, nmap, ImageMagick, GNU bash, minicom, GNU aspell, openshh and fluxbox, plus other bugfixes and lots of recompiling with the new glib.
Minor distribution updates Astaro Security LinuxAstaro Security Linux has a security release of stable 4.023. "Changes: This Up2Date fixes the recent Apache DoS (CAN-2004-0748) and some flaws within IPSec."
Lineox Enterprise LinuxA third update of Always Current Lineox Enterprise Linux 3.037 is now available. Click below for additional information.
MEPIS Releases SimplyMEPIS 2004MEPIS LLC is now shipping SimplyMEPIS 2004. SimplyMEPIS 2004 utilizes a foundation codebase from the Debian Project for reliability and includes the KDE 3.2.3 desktop, OpenOffice 1.1.2, Mozilla 1.7.2, Skype, GIMP2, Xine, and many other applications to give the desktop user everything needed to quickly become productive in the SimplyMEPIS desktop Linux environment.
New StartCom Linux systems releasedStartCom Ltd. has released a new Linux Operating System designed for software developers. The StartCom Developer Edition DL-3.0.0 (Pharaoh) incorporates the best of StartCom Enterprise Linux, with the addition of the Eclipse IDE. There is also an updated release of StartCom Enterprise Linux available. Click below for the announcement.
Page editor: Rebecca Sobol Development Metisse: An Experiment in Three Dimensional ThinkingThere has been a lot of recent discussion in the news about various projects that are trying to improve the traditional two dimensional graphical user interface. Efforts are underway to make it more efficient, useful, and generally better. Microsoft ran their TaskGallery project, starting in 1999, to explore and study the idea of taking advantage of a user's spatial memory to organize their workspace. Sun recently demonstrated their experimental 3d desktop, Project Looking Glass. Two commercial organizations, Spatial Research and 3DNA provide proprietary three dimensional desktop interfaces for Microsoft Windows. So this is an area that is getting a fair amount of attention, and possibly even results. And then there's Metisse.Metisse is an open source project that grew out of several sub-projects funded by in Situ, a research project that exists as a collaboration among several French research groups. The brainchild of Olivier Chapuis and Nicolas Roussel, Metisse uses the techniques developed in the Ametista project to create a complete three dimensional workspace. Ametista was a project that developed some interesting techniques for capturing windows from the desktop image stream and using those images to compose a new workspace. According the the Ametista website, this technique is similar to that developed for the Task Gallery project. Metisse takes this concept a step further and creates a three dimensional workspace. Standing on the shoulders of giants, Metisse uses a modified version of FVWM, Xvnc, and Ametista to create a virtual X server from which it extracts application windows. Application windows are used for painting textures to plane objects that in turn are drawn on a 3d-accelerated X client. While the technique itself is very fascinating, the question on your mind is probably something like "What can it do, and where can I see screenshots? Those were the first questions on my mind when I discovered Metisse, so I endeavored to install and run it to see what it could do. This article is based on Metisse version 0.3.3.
First ImpressionsSince Metisse uses FVWM to provide the desktop environment, I was immediately and hopelessly lost. As a longtime KDE user, FVWM struck me as being about as foreign as you could get. So my first impressions weren't as good as they could have been. Realizing this, I immediately shut down Metisse and spent half an hour reading about FVWM. When I took a second crack at it, I was very impressed.The first benefit Metisse brings to the table is in one of the least likely places. When you click on a corner of the window, a regular window manager thinks you want to resize it. Under Metisse, however, it just pulls the window back. The assumption is that in a regular window manager, when you resize a window you are doing so with the intention of seeing what is underneath the window so you can continue to do work in the window you're resizing. So Metisse pulls the window back with a peeling action so you can see what's underneath. When you let go, the window sticks back to the desktop where it was. I was impressed, anyway. The second major benefit Metisse brings you is through its use of OpenGL textures. Since your window is no longer being rendered into itself as a virtual screen (as it is in a two dimensional window manager), Metisse can use OpenGL methods to scale the window. This brings an interesting benefit that can't be ignored. The problem with resizing windows is always that you have to pick a size that shows the amount of information you want to see. When you make the window smaller, you see less information in the window. Larger and you see more, at the tradeoff of not having as much space on your desktop for other windows. So users spend a lot of time resizing windows and rearranging them so they can work in multiple windows, and have as much information in each one as they need to keep working. Inevitably, there is always a shortage of screen space. Under Metisse, however, you can scale the window rather than resize it. So you can set it at the size that shows you all of the information you need, and then scale it to the actual size on your desktop that you need it to be. A subtle but surprisingly useful feature! Especially for those of us that like to have our mail clients open at a small size so we can see new email, but are limited by having so many folders that the mail client isn't useful unless it's Really Big.
Main FeaturesAs interesting as those two particular features are, Metisse puts a number of useful operations at your fingertips that weren't there previously. If you hover your mouse cursor over an unoccupied portion of your desktop, the scroll wheel will let you scroll among all of your virtual desktops. The title bar of each window has a few more buttons than it had, and each button lets you do a number of things. Your window is now in 3d space, so you can rotate it on all three of its axis. Scaling your window brings some other benefits, such as making your toolbar and window buttons larger or smaller, especially since most text-based applications such as Mozilla, LyX, or KSpread allow you to change the size of the text. So you can make the text smaller, scale the window larger, and wind up with bigger toolbar buttons with the same amount of text in the window. Right-click on the task's icon in the task bar and you can scale the window into the corner, safely putting it out of the way but still in plain view.Some special attention should be paid to rotating windows on their axis. In a traditional two dimensional workspace, you can't rotate the windows at all. You can only shuffle them around and resize them, and you essentially have a fake 3d setup where you can stack them front-to-back. This is useful, but it's pretty easy to lose track of where you put each window. The task bar was invented to deal with that problem. In a 3d desktop you can usually rotate the windows on their axis. Rotating a window on the X axis means you can rotate it until it's pretty thin and then move it out of the way. You can then see where it is and what it is without having to do any sort of icon association. You can do the same on the Y axis, if you prefer. As much as I like being able to rotate a window on the Z axis, I still haven't found a practical use for it. But the question begs, if you rotate on the X or Y axis, the window still takes up space, so what use is it? Never forget that you can scale the other windows! I still haven't gotten over how useful that is. When you combine this with the Auto Scale feature, the long-debated "Focus moves with cursor" feature of X becomes inarguably practical. Of course, you still get the ability to move windows around in 3d space, and you can get yourself lost on your desktop pretty easily until you master this skill. You can also set the desktop surface as concave or convex and set its degree of curvature.
ConclusionsMetisse is very young, at version 0.3.3. It is also the subject of research, so it's not likely to become production grade anytime soon, if ever. Following in the tradition of open source software, Metisse is subject to incremental improvements and the taking of time to assimilate those improvements. It brings some interesting innovations to the table, but the only thing particularly unique at this early stage of its development is the peeling of windows.The main advantages I see to Metisse at this time are precisely due to its young age. The developers aren't just going all-out to build an art gallery or other virtual world; instead they are taking their time and studying each possibility in an incremental fashion. Since it's so young, and open source, there is plenty of room for the community to help them to determine the best way to build a three dimensional workspace that will actually provide improvements in efficiency, usefulness, and general coolness. The main drawbacks? There is only one that I can see. By building with all of these added layers in the windowing system, Metisse barely runs on machines without a 3d accelerated driver, on my slow system it's not particularly responsive. That's easily forgivable since the nature of the project is research, but I wonder how much performance might affect that research? It's struck me as fairly obvious that even a two dimensional desktop should be taking advantage of 3d acceleration in a video card, and Metisse seems to promise that. At the very least, Metisse has already shown several ways that a two dimensional desktop can use 3d acceleration to its advantage, and I'm looking forward to many new innovations from these guys.
System Applications Database Software PostgreSQL 8.0.0 Beta 2 UploadedThe beta 2 version of PostgreSQL 8.0.0 is out with numerous bug fixes. Testers are needed.
phpMyAdmin 2.6.0-rc2 is released (SourceForge)Version 2.6.0-rc2 of phpMyAdmin, a web-based MySQL administration tool, is available. "Here is the second release candidate for version 2.6.0. Thin[g]s are going well, version 2.6.0-rc1 was tested a lot (with more than 45700 downloads)."
PostgreSQL Weekly NewsThe September 7, 2004 edition of the PostgreSQL Weekly News is out with the week's PostgreSQL database news and events.
Wrong-Errors Bugs: A New Class of Bug? (O'Reilly)Dan Tow uncovers a new type of database bug on O'Reilly. "In this article, I propose the recognition of a new class of bug, a class that is not generally considered a bug at all. Specifically, I propose that errors such as attempted conversions of unconvertible values or division-by-zero should appear only when absolutely necessary, when any execution plan conceivable would encounter the error. An SQL statement that returned an unnecessary error (an error that would not result from every conceivable path to the data) would be guilty of this new class of bug, a wrong-errors bug."
Libraries libannodex 0.5.67 ReleasedLibannodex version 0.5.67 is available with bug fixes. "libannodex is a C library providing a simple programming interface for reading and writing Annodex media. Annodex is an open standards based technology that extends the World Wide Web's hyperlinking, searching, and compositing infrastructure to time-continuous data, enabling video surfing, searching for clips of audio and video files using ordinary Web search engines, and on-the-fly composition of a video on a Web server from previously annodexed clips."
Web Site Development mnoGoSearch 3.2.21 releasedVersion 3.2.21 of mnoGoSearch, a web site search engine, is out. Changes include improvements to the blob mode, sorting search results in URL order, database driver optimizations, and bug fixes. See the History document for details.
Xaraya 0.9.10 released (SourceForge)Version 0.9.10 of Xaraya, a web content management solution and application framework, is out. "In this 0.9.10 Beta release we see further consolidation and stabilization of the code base and much enhanced functionality. There is also a move towards a concentration on performance and usability enhancements which are evident in the feature list for this release."
Miscellaneous GParted 0.0.4 releasedVersion 0.0.4 of GParted, the Gnome Partition Editor, is out. Changes include copy and paste of partitions, an operations list, bug fixes, and more.
Desktop Applications Audio Applications First beta of Aqualung announcedThe first beta release of Aqualung, a music player for GNU/Linux, is available. "Aqualung is a new music player for the GNU/Linux operating system. It plays audio files from your filesystem and has the feature of inserting _no_gaps_ between adjacent tracks."
qjackctl 0.2.10 releasedVersion 0.2.10 of qjackctl, the Qt GUI for the JACK Audio Connection Kit, is available. Changes include the addition of a pre-shutdown script, better JACK shutdown operation, an ALSA driver Duplex mode, a priority and setup control spinbox, and more.
ReZound 0.10.0 Beta releasedVersion 0.10.0 Beta of ReZound, a graphical audio file editor, is available. "It has been a while since the last release. The major changes include: libSoundTouch support (pitch and tempo change actions added), Adaptive Normalize, new audio output code (towards JACK correctness), some speed optimizations, more status bars, stability fixes, Spanish translation, and other fixes." The release notes have more information.
Desktop Environments KDE CVS-Digest (KDE.News)The September 3, 2004 edition of the KDE CVS-Digest is out with the following summary: " KDevelop has a new project builder. KMail now supports kwallet for mail account passwords. Krita adds KJSEmbed scripting support. KOffice now supports Indic."
Electronics gEDA NewsThe latest new releases from the gEDA project include snapshot 20040828 of the Icarus Verilog compiler, development snapshot 20040903 of PCB, the printed circuit board CAD package, and more.
Games Planet Zephulor 0.9aVersion 0.9a of Planet Zephulor is available from the PyGame site. "Planet Zephulor is a side scrolling platform arcade game under development. Currently the game spans 15 levels."
Graphics Crystal Space 0.98r004 released (SourceForge)Version 0.98r004 of Crystal Space is available. "Crystal Space is an Open Source and feature rich 3D Engine which runs on Linux, Windows, and MacOS/X." Changes include the maturation of the new renderer architecture, skeletal animation support, a VOS networking plugin, bug fixes, documentation improvement, and more.
GIMP 2.1.4 Development Snapshot (FootNotes)Development Snapshot 2.1.4 of the Gimp has been announced. "Using the newly introduced progress bar API, the progress bars that used to pop up while creating thumbnails or running a script are now embedded into the Script-Fu dialog or the File Open dialog respectively. A new preview widget for plug-ins has been added and quite some plug-ins are already ported to the new widget. Finally an end to trial and error for finding the right blur radius or the proper edge detection algorithm."
Instant Messaging Gossip 0.7.8 releasedVersion 0.7.8 of Gossip, an instant messaging client for GNOME, is available. "This release fixes an issue where you have a global proxy set but you don't want to use it for Gossip. Ross Burton was fast to answer a call for help and added a setting in the account dialog to disable the system proxy."
Interoperability Wine TrafficThe September 3, 2004 edition of Wine Traffic is online with the latest Wine project news.
Music Applications Introducing Soundtank 1.0.0Initial version 1.0.0 of Soundtank, a LADSPA host, is out. "In this program, you can use any LADSPA plugin with a pitch control as a softsynth; multiple instances handle polyphony and MIDI control is handled through user-customizeable Event Maps. As a perk, I have included a command to automatically create Event Maps, ensuring you instant gratification."
Office Applications Free (as in "free speech") access to Microsoft ExchangeThe Brutus project has been announced. "The Danish Open Source company OMC has released Brutus. Brutus is a free development framework distributed under the GPL that offers access to all of MAPI and therefore to all versions of Microsoft Exchange from 5.5 onwards. Brutus is a complete wrapping of all of MAPI into a (large) set of CORBA interfaces."
GanttProject 1.10 released (SourceForge)Version 1.10 of GanttProject, a Java-based Gantt chart planner, is out. "New features include export to new formats (XFig, CSV), management of role sets (now it is possible to define application-level roles and share them in different projects). UI improvements (new plastic theme, multiselection), WebDAV bugfixes."
Office Suites ooo-build 1.3.3 announcedBuild 1.3.3 of OpenOffice.org has been released. "This package contains Desktop integration work for OpenOffice.org, several back-ported features & speedups, and a much simplified build wrapper, making an OO.o build / install possible for the common man. It is a staging ground for up-streaming patches to stock OO.o."
PDA Software Gnome Pilot 2.0.12 & Gnome Pilot Conduits 2.0.12Versions 2.0.12 of Gnome Pilot and Gnome Pilot Conduits are available with bug fixes and improved translations.
Guikachu 1.5.2 ReleasedVersion 1.5.2 of Guikachu, the GNOME Resource editor for PalmOS projects, is out. Changes include bug fixes, I/O error handling improvements, support for GCC 3.4, updated translations, and more.
Digital Photography F-Spot 0.0.2 releasedVersion 0.0.2 of F-Spot, a photo management application for GNOME, is available. Changes include a full screen slide show mode, a preview popup window, new grouping options, thumbnail icon editing, and more.
RSS Software Imendio Blam 1.4.0 announcedVersion 1.4.0 of Blam, an RSS reader for the GNOME desktop, is available. "This release features automated periodic updates of the news feeds as well as a notification when unread items exists. A couple of sorting bugs has been fixed and support for marking all entries in a channel as read has been added."
Web Browsers Independent Status Reports (MozillaZine)The latest Mozilla Independent Status Reports are online "Brian King writes in with this week's Independent Status Reports, which cover Mozilla-Delphi, LookAhead, Autofill, bioFOX, and more."
Firefox Extensions Guide (MozillaZine)MozillaZine mentions a new online Guide to Firefox extensions. "Gsurface wrote in to tell us that Flexbeta has posted an in-depth guide to a number of the well known, and not so well known extensions available for Mozilla Firefox. It covers close to 30 different extensions, including web developer tools, full application add-ons, existing feature enhancements and more."
Mozilla Links NewsletterThe September 6, 2004 edition of the Mozilla Links Newsletter has been published. Take a look for a long list of Mozilla browser articles.
Miscellaneous gnubiff 2.0.0 releasedVersion 2.0.0 of gnubiff, a mail notification application, is out. Changes include an HIG 2.0 compliant interface, auto-detection of mailbox format, bug fixes, and more.
Languages and Tools Caml Caml Weekly NewsThe Caml Weekly News for August 31 - September 7, 2004 is out with numerous Caml language articles.
Java Parsing and Processing Large XML Documents with Digester Rules (O'ReillyNet)Eugen Kuleshov writes about Jakarta Digester on O'Reilly. "In-memory XML representations such as DOM can be impractical for large XML files, for which different approaches are needed. As Eugene Kuleshov shows, Jakarta Digester offers a lighter, event-driven alternative."
Building Highly Scalable Servers with Java NIO (O'Reilly)Nuno Santos introduces Java NIO on O'Reilly. "The support for I/O multiplexing is a new feature of Java 1.4. It builds on two features of the Java NIO (New I/O) API: selectors and non-blocking I/O."
Annotations in Tiger, Part 1: Add metadata to Java code (IBM developerWorks)Brett McLaughlin writes about Java Annotations on IBM's developerWorks. "Annotations, a new feature in J2SE 5.0 (Tiger), brings a much-needed metadata facility to the core Java language. In this first of a two-part series, author Brett McLaughlin explains why metadata is so useful, introduces you to annotations in the Java language, and delves into Tiger's built-in annotations."
Lisp LTK 0.8.6 releasedVersion 0.8.6 of LTK, The Lisp Toolkit bindings for Tk, is out. "The major change in this version is a reworked communication subsystem between Lisp and Tk".
SBCL 0.8.14 releasedVersion 0.8.14 of Steel Bank Common Lisp is available. "This version features improved debugging facilities and documentation, and performance improvements."
PostScript GGV 2.7.99 releasedVersion 2.7.99 of GGV, the Gnome Ghostview PostScript previewer, is available. "Getting anxious prior to the upcoming release, the latest incarnation of Gnome Ghostview features an brand new desktop file that lists it as capable of displaying application/postscript mime type (Ray) and an updated, bug-fixed version of the recent-files code (Mark)."
Python Python 2.4, alpha 3 releasedThe alpha 3 version of Python 2.4 is out for testing. "In this release we have PEP-292 string templates, a new syntax for multi-line imports, and a large number of other bug fixes and improvements. See either the highlights, the What's New in Python 2.4, or the detailed NEWS file -- all available from the Python 2.4 webpage. This will hopefully be the last alpha in the Python 2.4 cycle - a first beta will follow in a few weeks."
A Python Quick Reference to Useful Commands (O'ReillyNet)O'Reilly has published some useful Python resources. "Plucked from the pages of Python in a Nutshell and Learning Python, 2nd Edition, these excerpts, available for download as a PDF (55K), offer a quick reference to useful Python commands, covering methods, common file operations, and much more. Print it out to keep by your keyboard as you program."
Dr. Dobb's Python-URL!The September 7, 2004 edition of Dr. Dobb's Python-URL! is online with the latest Python news and article links.
Ruby alt.lang.jre: Take a shine to JRuby (IBM developerWorks)Michael Squillace and Barry A. Feigenbaum explore JRuby on IBM's developerWorks. "JRuby combines the object-oriented strength of Smalltalk, the expressiveness of Perl, and the flexibility of the Java class libraries into a single, efficient rapid development framework for the Java platform."
Tcl/Tk Dr. Dobb's Tcl-URL!The September 7, 2004 edition of Dr. Dobb's Tcl-URL! is out with another weekly dose of Tcl/Tk article links.
XML XML &DocBook: Structured Technical Documentation Authoring (Linux Journal)Machtelt Garrels looks at DocBook on Linux Journal. "DocBook is an XML Document Type Definition or DTD. It is a subset of XML particularly suited for but not limited to the creation of books and papers about computer hardware and software. DocBook is well-known in the Linux community and is used by many publishing companies and open-source development projects. Most tools are developed for the DocBook DTD and are included in most Linux distributions. This allows for sending raw data that can be processed at the receiver's end--wherever applications able to interpret XML directly are available."
Converting XML to RDF (O'Reilly)Bob DuCharme shows how to convert XML to RDF on O'Reilly. "I had written a stylesheet called aws2rdf.xsl, but the more I thought about it the more I realized that such a stylesheet needed very few dependencies on the Amazon Web Services DTDs, and that it could convert a wide variety of XML to RDF. So, I revised and renamed it to xml2rdf.xsl, and we'll look at it here."
Screenscraping the Senate (O'Reilly)Paul Ford pulls data from the web pages of the US Senate in an O'Reilly article. "In this inaugural article of Paul Ford's new column, Hacking Congress, he introduces his plan to create an RDF description of the U.S. federal government. He starts by collecting data on U.S. Senators and converting it to RDF. Future columns will focus on the House of Representatives and the Executive branch."
Tip: Send multiple Web services requests from XForms (IBM developerWorks)Nicholas Chase works with multiple web services requests using XForms. "A typical HTML form only lets you submit to one URL at a time, which makes it difficult to retrieve information from multiple Web services. This tip shows you how to use XForms to solve that problem by using multiple submissions from a single form."
Debuggers Valgrind 2.2.0 is availableVersion 2.2.0 of Valgrind, a tool suite for debugging and profiling x86-Linux programs, is out. "2.2.0 brings nine months worth of improvements and bug fixes. We believe it to be a worthy successor to the previous stable release, 2.0.0. There are literally hundreds of bug fixes and minor improvements. There are also some fairly major user-visible changes".
IDEs New SCons Eclipse pluginLothar Werzinger has written a new plugin for Eclipse. "This plugin allows to build C/C++ projects with the SCons build tool."
Page editor: Forrest Cook Linux in the news Recommended Reading Linux in Government: Will Schwarzenegger Terminate Windows? (Linux Journal)Tom Adelstein looks at open source adoption in California. "Special interests will attempt to undermine open-source efforts. Although many consider California to be a progressive state, fiscally conservative Republicans have had the most success in achieving open-source adoption. Consider, for example, Governor Mitt Romney, the Republican governor of Massachusetts. In January of this year, through the Executive Office for Administration and Finance, he issued a final policy on the use of open-source software and open standards. The policy requires commonwealth officials to consider all relevant factors, including the potential for excessive dependence on a single supplier, before they spend taxpayer money on information technology."
Microsoft vs. Linux vs. vendor lock-in (NewsForge)NewsForge looks at vendor lock-in and Linux. "In other words, instead of "world domination," Linux needs "strip mall presence." We need to see lots of small businesses offering Linux computers, software, service and support. We need to see smiling penguins in store windows and ads in the Sunday paper that say, "Now you can have the same operating system that runs some of the world's most powerful supercomputers on your office desk." We need highly visible competition in selling Linux to retail customers, either in dedicated stores or next to white box Windows computers in generalized computer sales environments."
Trade Shows and Conferences KDE.News aKademy coverageKDE.News continues its aKademy series of interviews and articles. Here's an interview with Fabian Franz and Kurt Pfeifle about FreeNX, an interview with John Terpstra on the challenges to Free Software and an aKademy wrap up. "With more than 230 KDE core developers, usability and accessibility experts, translators, editors and artists participating, the event is expected to have a huge and lasting impact on the next major releases of the leading Linux and Unix desktop environment. In addition, 270 visitors from the KDE user base and from other Free Software projects brought the total number of attendees to 500."
Report from KDE World Summit, Day 8: End of the marathon (NewsForge)NewsForge covers day 8 at aKademy. "Running throughout the day was the last pair of tutorials, one of which focused on live cracking - dealing with cracking, that is! Running through who the aggressors may be, what tools they use, how they can crack into your system and how you can block them, participants were treated to live demonstrations and a thorough treatment of the subject."
Report from KDE World Summit, Day 9: Users and Admins (NewsForge)NewsForge reports from aKademy, Day 9. "Day nine of aKademy saw the start of the Users and Administrator's Conference, and the celebration of the international Software Freedom Day. With the end of the developers' section of the summit, the hacking rooms began to thin out, but the loss in numbers was accommodated by (for the most part local) crowds of users filing in to hear from developers and other users and administrators. And for those following the SUSE-Novell developments, a keynote from a Novell employee was not to be missed."
Report from KDE World Summit, Day 10: Why Knoppix chose KDE (NewsForge)NewsForge wraps up its aKademy coverage with a look at day 10. "Those who mourn the passing of geeky trade shows, and the rise of the shiny corporate stall, would have enjoyed the flavour of the talks in this track. Several times during their presentations, hackers had to stop and admit that features they were talking about weren't yet implemented, or didn't work properly. "We should really fix this" was one phrase Ingo Klöcker used several times whilst showing the audience through the configuration dialogues of KMail."
The SCO Problem SCO's 3rd Quarter Teleconference - Transcript (Groklaw)Groklaw has posted the transcript of SCO's 3rd Quarter Teleconference. "McBride: I, I, I think, Dion, to take that on, I, I believe that if you look at the claims that we have, we're, we're moving forward very nicely through the court system. At every turn of the way, there are IBM-sponsored web sites out there that claim that the next, the next claim is gonna be the one that SCO's going down. I mean, they've been saying this for a year. And the cases keep moving through. As Bert said we've retained one of America's, if not one of the world's, best litigators. They have a lot of confidence in our, our cases, and we look forward to having those cases tried in the courtrooms."
Companies Co-Op Puts A New Twist On Open Source (Information Week)Information Week looks at the Avalanche Technology Cooperative, an association of large companies attempting to do "private open source" development. "Avalanche has spent more than $350,000 in the past two years on legal fees with the Minneapolis law firm Dorsey & Whitney LLP to develop a software-licensing policy that would restrict use of the code to co-op members. The group also will indemnify its members against legal action from outsiders. 'We ensure the submitter is the owner of the code,' Avalanche CEO Jay Hansen says. Members pay a $30,000 annual fee that helps cover the legal costs."
Red Hat replaces CFO (News.com)News.com reports that Red Hat has chosen a new CFO. "Red Hat on Thursday named Charles Peters Jr. as executive vice president and chief financial officer. Peters replaces Kevin Thompson, who unexpectedly announced his resignation in June, a few days before the Linux software maker was scheduled to report fiscal first-quarter results."
Business Experts say software vendors will soon offer products for different Linux 'flavors' (NewsForge)Here's a NewsForge editorial on a change in the Linux application landscape. ""Historically, vendors have tended to work with one flavor of Linux," said Daniel K. Boice, president and CEO of The Jaxara Group, an open source software applications developer, located in Bethesda, Md.. "However, it seems that vendors, such as Oracle, are using the growing popularity and acceptance of SUSE, Red Hat, and other Linux distribution, to grow sales. I believe that in an effort to increase both visibility, and revenue, vendor will begin to partner with different Linux distribution.""
Linux Adoption The First Linux Installfest in Iraq (Linux Journal)Ashraf Hasson writes about his experience running the Iraqi Linux User Group's first Linux installfest. "From August 14th through the 16th, Baghdad witnessed massive gunfire and streetfights in many of its districts, which unfortunately prevented some from attending the installfest. On the first day, I was forced to stop while in the middle of the installation, due to an urgent call from the Dean's office informing the staff and students to leave for home at once. There was no time to serve any refreshments! On the second day, we picked up from where we had stopped, and things went along smoothly, although the alert still was on."
Linux at Work Linux vies with Oracle (vnunet)Here's a Vnunet article about a company that replaced an Oracle database cluster with a few Linux servers. "The great thing about this story is that the Linux servers did not run database software. The Oracle database had been converted and stored on the Linux hard disk as a collection of some 100,000 files. The work was part of a major application upgrade that involved redesigning all the components of a busy web site."
Legal Ed Felten on the Chamberlain decisionHere is Ed Felten's take on the recent appeals court decision in the Chamberlain v. Skylink DMCA case. "In the end, the court backs away from the simple reverse-Sony interpretation of the DMCA, and makes a more limited finding that (1) tools whose only significant uses are non-infringing cannot violate the DMCA, and (2) in construing the DMCA, courts should balance the desire of Congress to protect the flanks of copyright owners' rights, against users' rights such as fair use and interoperation. In this case, the court said, the balancing test was easy, because Chamberlain's rights as a copyright owner (e.g., the right to prevent infringing copying of Chamberlain's software) were not at all threatened by Skylink's behavior, so one side of the balancing scale was just empty."
Sender ID and Almost-Open Standards (Groklaw)Here is Groklaw's take on the patent-encumbered Sender ID specification. "Are monopolies allowed to use almost-open standards as a weapon to cut off the competition's air supply? Don't answer that. I think that only works in the dark, not under the always-on bright lights of the Internet, and not any more, now that the community has grown up, has some muscle, and some corporate backing."
Interviews Record labels' man in Washington (News.com)News.com interviews Mitch Glazier, lobbyist for the RIAA. "What are your plans regarding open-source or free software that facilitates file sharing, which tends to be hosted at sites like SourceForge?I don't know yet. We have dealt with the individual development of peer-to-peer systems on college campuses when the OpenNap systems were being developed. We have stopped college students from developing independent networks and exporting those to other colleges. My guess is that we would have to proceed the same way. But no decision has been made in antipiracy strategy for open source yet."
Dave Whitinger: Inventing Linux News Reporting (O'Reilly)O'Reilly is running an interview with Dave Whitinger. "Today, he's back and publishing another Linux news site. More competition exists now than when he was almost all alone in the field. Dave's re-entry into the community he never really left may be another example of good timing. Linux continues to gain momentum in every quarter and Whitinger knows that content is king. He's also adding new kinds of interactive technology to his site."
Bruce Perens: the Linux colonel talks (vnunet)vnunet interviews Bruce Perens about UserLinux and other topics. "Why are some of the Linux and open source developers upset with the way their systems are being marketed? Because they have no say about it. And even if they have the opportunity, they don't know how to use it. In the UserLinux case we address that not by whining, but by creating a viable alternative."
Resources OOo Off the Wall: The Outlining and the Ecstasy (Linux Journal)The Linux Journal has posted a tutorial on outlining with OpenOffice.org. "Here's where it gets confusing. If you use styles in Writer, you probably know that numbering styles can be applied to paragraph styles. Yet, in addition to numbering styles, Writer has a second system for numbering paragraph styles, located in Tools > Outline Numbering. I call this system multi-style outlining, as opposed to single-style outlining. Both are called outline numbering, yet the two systems are completely independent of each other."
Open Source Wall StreetDion Cornett's "Open Source Wall Street" newsletter for September 7 is available in PDF format. Therein, he suggests that SCO should allocate 1% of its legal expenses to obtaining a second opinion on its anti-Linux campaign, and dedicates a few pages to the claim that Red Hat's stock is now undervalued. "We have frequently asserted that we expect the OSS market to evolve into a 'Coke/Pepsi'-like duopoly as major technology vendors balance the need for competitive alternatives against the difficulties inherent in supporting multiple distributions. We have noted in the past some customers switching from RHAT to NOVL's SUSE, while defections in the opposite direction are difficult to find given that SUSE's more limited installed base. Thus we agree that NOVL is gaining market share on RHAT which was recently confirmed by NOVL's reported server additions (up from 3,800 to 19,000) and is fully built into our Outperform recommendations on both companies."
Reviews Scribus: Open Source Desktop Publishing (O'ReillyNet)O'ReillyNet looks at Scribus for desktop publishing. ""Quark was the model for the first versions of Scribus," acknowledges Franz Schmid, a 40-year-old invoice writer from Breitenfurt, Germany, who created Scribus. "I had a Mac and loved its desktop publishing applications. Soon after my first steps into Linux, I realized that there existed no user-friendly publishing package. So I decided to write my own.""
Review of Mozilla's Sunbird Stand-Alone Calendar Application (O'ReillyNet)O'Reilly's OSDir.com looks at Sunbird, a stand-alone calendar application from Mozilla. "The ability to create and maintain different calendars for different purposes is a nice touch although it does exist in other applications, but it is easier to move between the different calendars in Sunbird. Keeping calendars separate can be very useful especially when you don't want to relay your family calendar to the rest of your work group across the calendar sharing webDAV server."
Miscellaneous Junior Jobs: A Cool Way to Start Hacking KDE (KDE.News)KDE.News mentions some successes of the KDE Junior Jobs system, a mechanism for producing quick fixes for simple bugs. "Today on the kde-quality list, Christian Loose of Cervisia fame celebrated the initial success of the Junior Jobs, which helped him get three patches. Junior Jobs were suggested by Adriaan de Groot back in May. They serve as a "you are welcome to hack here" sign, and mark bugs or wishes that are suitable for someone who is starting to hack KDE."
Page editor: Forrest Cook Announcements Non-Commercial announcements Niku Releases Open Workbench Source CodeNiku Corporation has announced the release of its Open Workbench scheduling tool as open-source software. "Open Workbench is the open source release of Project Workbench(TM), and represents the first compelling and free alternative to Microsoft(R) Project."
Commercial announcements Cybernet Professional 5.0 releasedCybernet Systems Corporation has announced NetMAX Professional 5.0, Linux software for Internet appliances and network servers. The new version offers a full featured Red Hat-based Linux server that is pre-configured to provide Apple/PC/Unix file sharing, e-mail, web page serving, firewall security and more. NetMAX Professional 5.0 includes enhancements to security and performance, and further simplifies deployment and management capabilities.
Novell Promotes Linux Adoption Through China Linux Standards GroupNovell, Inc. has joined the China Linux Standards Group. The China Linux Standard Group was founded in April 2004 with approval from China's Ministry of Information Industry. As the only global commercial Linux vendor formally part of the China Linux Standard Group, Novell will participate with other members to coordinate input from various local and national software development communities and Chinese enterprises, and provide Linux consulting and guidance to Chinese IT scholars and experts.
Pepper Computer's Linux-based tablet![[Pepper Pad]](/images/ns/pepper-pad.jpg)
Pepper Computer, Inc. has announced the availability of the "Pepper Pad 2," a tablet computer running MontaVista's CEE Linux distribution. "The Pepper Pad is a lightweight, Wi-Fi-enabled device, with a large, high-
resolution screen, hard disk, and built-in QWERTY keypad, providing a powerful
platform for a much wider range of online and off-line activities than other
portable devices."
Unisys and Red Hat to Deliver Enterprise Linux SolutionsRed Hat, Inc. has announced that Unisys has joined the Red Hat Partner Community. Red Hat Enterprise Linux will be available across the full line of Unisys server products, supported worldwide by Unisys service personnel.
New Books "IRC Hacks" Released by O'ReillyO'Reilly has published the book IRC Hacks by Paul Mutton.
"XML Hacks" Released by O'ReillyO'Reilly has published the book XML Hacks by Michael Fitzgerald.
Resources FSF Europe NewsletterThe Free Software Foundation Europe Newsletter looks at the addition of Wilhelm Tux as a new associate organization, discussions of software patents, donating to FSFE in the UK and Bernhard Reiter's speech at the KDE User and Administrator Conference.
How to Write Shared LibrariesRed Hat's Ulrich Drepper has written a paper (in PDF) on the topic of writing shared libraries. Thanks to Tero Niemela.
Painless DDNS part 2: configuring the serverJeff Garzik has published part two of his series on Dynamic DNS (DDNS). This part covers server configuration. "Looking again at dynamic DNS (DDNS), we now turn to setting up dynamic DNS on your BIND named name server, discussing some of the available security policies, and providing some examples of use."
Chart: government open source policies worldwideThe Center for Strategic and International Studies has been researching governmental open source software policies around the globe. The result is a country-by-country chart (700KB PDF) with their findings and sources. "The outcome of these efforts is neither a ban on proprietary software nor an endorsement of OS products as innately superior. The various policy and legislative initiatives seem to have produced a kind of technological neutrality."
Upcoming Events Plone Conference 2004, Zope 3 and content managementThe Plone Conference 2004 will be held in Vienna, Austria on September 20-22, 2004. "Zope, a Python-based application server, is migrating to the component architecture of Zope 3. "Be more Pythonic" is a major goal of Zope 3, while also letting Python developers eat Zope one bite at a time through better modularization."
OSDL to Host Enterprise Linux SummitOSDL has announced the upcoming Enterprise Linux Summit. "The Open Source Development Labs (OSDL), a global consortium dedicated to accelerating the adoption of Linux in the enterprise, today announced that it will host its first-ever Enterprise Linux Summit (OSDL-ELS), January 31 through February 2, 2005 in Burlingame, CA. Three educational session tracks over two days plus a preceding day of tutorials will comprise the Summit, which will address topics and issues around successful Linux deployment."
Events: September 9 - November 4, 2004
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Miscellaneous FSFE letter to Prime Minister of the NetherlandsThe Free Software Foundation Europe has sent an open letter regarding software patents to the Prime Minister of the Netherlands, Dr. Balkenende. "Software patents are used to hinder competitors software innovation. This is the sole reason that a virtual waste paper basket is patented, the incorporation of applications into a website is patented, and or the ordering of gifts via the internet is patented. These ideas are not very innovative, but they are necessary to make the whole application run and be usable by anybody."
Page editor: Forrest Cook
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Scribus screenshot]](/images/ns/scribus-1.2-sm.jpg)
