The much-anticipated
Ubuntu 4.10 release
happened on October 20. There are a number of interesting things
about Ubuntu, including its commercial backing, use of "4.10" as its
initial release number, and its
desire to change
the world through provocative artwork. But the most interesting thing,
perhaps, is the amount of attention that Ubuntu has received. New
distributions are not exactly an unusual thing; why all the excitement
about Ubuntu?
The money behind Ubuntu is certainly one reason; new distributions may pop
up every week, but few of them have a reported 40 paid developers behind
them. When a new distribution has that sort of backing, people have a
reason to assume that there is something interesting going on, and that it
may stay around for a while.
The quality of the hackers that Ubuntu was able to attract is also clearly
a factor. Ubuntu employs a number of well-known developers from the GNOME,
FreeDesktop.org, and Debian communities, among others. When top-quality
developers get together behind a new project, interesting things tend to
happen.
Ubuntu also makes promises which resonate with a great many users. A
quick, single-CD installation process backed up by a huge network-based
package repository. A strong emphasis on the best desktop experience that
Linux can offer. Bleeding-edge packages combined with a promise of free
support for 18 months. A promise of a six-month release cycle backed up by
some of the developers who lived up to that promise with the GNOME
project. A general sort of cool buzz.
Those are all good reasons for Ubuntu to succeed, but there may be
something else going on here. Ubuntu may have found a way to become the
preferred interface between users and the Debian project.
Debian has a lot of appeal. It is an excruciatingly free distribution
characterized by a widely recognized technical excellence. It offers a
variety of packages which is second to none and a package management system
which is unequaled elsewhere. But Debian scares away a number of
potential users. Its "stable" release is painfully out of date most of the
time, the "unstable" release is rather too bleeding-edge for many users
(while still being slow to pick up new releases at times), and the
middle-of-the-road "testing" release seems to offer the worst of both
"stable" and "unstable." The process of creating a new stable release
looks chaotic, with no timeline for an actual release in sight. The
community seems to spend rather too much time arguing about the free status
of firmware and documentation and packaging up obscure tools and too little
time simply creating a current distribution with a broader appeal. Debian
is a great institution, but it worries a number of people.
Ubuntu is the promise of all the good things about Debian without many of
the problems. As a stabilized version of Debian sid, it has a remarkably
current set of packages. For some software (e.g. GNOME 2.8) Ubuntu was, by
design, ahead of everybody else. The release cycle is well defined, and
the support period has been made clear from the beginning. There is the
obligatory friendly installer as well. Ubuntu looks
like a Debian which stays current, and which is safe for ordinary people to
use.
Ubuntu is certainly not the first company which has made a go at being a
more civilized Debian distribution; others include Progeny, Linspire,
Lycoris, UserLinux, and even Corel's old offering. Ubuntu looks rather
more community-oriented than many of the other commercial, Debian-based
distributions, however; Linspire may be good at attracting attention and
lawsuits, but few people would consider it to be truly open or part of the
community. Appearances matter, and Ubuntu appears to have the right people
and attitude.
Interestingly, Ubuntu appears to have made a bigger splash than even
UserLinux, which is arguably a more community-oriented, Debian-based
distribution. The UserLinux project is clearly well aware of Ubuntu, to
the point of adding an entry to the UserLinux FAQ on
the differences between the two distributions:
A key difference is UbuntuLinux is a (free) product offering from a single
commercial entity (Canonical Ltd.) whereas UserLinux is created through a
community development model.
UserLinux aims to create a standard core for ISV's/whomever to
support. This includes very little real packaging of custom software beyond
pieces to 'brand' the system. Most of the system is packaged upstream and
maintained upstream. Ubuntu aims to create a Debian based desktop
distribution and contains a very large number of custom packages. For
example, Debian Sarge ships with GNOME 2.6 while Ubuntu is forked off of
Unstable around the same time that Sarge did, but ships GNOME 2.8 with
significant modifications.
For the purposes of public image in mid-October, 2004, one might state the
Ubuntu has added a significant amount of value (or at least changes) to
Debian, and has a stable release out now. UserLinux looks to be mostly a
rebranding effort with no releases available yet. From that viewpoint,
it's not surprising that Ubuntu is currently hogging the spotlight. That
situation could change as UserLinux pulls its first release together and
gets its distributed support network going.
UserLinux would be well advised to do these things soon.
There is clearly a market for distributors who impose some order upon the
Debian development process. With these distributors in place, the
undisciplined nature of the Debian release process does not matter anywhere
near as much. The emergence of successful, value-added, Debian-based
distributions may be one of the best things to happen to Debian in some
time.
Comments (36 posted)
Peer-to-peer (P2P) technologies have been continually vilified, not to
mention legally challenged, by the entertainment industry and other groups
as a haven for anonymously sharing digital content illegally. The
LionShare project seeks to
legitimize P2P as an academic resource by doing away with
anonymous file-sharing and adding features appropriate to an educational
environment. LionShare is in development at Penn State University thanks to
a grant from the Andrew W. Mellon Foundation. To get up to speed on
LionShare, we talked with four members of the LionShare team, project
leader Mike Halm and LionShare developers Alex Valentine, Lorin Metzger and
Derek Morr.
The major influence for the LionShare project was the Visual Image User
Study (VIUS) that was completed last
September. LionShare came from a proof-of-concept prototype developed
during work on VIUS. The project now has a $1.1 million grant from the
Andrew W. Mellon Foundation to develop LionShare 1.0. The grant started
last year on October 1, and the team plans to have the 1.0 release ready by
September 30, 2005. The first public release alpha went live at the end of
September.
LionShare differs from traditional P2P networks in a number of ways. First
and foremost, LionShare is designed to be a private, secure
network. LionShare users will communicate with "PeerServers" to provide
file sharing even when users are not online and for centralized
management. The PeerServers will allow users to make files available to
others authorized to retrieve the files, or even just as a backup of local
files they wish to have available from multiple locations. Morr did note
that the software will feature user quotas, to ensure that users do not
abuse the backup features.
The software will also feature collaboration tools, such as P2P chat, not
present in some file sharing utilities. Authentication will not be required
for a user to search the network, but authentication will be necessary to
actually retrieve or share files. The LionShare white paper also calls for
the LionShare client to provide organizational features as well as search
and retrieval capability already present in clients like LimeWire. The
LionShare will allow users to search their own filesystems, though Morr
pointed out that LionShare's organizational features are not as
comprehensive as tools like Beagle or Apple's
SpotLight.
At this point, however, LionShare's codebase is still in an alpha
state. Morr said that the current alpha that's available on the website is
missing the security components that will set LionShare apart from other
P2P networks. Metzger noted that the next release should have the security
integration, though the release will still be an alpha release.
LionShare is based on the LimeWire 4.0
codebase using a modified Gnutella protocol, and is entirely written in
Java. The client and server software are available under the GNU General
Public License, while the SASL-CA software is under a BSD-type
license. At this point, the LionShare team said that there are "some
discussions here and there" between the LionShare developers and the
LimeWire developers, but not a "concrete, everyday
partnership," but that the LimeWire developers are pleased to see
their codebase being used in other projects.
Since the LionShare source code is available, how will the developers
ensure that others aren't able to utilize the source to build anonymous
LionShare client software? According to Morr, it wouldn't matter if someone
were to tamper with the client software. "In order to get any kind of
public file, you have to certify or authenticate...the other end wouldn't
authorize you to access the file."
In addition to requiring authentication, LionShare is designed to allow
file restriction based on identity or user roles. Users will be able to set
Access Control Lists (ACLs) to restrict sharing of a file to individual
users, groups or to all authenticated members. Morr said that the
attributes will come from the authentication servers, so that the
institutions running LionShare servers will be able to fine-tune the
criteria for file sharing. One potential hurdle for educational
institutions looking to join a LionShare network is the lack of a
standardized schema for ACLs. Morr acknowledged that each institution was
likely to have its own schema at the moment, that wouldn't be compatible
with other institutions. However, a standardized LDAP schema for higher
education called eduPerson
is being developed by Internet2, a partner organization for LionShare.
Morr also pointed out that LionShare was designed to allow users to
authenticate against a number of different sources. He said that the
project was doing a lot of work to make LionShare work with "whatever
authentication you have," including LDAP directories and Kerberos
sources. Morr said that LionShare should be compatible with Microsoft's
Active Directory as well, though they haven't tested that as of yet.
We also asked whether LionShare would protect authorized users from
accidentally sharing sensitive or personal files with the wrong set of
users. For example, could LionShare prevent a user from accidentally
sharing all of their files with all authenticated LionShare users? The
LionShare developers said that they had thought about this, and would try
to solve the problem with by having "a good UI" that would let
users know that they were sharing files.
Whether LionShare will catch on beyond the academic setting is anyone's
guess. There are valid reasons for integrating authentication into P2P for
academic or business uses, but that approach will become unwieldy for
larger P2P uses such as downloading Linux ISOs. We'll be watching the
development of LionShare with interest, and are looking forward to further
releases to evaluate how useful the project will be in the long run.
Comments (none posted)
By many (but not all) accounts, the Linux desktop has achieved something
close to parity with some of the proprietary alternatives, in terms of both
capability and usability. The desktop developers are certainly not ready
to declare victory and sit back, however; the pace of development is, if
anything, still increasing. As an example of where things are going, we
decided to take a quick look at a couple of bleeding-edge applications
which have been attracting attention recently.
The first of these is tomboy, a simple desktop
note-taking tool. Tomboy implements a set of note cards, each of which
contains text and links to other cards. The idea is not particularly new,
but the implementation has been thought out well. Some of the best ideas
from Wiki-style web sites have been absorbed - typing a WikiWord into a
note creates and links to a new note using that word as its title. Links
can also be created through a "link" button or by dragging and dropping. A
simple search capability can quickly find notes containing a given string.
Nat Friedman was
impressed by this application:
Note taking is something I do all the time, and which previously
was the realm of "emacs ~/randomname.txt" for me.... We all had
our horrible little solutions to this problem, and Tomboy has
stepped in to fill the gap in a big way.
I'm not sure it's clear to everyone just how big a space Tomboy has
carved out. If Tomboy can own note taking for me, that's one of
the main purposes of my computer.
Your editor was, with some effort, able to get tomboy running on a Debian
unstable system; this application requires a number of highly-current Mono
and GTK libraries. There are some rough edges and missing capabilities,
which should come as little surprise for an application this new. Even so,
tomboy makes note taking and organization into a quick and easy task; it is
good at staying out of the way. If the current trend continues, tomboy
should quickly reach a level of functionality and stability that will earn
it a place on most distribution disks.
Meanwhile, quite a bit of attention has recently been focused on beagle, which is currently
at a lofty 0.0.2 release. Beagle appears to be the GNOME project's answer
to Microsoft's search plans and Google's (Windows) offering; it provides a
quick way to find things on the desktop. Think of it as a modern version
of locate, but with a few enhancements.
One core beagle feature is its collection of "filters," which enable
searches of a wide variety of files typically found on a Linux desktop
system - and some that aren't. Supported file types include Microsoft
Office, OpenOffice.org, PDF, source code in a number of programming languages,
and a number of image and audio file formats (only metadata is indexed).
Beagle can also search email (mostly limited to evolution users for now),
tomboy notes, weblog entries in the "Blam!" format, application launchers,
and more.
Underneath it all, beagle uses the (still unmerged) inotify mechanism to learn about
changes to the filesystem. New or modified files can be indexed
immediately; there should be no need for a massive "thrash the disk" job
running in the middle of the night. As an added touch, search results
which are currently displayed for the user are updated to reflect the latest
filesystem changes.
There is a command-line search tool which may be used to search beagle, but
the primary interface to the system is best ("bleeding-edge search
tool"). The project has put together a
collection of best screenshots which gives a good idea of what beagle
can currently do.
While tomboy is primarily the work of one developer (Alex Graveley), beagle
is a rather larger affair. The beagle
roadmap posted on October 4 shows that quite a few Novell hackers
have been set to work on beagle. At the top of their list is basic
usability work, things like "Not crashing or failing, most of the
time." Among other things, it seems there are memory leak problems
in Mono which have to be worked around. Email integration remains on the
list ("The primary goal will be Evolution mail integration; patches
for other mail clients will, of course, be accepted."). Work
continues on the search interface; among other things, search will be
integrated into the GNOME file selection dialog.
Longer-term goals include reworking dashboard to sit on top of beagle,
adding beagle searches to nautilus,
and, somehow, better encapsulating the relationships between desktop
objects.
Beagle is very much an early-stage project; it can be difficult to install,
and it is not available in packaged form for most distributions. There is
also that "not crashing for failing" issue. But it has reached a point
where the suicidally early adopters are finding it useful, and progress is
happening quickly. Linux, it seems, will not be left behind when it comes
to desktop search capabilities.
Comments (20 posted)
Page editor: Jonathan Corbet
Security
Michal Zalewski recently decided to look for exploitable vulnerabilities in
web browsers. So he write a little CGI script which generates random HTML
and feeds it to the browser; a refresh tag is used so that the browser will
repeatedly request new pages - until things come to a crashing halt.
Mr. Zalewski
reported his results on
Bugtraq as "a mini-farce." It seems that most of the browsers he tested
fared rather poorly.
The key word here is "most." One browser was able to absorb noisy input
indefinitely without crashing; that browser was Internet Explorer.
There has been quite a bit of talk recently about Internet Explorer's
security problems, and how the alternatives - both free and proprietary -
are more secure. So this kind of result is somewhat embarrassing. As
Mr. Zalewski put it:
It appears that the overall quality of code, and more importantly,
the amount of QA, on various browsers touted as "secure", is not up
to par with MSIE; the type of a test I performed requires no human
interaction and involves nearly no effort. Only MSIE appears to be
able to consistently handle malformed input well, suggesting
this is the only program that underwent rudimentary security QA
testing with a similar fuzz utility.
So what sort of HTML turned out to be problematic? A few examples have
been posted - but all you smug, free-software-using folks might want to
think twice before clicking on them. Use of a tool like wget is
probably more appropriate. One of the examples, which, as your smug,
free-software-using editor can attest, kills Firefox is, in its entirety:
<HTML><INPUT
The post notes that this bug is probably exploitable, and that many others
certainly exist. The tester also does nothing involving either cascading
style sheets or JavaScript - one suspect that those areas might, just
maybe, be the source of a bug or two themselves.
The Mozilla project has been quick to capitalize on the recent bout of
Internet Explorer security problems. This incident demonstrates, however,
that the free software community can, at times, be a little too quick to
claim better security. Testing against malformed input has been a standard
quality assurance technique for decades; the fact that Mozilla, seemingly,
has not done this testing is a little discouraging. Security can be a
winning point for free software, but it doesn't happen automatically. If
we're going to claim to have a more secure product, we should be sure we've
done the homework first. Meanwhile, expect a new set of Mozilla patches
sometime soon.
Comments (37 posted)
Brief items
Alan Cox has sent out an announcement regarding a couple of tty-related
security fixes which were included in the 2.6.9 kernel release. One of
them is, conceivably, remotely exploitable, though it appears to be
impossible to exploit in most cases. 2.4 and 2.2 kernels are also
vulnerable; expect distributor updates shortly. Click below for the details.
Full Story (comments: none)
New vulnerabilities
apache: mod_ssl cipher negotiation problem
| Package(s): | apache |
CVE #(s): | CAN-2004-0885
|
| Created: | October 15, 2004 |
Updated: | November 4, 2004 |
| Description: |
Apache's mod_ssl module may allow content to be
retrieved without proper negotiation of the
requested cipher suite. |
| Alerts: |
|
Comments (none posted)
BNC: input validation flaw
| Package(s): | bnc |
CVE #(s): | |
| Created: | October 15, 2004 |
Updated: | October 19, 2004 |
| Description: |
The BNC IRC proxying server contains an
input validation flaw which can be remotely
exploited for the purpose of running IRC commands. |
| Alerts: |
|
Comments (none posted)
cvs: information disclosure
| Package(s): | cvs |
CVE #(s): | CAN-2004-0778
|
| Created: | October 20, 2004 |
Updated: | October 20, 2004 |
| Description: |
CVS (prior to version 1.1.17) contains an undocumented switch which may be used by an attacker to verify the existence of files and whether the CVS process can access them. |
| Alerts: |
|
Comments (none posted)
ghostscript: symlink vulnerabilities
| Package(s): | ghostscript |
CVE #(s): | CAN-2004-0967
|
| Created: | October 20, 2004 |
Updated: | September 28, 2005 |
| Description: |
The ghostscript package (prior to version 7.07.1-r7) contains several scripts which are vulnerable to symlink attacks. |
| Alerts: |
|
Comments (none posted)
libpng: integer overflows
| Package(s): | libpng |
CVE #(s): | CAN-2004-0955
|
| Created: | October 20, 2004 |
Updated: | October 25, 2004 |
| Description: |
A new set of integer overflows has been found in the libpng library; these overflows could perhaps be exploited (by way of a malicious image file) to execute arbitrary code. |
| Alerts: |
|
Comments (1 posted)
phpMyAdmin: Vulnerability in MIME-based transformation
| Package(s): | phpMyAdmin |
CVE #(s): | |
| Created: | October 18, 2004 |
Updated: | October 19, 2004 |
| Description: |
A defect was found in phpMyAdmin's MIME-based transformation system,
when used with "external" transformations. A remote attacker could exploit
this vulnerability to execute arbitrary commands on the server with the
rights of the HTTP server user. |
| Alerts: |
|
Comments (none posted)
PostgreSQL: Insecure temporary file use in make_oidjoins_check
| Package(s): | PostgreSQL |
CVE #(s): | CAN-2004-0977
|
| Created: | October 18, 2004 |
Updated: | December 20, 2004 |
| Description: |
The make_oidjoins_check script insecurely creates temporary files in
world-writeable directories with predictable names. A local attacker could
create symbolic links in the temporary files directory, pointing to a valid
file somewhere on the filesystem. When make_oidjoins_check is called, this
would result in file overwrite with the rights of the user running the
utility, which could be the root user. |
| Alerts: |
|
Comments (none posted)
WordPress: HTTP response splitting and XSS vulnerabilities
| Package(s): | wordpress |
CVE #(s): | |
| Created: | October 14, 2004 |
Updated: | December 20, 2004 |
| Description: |
WordPress is vulnerable to HTTP response splitting and cross-site scripting
attacks, due to the lack of input validation in the administration panel
scripts. A malicious user could inject arbitrary response data, leading to
content spoofing, web cache poisoning and other cross-site scripting or
HTTP response splitting attacks. This could result in compromising the
victim's data or browser. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
Apache mod_proxy: denial of service
| Package(s): | apache |
CVE #(s): | CAN-2004-0492
|
| Created: | June 11, 2004 |
Updated: | October 14, 2004 |
| Description: |
A buffer overflow vulnerability in the apache mod_proxy module
can be exploited to create a denial of service. |
| Alerts: |
|
Comments (none posted)
apache2: stack-based buffer overflow in ssl_util.c
| Package(s): | apache2 |
CVE #(s): | CAN-2004-0488
|
| Created: | June 1, 2004 |
Updated: | October 14, 2004 |
| Description: |
A stack-based buffer overflow exists in the ssl_util_uuencode_binary
function in ssl_util.c in Apache. When mod_ssl is configured to trust the
issuing CA, a remote attacker may be able to execute arbitrary code via a
client certificate with a long subject DN. |
| Alerts: |
|
Comments (none posted)
aspell: bounds checking problem
| Package(s): | aspell |
CVE #(s): | CAN-2004-0548
|
| Created: | June 17, 2004 |
Updated: | December 20, 2004 |
| Description: |
Aspell's word-list-compress utility fails to properly check bounds
when dealing with words that are more than 256 bytes long.
This can lead to arbitrary code execution by an attacker. |
| Alerts: |
|
Comments (none posted)
cdrecord: failure to drop privilege
| Package(s): | cdrecord |
CVE #(s): | CAN-2004-0806
|
| Created: | September 8, 2004 |
Updated: | February 21, 2005 |
| Description: |
The cdrecord utility, which is installed setuid on some distributions, fails to drop privilege before running a user-specified program. |
| Alerts: |
|
Comments (none posted)
ncompress: Buffer overflow
| Package(s): | compress uncompress ncompress |
CVE #(s): | CAN-2001-1413
|
| Created: | October 11, 2004 |
Updated: | December 14, 2004 |
| Description: |
compress and uncompress do not properly check bounds on command line
options, including the filename. Large parameters would trigger a buffer
overflow. By supplying a carefully crafted filename or other option, an
attacker could execute arbitrary code on the system. A local attacker could
only execute code with his own rights, but since compress and uncompress
are called by various daemon programs, this might also allow a remote
attacker to execute code with the rights of the daemon making use of
ncompress. |
| Alerts: |
|
Comments (none posted)
cups: information leak
| Package(s): | cups |
CVE #(s): | CAN-2004-0923
|
| Created: | October 5, 2004 |
Updated: | October 14, 2004 |
| Description: |
CUPS has an information leakage problem when printing to SMB shares
requiring authentication. |
| Alerts: |
|
Comments (none posted)
cups: denial of service
| Package(s): | cups cupsys |
CVE #(s): | CAN-2004-0558
|
| Created: | September 15, 2004 |
Updated: | October 14, 2004 |
| Description: |
Versions of cups prior to 1.1.21 contain a denial of service vulnerability in their IPP implementation. A malicious UDP packet can cause cups to stop listening to the IPP port. |
| Alerts: |
|
Comments (none posted)
cyrus-sasl: remote buffer overflow
| Package(s): | cyrus-sasl |
CVE #(s): | CAN-2004-0884
|
| Created: | October 7, 2004 |
Updated: | March 16, 2005 |
| Description: |
cyrus-sasl has a vulnerability involving a buffer overflow
in the digestmda5.c file. A remote attacker may be able
to compromise the system. Also, a local user may be able to
exploit a vulnerability by using the SASL_PATH environment
variable. |
| Alerts: |
|
Comments (none posted)
ed: Insecure temporary file handling
| Package(s): | ed |
CVE #(s): | CVE-2000-1137
|
| Created: | October 11, 2004 |
Updated: | October 13, 2004 |
| Description: |
ed insecurely creates temporary files in world-writeable directories with
predictable names. Given that ed is used in various system shell scripts,
they are by extension affected by the same vulnerability. A local attacker
could create symbolic links in the temporary files directory, pointing to a
valid file somewhere on the filesystem. When ed is called, this would
result in file access with the rights of the user running the utility,
which could be the root user. |
| Alerts: |
|
Comments (none posted)
Filename disclosure vulnerability in fam
| Package(s): | fam |
CVE #(s): | CAN-2002-0875
|
| Created: | August 19, 2002 |
Updated: | January 5, 2005 |
| Description: |
"fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible. |
| Alerts: |
|
Comments (none posted)
flim: insecure file creation
| Package(s): | flim |
CVE #(s): | CAN-2004-0422
|
| Created: | May 5, 2004 |
Updated: | December 16, 2004 |
| Description: |
The emacs "flim" mode creates temporary files in an insecure fashion, possibly allowing a local attacker to overwrite files. |
| Alerts: |
|
Comments (none posted)
Foomatic: Arbitrary command execution in foomatic-rip
| Package(s): | foomatic |
CVE #(s): | CAN-2004-0801
|
| Created: | September 20, 2004 |
Updated: | May 31, 2006 |
| Description: |
There is a vulnerability in the foomatic-filters package. This
vulnerability is due to insufficient checking of command-line parameters
and environment variables in the foomatic-rip filter. This vulnerability
may allow both local and remote attackers to execute arbitrary commands on
the print server with the permissions of the spooler. |
| Alerts: |
|
Comments (none posted)
FreeRADIUS: denial of service
| Package(s): | freeradius |
CVE #(s): | CAN-2004-0938
CAN-2004-0960
CAN-2004-0961
|
| Created: | September 22, 2004 |
Updated: | February 2, 2005 |
| Description: |
FreeRADIUS (through version 1.0.1) suffers from several denial of service vulnerabilities in its packet reception code. |
| Alerts: |
|
Comments (none posted)
Gaim: remote code execution vulnerability
| Package(s): | gaim |
CVE #(s): | CAN-2004-0500
|
| Created: | August 12, 2004 |
Updated: | October 18, 2004 |
| Description: |
The Gaim IRC client (versions 0.81 and prior) has a remote code execution vulnerability
in the MSN-protocol parsing functions. |
| Alerts: |
|
Comments (none posted)
gtk2, gdk-pixbuf: buffer overflows
| Package(s): | gdk-pixbuf gtk2 |
CVE #(s): | CAN-2004-0753
CAN-2004-0782
CAN-2004-0783
CAN-2004-0788
|
| Created: | September 15, 2004 |
Updated: | February 25, 2005 |
| Description: |
The gdk-pixbuf and gtk2 libraries contain vulnerabilities in their handling of BMP and XPM files which can lead to denial of service and, potentially, code execution attacks. |
| Alerts: |
|
Comments (none posted)
gettext: Insecure temporary file handling
| Package(s): | gettext |
CVE #(s): | CAN-2004-0966
|
| Created: | October 11, 2004 |
Updated: | March 1, 2006 |
| Description: |
gettext insecurely creates temporary files in world-writeable directories
with predictable names. A local attacker could create symbolic links in
the temporary files directory, pointing to a valid file somewhere on the
filesystem. When gettext is called, this would result in file access with
the rights of the user running the utility, which could be the root user. |
| Alerts: |
|
Comments (1 posted)
glibc: Information leak with LD_DEBUG
| Package(s): | glibc |
CVE #(s): | CAN-2004-1453
|
| Created: | August 17, 2004 |
Updated: | May 26, 2005 |
| Description: |
Silvio Cesare discovered a potential information leak in glibc. It allows
LD_DEBUG on SUID binaries where it should not be allowed. This has various
security implications, which may be used to gain confidential information.
An attacker can gain the list of symbols a SUID application uses and their
locations and can then use a trojaned library taking precedence over those
symbols to gain information or perform further exploitation. |
| Alerts: |
|
Comments (1 posted)
gnome-vfs: backend script vulnerabilities
| Package(s): | gnome-vfs |
CVE #(s): | CAN-2004-0494
|
| Created: | August 4, 2004 |
Updated: | February 21, 2005 |
| Description: |
Several scripts packaged with gnome-vfs, using its "extfs" capability, have security flaws. These scripts tend not to be used on many systems, but their presence can still be a threat. |
| Alerts: |
|
Comments (none posted)
gtkhtml: malformed messages cause crash
| Package(s): | gtkhtml |
CVE #(s): | CAN-2003-0133
CAN-2003-0541
|
| Created: | April 14, 2003 |
Updated: | April 18, 2005 |
| Description: |
GtkHTML is the HTML rendering widget used by the Evolution mail reader.
GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug
when handling HTML messages. Alan Cox discovered that certain malformed
messages could cause the Evolution mail component to crash. |
| Alerts: |
|
Comments (none posted)
imagemagick: buffer overflow vulnerability
| Package(s): | imagemagick |
CVE #(s): | CAN-2004-0827
|
| Created: | September 16, 2004 |
Updated: | November 30, 2004 |
| Description: |
The ImageMagick graphics library has several buffer overflow
vulnerabilities that allow an attacker to crash the reading process
by creating mal-formed video or image files in the AVI, BMP, or DIB format. |
| Alerts: |
|
Comments (none posted)
imlib2: buffer overflows
| Package(s): | imlib2 |
CVE #(s): | CAN-2004-0802
CAN-2004-0817
|
| Created: | September 8, 2004 |
Updated: | October 26, 2005 |
| Description: |
The imlib2 library contains buffer overflows in the BMP handling code. |
| Alerts: |
|
Comments (none posted)
iproute: local denial of service
| Package(s): | iproute net-tools |
CVE #(s): | CAN-2003-0856
|
| Created: | November 25, 2003 |
Updated: | December 14, 2004 |
| Description: |
The iproute utility is susceptible to spoofed netlink messages sent by local users, with the result that denial of service attacks are possible. |
| Alerts: |
|
Comments (none posted)
kernel information leak
| Package(s): | kernel |
CVE #(s): | CAN-2004-0415
|
| Created: | August 3, 2004 |
Updated: | October 26, 2004 |
| Description: |
Paul Starzetz discovered
flaws in the Linux kernel when handling file
offset pointers. These consist of invalid conversions of 64 to 32-bit file
offset pointers and possible race conditions. A local unprivileged user
could make use of these flaws to access large portions of kernel memory.
Note that this vulnerability affects all 2.4 kernels through 2.4.26 and 2.6 kernels through 2.6.7.
A fix for this problem was added to the fifth
2.4.27 release candidate. |
| Alerts: |
|
Comments (none posted)
kernel-utils: setuid vulnerability
| Package(s): | kernel-utils |
CVE #(s): | CAN-2003-0019
|
| Created: | February 7, 2003 |
Updated: | January 21, 2005 |
| Description: |
The kernel-utils package contains several utilities that can be used to
control the kernel or machine hardware. In Red Hat Linux 8.0 this package
contains user mode linux (UML) utilities.
The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was
incorrectly shipped setuid root. This could allow local users to control
certain network interfaces, add and remove arp entries and routes, and put
interfaces in and out of promiscuous mode.
All users of the kernel-utils package should update to these packages that
contain a version of uml_net that is not setuid root.
Alternatively, as a work-around to this vulnerability issue the following
command as root:
chmod -s /usr/bin/uml_net |
| Alerts: |
|
Comments (none posted)
lha: stack-based buffer overflow
| Package(s): | lha |
CVE #(s): | CAN-2004-0769
CAN-2004-0771
CAN-2004-0694
CAN-2004-0745
|
| Created: | September 2, 2004 |
Updated: | October 14, 2004 |
| Description: |
The lha archiving and compression utility has a
stack-based buffer overflow vulnerability. A modified
archive could allow an attacker to execute code when a victim
extracts or test the archive. |
| Alerts: |
|
Comments (none posted)
libpng: multiple vulnerabilities
Comments (1 posted)
libxml2 - arbitrary code execution
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0110
|
| Created: | February 26, 2004 |
Updated: | August 19, 2009 |
| Description: |
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
libxpm4: stack and integer overflows
| Package(s): | libxpm4 |
CVE #(s): | CAN-2004-0687
CAN-2004-0688
|
| Created: | September 16, 2004 |
Updated: | February 14, 2005 |
| Description: |
There are several stack and integer overflow bugs in
the libXpm code of XFree86 that may be used for a denial of service. |
| Alerts: |
|
Comments (none posted)
logcheck: symlink vulnerability
| Package(s): | logcheck |
CVE #(s): | CAN-2004-0404
|
| Created: | April 21, 2004 |
Updated: | December 22, 2004 |
| Description: |
The logcheck utility handles temporary files in an unsafe way, possibly allowing local attackers to overwrite files. |
| Alerts: |
|
Comments (none posted)
Midnight Commander: extfs vfs vulnerability
| Package(s): | mc |
CVE #(s): | CAN-2004-0494
|
| Created: | September 2, 2004 |
Updated: | January 5, 2005 |
| Description: |
Midnight Commander has a vfs vulnerability with shell quoting
in extfs perl scripts. |
| Alerts: |
|
Comments (none posted)
mikmod: buffer overflow
| Package(s): | mikmod |
CVE #(s): | CAN-2003-0427
|
| Created: | June 16, 2003 |
Updated: | June 16, 2005 |
| Description: |
Ingo Saitz discovered a bug in mikmod whereby a long filename inside
an archive file can overflow a buffer when the archive is being read
by mikmod. |
| Alerts: |
|
Comments (none posted)
mozilla products: arbitrary code execution and other vulnerabilities
| Package(s): | mozilla firefox thunderbird |
CVE #(s): | CAN-2004-0902
CAN-2004-0903
CAN-2004-0904
CAN-2004-0905
CAN-2004-0908
|
| Created: | September 20, 2004 |
Updated: | January 13, 2005 |
| Description: |
Several vulnerabilities exist in the Mozilla web browser and derived
products, the most serious of which could allow a remote attacker to
execute arbitrary code on an affected system. See the CERT advisory for details. |
| Alerts: |
|
Comments (none posted)
mpg123: buffer overflow bug
| Package(s): | mpg123 |
CVE #(s): | CAN-2004-0805
|
| Created: | September 16, 2004 |
Updated: | January 11, 2005 |
| Description: |
The mpg123 audio playing utility has a buffer overflow
bug that may allow arbitrary execution of code. |
| Alerts: |
|
Comments (none posted)
mpg321: format string vulnerability
| Package(s): | mpg321 |
CVE #(s): | CAN-2003-0969
|
| Created: | January 6, 2004 |
Updated: | March 28, 2005 |
| Description: |
A vulnerability was discovered in mpg321, a command-line mp3 player,
whereby user-supplied strings were passed to printf(3) unsafely. This
vulnerability could be exploited by a remote attacker to overwrite
memory, and possibly execute arbitrary code. In order for this
vulnerability to be exploited, mpg321 would need to play a malicious
mp3 file (including via HTTP streaming). |
| Alerts: |
|
Comments (none posted)
mysql: several vulnerabilities
| Package(s): | mysql |
CVE #(s): | CAN-2004-0835
CAN-2004-0836
CAN-2004-0837
|
| Created: | October 11, 2004 |
Updated: | April 6, 2005 |
| Description: |
Several problems have been discovered in MySQL. Oleksandr Byelkin noticed
that ALTER TABLE ... RENAME checks CREATE/INSERT rights of the old table
instead of the new one. (CAN-2004-0835) Lukasz Wojtow noticed a buffer
overrun in the mysql_real_connect function. (CAN-2004-0836) Dean Ellis
noticed that multiple threads ALTERing the same (or different) MERGE tables
to change the UNION can cause the server to crash or stall. (CAN-2004-0837) |
| Alerts: |
|
Comments (none posted)
netkit-telnet: invalid free pointer
| Package(s): | netkit-telnet |
CVE #(s): | CAN-2004-0911
|
| Created: | October 4, 2004 |
Updated: | March 28, 2005 |
| Description: |
Michal Zalewski discovered a bug in the netkit-telnet server (telnetd)
whereby a remote attacker could cause the telnetd process to free an
invalid pointer. This causes the telnet server process to crash, leading
to a straightforward denial of service (inetd will disable the service if
telnetd is crashed repeatedly), or possibly the execution of arbitrary code
with the privileges of the telnetd process (by default, the 'telnetd'
user). |
| Alerts: |
|
Comments (none posted)
netpbm: insecure temporary files
| Package(s): | netpbm |
CVE #(s): | CAN-2003-0924
|
| Created: | January 19, 2004 |
Updated: | December 29, 2004 |
| Description: |
netpbm is graphics conversion toolkit made up of a large number of
single-purpose programs. Many of these programs were found to create
temporary files in an insecure manner, which could allow a local
attacker to overwrite files with the privileges of the user invoking a
vulnerable netpbm tool. |
| Alerts: |
|
Comments (1 posted)
OpenOffice: information disclosure
| Package(s): | openoffice.org |
CVE #(s): | CAN-2004-0752
|
| Created: | September 15, 2004 |
Updated: | October 20, 2004 |
| Description: |
OpenOffice.org contains a temporary file handling vulnerability which can allow one local user to read the contents of another user's open files. |
| Alerts: |
|
Comments (none posted)
openssh: timing attack leads to information disclosure
| Package(s): | openssh |
CVE #(s): | CAN-2003-0190
|
| Created: | May 2, 2003 |
Updated: | November 30, 2004 |
| Description: |
From the advisory:
"During a pen-test we stumbled across a nasty bug in OpenSSH-portable
with PAM support enabled (via the --with-pam configure script switch). This
bug allows a remote attacker to identify valid users on vulnerable systems,
through a simple timing attack. The vulnerability is easy to exploit and
may have high severity, if combined with poor password policies and other
security problems that allow local privilege escalation." |
| Alerts: |
|
Comments (1 posted)
OpenSSL: denial of service vulnerabilities
Comments (1 posted)
pavuk: buffer overflow
| Package(s): | pavuk |
CVE #(s): | CAN-2004-0456
|
| Created: | June 30, 2004 |
Updated: | November 11, 2004 |
| Description: |
Versions of the pavuk web spider through 0.9.28-r1 contain a buffer overflow which could be exploited by a hostile server. |
| Alerts: |
|
Comments (none posted)
php: remotely exploitable memory errors
| Package(s): | php |
CVE #(s): | CAN-2004-0594
|
| Created: | July 14, 2004 |
Updated: | February 7, 2005 |
| Description: |
Stefan Esser has issued an advisory regarding a
remotely exploitable hole in PHP (through version 4.3.7). If the
memory_limit feature is in use (as it should be, to prevent denial
of service attacks), allocation failures can be forced at highly
inopportune times, and those failures can be exploited to execute arbitrary
code. The exploit is described as "quite easy," and it can be done
regardless of whether Apache1 or Apache2 is in use. Upgrading to PHP 4.3.8 fixes the
problem; yesterday's PHP 5.0 release also contains the fix (but the
final release candidate did not). |
| Alerts: |
|
Comments (none posted)
PuTTY: pre-authentication arbitrary code execution problem
| Package(s): | putty |
CVE #(s): | |
| Created: | August 5, 2004 |
Updated: | October 28, 2004 |
| Description: |
PuTTY, a telnet and SSH client, contains a vulnerability that
can allow an SSH server to execute arbitrary code on a connecting client.
|
| Alerts: |
|
Comments (none posted)
qt3: BMP image parser heap overflow
| Package(s): | qt3/qt3-non-mt/qt3-32bit/qt3-static |
CVE #(s): | CAN-2004-0691
CAN-2004-0692
CAN-2004-0693
|
| Created: | August 19, 2004 |
Updated: | May 15, 2005 |
| Description: |
A heap overflow in the qt3 BMP image format parser in Qt versions prior to 3.3.3 may allow remote code execution. |
| Alerts: |
|
Comments (none posted)
rp-pppoe, pppoe: missing privilege dropping
| Package(s): | rp-pppoe, pppoe |
CVE #(s): | CAN-2004-0564
|
| Created: | October 4, 2004 |
Updated: | November 15, 2005 |
| Description: |
Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet
driver from Roaring Penguin. When the program is running setuid root
(which is not the case in a default Debian installation), an attacker
could overwrite any file on the file system. |
| Alerts: |
|
Comments (none posted)
rsync: path-sanitizing bug
| Package(s): | rsync |
CVE #(s): | CAN-2004-0792
|
| Created: | August 16, 2004 |
Updated: | November 1, 2004 |
| Description: |
This August 2004 rsync
advisory reports that there is a path-sanitizing bug that affects
daemon mode in all recent rsync versions (including 2.6.2) but only if
chroot is disabled. It does NOT affect the normal send/receive filenames
that specify what files should be transferred (this is because these names
happen to get sanitized twice, and thus the second call removes any
lingering leading slash(es) that the first call left behind). It does
affect certain option paths that cause auxilliary files to be read or
written. |
| Alerts: |
|
Comments (none posted)
ruby: insecure file permissions
| Package(s): | ruby |
CVE #(s): | CAN-2004-0755
|
| Created: | August 16, 2004 |
Updated: | October 14, 2004 |
| Description: |
Andres Salomon noticed a problem in the CGI session management of Ruby, an
object-oriented scripting language. CGI::Session's FileStore (and
presumably PStore, but not in Debian woody) implementations store session
information insecurely. They simply create files, ignoring permission
issues. This can lead an attacker who has also shell access to the
webserver to take over a session. |
| Alerts: |
|
Comments (none posted)
samba: unauthorized file access
| Package(s): | samba |
CVE #(s): | CAN-2004-0815
|
| Created: | October 1, 2004 |
Updated: | October 14, 2004 |
| Description: |
A security vulnerability has been located in Samba 2.2.x <= 2.2.11 and
Samba 3.0.x <= 3.0.5. A remote attacker may be able to gain access to files
which exist outside of the share's defined path. Such files must still be
readable by the account used for the connection.
According to this errata only Samba 3.0.x
<= 3.0.2a contains the exploitable code. |
| Alerts: |
|
Comments (none posted)
sharutils: arbitrary code execution
| Package(s): | sharutils |
CVE #(s): | CAN-2004-1772
|
| Created: | October 1, 2004 |
Updated: | April 26, 2005 |
| Description: |
sharutils contains two buffer overflows. Ulf Harnhammar discovered a buffer
overflow in shar.c, where the length of data returned by the wc command is
not checked. Florian Schilhabel discovered another buffer overflow in
unshar.c. An attacker could exploit these vulnerabilities to execute
arbitrary code as the user running one of the sharutils programs. |
| Alerts: |
|
Comments (none posted)
sox: buffer overflow
| Package(s): | sox |
CVE #(s): | CAN-2004-0557
|
| Created: | July 28, 2004 |
Updated: | February 21, 2005 |
| Description: |
Sox suffers from buffer overflows in its WAV file handling; these overflows could conceivably be exploited by way of a malicious sound file. |
| Alerts: |
|
Comments (none posted)
SpamAssassin: Denial of Service vulnerability
| Package(s): | spamassassin |
CVE #(s): | CAN-2004-0796
|
| Created: | August 9, 2004 |
Updated: | August 11, 2005 |
| Description: |
SpamAssassin contains an unspecified Denial of Service vulnerability. By
sending a specially crafted message an attacker could cause a Denial of
Service attack against the SpamAssassin service. |
| Alerts: |
|
Comments (none posted)
squid: denial of service vulnerability
| Package(s): | squid |
CVE #(s): | CAN-2004-0918
|
| Created: | October 7, 2004 |
Updated: | November 8, 2004 |
| Description: |
Squid has a potential denial of service vulnerability
and a problem with readable passwords due to incorrect
permissions on the squid.conf file. |
| Alerts: |
|
Comments (none posted)
Subversion: Remote heap overflow
| Package(s): | subversion |
CVE #(s): | CAN-2004-0413
|
| Created: | June 11, 2004 |
Updated: | March 7, 2005 |
| Description: |
Subversion has a remote Denial of Service vulnerability
that may allow a server that runs svnserve to execute
arbitrary code. See this advisory for more information. |
| Alerts: |
|
Comments (none posted)
subversion: metadata information disclosure
| Package(s): | subversion |
CVE #(s): | CAN-2004-0749
|
| Created: | September 23, 2004 |
Updated: | November 4, 2004 |
| Description: |
The subversion version control system has vulnerabilities
in the handling of metadata such as log file entries related
to using mod_authz_svn. |
| Alerts: |
|
Comments (none posted)
File overwrite vulnerability in tar and unzip
| Package(s): | tar unzip |
CVE #(s): | CAN-2001-1267
CAN-2001-1268
CAN-2001-1269
CAN-2002-0399
|
| Created: | October 1, 2002 |
Updated: | April 10, 2006 |
| Description: |
The tar utility does not properly filter file names containing
"../", meaning that a hostile archive can, if unpacked by an
unsuspecting user, overwrite any file that is writable by that user. GNU
tar versions 1.13.19 and earlier are vulnerable; unzip through version 5.42
has the same vulnerability. |
| Alerts: |
|
Comments (1 posted)
tiff: buffer overflows
| Package(s): | tiff |
CVE #(s): | CAN-2004-0803
|
| Created: | October 13, 2004 |
Updated: | April 12, 2005 |
| Description: |
The tiff library contains several buffer overflows which may be exploited
by way of maliciously-crafted image files. See this advisory for more information. |
| Alerts: |
|
Comments (none posted)
wv: buffer overflow
| Package(s): | wv |
CVE #(s): | CAN-2004-0645
|
| Created: | July 14, 2004 |
Updated: | February 10, 2005 |
| Description: |
wv, a viewer for MS Word files, contains a buffer overflow which may be exploited by a suitably-crafted file. Version 1.0.0-r1 fixes the problem. |
| Alerts: |
|
Comments (none posted)
XChat 2.0.x SOCKS5 Vulnerability
| Package(s): | xchat |
CVE #(s): | CAN-2004-0409
|
| Created: | April 19, 2004 |
Updated: | November 15, 2005 |
| Description: |
XChat is vulnerable to a stack overflow that may allow a remote attacker to
run arbitrary code. The SOCKS 5 proxy code in XChat is vulnerable to a
remote exploit. Users would have to be using XChat through a SOCKS 5
server, enable SOCKS 5 traversal which is disabled by default and also
connect to an attacker's custom proxy server. This vulnerability may allow
an attacker to run arbitrary code within the context of the user ID of the
XChat client. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflows
| Package(s): | xine-lib |
CVE #(s): | CAN-2004-1379
|
| Created: | September 22, 2004 |
Updated: | April 10, 2006 |
| Description: |
xine-lib (through version 1_rc6) contains buffer overflows in the subtitle parsing and DVD sub-picture decoder code. |
| Alerts: |
|
Comments (none posted)
xine-ui - insecure temporary file creation
| Package(s): | xine-ui |
CVE #(s): | CAN-2004-0372
|
| Created: | April 6, 2004 |
Updated: | April 27, 2006 |
| Description: |
Shaun Colley discovered a problem in xine-ui, the xine video player
user interface. A script contained in the package to possibly remedy
a problem or report a bug does not create temporary files in a secure
fashion. This could allow a local attacker to overwrite files with
the privileges of the user invoking xine. |
| Alerts: |
|
Comments (none posted)
zlib: denial of service
| Package(s): | zlib |
CVE #(s): | CAN-2004-0797
|
| Created: | August 25, 2004 |
Updated: | June 10, 2005 |
| Description: |
Versions 1.2.x of the zlib library contain an error handling vulnerability which can enable denial of service attacks. |
| Alerts: |
|
Comments (none posted)
Resources
Bruce Schneier's CRYPTO-GRAM newsletter for October is out, with articles
on disclosing network outage information, license plate scanners, academic
freedom, and RFID passports. "
Normally I am very careful before I ascribe such sinister motives to a
government agency. Incompetence is the norm, and malevolence is much
rarer. But this seems like a clear case of the government putting its
own interests above the security and privacy of its citizens, and then
lying about it."
Full Story (comments: 19)
Page editor: Jonathan Corbet
Kernel development
The current 2.6 kernel is 2.6.9,
released, at last on October 18. Very
few fixes were merged since
2.6.9-final,
which, in turn, contained only a small number of changes since 2.6.9-rc4.
The -final naming scheme drew a few complaints, to which Linus responded
"I'm a retard." One assumes he will not do that again.
For
those just tuning in, 2.6.9 includes a lot of NTFS updates, block I/O
barrier support, a patch allowing unprivileged process to lock small
amounts of memory in RAM, a new USB storage driver, cluster-wide file
locking infrastructure, completely out-of-line spinlocks, AMD dual-core
support, support for the POSIX waitid() system call, KProbes, USB "on
the go" support, the "flex mmap" user-space
memory layout, m32r architecture support, a bunch of latency-reduction
work, and lots of fixes.
See the (lengthy) changelog for a full list of
changes since 2.6.8.
There have been no 2.6.10 prepatches released yet, but the floodgates have
certainly opened; several hundred changesets have found their way into
Linus's BitKeeper repository. These include a set of SCSI updates, a big
rework of the IRQ subsystem (pulling lots of duplicated code into a single,
generic core - no functional changes), some software suspend fixes, a
number of scheduler tweaks, CDRW packet writing support, switchable and
loadable I/O schedulers, a new version of
the completely fair queueing (CFQ) I/O scheduler, the removal of the
(unused) wake_up_all_sync() function, a simple generic circular
buffer implementation, a big USB update, version 17 of the wireless
extensions API, the kernel events notification mechanism, a patch changing
the core device model function exports to GPL-only, a PCI subsystem update,
the BSD "secure levels" security module, and lots of fixes.
Andrew Morton has not released any -mm patches over the last week.
The current 2.4 prepatch is still 2.4.28-pre4; Marcelo has not
released any prepatches since October 8.
Comments (8 posted)
Kernel development news
On a side note, the GPL buyout previously offered has been
modified. We will be contacting individual contributors and
negotiating with each copyright holder for the code we wish to
convert on a case by case basis....
SCO has contacted us and identifed [sic] with precise detail and factual
documentation the code and intellectual property in Linux they
claim was taken from Unix. We have reviewed their claims and they
appear to create enough uncertianty [sic] to warrant removal of the
infringing portions.
-- Jeff Merkey, of course.
Yes, I can reveal them. All of XFS, All of JFS, and All of the SMP
Support in Linux. I have no idea what the hell RCU is and when I
find it, I'll remove it from the code.
-- Yes, him again.
Sorry, couldn't resist; we'll stop now.
Comments (11 posted)
A large number of patches have already been merged and will show up in the
first 2.6.10 prepatch. Some of those have been covered on this page
before, but others have not. As a way of catching up with current events,
we'll take a quick look at a few of these patches.
CFQ v2
The completely fair queueing (CFQ) I/O scheduler endeavors to get good
performance from block devices while dividing the available bandwidth
equally between the processes contending for each device. 2.6.10 will
contain a major rework of the CFQ scheduler, called "CFQ v2." Some of
the changes in this version are:
- Process I/O context information is maintained for the lifetime of each
process, rather than just for the periods when the process has
outstanding I/O. This change fixes some starvation scenarios which
came up with CFQ v1.
- Grouping of processes can be done by user ID, group ID, thread group,
or process group; the policy in force can be changed at runtime.
- Request ordering is more strictly enforced as a way of limiting the
maximum latency experienced by any given request.
- Small backward seeks are occasionally allowed if they look like they
will improve responsiveness.
The code is also more heavily commented; author Jens Axboe says that was
done to increase its AAF - "akpm acceptance factor." AKPM is Andrew
Morton, who has been known to complain about insufficiently commented
kernel submissions.
Simple circular buffers
Circular buffers are a common data structure in the kernel, but there has
never been a generic implementation available for use. Stelian Pop decided
to change that; he was almost certainly surprised, however, by the large number of
iterations it took to respond to all the comments he got. In the end, this
effort showed the value of having a single, generic implementation in the
kernel. Even a data structure as simple as a circular buffer can be tricky
to implement correctly; it makes no sense for every developer to go through
that process each time a new one is needed. With a single, well-reviewed
implementation, the chances of it being truly correct are much better.
A circular buffer is represented by struct kfifo, defined in
<linux/kfifo.h>. A staticly-allocated buffer can be
initialized with kfifo_init(), or allocation and initialization
can be performed together with kfifo_alloc():
struct kfifo *kfifo_init(unsigned char *buffer, unsigned int size,
int gfp_mask, spinlock_t *lock);
struct kfifo *kfifo_alloc(unsigned int size, int gfp_mask,
spinlock_t *lock);
Either way, size is the desired size of the buffer (in bytes, must
be a power of two), gfp_mask is a set of GFP_ flags
controlling how memory allocations will be performed, and lock is
a spinlock which will be used to serialize access to the data structure.
The functions for moving data into and out of the buffer are:
unsigned int kfifo_put(struct kfifo *fifo, unsigned char *buffer,
unsigned int len);
unsigned int kfifo_get(struct kfifo *fifo, unsigned char *buffer,
unsigned int len);
These functions move at most len bytes between the structure and
buffer; the actual number of bytes transferred is returned. The
number of bytes currently stored in a circular buffer can be obtained by
passing it to kfifo_len(), and a buffer may be flushed by passing
it to kfifo_reset(). A dynamically-allocated buffer may be
returned to the system with kfifo_free(); there does not seem to
be a way to free memory from staticly-allocated buffers.
Kernel events
The kernel events notification mechanism has been covered here a couple of
times. This code provides a way for user-space processes to learn about
important events by way of a netlink socket. The final form of the event
generation interface (for now) is:
int kobject_uevent(struct kobject *kobj, enum kobject_action action,
struct attribute *attr);
The kobject describes where the interesting event happened. For the one
explicit use currently in the kernel (filesystem mount and unmount events),
the kobject corresponds to the disk partition involved. action is
a small set of possible events; it is currently one of KOBJ_ADD,
KOBJ_REMOVE, KOBJ_CHANGE, KOBJ_MOUNT, and
KOBJ_UMOUNT. The "add" and "remove" actions are generated along
with hotplug events; "change" describes attribute value changes, and
"mount" and "unmount" are for filesystem events. The final parameter
(attr) is an optional attribute of the given kobject which
provides further information.
The patches merged also modify how hotplug events are handled; such events
now are reported in two ways: via the new events mechanism and through an
invocation of /sbin/hotplug.
Comments (2 posted)
In
last week's episode, we saw the release
of a number of patches intended to bring (something closer to) realtime
response to the standard Linux kernel. The level of activity in this area
remains high; here is what has been happening over the last week.
Bill Huey of LynuxWorks surfaced to
announce that he, too, has been working on realtime preemption; his patches
are available at mmlinux.sourceforge.net.
Mr. Huey seemed a bit annoyed at the posting from MontaVista which started
the current discussion; his version, it seems, has been working for some
months. But, by his own admission, he had
been sitting on the patches for some time as a result of the "commercial
development attitude" at his employer. "Release early" is the kernel
developers' mantra for a reason.
The mmlinux patch resembles the others, in that it turns all spinlocks into
semaphores and makes most critical sections preemptible. It includes a
threaded interrupt handler patch from TimeSys, and uses standard Linux
semaphores, without priority inheritance. See the mmlinux release announcement for more
information.
The folks at MontaVista must be feeling a bit like their own vehicle has
taken off and left them behind. Even so, Daniel Walker announced a new MontaVista realtime patch,
based on Ingo Molnar's work. It includes an architecture-independent mutex
implementation (but still different from regular Linux kernel semaphores),
and some latency tracing code.
The real work, however, continues to be done by Ingo Molnar; he has been
releasing patches at such a rate that some
developers working on slower systems may have trouble simply compiling them
before the next one comes out. Ingo's focus has been the
elimination of the (numerous) remaining spinlocks, especially those outside
of the core kernel. The current situation, as he put it, is "an
opt-in model to correctness which is bad from a maintenance and upstream
acceptance point of view." With his current patches (the latest is
RT-2.6.9-rc4-mm1-U8 as of this writing, but
that is likely to have changed by the time anybody reads this), over 90% of
the raw spinlock calls have been removed, and most non-core subsystems are
entirely free of spinlocks. At least, that is the case when realtime
preemption is configured into the kernel; without that option, the
situation is mostly unchanged.
To get to that point, Ingo had to make changes to a number of Linux mutual
exclusion primitives which got in the way. One of those is per-CPU
variables, which are based around the idea that, as long as each processor
only works with its own copy of a variable, no locking is required to make
that work safe. That assumption only holds, however, if threads are not
preempted while manipulating per-CPU variables. So using a per-CPU
variable requires disabling preemption, which runs counter to the whole
"make everything preemptible" idea. To address this problem, Ingo
introduced a new "locked" per-CPU variable type:
DEFINE_PER_CPU_LOCKED(type, name);
get_cpu_var_locked(var, cpu);
put_cpu_var_locked(var, cpu);
Threads which use the "locked" type of per-CPU variable can be preempted
while working with that variable - they can even be shifted to a different
processor while sleeping. The result could be a thread updating the
"wrong" processor's version of the variable. The lock will prevent race
conditions, however, so, as Ingo puts it,
"'statistically' the
variable is still per-CPU and update correctness is fully
preserved."
Then, there is the issue of read-copy-update, which also depends on
threads not being preempted while they hold a reference to RCU-protected
data. Ingo's approach here was, essentially, to dump RCU in the realtime
case and just go back to regular locking. This change is hard to do in any
sort of automatic way, however, because the RCU read locking primitive
(rcu_read_lock(), which, normally, just disables preemption) does
not identify which data is being protected. So converting RCU code
requires picking out a spinlock or semaphore which can be used to prevent
races with writers, and to change the rcu_read_lock() calls to one
of the many new variants:
rcu_read_lock_sem(struct semaphore *sem);
rcu_read_lock_down_read(struct rwsem *sem);
rcu_read_lock_spin(spinlock_t *lock);
...
This API, Ingo notes, is still in flux. There does not seem to have been
any benchmarking done yet to determine what effect these changes have on the
scalability issues RCU was created to address.
Atomic kmaps were another problem. An atomic kmap is a mechanism used to
quickly map a high memory page into the kernel's address space. It is, for
all practical purposes, an implementation of per-CPU page table entries,
and it has the same preemption issues. The solution here was the addition
of a new function (kmap_atomic_rt()) which turns into a regular,
non-atomic kmap when realtime preemption is enabled. In this case (as with
many of the others) the low-latency imperative brings a small overall
performance cost.
As a sort of side project, many users of semaphores in the kernel were
changed over to the completion mechanism.
Some new completion functions have been added to help with that process:
int wait_for_completion_interruptible(struct completion *c);
unsigned long wait_for_completion_timeout(struct completion *c,
unsigned long timeout);
unsigned long wait_for_completion_interruptible_timeout(struct completion *c,
unsigned long timeout);
Quite a few other changes have gone in, but the idea should be clear by
now: a vast number of changes are being made to the kernel's fundamental
assumptions about locking and the execution environment. Few readers will
be surprised to learn that the brave souls testing these patches have been
encountering significant numbers of bugs. Those bugs are being squashed in
a hurry, though, to the point that Ingo can say:
...this is i believe the first correct conversion of the Linux kernel
to a fully preemptible (fully mutex-based) preemption model, while
still keeping all locking properties of Linux.
I also think that this feature can and should be integrated into
the upstream kernel sometime in the future. It will need
improvements and fixes and lots of testing, but i believe the basic
concept is sound and inclusion is manageable and desirable.
The interesting thing is that nobody has come forward to challenge that
statement. As the realtime preemption patches become more stable, and the
pressure for their inclusion starts to build, that situation may well
change. It is hard to imagine a patch this intrusive going in without some
sort of fight - especially when many developers are far from convinced
about the goal of supporting realtime applications in Linux to begin with.
Comments (none posted)
It's hard to turn down an opportunity to give Rusty Russell some grief, so
let's take a moment to review
a comment he
posted on LWN in 2003:
Regarding module_param(): MODULE_PARM() will certainly stay
throughout the 2.6 series, so no need to change existing code just
yet.
Those who held off on changing their out-of-tree modules may want to do so
now. Rusty has sent out a patch marking
MODULE_PARM() obsolete in preparation for its removal from the
kernel. A set of companion patches deals with many of the remaining
MODULE_PARM() uses in the mainline tree.
MODULE_PARM() declares parameters for loadable modules; these
parameters can be changed when the module is loaded to affect its
operation. One of the many changes that came with the new module loader in
the 2.5 series was a new mechanism (module_param()) for declaring
module parameters. The new scheme has a number of advantages over the old
one: it is type safe, it allows module parameters to be represented (and
changed) in sysfs, and it provides a flexible mechanism for new types of
parameters. But, since the older way continued to work, many modules were
never updated.
Under the old development model, things probably would have gone as Rusty
suggested: MODULE_PARM() would have remained through the 2.6 series
in order to avoid breaking things. The new development model lacks the
same sort of obvious demarcation point where compatibility can be broken,
so those changes end up going into the regular patch stream. This is
especially true of internal API changes, where there never has been a
guarantee of any sort of continuity, even in an old-style stable series.
So some of these changes are coming more quickly than some developers might
have expected.
With regard to MODULE_PARM, The current patches in circulation
suggest that the time to update to module_param() is running out.
Consider yourself warned.
Comments (5 posted)
Patches and updates
Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Architecture-specific
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
Although much less glamorous than the desktop or server distributions,
Linux-based firewalls have proven themselves as reliable workhorses
capable of turning many an old computer into useful appliances,
guarding corporate and home networks from bad elements traversing the
cyberspace. Among them, IPCop Firewall and Devil-Linux are just two
examples of the power behind collaborative efforts of developers across
the Internet. Both projects provide simple, yet powerful products
contributing to greater peace of mind in our ever more complex,
inter-connected world of computers.
IPCop 1.4.0
IPCop Firewall, launched in 2001 as
a fork of SmoothWall, is developed by Charles Williams and a small
group of developers who found themselves disenchanted with the attitude
of some of the SmoothWall developers on their support forums. Starting
with the recently released version 1.4.0, IPCop is now built from
ground up and based on Linux From Scratch. The developer's mission is
simple: to provide a free, stable and secure Linux firewall that is
highly configurable and easy to maintain. With some of the press
reviews rating IPCop higher than certain expensive commercial firewall
products, the IPCop developers have certainly succeeded in achieving
their goal.
The size of the IPCop ISO image, at 40 MB, leaves little doubt about the
specialist nature of this distribution. It offers packet filtering,
VPNs, a caching web proxy, DNS, DHCP and time server, traffic shaping,
and intrusion detection, but not much else. System administration is
done through a web browser over the network using a secure connection.
IPCop is designed to run on a dedicated box with as little as 300 MB of
hard disk space and 32 MB of RAM, but it can also be installed on a
compact flash card and run as a network appliance. The sophisticated
web-based configuration interface provides many useful functions,
including password modification and secure shell access settings,
firewall and VPN configuration, and management of services. Security
updates and fixes can also be installed through the web interface.
IPCop 1.4.0 is the project's first stable release in 18 months. A lot of
work has gone into this version, which is now available for both i386
and Alpha processors. Hardware support has been extended considerably
to include more network cards, USB and PCI DSL modems, as well as SCSI
and PCMCIA hardware. ACPI and multi-processor systems are now also
supported. In terms of new software, Snort has been included for
intrusion detection and most packages are now compiled with the GCC
Stack Smashing Protector. The web-based interface has been redesigned,
offering enhanced log viewing, DHCP and host editing, as well as newly
introduced system performance graphs. This version of IPCop has
excellent multi-lingual capabilities, inclusive of some exotic
languages, such as Hungarian and Vietnamese.
Devil-Linux 1.2
Devil-Linux started as a
personal project of Heiko Zuerker in early 2001. It departed from the
established ways of developing a Linux distributions in that
Devil-Linux was a live CD, meant to be run directly from a bootable
CD-ROM. As such, argued the lead developer, it offered more security,
simply because it ran from a read-only file system. Therefore, certain
common cracking techniques, such as installing a rootkit on the target
machine for cracking passwords, were not available to intruders. Many
users found this technique intriguing and Devil-Linux matured into a
popular distribution.
The scope of Devil-Linux is a lot broader than that of IPCop. Besides
the usual firewall and router software, Devil-Linux also ships with a
web server (Apache 2 + MySQL + PHP), mail server with TLS support and
spam and virus filtering (Postfix TLS + SpamAssassin + ClamAV), FTP
server (vsftpd), and a number of other server applications. However,
all services, including networking, are turned off by default. System
configuration is accomplished via a ncurses-based menu. One of the most
interesting features of this distribution is the ability to easily add
or remove applications with the help of a Devil-Linux build kit, a
well-documented procedure for customizing and building one's own live
CD.
Devil-Linux 1.2 is the first major upgrade in a year. Besides kernel
(2.4.27) and package version updates, there are several noteworthy
security enhancements in this release - notably the Stack Smashing
Protection for most binaries included on the CD, and the GRSecurity
patch for the kernel, with chroot restrictions, address space
modification protection, and randomization features. Additionally,
Devil-Linux provides an easy way to setup chroot jails and supplies a
number of Netfilter modules not found in the standard kernel.
Comments (2 posted)
Distribution News
The final version of Ubuntu 4.10 ("Warty Warthog") has been released. "
Ubuntu is a new Linux distribution that brings together the extraordinary
breadth of Debian with a fast and easy install, regular releases (every
six months), a tight selection of excellent packages installed by default
and a commitment to security updates with 18 months of security and
technical support for every release." The Ubuntu folks even offer
to mail a CD to interested users for free; click below for the details.
Full Story (comments: 6)
Version 2.2 of the OpenPKG meta-distribution is available. "
Since the previous release four months ago, the OpenPKG package
repository has grown by 10%. A subset of 528 packages were carefully
selected for inclusion into the OpenPKG 2.2 release, including the
latest versions of popular Open Source Unix software like Apache,
Bash, BIND, GCC, INN, Mozilla, MySQL, OpenSSH, Perl, Postfix,
PostgreSQL, Samba, Squid, teTeX and Vim."
Full Story (comments: none)
The
seventh
issue of Ubuntu Traffic is out, with summaries of discussions regarding
the Ubuntu distribution. Covered topics include "installer preseeding,"
the Ubuntu Preview live CD, and more (but no word on the controversy over
the new
artwork).
Comments (6 posted)
The Gentoo Weekly Newsletter for the week of October 18, 2004 looks at the
upcoming 2004.3 release and covers several other topics.
Full Story (comments: none)
Raphaël Hertzog has
announced the
availability of the the first French book about Debian.
The Debian Weekly News for October 19, 2004
covers Raphaël's new book, a report about using Knoppix for system
recovery, the launch of the Debian GIS sub-project, the debian-legal
discussion of the Academic Free License, and several other topics.
The Debian project will be present at
several conferences and exhibitions in Europe, including Systems in Munich,
Germany, Berlinux in Berlin, Germany, OS04 in Graz, Austria, LinuxWorld
Conference & Expo in Frankfurt/Main, Germany, and more.
Comments (none posted)
The
DistroWatch
Weekly for October 18, 2004 looks at the Anaconda installer, features
the Devil-Linux live firewall and looks forward to the release of FreeBSD
5.3, hopefully next week.
Comments (none posted)
New Distributions
knopILS is a customized version of
Knoppix that has an Italian boot prompt, default keyboard, and default
language. Each .deb package installed belongs to the free tree of Debian
GNU/Linux, or could be classified as such if it is not an official
one. Localized .deb files are present when available, and minor changes
were made to graphics. Version 0.7 was released this week.
Comments (none posted)
Thanks to a tip from Fred Mobach we've added
XenoLinux to our
List of Linux Distributions, in the
special purpose category. Xen is a virtual machine monitor for x86 that
supports execution of multiple guest operating systems. Xen is Open Source
software, released under the terms of the GNU General Public License.
XenoLinux is a fully functional port of Linux, 2.4 and 2.6, running over
Xen, for a virtual general purpose Linux server.
Comments (none posted)
Minor distribution updates
The Aurora Sparc Project has a full set of sparc packages that match up to
Fedora Core 2, and its name is Tangerine. Click below for more information.
Full Story (comments: none)
Heiko Zuerker has announced
Devil-Linux v1.2. The changes
include Kernel 2.4.27, many program updates, printing support, 32 MB systems
are supported again, Apache HTTP Server, PHP, and many many other changes.
Full Story (comments: none)
Ewrt, a Linux
distribution for the Linksys WRT54G, has released
v0.2-final.
"
Changes: Many build fixes and nocat fixes. PMTU, cron, and check_ps
have been fixed."
Comments (none posted)
Fedora Core 2 updates:
Comments (2 posted)
H3Knix, a small desktop
distribution, has released
v1.6.
"
Changes: This release adds a new init, faster startup base
modifications, better performance, updated applications, a new installation
disk, and easier/faster installation scripts."
Comments (none posted)
INSERT (INside
SEcurity Rescue Toolkit) has released
v1.2.16.
"
Changes: This release upgrades to kernel 2.4.27 (again with the
backported NTFS drivers from the Linux-NTFS-project). A bunch of packages
have been updated and a few were added. Also, a few bugs were fixed,
notably the often-not- working WLAN configuration (wrong PCMCIA
config)."
Comments (none posted)
Linux Live, a project that
provides scripts for building a live CD, has released
v4.2.4.
"
Changes: One function in liblinuxlive was fixed. It could return an
incomplete list of library dependencies, resulting in a LiveCD that didn't
boot. A new "installimg" script has been created in /tools/. A toram boot
option has been added as a synonym for copy2ram."
Comments (none posted)
TopologiLinux has
released
v5.0.0.
"
Changes: Colinux was integrated, making it possible to run
TopologiLinux from within Windows. A new grub-based boot manager was also
added. The installation was rewritten and new scripts were included. The
packages were upgraded to Slackware 10 with updates until 14 October
2004. Demo and full versions are now available - the demo is about 350MB
and contains X, KDE, networking, and libraries, while the full version is
supplied on two CDs."
Comments (none posted)
Newsletters and articles of interest
Federal Computer Week
takes
a look at Trusted Linux. "
TCS officials expect Trusted Linux to
be certified under Common Criteria at Evaluation Assurance Level 4,
[TCS COO Ed] Hammersla said. The EAL scale runs from 1 to 7, and 7 is the
highest score. TCS officials plan to begin beta testing Trusted Linux this
fall, Hammersla said. The operating system will form the foundation of a
trusted computing base, a system of software, hardware and firmware that
enforces a unified security policy."
Comments (none posted)
Distribution reviews
LinuxPlanet
takes the
UserLinux beta for a test drive. "
UserLinux is a Linux
distribution with very high aspirations. Founded and backed by Linux
luminary Bruce Perens, part of the UserLinux mission is to repair the
economic paradigm of enterprise Linux. The recently released UserLinux Beta
1 is perhaps a tangible small step on the path toward achieving its lofty
ambitions."
Comments (none posted)
Page editor: Rebecca Sobol
Development
October 20, 2004
This article was contributed by Dave Fancella
Transcode
(also available here),
is the knock-out punch of video processing tools under
Linux. What began life as an AVI-file transcoding tool has blown up
into a general purpose video processing tool that is capable of taking
virtually any video file and encoding it to any other video codec. If
you've ever tried to coerce
MPlayer
or its accompanying Mencoder into doing any sort of work, then you're
familiar with what transcode does on a small scale. Like MPlayer,
transcode does everything conceivable within its paradigm.
I stumbled across transcode under some interesting circumstances.
A year ago I tried to coerce Mencoder into making MPEG files that I
could image with VCDImager
so I could burn my collection of Hitchhiker's Guide to the
Galaxy TV episodes to SVCD. In doing so I downloaded a virtual metric ton
of
yuvscaler,
mpeg2enc,
and all sorts of other tools. I literally filled up my home directory
trying to build the toolchain that every Linux/SVCD How-To instructed
me to build. None of them built, and I wasted many hours at it.
More recently I was fooling around with
KDEnlive,
trying to determine on a whim whether or not I could actually edit
movies with it. I've entertained a fantasy about chaining the Back
in the Red series of Red Dwarf episodes into one long movie. After
wasting several hours by not reading the fine manual, I learned that
to work KDEnlive I needed input files in the venerable DV format.
Not knowing what DV was, I Googled it. DV, of course, is what your
digital camcorder gives you. Upon learning that, I went in search of
a tool that would convert the MPEG files I had to DV, so I could make
a poor man's Red Dwarf movie. I found transcode, and it appeared to be
the only tool that even came close to what I was trying to do at that
particular moment in time. So I started reading the documentation and
quickly discovered that transcode, with the help of only some of the
toolchain I had previously tried to build, would make the SVCD-compatible
MPEGs I needed to burn off my Hitchhiker's collection. I found
the missing pieces by doing a quick search
through the available Mandrake packages, and I completely
forgot about making DV files. Instead, three hours later I finally burned
my first SVCD in the first truly productive tangent I had taken in months.
It was the first episode of the Hitchhiker's Guide to the Galaxy.
I was amazed, to say the least. My wife had to physically stop me
from bouncing off the walls.
Transcode works by utilizing a heavy plugin-based architecture.
Everything transcode does is with a plugin of some sort. First it
decodes the video/audio stream to an internal format. Then you can
have it process the stream internally, if you wish. Then it streams
to an output plugin where you can do additional processing before/during
the final encoding.
This web page has a pretty picture
that's worth a lot more than a thousand words.
The transcode documentation is fairly thin if you don't already know a lot
about video processing, but it is pretty complete otherwise. There
are numerous man pages for each tool bundled with transcode, but there
isn't a lot of information on the web to help you get started.
Conversely, there are two mailing lists specifically for transcode that
will help you solve virtually any problem you encounter, and there are
also several Linux distribution mailing lists where you'll find most of
the problems you may encounter already solved. After reading the
documentation, I realized I hadn't actually learned anything. This is
mostly due to the fact that I know next to nothing about video processing.
I can list a few codecs and almost know what I'm talking about, and
I'm fairly well acquainted with the standards for VCDs and SVCDs.
I can also use the word "multiplex" in a conversation and sound like
I know what it means. Other than that, I felt like I had been drop-kicked
into a rugby match. So I went looking for the idiot guides and found
them. They are thin on details, but thick on command line examples,
so I was pretty confident I could convince transcode to make my SVCD
for me. I also felt pretty certain I knew exactly what I needed to
make it work.
Armed with this new information, I searched my package manager looking
for the mjpeg-tools that I had previously wasted so much time trying to
build. I didn't expect to find them, so it was a happy surprise that I
only had to install a package rather than build a tool chain. Then I
searched for VCDImager
and cdrdao,
the two tools you need to build and burn an SVCD image.
I still had to build the multiplexer, but luckily this time it built and
installed without any trouble. I finally felt like I was ready to make
an SVCD, and at long last I thought I was finally going to see if the
light at the end of the tunnel was really a train. I estimated that I
was only about halfway through the process at this time, figuring it
would still take me at least as long to figure out how to get each tool
to do its part.
I was really wrong about how much time I had left on this tangent.
Using the provided command line examples for transcoding an AVI file
to an MPEG file compliant with the SVCD standard was a matter of copy,
paste, and light edit. Then I waited about an hour for my slow-as-lava
machine to finish working on it.
Next, I ran VCDImager with a command line created by doing a
simple copy and paste operation.
I followed that up with another feat of
middle-clicking the terminal, waited another half-hour and then told
my 4 year old to put the CD back in the tray, it was done.
Then I relaxed, got some iced tea, grabbed two of my kids, and sat back
to watch Arthur Dent lay in front of the bulldozer and pat myself on
the back for doing such a good job of copy and paste.
Transcode is an interesting tool. It builds
easily without dependency problems. It is also provided in packages
for most distributions. Packages are available for
Fedora, SuSE, and Gentoo. I assume Debian packages are available, I
generally assume Debian has a package for anything I find until proven
otherwise.
Google even showed me a
fink package for it.
I was mystified, however, by the fact that I had never
uncovered this tool before.
I had literally spent days searching for something to convert my
AVI files to SVCD-styled MPEGs and turned up nothing. The best I could
hope for was a bash script bundled with MPlayer that probably only works
on the machine it was written on. So I Googled transcode and turned up
the kind of search results that tell you its time to bury the tarball
with a nice-looking headstone. Upon taking a closer look I found that
most of what I was seeing was recent, and there is even transcode news
on both of its homepages that are recent enough to indicate vitality.
I can't account for how it seems to have just appeared like it fell
through a wormhole from another dimension in time to send me careening
back into the tunnel which can only end in a train.
Transcode is about as full-featured as you
would expect from a solid command-line video processor. It supports
every codec under the sun, both as input and as output. This support
includes MPEG (all flavors), still pictures, Ogg Theora, DivX, Xvid,
QuickTime MOV, and more.
Transcode's supported audio formats includes PCM, AC3, Ogg
Vorbis, MP3 (with Lame), and others.
The maximum video resolution transcode will work with is 1920x1088.
It also comes with a bunch of
tools that fulfill a number of uses, such as merging/splitting AVI files,
fixing broken AVI files and indexes, and probing media files so you can
determine the best way to encode them. You can rip DVDs with it, even
encrypted DVDs using the controversial
libdvdcss.
Since transcode supports DV files, you can take your home videos and
transcode them to SVCD MPEGs to burn and send to your friends and family.
You can put images in the finished file just like your least favorite TV
station, and you can even try to remove images other people have placed
in the file.
Transcode is extraordinarily powerful, and when it comes to transcoding
a video file from one codec to another, it's second to none. If you need
to do anything of this sort, I recommend giving it a spin.
Comments (8 posted)
System Applications
Audio Projects
The
latest changes from the
Planet CCRMA audio utility packaging project include a
new versions of STK and a new
Site FAQ document.
Comments (none posted)
Database Software
Version 0.7.2-test2 of Knoda, a database frontend is out with bug
fixes and null value handling improvements. Also, a new
test version of hk_classes has been released.
Full Story (comments: none)
Version 0.6 of Montag, a web services system for XML database interaction,
is available.
"
This version includes a new web service, XUpdateService, for modifying a single document or a collection of documents without retrieving them, through the XUpdate language."
Comments (none posted)
The October 18, 2004 edition of the PostgreSQL Weekly News
is online with another round of PostgreSQL database information.
Full Story (comments: none)
Embedded Systems
For a project which has been widely deployed and shipped in commercial
products for many years,
busybox has
taken its time to reach 1.0. The site's front page now carries the news.
"
Over three years in development, BusyBox 1.00 represents a
tremendous improvement over the old 0.60.x stable series. Now featuring a
Linux KernelConf based configuration system (as used by the Linux kernel),
Linux 2.6 kernel support, many many new applets, and the development work
and testing of thousands of people from around the world."
Comments (none posted)
Filesystem Utilities
Version 0.1 of Gnome VFS Mount 0.1, a program for mounting gnome-vfs-uris
directories on Linux filesystems, is out with numerous improvements.
Full Story (comments: none)
Libraries
Version 1.10 of libxklavier, the
X keyboard utility library, has been released.
"
As a start of new libxklavier development series. I announce the
version 1.10 of the X keyboard utility library. This version contains
improved architecture of the configuration process - not the entire
configuration compilation process is performed on the client side, so
X server gets absolutely prepared X configuration - this allows to
eliminate problems where X server and X client have different
configuration bases."
Full Story (comments: none)
Mail Software
Version 0.1.2 of PopGavaMail, a POP3 server proxy for accessing gmail
e-mail,
has been released.
"
Version 0.1.2 fixes a major bug which was causing a
NoClassDefFoundError when it was run."
Comments (none posted)
Networking Tools
Version 0.3.1, the first public release, of NetworkManager is available.
"
It serves as a network policy manager for the HAL-ized freedesktop.org
stack. It will automatically establish wired and wireless connections,
manage wireless keys, and provides developers with a high-level DBus API
for controlling networking."
Full Story (comments: none)
Printing
Release candidate 2 of
CUPS 1.1.22
(Common Unix Printing System)
has been announced.
"
CUPS 1.1.22 is a bug fix release which fixes device URI logging, file descriptor and memory leaks, crashes related to printer browsing, and error handling in the browsing code. The new release also adds support for PostScript files from other Windows PostScript drivers."
Comments (none posted)
Security
Version 0.98 of BASE, a web front-end to the
SNORT intrusion detection system,
has been announced.
"
This version adds PHP 5 support along with a user authentication system. We have also changed the look and feel of the application and fixed a number of bugs. Working with the Snort and BASE community, we have tried to incorporate all of the features that users have asked for."
Comments (none posted)
Web Site Development
Version 1.20 of Albatross, a Python-based toolkit for developing
highly stateful web applications, has been released.
"
There have been many improvements and bug fixes since release 1.1."
Full Story (comments: none)
Version 0.9 of Araneida, a Common Lisp-based HTTP server, is available.
"
This
version improves portability and provides SERVE-EVENT fixes."
Full Story (comments: none)
Version 1.6.0rc2 of Midgard, a web CMS platform,
has been released.
New features include multiple language support, PAM support,
an Apache2 module, Apache 2/PHP interoperability, and more.
Full Story (comments: none)
Version 3.2.22 of the
mnoGoSearch
web site search engine has been released.
Changes include a new template section, support for user defined sections,
speed improvements, bug fixes, and more. See the
Change Log for more
information.
Comments (none posted)
Version 2.0a1 of the
Quixote
web development platform is out. Changes include software
restructuring, support for Unicode, and more,
see the
CHANGES file for details.
Comments (none posted)
Version 0.3.1 of UnCommon Web, a Common Lisp-based web application development framework, is out.
"
This version provides optional cookie
based session tracking, a MOP-based component implementation, an
improved template-component API, a more robust application dumping
facility, and more."
Full Story (comments: none)
Miscellaneous
Version 0.1.0 of Gnome-schedule, a configuration tool for
at and cron, is out.
"
This release is a BETA release and we hope to get sorted out as many
bugs as possible before the main release, there will be no new
features added. But we are very intersted in your comments or
proposals."
Full Story (comments: none)
Stable release 3.4.0 of MultiTail is available.
"
MultiTail lets you view one or multiple files like the original tail
program. The difference is that it creates multiple windows on your console
(with ncurses). It can also monitor wildcards: if another file matching the
wildcard has a more recent modification date, it will automatically switch
to that file. That way you can, for example, monitor a complete directory of
files."
Full Story (comments: 1)
Desktop Applications
Accessibility
KDE.News
reports on a new release of
cspi-dbus bridge.
"
Together with the
Qt 4 D-BUS bindings, it is now possible to write KDE assistive technologies
that transparently interact with Qt/KDE applications as well as GTK/GNOME
applications."
Comments (none posted)
Audio Applications
Initial version 0.1.0 of Goobox, a CD player and ripper for the
Gnome Desktop environment, is out.
"
it
uses gstreamer to play and rip CDs and cddb-slave2 (distributed with
gnome-media) to get and edit CD metadata such as track titles and album
name."
Full Story (comments: none)
Data Visualization
Version of
Gmsh,
a 3D mesh generator, is available. The
announcement says:
"
This release contains small updates and bug fixes all over the map, as well as a new utility to reorder mesh files."
Comments (none posted)
Desktop Environments
Version 2.8.1.1 of the GNOME Applets are available with bug fixes.
"
Just about
everyone uses a GNOME Applet or two, the package includes applets like
the battery applet, CPU load applet, weather applet and mixer applet."
Full Story (comments: none)
Version 2.8.6 of Metacity, a simple window manager for GNOME 2,
has been announced.
"
This is a stable release for Gnome 2.8.1."
Numerous bug fixes are included.
Full Story (comments: none)
New Konqui graphics
are available,
according to KDE.News.
"
A range of new Konqi the Dragon graphics and the first Konqi video has been put together by newcomer to the KDE Artists mailing list Bastian Salmela (Basse). Unlike previous versions, this new Konqi wireframe model is made in the Free Software application Blender. You can find Konqi and the Magical Rope of Curiosity video (our killer feature at LinuxWorld London) as well as still graphics and their sources on the KDE Clipart page and Basse's KDE page."
Comments (none posted)
The October 15, 2004 edition of the
KDE CVS-Digest is online. Here's the content summary:
"
Pixie Plus returns with new maintainer. Krita now shears and rotates images. KPresenter adds master page support. amaroK now support NMM. Plus coverage of the GStreamer presentation from the aKademy conference."
Comments (none posted)
KDE.News
mentions
the availability of a new KDE Performance Tips document.
"
Many aspects of KDE performance depend on the underlying system or the user's
configuration. The KDE Performance Tips document, which lists some of the
performance related issues together with instructions how to avoid or fix the
problems, has been updated with new tips."
Comments (none posted)
Desktop Publishing
Version 1.7 of Kile, an Integrated LaTeX Environment for KDE,
has been released.
Changes include a new tool system, support for other TeX systems,
LaTex command autocompletion, system check, and a detailed clickable error summary.
Full Story (comments: 2)
The Essays 1743 font is available in TrueType and PostScript formats
under the LGPL.
"
It's based
on the typeface from a 1743 English translation of the essays of
Montaigne; so, broadly speaking, it looks old without being so old it's
hard to read. If you've read any of Neal Stephenson's last three books,
you've seen such a font."
Full Story (comments: 1)
Electronics
The latest new electronics applications on
Open Collector include Kicad 11-10-04 (a PCB suite), Icarus Verilog 0.8 (a
Verilog simulation language compiler), and XCircuit 3.3, (a schematic
capture application).
Comments (none posted)
Games
Version 0.5.91 of Atlas-C++
has been announced.
"
Atlas-C++ is the C++ implementation of the WorldForge protocol. This released is aimed at developers working on code that will be used with the Atlas-C++ 0.6 API which is currently in development."
Changes include API improvements and codec fixes.
Comments (none posted)
Version 0.3.3 of GNOME War Pad, a GNOME VGA Planets client,
has been released with numerous changes and translation improvements.
Full Story (comments: none)
Graphics
Version 0.9.14 of Tux Paint has been released.
"
To briefly describe the app., it's a drawing program for children 3 and up,
which has been translated to over 45 languages, runs on various OSes,
and is released under the GNU GPL."
Full Story (comments: 2)
GUI Packages
Version 1.1.5 of FLTK, the Fast, Light Toolkit,
has been released.
"
The FLTK 1.1.5 release is primarily a bug-fix release including documentation updates, fixes for 64-bit platforms, FLUID, several widgets, and GLUT emulation, and fixes for several platform-specific issues. The new release also adds project files for Visual C++.NET and supports KDE 3.x icons."
Comments (none posted)
Version 0.3.1 of Gazpacho, a GUI builder for
the GTK+ library, has been released.
Changes include preparations for adding unit testing,
a Gazpacho loader delegate, bug fixes, and more.
Full Story (comments: none)
Instant Messaging
Version 0.5.2 of Silky, a secure chat client for GTK2, is out.
Changes include GTK 2.2 compatibility, a new GETKEY command,
bug fixes, and more.
Full Story (comments: none)
Interoperability
Version 20041019 of Wine
has been released.
Changes include primary Direct3D 9 support, improvements to the
IDL compiler and the COM headers, a new MSCMS dll, and bug fixes.
Comments (none posted)
The October 15, 2004 edition of
Wine Traffic is online for your reading enjoyment.
Comments (none posted)
Mail Clients
Version 2.0.2 of the Evolution mail client has been released.
Lots of bug fixes are included in this release.
Full Story (comments: none)
Music Applications
Version 0.13 of liblo, an implementation of the Open Sound Control
protocol for POSIX systems, has been released.
"
This release adds Mac OSX compatibility fixes from Taybin Rutkin, a
memory leak fix from Jesse Chappell and methods and examples to allow
server polling from exisitng threads from Sean Bolton. Some legacy
compatobility code has been removed, but this should not affect anyone."
Full Story (comments: none)
Office Suites
Version 0.23 of
PyOpenOffice, a platform-independent Python class library and
command-line utility which can convert OpenOffice.org files to PDF,
is available.
Comments (none posted)
Peer to Peer
Version 0.0.16 of BTQueue, a console-based BitTorrent Client,
has been released.
"
BTQueue 0.0.15 is stable enough for long run. BTQueue. 0.0.16 has been modified to extend its functionality for maximum extensibility."
Comments (none posted)
Digital Photography
Version 0.7-beta1 of digikam,a digital photo management application
for KDE, has been released.
This version adds a long list of new features.
Full Story (comments: none)
The first beta release of
digiKam Image Editor Plugins 0.7.0 is out.
"
DigikamImagePlugins are a collection of plugins for Digikam 0.7.0 Image
Editor. These plugins add new image treatment options like color management,
filters, or special effects."
Full Story (comments: none)
Science
Version 0.9 of gNumExp, a gui frontend to the NumExp math-oriented
programming language, has been released.
Changes include integration with a new MIME system, improved
user interface, better MathML rendering, a new load/save progress dialog,
bug fixes, and more.
Full Story (comments: none)
Release candidate 1 of it++ 3.8.0, a cross-platform C++ library of
mathematical, signal processing, speech processing, and communications
classes and functions,
is available.
"
The kernel of the package are templated vector
and matrix classes and lots of functions for vectors and matrices. As such
the kernel is similar to the Matlab functions. IT++ is based on LAPACK, CBLAS
and FFTW. This is the first release candidate of a new major release. It has
tested on Linux and Cygwin on Windows but not on Windows using Visual C++
.Net 2003."
Comments (none posted)
Web Browsers
Version 1.4.4 of Epiphany, a browser for GNOME, is out
with several bug fixes.
Full Story (comments: none)
The Mozilla
Independent Status Reports for October 11, 2004 are available.
Here's the content summary:
"
This week's set of reports includes updates from cuneAform, Gnusto,
MozManual, purgecontrol, Caminol10n, Mozilla Archive Format, OutSidebar,
HONcode Status, and Mail Redirect."
Comments (none posted)
Miscellaneous
Version 1.36 of Animal Shelter Manager
is available.
"
Animal Shelter Manager is a complete computer solution for animal sanctuaries and shelters. Features complete animal management, document generation, full reporting, charts, internet publishing, pet search engine integration, web interface and more. This release adds many new features, including native installers for all platforms, editable vet book, FIV/L result tracking, automatic logout, better media support, multiple movement donation support, tattoo support, improved database handling, better UI widgets, video capture (Linux only) and many bug fixes."
Comments (none posted)
Version 2.8.0 of GNOME Terminal has been released.
"
This is mostly a release to get updated translations and to have a new
release for GNOME 2.8.1."
Full Story (comments: none)
Version 0.7.4 of Seahorse, a PGP key management application,
has been released with a long list of changes.
Full Story (comments: none)
Languages and Tools
Erlang
Version R10B of the Erlang/OTP environment is available.
Changes include better performance, a new tutorial, the addition
of try/catch to the language syntax, a new Query List Comprehensions
addition, a new XML parser, improvements to the Erlang shell, and more.
Full Story (comments: none)
Java
Benoit Aumars
writes about the Java Messaging Service on O'Reilly.
"
Simple communication in an enterprise system is possible through various
schemes, but not all of them answer the question of coordination. Benoit
Aumars presents a hypothetical case study that shows how generating and
sharing information in XML is made easier with Java Messaging Service (JMS)
and Java Management Extensions (JMX)."
Comments (none posted)
Lisp
Version 0.6.2 of AspectL, a library that provides aspect-oriented
extensions for Common Lisp/CLOS, has been released.
"
Pascal Costanza has released AspectL 0.6.2 on 10 October 2004. This
version changes the way special classes are handled."
Full Story (comments: none)
Perl
Martin C. Brown
shows how to optimize Perl code on IBM developerWorks.
"
Perl is an incredibly flexible language, but its ease of use can lead to some sloppy and lazy programming habits. We're all guilty of them, but there are some quick steps you can take to improve the performance of your Perl applications. In this article, I'll look at the key areas of optimization, which solutions work and which don't, and how to continue to build and extend your applications with optimization and speed in mind."
Comments (none posted)
The October 11-17, 2004 edition of
This Week on perl5-porters is out with a 5 year celebration of
the release of Perl 5 and other Perl topics.
Comments (none posted)
Geoff Broadwell
edits multiple files with Perl on O'Reilly.
"
For those not used to the terminology, FMTYEWTK stands for Far More Than You Ever Wanted To Know. This one is fairly light as FMTYEWTKs usually go. In any case, the question before us is, "How do you apply an edit against a list of files using Perl?" Well, that depends on what you want to do...."
Comments (none posted)
PHP
Ethan McCallum
discusses the Page Controller design
pattern on O'Reilly.
"
Simple web apps can start simple, but when they grow more complex, they often
need pruning and refactoring to be maintainable. The Page Controller design
pattern can help separate concerns such as templates and logic. Ethan
McCallum demonstrates this language-neutral technique with PHP."
Comments (none posted)
Python
The first beta of
Python 2.4 has
been announced (click below). If you like living on the bleeding edge,
download it, kick the tires, and report those bugs.
Full Story (comments: none)
The September 16-30, 2004 edition of the python-dev Summary
is available. Take a look for recent discussions from the python-dev
mailing list.
Full Story (comments: none)
The October 18, 2004 edition of Dr. Dobb's Python-URL! is online
with the week's Python language article links.
Full Story (comments: none)
Tcl/Tk
The October 19, 2004 edition of Dr. Dobb's Tcl-URL!
is online. Take a look for a weekly dose of Tcl/Tk articles.
Full Story (comments: none)
XML
Uche Ogbuji
has assembled
a giant table of Python-XML utilities in an O'Reilly article.
"
The general rules of thumb for including software are, firstly, whether it implements a technology or set of technologies strongly associated with XML; and secondly, whether it does so in a way that is useful for any arbitrary XML file I may want to process."
Comments (none posted)
Manish Verma
covers XML security issues on IBM developerWorks.
"
Providing the right people with the right access to information is as important as (if not more important than) having the information in the first place. eXtensible Access Control Markup Language -- or XACML -- provides a mechanism to create policies and rules for controlling access to information. In this article, author Manish Verma continues his series on XML security issues by showing you how to incorporate XACML into your own applications."
Comments (none posted)
Antoine Quint
writes about SVG and multimedia on O'Reilly. "
If you're a regular reader of this column, or if you just read the specification carefully, you would know that SVG is more than just a vector graphics XML vocabulary. While I won't bore you here with the list of application contexts SVG is suited for, I will point out that since Day One there have been synergies between the work that took place at W3C around multimedia (SMIL) and SVG."
Comments (none posted)
Build Tools
Version 0.4 of iCompile, an automated build system for C++ projects,
is out.
"
The 0.4 release
topologically sorts library dependencies (so *you* don't have to figure out
whether -lSDL comes before or after -lpthreads in the link list) and adds
.icompile and ice.txt files to allow project customization."
Comments (none posted)
Editors
Version 2.8.1 of GHex, a binary file editor, is available.
"
A quick follow-up to the still warm 2.8.0: I have fixed a build bug that
might have, under very special circumstances, caused an incompatible
version of dependencies (like glib or gtk) to be pulled in the build,
and a bug in the converter that caused only one byte of hex to be
displayed."
Full Story (comments: none)
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Groklaw
prints
Richard Stallman's response to patent alternatives. "
The
supposition that software idea patents are inevitable is a form of
defeatism that is already visibly mistaken. The movement against software
idea patents in Europe, led by FFII (fii.org) and supported by
organizations as diverse as Deutsche Bank Research and the Confederation of
Associations of Small and Medium-size Enterprises, has already persuaded
the European Parliament once. The outcome will be so close that it is
absurd to think you can predict the winner."
Comments (25 posted)
NewsForge
covers
the political action committee, IPac. "
Over the past few years,
intellectual property policy in the U.S. has shifted dramatically in favor
of business at the expense of the public interest. Software patents,
automatic copyright extensions that can last as long as Congress wants them
to last, and the Digital Millennium Copyright Act have all become policy
with very little opposition from either Democrats or Republicans. A new
political action committee, IPac, hopes to change that by giving a voice to
the public interest."
Comments (none posted)
Disruptive technology guru Clayton Christensen
thinks that Microsoft should refocus its
market toward Linux on handheld devices, according to
this ZDNet article.
"
"Where Linux takes root is in new applications like Web servers and handheld devices. As those get better, applications will get sucked off the desktop onto the Internet, and that's what will undo Microsoft," he said.
The software company can respond to this market disruption by setting up a separate business that will "kill Microsoft," Christensen said. If it doesn't react to the rise of Linux desktops on handheld computers, it will miss a coming wave of new applications and market opportunities, he said."
Comments (12 posted)
Trade Shows and Conferences
NewsForge
reports
from Gartner's Symposium/ITxpo. "
[Gartner vice president Mark
Driver] said the major change in attitude toward open source over the past
few years was recognition that it is an important and recognized part of
the software landscape. He said many open source applications are reaching
"technical maturity" and that a growing number of people are accumulating
experience with open source software, so finding qualified support is no
longer a problem. In general, he said, open source "is becoming more
institutionalized today.""
Comments (none posted)
KDE.News
covers LinuxWorld
Conference & Expo in London. "
We ran a joint stall with the
GNOMEs which gave us one of the biggest spaces in the .org village and was
used to jointly promote freedesktop.org and X.org. Only one GNOME turned up
so we spread ourselves, and the excellent collection of machines that had
been lent to us, along the stall."
Comments (1 posted)
The Register
covers a UK LinuxWorld panel discussion.
"
Open source activists need to get Linux into schools if Windows' pre-eminance on the desktop is ever to be seriously challenged, a panel discussion at LinuxWorld conference in London last week concluded.
StarOffice is offered free to schools and has made significant progress as an alternative to Microsoft Office. But Windows remains "entrenched" in schools, so children have no opportunity to get to know alternatives."
Comments (none posted)
Tim Cook
covers the World Conference of World Organization of National
Colleges, Academies and Academic Associations of General
Practitioners/Family Physicians (WONCA) conference for LinuxMedNews.
"
My last station was to chat with the Director of the Center for Healthcare IT (CHIT) at the AAFP, Dr. David Kibbe. I of course asked him about his fray with the open source community and he offered his side of the events. He feels he has ...scares from being burned. He also stated that the open source community let him down because when he wanted to take the MEDPLEXUS EMR open source, ...they [the open source community] wanted to do it their way and not mine. I responded by reminding him that there were many people offering to help him understand the open source processes and really wanted to see him succeed."
Comments (none posted)
The SCO Problem
ZDNet
reports on a new web site that SCO is going to launch.
"
The SCO Group plans to launch a website to chronicle its legal battles relating to Unix and Linux, as part of an effort to counterbalance Groklaw.net - which was set up to poke holes in the company's legal claims.
The site, to be called Prosco.net, will feature an archive of legal filings, hearing dates and SCO positions on various matters, spokesman Blake Stowell said Tuesday. The Utah-based company plans to launch the site by 1 November, he said." SCO isn't planning on including any mechanism for
posting reader feedback on the site.
Comments (20 posted)
Groklaw has
a report from today's hearing in SCO v. IBM. "
The summary is this:
each side argued its position, SCO as to why it needed more AIX and Dynix code
and remote access to CMVC etc., and IBM as to why it's a needless burden and
all a red herring anyway, that IBM has already given them what they need."
Comments (none posted)
Interviews
KDE.News has
an interview with
Pete Gordon, on portable usability labs. "
The key is in developing
user oriented software. When we are developing software for others besides
ourselves, we need to understand others. And, the Usability Engineer or the
developer that has a free couple hours and can meet with users, can capture
that user experience and communicate it back to others. Now maybe
Usability Professionals will frown on me saying developers can do it, but I
can't help to say they can do it--I am a developer and I do it--a
lot. Granted some people are more suited to do it than others."
Comments (none posted)
Vnunet
talks with Martin
Taylor, global general manager of platform strategy at Microsoft.
"
How are you seeing Linux in the market? The other thing
we're finding is more and more people wanting to deploy a commercialised
Linux version. They don't want their own custom configured kernel [or]
custom distribution. They want to pick up the phone [and say]: 'Help me
this is broken.' So that puts you into Red Hat/Novell-SuSE's
ballpark. Both those have pricing models for support and security patches
more expensive than Windows Server. So in some cases you could say I am
under-priced compared to the marketplace. That's what we're seeing."
Comments (10 posted)
Resources
Ibrahim Haddad and David Gordon
introduce DNSSEC in an O'Reilly article.
"
Securing DNS is important in order to deal with the various threats originating from the Internet, threats that the original DNS design did not anticipate. One technique for securing DNS is through DNS Security Extensions (DNSSEC), a set of extensions to DNS that provide authenticity and integrity. In this article, we will provide an overview of DNS and DNSSEC and a step-by-step tutorial that gives you the needed instructions to secure your own DNS servers with DNSSEC."
Comments (1 posted)
Linux Journal
examines embedded
development with Linux. "
Linux, available for many
architectures, is an obvious candidate for an embedded system, and it
already is being used widely in this area. Its open nature makes it
particularly attractive to developers. Development tool suites have begun
to appear in response to the perceived need, although one can work without
such luxury and employ less integrated tools already available in
Linux. New embedded systems companies using Linux have opened for business,
and various older embedded systems companies have added Linux to their
product line."
Comments (1 posted)
Reviews
Dave Phillips
introduces
Hydrogen, a drum machine/rhythm programmer. "
Hydrogen is endowed
with all the features and amenities expected in a hardware drum
machine. Like its contemporary software counterparts, it's also blessed
with the expanded capabilities of the virtual drum machine. Let's take a
look at how Hydrogen is put together, and then we'll walk through a simple
example of its typical use."
Comments (none posted)
O'ReillyNet
takes a
look at seven applications built on Mono. "
[There] are many cool
open source programs being built on Mono, even though Mono 1.0 has only
been released for a short time. This article provides a tour through some
of these programs, along with details about how you can start experimenting
with them yourself. Not all of the programs featured here are finished
products, but they're all exciting and show off interesting aspects of
Mono."
Comments (none posted)
NewsForge
introduces
some of the new features in PHP 5. "
The greatest change in PHP 5
comes with a complete redesign of its object model, and with it, a tighter
integration to object-oriented (OO) paradigms. Previous versions' usage of
objects had one major drawback: Objects were not tightly aligned with the
behavioural patterns observed in other object languages like Java or
C++. While PHP offered a simpler approach, the disparity created a
considerable chasm for those wanting to use PHP in a truly object-oriented
manner -- in the sense of what the industry perceives as
object-oriented."
Comments (none posted)
Doug Hall
reviews a PostgreSQL training course that was held at the
Big Nerd Ranch.
"
We started each day with breakfast at 8:30. Lunch was at 12:30 and dinner at 6:30. Each day, around 2pm, we took a break from training and took about a 45-minute walk through the woods, exploring the different sites and scenic trails around Historic Banning Mills. This was a good thing, because it helped stave off the afternoon food coma that ordinarily would have set in."
Comments (none posted)
The Register
looks at the new Linux-based Zaurus SL-C3000 PDA from Sharp.
"
The new model is based on a 416MHz Intel XScale PXA270 processor backed by 64MB of SDRAM and 16MB of Flash ROM. Crucially, the unit also features a 4GB hard drive - the first PDA to do so.
The Sl-C3000 sports a 3.7in 640 x 480 LCD mounted above a QWERTY keypad with a five-way navigator control." The device is only available
in Japan.
Comments (7 posted)
NewsForge
looks at
ZoneMinder, a free software application for home security. "
I
recently installed a remote home camera security system using wireless
Internet cameras and a fine free software application for Linux called
ZoneMinder. The cameras are installed at a friend's house, and the
application runs at mine. ZoneMinder is powerful, feature-rich, and
sophisticated."
Comments (none posted)
Miscellaneous
Silicon.com has posted
its list of "agenda
setters" for 2004. Familiar names on the list include Linus Torvalds,
Lawrence Lessig, Richard Stallman, Marten Mickos, Mark Cox, OSRM's Daniel
Egger, and, interestingly, Donald Knuth. "
Donald E Knuth's seminal
work on computer algorithms has fresh relevance - he's risen 4 positions
from last year - in the current software patent debate. Because he has
documented so many algorithms and they can be regarded in the public
domain, programmers and companies have a defence in fighting copyright
infringement suits."
Comments (1 posted)
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
MozillaZine
mentions a fund raising campaign which is aimed at Firefox advertising.
"
A portion of each
donation will go towards taking out a full-page ad in The New York Times
celebrating the release. All donors will be listed in the ad."
Comments (none posted)
The PostgreSQL News
mentions
a new banking project in India that uses the PostgreSQL database
and Linux.
"
Sanghamitra is a new generation information technology tool to assist primary and urban co-operative banks and co-operative credit societies. Sanghamitra is a service rendered by Open Software Solutions industrial Co-operative society Ltd, Ernakulam."
Comments (none posted)
The Free Software Foundation Europe (FSFE) has sent out a
press release concerning the concept of creating a
World Intellectual Wealth Organisation.
"
We need a World Intellectual Wealth Organisation, dedicated to the
research and promotion of novel and imaginative ways to encourage the
production and dissemination of knowledge. Granting limited monopolies
and limited control over some kinds of knowledge may be part of this new
organisations tool-set, but not the only one, and maybe not even the
most important one."
Full Story (comments: none)
Commercial announcements
Astaro has announced their new Astaro Secure Client software.
"
A major upgrade to the existing Astaro IPSec Client, Astaro Secure Client
combines an advanced IPSec VPN client offering superior encryption and
authentication with a personal firewall and an integrated dialer. It allows
mobile workers, home offices, and individual PCs to communicate securely and
reliably over the Internet with central offices."
Full Story (comments: none)
FSMLabs has
announced
the availability of RTLinuxPro 2.1 and RTCoreBSD 2.1 hard real-time
operating systems. RTLinux and RTCoreBSD work in tandem with Linux and
BSD-based operating systems to offer hard real-time responsiveness in a
standards-based computing environment. The new releases incorporate a
variety of capabilities and features designed to address requirements of
advanced communications, control, instrumentation, aerospace and defense
applications.
Comments (none posted)
Infrae has announced some new OAI-PMH facilities.
"
Infrae is pleased to release extensions for Python,
Zope and the Silva CMS for harvesting web-based repositories exposed
using the OAI-PMH standard (Open Archives Initiative Protocol for
Metadata Harvesting). In addition we are announcing an extension for the
Railroad content repository software for exposing existing Railroad
systems as OAI-PMH harvestable repositories."
Full Story (comments: none)
Linspire, Inc. has
announced
a plan to count Linux desktop users, at least those running Linspire. When
a computer running Linspire connects to the Internet the IP address is
converted into map coordinates and a "lightup" appears in the corresponding
location on a satellite photograph of the Earth. The map can be seen at
lraiser.com.
Comments (18 posted)
Mandrakesoft
reports good sales of Mandrakelinux PCs through Planet Saturn stores.
"
Mandrakelinux PCs have been available since July in Planete Saturn
stores. The operation's success highlights Linux's growing importance in
the personal computer market. The time when Linux was considered an
Operating System confined to technical types and server rooms is over. The
efforts of free software actors, among them Mandrakesoft, has payed off:
Linux is now both powerful and accessible. The commercial success of
Mandrakelinux PC's sold in Planète Saturn stores stands as proof of
that. Planete Saturn is a branch of Media Saturn Holding, the European
retail leader in home electronics and appliances."
Comments (none posted)
Metrowerks has sent us three press releases in one large file. Click below
to find out more about
- Metrowerks Delivers Automotive Grade Linux(r) Technology for Next
Generation Telematics Equipment
- A Linux Board Support Package (BSP) for Freescale(tm) Semiconductor
mobileGT(tm) Architecture and Total5200(tm) Development Platform
- Metrowerks Sets Agenda for Embedded Linux(r) OS Development
Full Story (comments: none)
Red Hat, Inc. has
announced
the appointment of Karen Tegan-Padir as Vice President of Desktop
Infrastructure Technologies. Tegan-Padir comes to Red Hat from SUN
Microsystems where she most recently held the position of Vice President of
Engineering for J2EE platforms and Application Server products.
Comments (8 posted)
SGI has
announced that it will be releasing a version of its SpeedShop performance analysis tool under an open source license. "
With the development of an open-source version of SGI's SpeedShop tool,
researchers can begin relying on the same class of open-source parallel
performance tools that they have used for years in HPC environments. This will
ensure that researchers working on Linux systems -- not just at the NNSA but
throughout the nation and the world -- can accelerate their research efforts
by continuously optimizing application and system performance." One aspect of this whole thing won't be speedy, though: the actual release is scheduled for sometime in 2006.
Comments (none posted)
New Books
Paraglyph Press has published the book
Perl Core Language Little Black Book,
2nd Edition by Steven Holzner.
Full Story (comments: none)
Contests and Awards
KDE.News has
announced the winners
of the KDE Docs Competition.
"
The winners were as follows:
Adriaan de Groot with an entry on configuring toolbars.
Nicolas Goutte who wrote about Hand Editing Configuration Files.
Robert Stoffers whose entry was on Launching Programs."
Comments (none posted)
Upcoming Events
OS04 will be held this Friday, October 22, in Graz, Austria.
"
OS04 is an open platform for everyone who can identify with the idea of
open development.
In addition to conventional exhibits and talks on technology and the
professional and private use of open source software you will find various
supporting acts."
Full Story (comments: none)
Several workshops on Linux streaming media and related topics will be held
at BEK in Bergen, Norway in late October and mid November, 2004.
Full Story (comments: none)
The Debian Project has announced its presence at a number of conferences
across Europe in October.
Full Story (comments: none)
PyCon 2005
will be held on March 23-25, 2005 in Washington DC.
Comments (none posted)
| Date | Event | Location |
| October 21 - 22, 2004 | Web.It 2004 | Bari, Italy |
| October 21 - 22, 2004 | 5. Encuentro Linux | Valparaiso, Chile |
| October 22 - 23, 2004 | Berlinux 2004 | (Berlin's technical university)Berlin, Germany |
| October 23 - 24, 2004 | OpenFest 2004 | (Inter Expo Center)Sofia, Bulgaria |
| October 26 - 28, 2004 | LinuxWorld Conference and Expo | Frankfurt, Germany |
| October 26 - 29, 2004 | IBM eServer, pSeries, AIX and Linux Technical Conference | Munich, Germany |
| October 27 - 29, 2004 | Sixth International Conference on Information and Communications Security(ICICS'04) | Malaga, Spain |
| October 27, 2004 | Open Source Enterprise Solutions Conference | University of Maryland Shady Grove Campus |
| October 27, 2004 | Open Source Enterprise Solutions Conference | (University of Maryland Shady Grove)Rockville, MD |
| November 1 - 6, 2004 | International Computer Music Conference(ICMC) | Miami, FL |
| November 4 - 5, 2004 | HiverCon 2004 | (The Davenport Hotel)Dublin, Ireland |
| November 5 - 6, 2004 | Nottingham LUG - Linux at Green's Mill Science Centre | Nottingham, UK |
| November 6 - 12, 2004 | High Performance Computing, Networking, and Storage Conf(SCnn) | Pittsburgh, PA |
| November 7 - 10, 2004 | International PHP Conference 2004 | Frankfurt, Germany |
| November 8 - 10, 2004 | MySQL ComCon Europe | (NH Hotel Frankfurt-Mörfelden)Frankfurt, Germany |
| November 13 - 17, 2004 | ApacheCon US 2004 | (Alexis Park Resort)Las Vegas, NV |
| November 14 - 18, 2004 | COMDEX Conference and Exposition | (Las Vegas Convention Center)Las Vegas, Nevada |
| November 14 - 19, 2004 | Large Installation System Administration Conference(LISA '04) | (Atlanta Marriott Marquis)Atlanta, GA |
| November 18 - 19, 2004 | Forum PHP, Paris | Paris, France |
| November 25 - 26, 2004 | Le forum PHP 2004 | (FIAP Jean Monnet)Paris, France |
| November 29 - 30, 2004 | LinuxPro 2004 | (Hotel Gromada Airport Conference Center)Warsaw, Poland |
| December 1 - 3, 2004 | Australian Open Source Developers' Conference | (Monash University)Melbourne, Australia |
Comments (none posted)
Mailing Lists
A new Eurolisp mailing list has been created for discussion of
all Lisp topics in Europe.
Full Story (comments: none)
Web sites
A new site called
NoSoftwarePatents.com has
launched as a way of spreading the word about the threat of software
patents in Europe. "
In this campaign, we don't mince words. The
issue of software patents is critical for our future. We have to speak out
clearly on what is wrong with software patents, and which structural
deficiencies the patent system needs to work on before it can even think of
expanding into any new areas." This effort is sponsored by Red Hat
and MySQL, among others.
Comments (17 posted)
Software announcements
Here are the software announcements, courtesy of
Freshmeat.net. They are available in
two formats:
Comments (none posted)
Miscellaneous
KDE.News
celebrates the eighth
birthday of the KDE project. Happy birthday KDE.
Comments (none posted)
Page editor: Forrest Cook
Letters to the editor
| From: |
| "Kapil Hari Paranjape" <kapil-AT-imsc.res.in> |
| To: |
| media-AT-osia.net.au, lwn-AT-lwn.net |
| Subject: |
| Linux-PC's and pirated Windows |
| Date: |
| Fri, 15 Oct 2004 09:24:06 +0530 |
Hello,
Unfortunately, if you examine the sale of "Linux-pre-installed" PC's in
India some of what has been said *is* true. The following is based on
first-hand experience.
1. The shop-owner (not the manufacturer/vendor) will say "don't worry my
`engineer' will install *all* the software for you". This usually means a
lot of un-licensed software including Windows.
2. The reason why the manufacturers pre-install GNU/Linux (rather than
install nothing) is to satisfy the "minimum requirement". A large
institute once got a notice from Microsoft/BSA---"We notice you have
bought a large number of PC's but only a handful of Windows licences.
etc." So the installation of GNU/Linux is a "cover".
3. The pre-installed GNU/Linux is so shabbily installed that it is a
wonder the poor thing boots at all! It is clear that even the
manufacturers expect that this installation will be replaced by
something better---a proper GNU/Linux installation if the user is
willing---or an un-licensed Windows plus stuff.
4. The support from even the big companies like Acer and Dell for their
GNU/Linux installation is negligible in comparison to their support for
Windows. The shop-owner's knowledge of GNU/Linux is usually next to
nothing. Often the PC has hardware for which there are currently *no*
drivers available in Linux.
All these points---especially 3 and 4---are reasons why pre-installed
GNU/Linux systems may not really be a great boon. They may actually end
up deterring users from trying GNU out because of crippled installations.
(Looked at this way it even looks like a pro-Microsoft ploy:).)
However, you have correctly pointed out that Gartner is jumping the gun
in claiming that "pre-installated Linux is *responsible* for Piracy".
The un-licensed copying is happening anyway. "pre-installation of Linux"
is just one more tool for people to share proprietary software in a
manner not permitted by law. In fact, as you point out the installation
of Windows is itself a tool for people to do more of the same.
Thanks and regards,
Kapil H. Paranjape.
--
Checking host system type...
i586-unknown-linux
configure: error: sorry, this is the gnu os, not linux
-- Topic on #Linux
--
http://www.imsc.res.in/~kapil/gpg.html for my Public Key.
------------------------------------------------------------------
1024D/5416E5B8 2004-10-13 Kapil Hari Paranjape <kapil@imsc.res.in>
1024g/3BDF565B 2004-10-13
Key fingerprint = F160 CBB9 03C8 425D 4BBA 79F4 491F 8FDA 5416 E5B8
--
Comments (4 posted)
Page editor: Jonathan Corbet