| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for October 28, 2004The Grumpy Editor's guide to free documentation licenses
This is not the case for licenses covering documentation. There seems to be little consensus on which rights authors need to retain, and which should be relinquished. Indeed, there is little agreement on why documentation should be free. Many of the reasons for keeping software free (ability to look at the source to see how it works, ability to correct misfeatures) do not apply to documentation. Obtaining a manual in "original source" form may be helpful for cranking out more copies, but that source will reveal little which is not already evident in the text. Software, when distributed in binary form, is a black box which hides its internal nature. Documentation, on the other hand, expresses its ideas on its face; it is transparent. Or, at least, it should be. Certainly your editor has produced writings which fail on that front at times. So why should documentation be free? Your editor has a renewed interest in free documentation licenses for a couple of different contexts. One is a longstanding item on LWN's "good intentions" list: putting our original content under a free license. The other is the almost-imminent publication of a book, which will certainly be released under free terms. In both cases, the motivations are similar:
For the purposes of updating and creating other sorts of derived works, having the "original" source of a free document is important - though not absolutely necessary. If nothing else is available, a free license, a scanner, and some sort of character recognition software can fill in. Translations and distribution do not necessarily require source; PDF files may be all that is required. Since not all free licenses are driven by the same goals, they do not all require the distribution of a machine-editable version of the text. Documentation licenses address one other area which is typically not an issue with licenses applying to code: that of artistic integrity. Some authors feel that their words should be distributed intact, or not at all; others insist that certain types of material not be removed from their works. A survey of documentation licenses will find a number of "thou shalt not modify the text" terms. Such licenses will, for the purposes of this article, be considered non-free. A document which cannot be modified resembles a program which cannot be recompiled; it may have its uses, but it is also a dead end.
Creative CommonsThe Creative Commons project is trying to address the current impoverishment of the public domain by encouraging the release of artistic works under any of a set of licenses. Many of the creative commons licenses forbid the creation of derived works or any sort of commercial use; they are thus, by this survey's standards, non-free. There are two licenses which lack those terms, however, being the Attribution 2.0 and Attribution-ShareAlike 2.0 licenses. The Creative Commons licenses are explicitly written as contracts; they read:
BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND
AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. THE LICENSOR GRANTS
YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE
OF SUCH TERMS AND CONDITIONS.
The Attribution license allows the creation and distribution of derived works. Distributed copies must include a copy of the license - or at least a URL pointing to it; additional restrictions may not be imposed on the original work. Any distributed copy must include attribution giving credit to the original author, along with the author's URL pointing to the original version. The "ShareAlike" version of the license is GPL-like in that it requires derived works to carry the same license. Interestingly, the Creative Commons 2.0 licenses explicitly disclaim any warranty or indemnification. Earlier versions of the license offered a warranty by the author that he or she was entitled to offer the work under those terms. The Creative Commons licenses say nothing about the format in which works are distributed. By your editor's reading of the licenses, distribution of a derived work in PDF format, with no availability of the work in its original format, is allowed.
The GNU Free Documentation LicenseThe GNU Project's recommended license for documentation is the Free Documentation License; it is complicated and, by some accounts, not truly free. In places, the FDL has clearly been written with the idea of furthering the Free Software Foundation's particular goals.The FDL is GPL-like, in that it allows the creation and distribution of modified versions, but any derived versions must carry the same license. The FDL places limits on modifications, however. Any derived versions must carry the original's "History," "Acknowledgments," and "Dedications" sections, along with a full copy of the FDL. Beyond that, however, the FDL creates the concepts of "invariant sections" and "cover texts"; these features of the FDL are at the heart of the disagreement over its status as a free license. An invariant section is not allowed to address the primary topic of the text. Instead, it deals with the "relationship" between the author(s) and publisher and the subject:
The relationship could be a matter of historical connection with
the subject or with related matters, or of legal, commercial,
philosophical, ethical or political position regarding them.
The FDL requires that all invariant sections be included in any derived work, and that, as indicated by their name, these sections not be modified. The purpose of invariant sections is clear: it enables the GNU project to include the GNU Manifesto (and related texts) in manuals and to forbid its removal. Thus, documents can be made to serve two roles: describing the subject matter of interest, and promoting the agenda of the group which created the document. "Cover texts" are short passages which must, in some conditions, appear on the front and back cover of any distributed copy of the work. Use of cover texts is only required when over 100 copies are being distributed. Distributing large numbers of copies also obligates the distributor to make a "transparent" version of the document - one which is machine editable - available. The "transparent" copy need not be the original source; a plain text file stripped of markup will do. People who distribute a small number of copies can, if they wish, distribute them in an "opaque" format which does not allow editing. An FDL-licensed work with no invariant sections and no cover texts is, by most peoples' reckoning, free. The inclusion of text which cannot be modified or deleted obviously changes the picture, and many people consider documents with those features to be non-free. Certainly the FDL makes certain types of derived products, such as those using an excerpt from an FDL-licensed work, difficult. An author wishing to take a few sections from the GNU emacs manual must drag along the entire FDL, the entire GPL, the GNU manifesto, the "Distribution" section, and the cover texts as well. In practice, these requirements will make that sort of use almost impossible. The FDL makes no statement with regard to warranties or indemnification, other than to note that the document may carry warranty disclaimers outside of the license. It is also careful to note that warranty disclaimers cannot modify any other aspect of the license.
Open Publication LicenseThe Open Publication License (OPL) dates back to 1999. Among other things, it is used for the Perens Open Source Series of books. The OPL is a relatively simple license; it allows redistribution of works, with or without modifications, in any format. The distributed copies must be licensed under the terms of the OPL, but nothing in the license requires that an editable version be made available. Modified versions must include a pointer back to the original, along with the usual notifications that changes have been made. The OPL includes a warranty disclaimer. In its plain form, the OPL is a free license. It includes two "options," however, which can change the situation. "Option A" is a prohibition on the distribution of "substantive" modifications - essentially anything beyond reformatting or typo fixes. "Option B" is a restriction on commercial redistribution. If either of these options is exercised, the license becomes non-free. There does not appear to be anything prohibiting a person who distributes a derived work from adding options to the license, even if the original author chose not to use them. The Creative Commons licenses and the FDL both include prohibitions on the use of "technical measures" to deprive recipients of the works of their rights under the license. The OPL, like many older licenses, has no such requirement. An OPL-licensed document could, conceivably, be distributed in some sort of DRM-infested electronic book format that, in practice, deprived the reader of the right to copy or modify the document.
Common Documentation LicenseThe Common Documentation License was published by Apple Computer in 2001. It is a GPL-like license, requiring that all derived works carry the same license. It makes no requirement regarding credit to the original author beyond stating that copyright notices must be preserved. Derived works need not carry a pointer back to the original. Distribution in any format is allowed, with no requirement to make an editable format available. There is no restriction on the application of DRM schemes to CDL-licensed works. This license does carry a strong warranty disclaimer.
Design Science LicenseThe Design Science License is, perhaps, the most direct attempt to translate the GPL into the world of text. It allows the usual freedoms, but requires that all derived works carry the same license. The DSL takes a strong approach with regard to editable formats; it requires that any person distributing the document make it available in "the preferred form for editing." This requirement is rather firmer than the FDL's terms; a plain text file will not suffice unless that is how the work was created in the first place. There is a warranty disclaimer in the DSL, though it does not explicitly disclaim warranties of noninfringement.
ConclusionA significant amount of documentation has been released under the BSD license or the GPL. Putting a BSD-like license on a document makes some sense; it allows any sort of use as long as the copyright notices are preserved. Putting the GPL onto a document makes the author's intent clear in an informal sort of way, but the GPL was not written for this sort of application. The GPL refers explicitly to "programs" and acts like compiling and running programs; how such language applies to documents is unclear at best. So which license would a grumpy editor use? Your editor co-authored a book which was released under the FDL. But the next edition is unlikely to go out under that license; the restrictions imposed by the FDL are simply too heavy. Any of the remaining licenses described above would probably be usable, though one of the licenses with a copyleft term looks preferable. No decision has been made on that subject; stay tuned.
The GPL and license infection This disappointing Financial Times article has been more than adequately refuted by commenters on LWN and many other places. As FUD attacks go, this one was one of the more laughable in recent times. However, there is one point this article raises which is still occasionally trotted out by those trying to make people afraid of the GPL. It has been a while since we have looked at this claim, so it is worth a quick review pass.Here's what "distinguished professor" Richard Epstein has to say:
First, as a straight interpretive matter, [GPL section 2b] only states what the
obligation of each programmer is with his own private
improvements. It does not in so many words specify the appropriate
remedy when some portion of the open source code is incorporated
into an otherwise proprietary program. The apparent intention of
the provision is to "infect" that new program so that all of its
content becomes open source software subject to the GPL. In
principle, the entire Microsoft operating system could count as
"the work" that becomes open source because a few lines of open
source code have been incorporated into it by inadvertence.
Mr. Epstein does not, of course, tell his readers just where he obtains his information about the "apparent intention" of the GPL. Certainly it does not come from the vast amounts of text written by the creators and supporters of the GPL, who have never made this claim. Only the SCO group believes it has a license with this sort of power, and they seem to be having a hard time convincing others of this fact. The relevant section of the GPL is this:
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
What that means is that, if, say, Windows were to be combined with GPL-licensed code in such a way so to create a derived product, the only way of distributing Windows which would comply with the license would be to put the whole thing under the terms of the GPL. Note that the GPL does not address the use of a combined program at all - only its distribution. Distribution under non-compliant terms would indeed be a violation of the license. What happens then? Unlicensed distribution of copyrighted material is a straightforward legal matter. The person or company doing this sort of distribution can be sued for copyright infringement. Fines can be imposed, and distribution of the offending product can be halted with an injunction. Failure to comply with the license can also cause the infringer to lose the right to use the software in the first place. These can be heavy penalties. In particular, a company which has worked hard to get a product to market can be devastated by a court-ordered halt to that product's distribution. Such are the risks of working with other peoples' copyrighted code; there is nothing unique to the GPL here. Mr. Epstein is right to say that no court would force proprietary code into the open as a result of a GPL violation. But it is only people like Mr. Epstein who raise that issue in the first place. It remains true that straw men are the easiest to knock down. What the community needs to do is to help ensure that such straw men are recognized for what they are.
Page editor: Jonathan Corbet Security Security news The World Bank Technology Risk Checklist So you have done your best to secure your network, but you are wondering if you have really done everything possible. One useful way to find out would be to take a look at the World Bank Technology Risk Checklist (PDF format). This 31-page document asks a few hundred questions about your security setup. They cover a wide range of topics, including risk management ("Who is responsible for keeping records of cyber intrusions, costs of remediation, response time, and documenting procedures and processes?"), policy management ("Does your information security organization report to the IT organization, or is it a separate organization that maintains its independence and freedom from conflicts of interest?"), cyber intelligence ("When applying a patch to any system vulnerability, do you have a process for verifying the integrity, and testing the proper functioning of the patch?"), access controls ("Do you check for modems attached to PCs, routers, or printers?"), vulnerability testing ("Do your penetration tests encompass social engineering?"), wireless access ("Is someone responsible for tracking the number of employees with WLANs at home?"), and more.The list is long and comprehensive; if you have answers for all of the questions, chances are you run a tight network.
Killing web browsers - part II Last week's discussion on crashing web browsers with random input noted that, of all the browsers tested, only Internet Explorer survived. Since then, Michal Zalewski has posted a followup stating that, eventually, IE fell over as well. So, as Mr. Zalewski put it:
This means that VIRTUALLY EVERY BROWSER IN USE TODAY is unable to
securely render HTML. Keeping in mind that not only web browsing,
but also integrated e-mail is at risk, it is a grim thought.
Grim indeed. It will be interesting to see which browser manages to clean up its act first. Meanwhile, an improved version of mangleme, Mr. Zalewski's testing tool, has been released. This version has been ported to Python (for some reason) and includes some extra tests; its authors claim to have found a different set of IE crashes.
Fake Red Hat security update By now, many of you have probably seen the fake Red Hat "security update" mail in your mailboxes; for those who have not had the pleasure, click below to see what it looks like. An analysis of the "security update" has been posted; it's a simple trojan which installs a root account and mails system administration to a remote account. This particular attempt was so clumsy that it is unlikely to have fooled many people. The next one may be more sophisticated, however; be careful out there.
New vulnerabilities ecartis: unauthorized access to admin interface
gaim: buffer overflow in MSN protocol
gaim: command execution via smiley themes
glibc: tempfile vulnerability in catchsegv script
kernel: netfilter integer underflow
MIT-krb5: insecure temporary file
mpg123: buffer overflow
Netatalk: insecure tempfile handling in etc2ps.sh
rssh: format string vulnerability
socat: format string vulnerability
xpdf: integer overflows
Updated vulnerabilities apache: mod_ssl cipher negotiation problem
aspell: bounds checking problem
cdrecord: failure to drop privilege
ncompress: Buffer overflow
cvs: information disclosure
cyrus-sasl: remote buffer overflow
Filename disclosure vulnerability in fam
flim: insecure file creation
Foomatic: Arbitrary command execution in foomatic-rip
FreeRADIUS: denial of service
gtk2, gdk-pixbuf: buffer overflows
gettext: Insecure temporary file handling
ghostscript: symlink vulnerabilities
glibc: Information leak with LD_DEBUG
gnome-vfs: backend script vulnerabilities
gtkhtml: malformed messages cause crash
imagemagick: buffer overflow vulnerability
imlib2: buffer overflows
iproute: local denial of service
kernel information leak
kernel-utils: setuid vulnerability
libpng: multiple vulnerabilities
libpng: integer overflows
libxml2 - arbitrary code execution
libxpm4: stack and integer overflows
logcheck: symlink vulnerability
Midnight Commander: extfs vfs vulnerability
mikmod: buffer overflow
mozilla products: arbitrary code execution and other vulnerabilities
mpg123: buffer overflow bug
mpg321: format string vulnerability
mysql: several vulnerabilities
netkit-telnet: invalid free pointer
netpbm: insecure temporary files
OpenOffice: information disclosure
openssh: timing attack leads to information disclosure
OpenSSL: denial of service vulnerabilities
pavuk: buffer overflow
php: remotely exploitable memory errors
PostgreSQL: Insecure temporary file use in make_oidjoins_check
PuTTY: pre-authentication arbitrary code execution problem
qt3: BMP image parser heap overflow
rp-pppoe, pppoe: missing privilege dropping
rsync: path-sanitizing bug
sharutils: arbitrary code execution
sox: buffer overflow
SpamAssassin: Denial of Service vulnerability
squid: denial of service vulnerability
Subversion: Remote heap overflow
subversion: metadata information disclosure
File overwrite vulnerability in tar and unzip
tiff: buffer overflows
WordPress: HTTP response splitting and XSS vulnerabilities
wv: buffer overflow
XChat 2.0.x SOCKS5 Vulnerability
xine-lib: buffer overflows
xine-ui - insecure temporary file creation
zlib: denial of service
Page editor: Jonathan Corbet
Kernel development Kernel release status The current 2.6 prepatch is 2.6.10-rc1, which was released by Linus on October 22. Changes from 2.6.9 include a big USB update, the kernel events notification mechanism, the switchable I/O schedulers patch (and a new version of the CFQ scheduler), an NTFS update, in-kernel keyring management, an IRQ subsystem code rework, version 17 of the wireless extension API, the BSD secure levels module, an NFSv4 update, some scheduler tweaks, DVD+RW and CDRW packet writing support, lots of networking changes, and a number of architecture updates. Internal API changes include a new atomic_inc_return() function, changing most of the core device model functions to be exported GPL-only, the removal of the "BIO walking" helper functions, changing remap_page_range() to remap_pfn_range(), and a new generic circular buffer type (covered in last week's Kernel Page). See the long-format changelog for the details.Linus's BitKeeper repository contains an x86 signal delivery optimization, an IDE update, I/O space write barrier support, a frame buffer driver update, more scheduler tweaks, some big kernel lock preemption patches, an IDE update, various architecture updates, and lots of fixes. The current tree from Andrew Morton is 2.6.10-rc1-mm1. Recent changes to -mm include a massive cleanup of (deprecated) MODULE_PARM() calls, a configuration option for dnotify (in anticipation of adding inotify), an ext3 reservation update, and more fixes. The size of -mm has dropped considerably since many patches have found their way into the mainline. The current 2.4 prepatch is 2.4.28-rc1, announced by Marcelo on October 22. A relatively small set of fixes has been added since -pre4.
Kernel development news Quotes of the week
I want Linux development to be fluid, and I think the best way to
reach that goal is to make people _think_ of it as being fluid.
It's the old "perception changes reality" thing. It's really
true. How you think about something quite heavily influences what
you do.
-- Linus Torvalds.
Wow. That was deep. Time to go watch TV again.
This kernel is probably pretty crappy - there is a _lot_ of stuff
happening and the quality of the patches which I am receiving seems
to be gradually dropping off.
-- Andrew Morton lowering expectations for 2.6.10-rc1-mm1.
TCCBOOT is a boot loader able to compile and boot a Linux kernel
directly from its source code. TCCBOOT is only 138 KB big
(uncompressed code) and it can compile and run a typical Linux
kernel in less than 15 seconds on a 2.4 GHz Pentium 4.
TCCBOOT, for the ultimate source-based distribution.
The ongoing realtime story The efforts to bring hard realtime response to Linux continue. For those of you following along at home, here is a summary of the latest realtime Linux developments.
Ingo Molnar continues to crank out patches at a high rate. The latest,
this is probably the last 'big leap forward' in terms of the scope
of the patch. (having reached the ultimate scope: it now
encompasses everything ;)
Some small pieces of this work have been put forward as independent patches; these include the enhancements to the completion interface mentioned last week. Linus has also made a couple of changes to the big kernel lock code in support of this sort of work: the BKL functions are now entirely out-of-line, and some of the code for managing the BKL itself has been made preemptible. Ingo's patch also changes a number of semaphores in the kernel over to completions. For situations where one kernel thread needs to notify another that some task has been finished, completions are a better interface: they make the intent of the code clear, and they are better optimized for that use. Some of those patches have been posted separately as well, leading to some pushback from kernel developers who believe that their use of semaphores for that purpose is entirely legitimate. Bill Huey, the developer behind the mmlinux realtime project, is the person who has been pushing some of those patches; he responded to the resistance in this way:
Well, this is something that's got to be considered by the larger
Linux community and whether these conventions are to be kept or
removed. It's a larger issue than what can be address in Ingo's
preemption patch, but with inevitable need for something like this
in the kernel (hard RT) it's really unavoidable collision. IMO,
it's got to go, which is a nasty change.
This, of course, is just the sort of talk which will put many kernel developers off the realtime patches entirely; some of Mr. Huey's subsequent postings, being rather more inflammatory, did not help the situation either. Ingo went into damage control mode and smoothed things over, for now. If and when the realtime preemption patch is put forward for inclusion, however, chances are that the discussion could get heated indeed. Paul McKenney, meanwhile, expressed a discomfort with the realtime work which must certainly be felt by many:
The problem is that the entire OS kernel must be modified to ensure
that all code paths are deterministic. It would be much better if
there was an evolutionary path to hard realtime.
His message included a patch intended to point toward such a path. This patch, which assumes an SMP system, works by setting aside one CPU as a purely realtime processor; it is not part of the regular scheduling mechanism. Realtime processes may be assigned to that CPU by the system administrator. If they mostly work in user mode, all is well; they have a dedicated processor and need not worry about latency. As soon as a realtime process invokes a system call, however, it goes into non-deterministic mode and is booted out to one of the system's other processors. In this way, the dedicated, real-time processor never gets stuck waiting for a lock. The downside, of course, is that, every now and then, it is actually nice to be able to use system calls. Paul's idea was that each Linux system call could be examined individually, and, if warranted, modified to be entirely preemptible. When any particular system call reaches a state where it is considered to be deterministic, it could be added to a list of such calls, and realtime processes using it need not be shifted away from the realtime processor. Over time, this list would grow to the point that realtime tasks which do actual, interesting work could be run on the mainline Linux kernel. In the mean time, there would be no need for a major flag day where the entire kernel locking scheme is changed at once. The real challenge with this approach would be to make I/O deterministic, since realtime processes usually must act in response to external events. That cannot be done until it is clear that all filesystems and device drivers have been made entirely preemptible - and, at that point, much of the system has been affected. Meanwhile, it turns out that the 2.6.9 kernel already has part of this mechanism: the new isolcpus= boot parameter excludes one or more processors from regular scheduling. The scheme for migrating realtime processes when they invoke a non-deterministic system call is not present, however.
Some development model notes There has been an increase in complaints about the 2.6 development model recently. Some observers are dismayed by the continued high rate of change in 2.6, and have posted calls for the creation of a 2.7 branch and restricting 2.6 to critical bug fixes only. Failure to separate development and maintenance in this way, it is said, hurts the reputation of the Linux kernel and subjects users to needless regressions.The interesting thing with this discussion is that the people objecting to the current development mode have not been able to point to much in the way of specific problems that have resulted from it. A few specific bugs have been listed, but most of those have been around for some time and cannot be said to have resulted from recently-merged new features. The only complaint which holds water might be this one regarding the plight of some out-of-tree kernel development project (PaX in particular). PaX, it seems, is stuck at 2.6.7 because its developers have not yet been able to respond to subsequent changes in internal interfaces. This argument, of course, does not get very far with most kernel developers. There is an increasing amount of pressure to get out-of-tree projects to submit their code and become part of the mainline tree. Code which is in the mainline gets fixed (usually) when internal interfaces change, but only the original developers can maintain external code. So the standard answer to this sort of complaint is "merge your patches." Changes in the development model to accommodate out-of-tree projects are unlikely. Not every 2.6 kernel release has been 100% stable, but the same can be said of previous stable kernel series as well. What is different this time is that 2.6 has a great many new features and improvements which would not have been merged under the older model. Many of those improvements would, instead, have been backported by distributors and shipped as part of the "stable" kernel anyway. Under the new scheme, those patches are merged into the mainline, are debugged by everybody involved, and are available to all users. It seems unlikely that most users truly wish to go back to the old days, when distributors shipped highly divergent kernels with (literally) hundreds of patches. There are occasional requests for bugfix-only "point" releases for the major 2.6 kernels. Rather than wait for 2.6.10, and take all of the other changes which come with that kernel, some people wish for a 2.6.9.1 (and so on) with just the important fixes. The standard response to that request is that anybody can create and maintain such a tree. So far, however, there has not been sufficient demand for this tree to motivate somebody to actually do the work. (It should be noted, though, that Alan Cox has restarted posting his "-ac" patches, which contain fixes that are, in his opinion, important). All of the above distracts from the real development model discussion: what Linus should call his intermediate releases. There is a steady stream of objections to the "-rc" scheme, since, in fact, very few such kernels are actually release candidates. Linus pondered the issue, but decided to call the first 2.6.10 prepatch 2.6.10-rc1 anyway:
And the fact is, I can't see the point. I'll just call it all
"-rcX", because I (very obviously) have no clue where the
cut-over-point from "pre" to "rc" is, or (even more painfully
obviously) where it will become the final next release. So to not
overtax my poor brain, I'll just call them all -rc releases, and
hope that developers see them as a sign that there's been stuff
merged, and we should start calming down and seeing to the merged
patches being stable soon enough.
So the -rc names will continue for the foreseeable future.
Crash dumps with kexec One of the longstanding wishlist items for the Linux kernel is a built-in crash dump capability. Companies providing support for Linux, such as vendors of "enterprise" distributions, want this capability for the help it can provide in tracking down those obnoxious problems which only happen at the customer's site. Numerous implementations exist, but none have made it into the mainline kernel. Among the reasons for this is a lack of comfort with the crash dump code itself. That code runs when the state of the system is known to be compromised; people tend to worry that the kernel, in that state, could do unpleasant things, like corrupting filesystems. Even code which takes pains to never touch a disk is not entirely to be trusted when the system is reeling from a panic.The -mm tree contains an approach to crash dumps which may inspire a bit more trust. The core idea is to get the failing kernel out of the way entirely, as soon as possible, and to boot into a new kernel which can handle the real crash dump tasks. The mechanism used is the kexec system call, which loads and boots directly into a new kernel. The original goal was simply to speed up reboots by avoiding the BIOS and the whole set of time-consuming boot-time rituals which it performs; it's the sort of feature which appeals to kernel developers. Kexec patches have been circulating for some time, though the call has yet to make its way into a mainline kernel. Using kexec to perform crash dumps requires some additional work and advance planning. A separate kernel must be built to run when the crash dump capability is desired. This kernel needs to be as small as possible, and it must be specially configured to load into a portion of memory not used by the primary kernel. This kernel is also set up so that it only uses a small piece of the total system memory; it must be able to boot and run without changing the primary kernel's memory. When the system is running, kexec is used to preload the crash dump kernel into its reserved portion of memory. If all goes well, it simply sits there, wasting memory, and never gets run. That overhead is simply the price one pays for running an enterprise-class kernel. Should the system panic, however, the crash dump kernel has its day. The primary kernel, once it decides that something has gone drastically wrong, must first make a copy of the very bottom part of memory (it will get stepped on in the booting process). Once that is done, kexec is invoked to boot directly into the crash dump kernel. That kernel starts up, aware of all memory in the system, but only using the small portion which was reserved to it before. The result is a full, running Linux system with complete access to the memory state of the failed kernel. To help with debugging of kernel crashes, the crash dump kernel provides a couple of mechanisms for inspecting the failed kernel's memory. The file /proc/vmcore provides the old kernel's memory as an ELF-format core dump; it can be looked at with gdb or another debugging tool. If need be, a char device (/dev/oldmem) can also be set up; it provides raw access to the old kernel's memory. A developer might choose to work with the crash dump kernel and try to track down the problem immediately. In most deployed situations, instead, the crash dump kernel may be configured to simply copy the old kernel's memory image to a disk file somewhere, then reboot back into the primary system. The crash dump file can then be examined at leisure, perhaps by remote support staff. The end result of all this work should be a mechanism which can be used to track down the cause of infrequent crashes at remote sites. That should be good for the stability of the kernel as a whole - and the bottom line of enterprise support companies. See Documentation/kdump.txt from the patch for more information.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Miscellaneous
Page editor: Jonathan Corbet
Distributions News and Editorials What's New in FreeBSD 5.3 The final release of FreeBSD 5.3 should be up on the mirrors within the next two weeks. In all likelihood, this will be the first "production release" of FreeBSD 5.x series, so perhaps this is a good time to take a look at the new features in this much anticipated release. After all, it has been over four and a half years since the first production version of FreeBSD 4 was released in March 2000, and more than 20 months since FreeBSD 5.0, labeled as "new technology release", was made available in January 2003.First, the current status. FreeBSD 5.3 was originally scheduled for final release on October 17, but this was later postponed to October 27. Unfortunately, two release-critical bugs have put the release on hold until further investigation. The first one affects the TCP Selective Acknowledgment (SACK) mechanism which can, in some cases, cause system lockups. The second bug concerns GDB, which may leave certain threaded processes in an unkillable state. Additionally, some developers are concerned that FreeBSD's ULE scheduler, designed and tuned specifically for symmetric multiprocessing (SMP) systems under heavy workload, might be causing some of the problems reported by beta testers. It now looks increasingly likely that FreeBSD 5.3 will ship with ULE turned off. FreeBSD 5.3 brings many large architectural changes to the base system, most of which were too complex to port to the FreeBSD 4.x series. Probably the most interesting among them are SMPng, KSE (Kernel Scheduled Entities), and support for new hardware platforms. SMPng provides improved support for SMP systems by fine-tuned locking of kernel subsystems to increase threading performance of processes and the network stack. KSE is a kernel-supported threading system which allows a single process to have multiple kernel-level threads. As for newly added processor support, AMD64, IA64, PC98 and SPARC64 are now also supported, in addition to i386 and Alpha processors. A PowerPC port is under development. The default file system in FreeBSD 5 is UFS2. Compared to UFS in FreeBSD 4, UFS2 provides several useful features, such as extended file attributes and support for larger file sizes - at the expense of lost compatibility with UFS. FreeBSD 4 does not understand UFS2 and it is not possible to convert between the two file systems (as one would between ext2 and ext3 in Linux). This brings complications to the upgrading process - the recommended way of upgrading from FreeBSD 4 to FreeBSD 5 is to back up user data, reformat the FreeBSD partition, install FreeBSD 5.3, and restore user data. Of course, FreeBSD 5 is capable of creating the older UFS file system, so source upgrades and, in some cases, even binary upgrades might be feasible. However, the upgrade process will probably be a lot more complex than a re-install, with a further functionality loss due to unavailability of UFS2 features in the upgraded system. Other noteworthy changes include a switch to GCC 3.4.2 as the compiler toolchain, support for extensible and loadable Mandatory Access Control (MAC) policies, and new networking features, including the above-mentioned TCP SACK and a port of OpenBSD's excellent "pf" packet filter. Hardware support has also been improved: Cardbus, Bluetooth devices, and IEEE 802.11a/b/g network interfaces based on Atheros chipsets are now supported. Several network devices designed for Microsoft Windows are supported indirectly, through a compatibility layer called "ndis". Besides all the feature enhancements listed above, users familiar with FreeBSD 4 should beware of important changes in the new version. Firstly, certain parts of the FreeBSD base system were deemed non-essential and moved to the ports collection (most notably Perl and UUCP). Secondly, the configuration of ISA devices is no longer specified in the kernel configuration file, but rather by a new mechanism called device.hints (parameters can also be entered into the boot loader command line prompt). Thirdly, MAKEDEV has been replaced with device file system (devfs). And finally, there are important changes in terms of software defaults: in line with most Linux distributions, FreeBSD too has now switched to X.Org (XFree86 4.3.0 is available as an option), while the default DNS server is now BIND 9, rather than BIND 8. FreeBSD has always been considered an excellent choice for a dedicated server system, but is the new version ready for the desktop? It certainly is - but only for the technical user. While the text-based installation is simple enough and easy to follow, the initial system is decidedly underconfigured for any desktop use. This, of course, is due to FreeBSD's philosophy to give users complete control over all aspects of the system setup. Just about everything has to be done by hand after installation - that includes setting up xorg.conf, login manager, preferred desktop environment, mouse wheel, fonts, even font anti-aliasing and sub-pixel hinting need to be enabled in configuration files before one can set a sight at an acceptable desktop. Having said that, certain things did improve since FreeBSD 4; for example users with NVIDIA graphics cards no longer need to recompile the kernel in order to make use of the NVIDIA binary driver for FreeBSD - in fact, installing it and running 'Xorg -configure' will instantly produce a usable xorg.conf file. Despite all the hard work needing to get a fully-configured FreeBSD box up and running (or perhaps because of it), there is no doubt that this operating system is beautifully designed and strangely addictive. The configuration files are easy to understand. The system feels fast and responsive, with boot and shutdown times far shorter than those of any Linux distribution. Compiling a FreeBSD kernel rarely, if ever, fails. And, of course, there is the famous ports collection, now with over 10,000 packages ready and waiting for a "make install clean" command to spring into action. FreeBSD 5.3 is a great operating system, with some of the best and most up-to-date documentation on the Internet, helpful mailing lists and legions of satisfied users across the globe.
Distribution News Debian GNU/Linux 3.0r3 released The third minor update to Debian GNU/Linux 3.0 is out. It contains a great many security updates and a few other package fixes; click below for the details.
Fedora Core 3 release candidate available The Fedora hackers have made a Fedora Core 3 release candidate available for testing; they say it is very close to what the real FC3 will look like. Interested parties can find it at the Red Hat site or on this mirror.Update: a second release candidate is out. It should be at the same Red Hat site or at this mirror site.
Mandrakelinux 10.1 Official released Mandrakesoft has announced the release of Mandrakelinux 10.1 Official. "Notable new features include extended support for mobile devices, better hardware compatibility, and major application upgrades. Following a successful 'Community' release, 10.1 Official will be the basis for a large part of Mandrakesoft's range of products." Click below for the details.
Trustix Secure Linux 2.2 beta 1 The Trustix Team has announced Trustix Secure Linux 2.1.50 nicknamed Wonderboy. It is the first beta for the upcoming 2.2 release. Click below for a list of new packages, major upgrades, and other details.
Ubuntu LiveCD RC2 available Ubuntu has announced the availability of RC2 for the LiveCD. A final version should be available by the time you read this. Click below for torrent links.
Ubuntu - Recent Community Meeting Summaries Benj. Mako Hill has put together a summary of some recent Ubuntu community meetings. Click below to see the summary of the October 12 Community Council Meeting, the October 15 Documentation Team Meeting, and the October 18 Art Special Meeting.The log and summary of the October 26 meeting is also available.
TimeSys First to Register Carrier Grade Linux Distribution TimeSys has announced a new set of Linux distributions. "TimeSys Corporation, a leader in embedded Linux technologies and development tools, today became the first vendor to register a Linux distribution according to the OSDL Carrier Grade Linux Requirements Definition version 2.0.1. CGL-Registered TimeSys Linux Distributions are available for any PowerPC or x86 platform and work with the 2.6 Linux kernel to meet the advanced real-time needs of telecommunications equipment providers."
Official OpenPKG slideset updated and extended The OpenPKG primer has been updated and extending following the OpenPKG 2.2 release. Click below for links to other formats.
blag site online The Blag Linux and GNU website is back online, after its hard drives were seized by the US government. It is now running on a different box at a different ISP in a different country. There is still no details available on why the disks were seized, but some additional information is available (click below).
Fedora Core 2 updates This week's FC2 updates:
Slackware Linux Slackware has upgrades available for gaim, mod_ssl and apache for all supported versions of Slackware. You can find more details on the slackware-current changelog.
Distribution Newsletters Debian Weekly News - October 26th, 2004 The Debian Weekly News for October 26, 2004 covers an upcoming Debian Mini-Conf in Beijing, support for m32r processors added to Linux 2.6.9, support for i386, a report from the Italian Mini-Conference, and several other topics.
Gentoo Weekly Newsletter 25 October 2004 The Gentoo Weekly Newsletter for the week of October 25, 2004 is out. This issue covers the release of Portage 2.0.51, the winner of the website redesign contest, a chapter on Portage in the Gentoo handbook, and more.
Mandrakelinux Community Newsletter Issue # 97 The Mandrakelinux Community Newsletter for October 25, 2004 is out. The top story in this issue: Mandrakesoft has won two big awards! Plus a look at Mandrakelinux 10.1 for x86-64 Beta2, a review of Mandrakelinux 10.1 Community, and more.
This week's Ubuntu Traffic The October 15 issue of Ubuntu Traffic is now available. It looks at the accessibility team, Flash support, and, of course, the artwork debate.
DistroWatch Weekly The DistroWatch Weekly for October 25, 2004 features Ubuntu Linux, with a look at some upcoming releases from ASPLinux, ClarkConnect, Vine Linux, Xandros Desktop, and more.
Page editor: Rebecca Sobol
Development Disk Partition Editing with GNU Parted and GParted Modification of functional disk partitions is a job that has traditionally been done with various Windows and DOS-based commercial applications. GNU Parted is an open-source, Linux-native application that can resolve that dependency.
GNU Parted is a program for creating, destroying, resizing, checking and copying partitions, and the file systems on them. This is useful for creating space for new operating systems, reorganising disk usage, copying data between hard disks and disk imaging.
GNU Parted supports these disk labels: raw access, MS-DOS, Intel GPT, MIPS, PC98, Sun, BSD and Macintosh. It can understand and modify (with some limitations) the following filesystem types: ext2, ext3, fat16, fat32, linux-swap, HFS, JFS, NTFS, ReiserFS, UFS, and XFS. Lastly, it works with these boot loaders: LILO, GRUB, DOS, Windows NT, Windows 2000, Quik, and Yaboot. The available commands in GNU Parted include: check, cp, help, mklabel, mkfs, mkpart, move, name, print, quit, rescue, resize, rm, select, and set. These are explained in the online manual (somewhat ancient, dated 2002). GNU Parted will run from a stand-alone Linux boot diskette. GParted, the Gnome Partition Editor, is a GUI frontend to GNU Parted that works on the GNOME desktop. The project's aim is to fully support all of the GNU Parted functions, that job is in progress. The screenshots page shows GParted in action. GParted goes a long way toward making GNU Parted as easy to use as the traditional commercial applications. Version 0.6 of GParted was announced this week. It features newly added reiserfs support, faster startup, better GUI feedback, and more. These two programs are a welcome addition to any system administrator's toolkit, they offer a nice open-source solution to partition management. Of course, any prudent administrator would be advised to make and verify their backups before running any software that modifies disk partitions.
System Applications Database Software Gentle.NET 1.1.2 released! (SourceForge) Gentle.NET version 1.1.2 is out. "This release fixes a number of minor bugs and inconsistencies. There are also several minor improvements throughout, and the provider libraries have been updated to recent versions. Gentle.NET is an RDBMS independent object persistence framework written in C# for .NET and Mono."
PostgreSQL Security Release(s) for 7.2, 7.3 and 7.4 New versions of the PostgreSQL database are available. "In order to address a recent security report from iDefence, we have released 3 new "point" releases: 7.2.6, 7.3.8 and 7.4.6 Although rated only a Medium risk, according to their web site: "A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files."" A data-loss bug is also fixed in this release series.
Slony-I 1.0.5 released Version 1.0.5 of Slony-I, a database replication engine, has been released. Numerous bug fixes and other changes are documented in the project's HISTORY document.
ZODB 3.2.4 (final) released Version 3.2.4 final of ZODB has been announced. "Note that 3.2.4 incorporates a major change in semantics: it's incorrect to attempt to close a connection when objects from that connection are still in a modified state, and 3.2.4 raises the new ConnectionStateError exception in such cases. 3.2.4 also incorporates a significant ZEO performance fix, and a number of smaller bugfixes."
Interoperability Samba 3.0.8pre2 is available Version 3.0.8pre2 of Samba has been announced. Changes include experimental idmap backend for assigning uids/gids, more printer migration support for XP/2003 platforms, and bug fixes. See the release notes for details.
Libraries OpenSSL 0.9.7e released Version 0.9.7e of OpenSSL has been released. "The OpenSSL project team is pleased to announce the release of version 0.9.7e of our open source toolkit for SSL/TLS. This new OpenSSL version is a bugfix release and incorporates changes and bugfixes to the toolkit".
urwid 0.8.0 Released Version 0.8.0 of urwid, a Python language curses-based UI/widget library, is out. This is the first public release of the code.
Printing AFPL Ghostscript 8.32 beta release Beta release 8.32 of AFPL Ghostscript has been announced. "We hope you will find this third beta useful for testing and help us flush out any remaining serious bugs before this branch becomes the stable 8.5x series. We've been in feature freeze since the previous 8.31 release, so the only changes in this release are numerous bug fixes, including additional improvements in the font rendering."
PyKota 1.20 BETA is out Version 1.20 beta of PyKota, a Python-based print quota system, has been released. Changes include performance improvements, a new data dumper with support for various output formats, bug fixes, internationalized command line tools, and more.
Web Site Development mnoGoSearch 3.2.23 search engine is out Version 3.2.23 of the mnoGoSearch web site search engine has been released. Changes include new template operators, an improved blob-mode converter, bug fixes, and more. See the history file for more details.
Reflections on Rails (RubyGarden) The RubyGarden takes a look at Rails, an open source web-application framework for Ruby. "For me, the biggest obstacle to using Rails — indeed, the only obstacle — was "getting it"; that is, getting my mind around the Model/View/Controller paradigm and how Rails expresses it. And the only reason this took a day or two in my case, rather than minutes, is that it was new to me. But as soon as I "got it", everything started to move very quickly indeed."
Samizdat 0.5.4, the IMC release Version 0.5.4 of Samizdat, an RDF-based engine for building collaboration and open publishing web sites, is available. "In this version, front page layout was changed to the more familiar vertial split with the main column featuring focuses and right column running recent updates in the open publishing wire. New moderation facility allows to take over messages, displace their contents completely, and block member accounts."
RFC: Proposed backward-compatibility policy for Zope An RFC concerning backward compatibility in Zope has been published. "Backward compatibility needs to be a very high priority. Clean software also needs to be a high priority. Unfortunately, these goals are often at odds. Providing backward compatibility support makes code more complex and, thus, less maintainable."
Miscellaneous moodss 19.2 (stable) released (SourceForge) Stable version 19.2 of moodss, a modular GUI application for monitoring systems, networks, and databases, is out. "This new version includes support for the SQLite database library version 3, and some minor improvements in order to allow inclusion in the Red Hat Fedora Extras packages repository."
TCCBOOT compiles and boots a Linux kernel in 15 seconds The TCCBOOT project has been announced. "TCCBOOT is the first boot loader able to compile and boot a Linux kernel directly from its source code. It can compile and start booting a typical Linux kernel in less than 15 seconds on a 2.4 GHz Pentium 4."
Desktop Applications Audio Applications ReZound 0.11.1beta is out Beta version 0.11.1 of ReZound, a graphical audio file editor, is out with bug fixes. The previous release added a new native ALSA implementation, and a bug.
Snd-ls V0.9.1.1 and Sono V0.2 Snd-ls V0.9.1.1 and Sono V0.2 are out. "Snd-ls is a distribution of the sound editor Snd. Its target is people that don't know scheme very well, and don't want to spend too much time configuring Snd."Sono: "This little program takes a soundfile of any length and writes a Postscript file with a 'score', including sonogram and oscillogram."
SRC support for XMMS OSS output plugin Jussi Laako has announced a sample rate conversion patch for the XMMS OSS output plugin. "Why? Because there are soundcards which support only single samplerate in hardware (usually 48 kHz). To get best possible sound quality out of these, you'll need high quality samplerate conversion when playing 44.1 kHz files/streams."
Data Visualization PyX 0.7 was released Version 0.7 of PyX, Python package for the creation of encapsulated PostScript graphics figures, is available. The CHANGES include a bunch of new and updated graphics modules.
Desktop Environments GARNOME 2.8.1 is out Version 2.8.1 of GARNOME has been released. "The latest 'somewhat toned down' version of GARNOME distribution for those who want a new version of GNOME for regular day-to-day use, but don't want to wait until your distribution catches up, is now out and about. This release incorporates the GNOME 2.8.1 Desktop & Developer Platform, as well as plenty of new third-party package updates and funkey new features."
GNOME 2.8.1 Desktop and Developers Platform is released GNOME 2.8.1 has been announced. "The first point release of the stable 2.8.x series of GNOME has been released. This release includes the latest bugfixes and other improvements such as updated translations and is the first in a series of point releases." Version 2.8.1.1 of gnome-applets was also released, but was not included with GNOME 2.8.1.
Java-Gnome 2.8.1 is out Version 2.8.1 of Java-Gnome, the Java bindings for GNOME, is available. "This is a stable release, with plenty of polish, so should be used in general development. We welcome any new java developers to join us writing gnome applications and look forward to hearing about your creations."
KDE CVS-Digest The October 22, 2004 edition of the KDE CVS-Digest is online, here's the content summary: "khtml fixes include table layout, background-position, min max-height and mangled html fixes. New KControl for Logitech mouse features. Kicker and taskbar optimizations and improvements. Xpdf security fixes. Also coverage of the Subversion discussions on kde-core-devel."
Electronics Qucs project release 0.0.4 Version 0.0.4 of Qucs, an integrated circuit simulator, is available. This release features improved documentation, additional examples, finished AC analysis, non-linear transient analysis, and more.
Games Cyphesis 0.3.5 released Version 0.3.5 of Cyphesis, server for WorldForge games, has been announced.. changes include new AI code, bug fixes, and database performance improvements.
G System 0.4.1 is released Version 0.4.1 of G System, a framework for virtual world simulations, has been released. "Among minor demo improvements the focus was on improving and revising the documentation of the G System to reflect our current ideas. Particular care was taken to update outdated information and extend the content where necessary."
Graphics DiaCanvas2 0.14.0 announced Version 0.14.0 of DiaCanvas2, an MVC based diagraming widget, has been released. Changes include a new undo manager, extensions to the DiaCancasEditable interface, bug fixes, and more. DiaCanvas2 0.14.1 was released later, it fixes a problem that shows up when compiling with GCC 3.4.
GUI Packages gob2 2.0.11 released Version 2.0.11 of gob2, the GTK+ object generator, is out with one compilation fix.
Interoperability Wine Traffic The October 22, 2004 edition of Wine Traffic is online. Threads covered include: Porting C++ With Winelib and Loader Issues, Start Menu Brokenness, When Optimizations Aren't, Windows Catch-22, and Winedbg: Broken Watchpoints.
Medical Applications FreeMED 0.7.1 released (LinuxMedNews) Version 0.7.1 of FreeMED, a medical record system, has been announced. A new billing package called REMITT is included with this version.
Office Suites KOffice 1.3.4 Released (KDE.News) KDE.News has an announcement for version 1.3.4 of KOffice. "The main goals of this release are to fix the integer overflows in KWord's PDF import filter and to be able to compile KOffice again on KDE 3.1.5 and Qt 3.1.2."
RSS Software Imendio Blam 1.6.0 announced Version 1.6.0 of Imendio Blam, an RSS reader for GNOME, has been released. "This release features a major change in that the HTML widget has been replaced with Mozilla. This makes the rendering a lot quicker and more accurate, it also solves a number of issues people where having with lockups during image fetching."
Web Browsers Alpha Version of Gtk+ port of KHTML (KDE.News) KDE.News reports on an alpha release of WebCore/KHTML, an HTML rendering engine and reference browser. This release adds GTK+ support. "Released components include KJS javascript interpreter, KHTML rendering engine, Qt porting layer, WebKit API for embedding and a reference browser for demonstrating the functionality of the other components."
Miscellaneous Chandler 0.4 is out Version 0.4 of the Chandler Personal Information Management (PIM) system has been released. "The high-level goal of the 0.4 release is to be "experimentally usable" for a few key end-user tasks."
Devhelp 0.9.3 announced Version 0.9.3 of Devhelp, a developer tool for browsing API documentation in GNOME, has been announced. "This release mainly features mozilla compatibility issues. It adds support to build against firefox which is fixed by Christian Persch. He also fixed so that we no longer needs a shell script to set a bunch of Mozilla variables."
Languages and Tools Objective C ObjectiveLib version 0.8 released (SourceForge) Initial version 0.8 of ObjectiveLib has been announced. "ObjectiveLib is a library of containers and generic algorithms for Objective-C meant to provide the same benefits to Objective-C developers that the Standard Template Library provides for C++ developers."
Java Woodpecker 0.1.0 released. (SourceForge) Version 0.1.0 of Woodpecker has been announced. "Woodpecker is a Java ResourceBundle property file editor. It provides friendly and platform native UI, Java access class generator and other exciting features. The release 0.1.0 isn't complete in features, in fact, users can't even read, write of edit the .properties files."
An Introduction to Aspect-Oriented Programming with the Spring Framework, Part 2 (O'ReillyNet) Part two of an O'Reilly series on Aspect-Oriented Programming is available. "Russ Miles continues his introduction to Aspect-Oriented Programming (AOP) in Spring by delving into the around advice, which allows you to not just add to an existing method implementation, but to completely replace it."
Create and Read J2SE 5.0 Annotations with the ASM Bytecode Toolkit (O'ReillyNet) Eugene Kuleshov discusses the ASM bytecode-manipulation toolkit on O'Reilly. "Continuing his examination of the ASM bytecode-manipulation toolkit, Eugene Kuleshov shows how ASM can be used to access J2SE 5.0 attributes, even from earlier JVM versions that don't support attributes."
Advanced Synchronization in Java Threads, Part 1 (O'ReillyNet) Scott Oaks and Henry Wong discuss Java threads on O'Reilly. "J2SE 5.0 introduces sophisticated new options for coordinating multiple threads. In this excerpt from Java Threads, 3rd Edition, Scott Oaks and Henry Wong look at new scheduling strategies represented by the java.util.concurrent package."
Lisp Maxima 5.9.1 released Version 5.9.1 of Maxima, a computer algebra system written in Common Lisp, is available. "It adds a command-line version of the program for Windows, support for external interfaces, improved builds and installs, command-line editing abilities, test suite improvements, enhanced plotting, Quadpack routines, improvements to tensors and differential equations, and more."
SBCL 0.8.16 released Version 0.8.16 of Steel Bank Common Lisp has been announced. "This version makes possible on more of the supported platforms to save cores with foreign code loaded, adds performance improvements and fixes several bugs."
Perl Perl Code Kata: Testing Taint (O'Reilly) chromatic discusses Perl code katas on O'Reilly. "How do you find new ideas? One way is through code katas, short pieces of code that start your learning. This article is the first in a series of code kata for Perl programmers. All of these exercises take place in the context of writing tests for Perl programs."
Python Dr. Dobb's Python-URL! The October 25, 2004 edition of Dr. Dobb's Python-URL! is online with the latest Python language articles.
Tcl/Tk Dr. Dobb's Tcl-URL! The October 25, 2004 edition of Dr. Dobb's Tcl-URL! is online with the week's Tcl/Tk articles and resources.
XML XML in localisation: Use XLIFF to translate documents (IBM developerWorks) Rodolfo M. Raya covers XML localization issues on IBM developerWorks. "The first article in this series briefly explained the most relevant XML standards used in the localisation industry. This second part focuses on XML Localisation Interchange File Format (XLIFF) and explains with practical examples how to use it for translating different kinds of documents. This article presents a step-by-step guide to translating multilingual documents using XLIFF as an intermediary file format, and provides useful resources for localizing Java applications."
Speech Synthesis Markup Language: An Introduction (O'Reilly) Peter Mikhalenko introduces SSML, the Speech Synthesis Markup Language, in an O'Reilly article. "Speech Synthesis Markup Language Specification (SSML 1.0), introduced in September 2004, is one of the standards enabling access to the Web using spoken interaction. It's designed to provide a rich, XML-based markup language for assisting the generation of synthetic speech in web and other applications. The essential role of SSML is to provide authors of synthesizable content a standard way to control aspects of speech such as pronunciation, volume, pitch, rate, etc., across different synthesis-capable platforms."
Editors Conglomerate 0.7.15 released Version 0.7.15 of Conglomerate, an XML editor, has been released. "This is still an unstable release; there are still some known repeatable crash bugs. Please download it and test that no new bugs have been introduced!"
Page editor: Forrest Cook
Linux in the news Recommended Reading Lexmark's loss is everyone's gain (ZDNet) ZDNet UK comments on the appeals court ruling in the Lexmark v. Static Control DMCA case. "The court said that 'lock-out' codes in software that's designed to control or limit interoperability is not covered by the original-expression intentions of copyright law. Furthermore, said the court, SCC's reverse engineering was not a circumvention of Lexmark's Toner Loader Program but a replacement of it, so even if the code had been covered by copyright, SCC's implementation would have been allowed under the fair-use doctrine."
Windows v Linux security: the real facts (Register) The Register does some myth busting on the subject of Windows vs. Linux security. "Myth Statistics 'prove' that Windows has fewer, less serious security issues than Linux, that Windows issues are always fixed, and that they are fixed faster.Fact Quite a broad collection of 'facts' exist in this category, but what they have in common is the (actual) fact that they are usually based on single metrics, on a single aspect of measuring security."
Trade Shows and Conferences LinuxWorld London: Sandals and suits in symbiosis (NewsForge) NewsForge reports from LinuxWorld, London. "In the .ORG village, the heart and soul of the conference, the sandals were similarly serious. Despite being squashed into small corridors between stands, giving the effect of a perpetually busy village without the need for visitors, spirits were high and exhibitors were looking more professional than ever. The Association for Free Software even briefed its helpers on the association's activities, issues that people might raise, and how to give a good spiel to visitors. According to AFFS committee member Alex Hudson, the AFFS is working on making its standard of communication more professional, though he hesitated to use that dirty word."
The SCO Problem SCO stock falls to lowest price since it filed IBM suit (SL Tribune) The Salt Lake Tribune notes SCO's steady decline. "Company spokesman Blake Stowell, citing corporate restrictions, declined comment on the stock price. He also would not discuss SCO's plunging revenues or uncertainty about the Unix-Linux courtroom battles, possible factors in the company's declining fortunes on the Nasdaq exchange."
Companies Dell to tighten Linux ties with Novell pact (News.com) News.com reports that Dell will offer Novell's SuSE Linux factory-installed on new servers. "Dell has long offered market-leading Red Hat Linux as an operating system that can be installed in the computer maker's factories. But second-place SuSE has only been available as a special option for customers willing to pay for a customized system. Now the Round Rock, Texas-based computer maker is expected to elevate SuSE to Red Hat's level, sources familiar with the plan said."
NoSoftwarePatents.com for Europe (NewsForge) NewsForge covers a corporate collaboration against European software patents. "Red Hat, MySQL AB, and three German Web hosting companies have announced a partnership with software developer Florian Muller to support NoSoftwarePatents.com, an organization that hopes to stop the European Union from granting patents to what Muller calls a "cartel of patent superpowers" whose aim is to stifle competition."
Business Open Source Wall Street Analyst Dion Cornett publishes a weekly newsletter called Open Source Wall Street which looks at publicly-traded companies working with free software. The October 25 issue (PDF format) is available; it looks at IBM's results in China, Russia, India, and Brazil; competition with Microsoft on the desktop; VMWare; JBoss; and the Financial Times article. "One of the more interesting aspects of this article is that SUNW's president agreed with it enough to include it in his blog. Herein lies our primary criticism of SUNW, and the reason we do not believe that SUNW will outperform its sector: Mr. Schwartz does not appear to understand that [Intel's] profits would be lower were it not for a robust Linux operating system that facilitates migration from RISC to x86."
Resources Geolocation by IP Address (Linux Journal) Linux Journal posits that determining geographic locations based on Internet IP address can be useful. "Geolocation by IP address is the technique of determining a user's geographic latitude, longitude and, by inference, city, region and nation by comparing the user's public Internet IP address with known locations of other electronically neighboring servers and routers. This article presents some of the reasons for and benefits of using geolocation through IP address, as well as several techniques for applying this technology to an application, Web site or user community."
Secure Your Wireless with IPSec (O'ReillyNet) O'ReillyNet looks at one way to secure a wireless connection. "Wireless is practically wide open for anyone with a laptop, a wireless card, and the appropriate set of tools. WEP is defeatable. MAC addresses are sniffable and spoofable. In short, you need the next level: IPsec."
OOo Off the Wall: Floating Windows (Linux Journal) Bruce Byfield explores the floating windows in OpenOffice.org. "Floating windows are one of the keys to using OpenOffice.org efficiently. In the same way that the design of OpenOffice.org nudges users towards styles and templates, it also leads them towards using floating windows to manage and apply resources."
Using a Linux-based home recording studio (NewsForge) Dave Fancella makes some music in a Linux-based home recording studio on NewsForge. "Open source software has been available for multi-track recording for some time, but only in recent months has it finally matured to a point where it can handle both entry-level and production-level tasks. In the past you had to spend thousands of dollars to be able to record, which put recording demo tapes, extended play records, and long play records well beyond the budget of a hobbyist or struggling band. Nowadays we have good quality open source software for recording and the Internet as a distribution mechanism. The cost to record is literally the same as the price of your computer and the time spent recording."
Critical Server Needs and the Linux Kernel (Linux Journal) Linux Journal looks at Linux kernel features needed for mission-critical server environments. "This article provides some examples of features and mechanisms needed in the Linux kernel for server nodes operating in mission-critical environments, such as telecom, where reliability, performance, availability and security are extremely important. Here, we discuss four such features: a cluster communication protocol, support for multiple-FIB, a module to verify digital signatures of binaries at run time and an efficient low-level asynchronous event mechanism."
Deploying a VPN with PKI (O'ReillyNet) O'ReillyNet presents a tutorial on deploying a VPN using OpenVPN and OpenSSL. "The tutorial implements a certificate-based security infrastructure using OpenSSL and uses this to secure both OpenVPN client and server endpoints. We will highlight two great new features to appear in OpenVPN-2.0 (now in beta) that will make it a good choice for any VPN--single-instance server mode and certificate revocation list support."
Reducing OS Boot Times for In-Car Computer Applications, Part III (Linux Journal) Linux Journal goes for five-second boot times on in-car computers. "In our earlier articles, we compared the unnecessarily slow boot process to that of a car radio. The car radio boot times have climbed from nearly instant in the 1980s to several seconds today, but they still are rapid enough to be hardly noticeable. If you watch a modern radio right after you start the engine, you may see it do a small power-on self test, flash all the lights on the unit--much as dashboards in many cars do--and then power on the amplifier, producing sound within a second or two. We decided to use the radio as our benchmark of rapid usability and appliance-like behavior. We attempted to minimize the following two variables: time from computer power-on to video and time from computer power-on to audio."
Reviews A week in the BSD CLI (NewsForge) Jem Matzan spends a week exploring OpenBSD's command line interface. "I already knew that I could do pretty much anything from the command line if I was willing to sit down, read manual pages, and learn -- or if I really had to. To prove it, recently I forced myself to use only the CLI for a week. I ended up learning a lot more than just a few command line arguments."
Postfix for the Linux business desktop (NewsForge) Marcel Gagné looks at the Postfix mail transport agent in a NewsForge article. "The advantages of Postfix include enhanced security, relatively simple configuration, and excellent performance. Postfix's increased security comes partly from its modular design. Each process handles some portion of the mail delivery cycle and none of these processes run setuid root. As has been observed, Postfix doesn't even trust itself."
Miscellaneous iRiver ships Linux portable media players (Register) The Register looks at a new series of Linux-based Portable Media Player (PMP) devices from iRiver. "The PMP-120 and PMP-140, each equipped with a 20GB and a 40GB 1.8in hard drive, respectively, provide MP3, ASF, WMA and WAV audio playback, along with MPEG 4, AVI, DivX and XviD video support. There's still photography storage and slide-show features, too, and the machines also provide an FM radio and voice recording facilities."
Why open source is unsustainable (Financial Times) We know some LWN readers must be thinking: "we haven't seen any good FUD for a little while." For those readers, here's a low-clue piece by a "distinguished service provessor of law" in the Financial Times, which really should know better. "The bottom line is that idealistic communes cannot last for the long haul. The open source movement may avoid these difficulties for outside contributors who work for credit and glory. But how do the insiders, such as Linus Torvalds, cash out of the business that they built? And in the interim, how do they attract capital and personnel needed to expand the business? Traditional companies have evolved their capital structures for good reason." (Thanks to Neil Sheed).
Brazilian government finances development of open source HIS (LinuxMedNews) LinuxMedNews looks into the financing of an open-source health information system by the Brazilian government. " Approximately 60 thousand US dollars awarded for open source Care2x. This milestone for Care2x acceptance in Brazil was made by a federal supporting agency called FINEP of the brazilian Ministry of Science and Technology (MCT). The financial support was awarded to the Institute for Scientific and Technological Research (IPCT) of a large southern brazilian university PUCRS in partnership with the Alfamais.com group."
How to be a Free Software zealot (NewsForge) Robin 'Roblimo' Miller has some fun with free software zealotry. "This is when you either pass or fail the zealot/radical test. If you are an advocate, you want to convert someone. You speak to them on their level, you don't sneer at them, and you give them good reasons why they should hear you out. And perhaps, sooner or later, you get them to (at least partially) agree with you."
Page editor: Forrest Cook
Announcements Non-Commercial announcements Unisys joins OSDL Unisys is the latest company to join the Open Source Development Labs.
Commercial announcements Dell to preinstall SUSE Linux Dell and Novell have sent out a press release stating that Dell will start offering SUSE Linux on its PowerEdge servers; click below for the details.
Empower Technologies Unveils PowerPlay 1x Fun Linux toy of the week: Empower Technologies has sent out a press release proclaiming the forthcoming availability of the "PowerPlay 1x" PDA. It is a dual-processor, Linux-based system with a color display, built-in MP3/MP4 player, and a cellular phone option. Availability is in December, for about $199.
NASA announces world's fastest supercomputer SGI and NASA report that NASA's new SGI Altix system (running SGI's LINPACK on 10,240 Intel Itanium 2 processors) has claimed the title of world's fastest supercomputer. Click below for a glimpse at what this computer is doing at NASA.
Starwood Hotels deploys Linux-based reservation system Starwood Hotels and Resorts Worldwide has announced a deal with HP to deploy and manage a new, Linux-based global reservation system for its 750 hotels. "In addition to vastly improved functionality, Starwood anticipates savings of $15 million to $20 million annually on its technology operating costs."
StreetFire Sound Labs' RBX1600 Music Server Powered By MontaVista Linux MontaVista Software and StreetFire Sound Labs have announced that StreetFire's RBX1600 Digital Music Server is powered by MontaVista Linux.
Sxip and Bryght Extend Federated Identity Beyond Drupal Sxip Networks and Bryght have completed an authentication module for Drupal, Open Source content management software. The SXIP module ties into Drupal's existing authentication structure.
TimeSys Introduces TimeStorm Linux Development Kit for Motorola's MVME6100 TimeSys has announced the availability of the TimeStorm(R) Linux Development Kit (LDK) for Motorola's latest VMEbus product, the MVME6100.
Unisys and SAS Unveil Linux-based Business Intelligence Unisys and the SAS Institute have announced an effort to bring business intelligence software to Linux. "Together, Unisys and SAS have offered high performance, scaleable end-to-end business intelligence and analytic solutions. Now, joint customers are able to take advantage of the flexibility and openness of the Linux operating system. "We're seeing heightened customer interest in Linux-based business intelligence solutions - particularly in the financial services industry," said Keith Collins, CTO of the SAS Institute. "Working with Unisys - a long-time price/performance leader among high-end Intel based systems - and its ES7000 family of servers, we're well poised to make Linux-based business intelligence a reality for our enterprise customers.""
xDMS Xandros Desktop Management Server Now Shipping Xandros has announced the release of xDMS (Xandros Desktop Management Server). xDMS provides a remote management facility that can deploy, configure, and update thousands of Linux desktops through a graphical interface.
New Books "Game Console Hacking" Released by Syngress Publishing Syngress Publishing has published the book Game Console Hacking by Joe Grand, Frank Thornton, Albert Yarusso, and Ralph H. Baer.
"Head First Servlets and JSP" Released by O'Reilly O'Reilly has published the book Head First Servlets & JSP by Bryan Basham, Kathy Sierra, and Bert Bates.
SitePoint Releases Third Edition of a Classic PHP/MySQL Book SitePoint has published the book Build Your Own Database-Driven Website Using PHP & MySQL, 3rd Edition by Kevin Yank.
"sendmail 8.13 Companion" Released by O'Reilly O'Reilly has published the book sendmail 8.13 Companion by Bryan Coastales with Gregory Neil Shapiro and Claus Assmann.
"Wireless Hacking" Released by Syngress Publishing Syngress Publishing has published the book Wireless Hacking by Lee Barken, Eric Bermel, John Eder, Matthew Fanady, Alan Koebrick, Michael Mee, Marc Palumbo, and Rob Flickenger.
Resources The LDP Weekly News The October 27, 2004 edition of the Linux Documentation Project Weekly News is online with the week's new documentation releases.
Contests and Awards Zend's PHP 5 Coding Contest winners announced The php.net site lists the winner of their PHP 5 Coding Contest. "Congratulations to Qiang Xue, whose application 'PRADO' earned high votes both from the public and from the judges' panel! There are 49 other prizewinning applications in Zend's contest gallery - too many to list here. Some of them are ongoing projects, bringing PHP 5 a small armoury of useful open source tools."
Upcoming Events OSDL Enterprise Linux Summit to Feature Keynote Panel on Utility Computing and the ISV Opportunity Open Source Development Labs (OSDL) has announced a keynote panel that will be part of the 2005 OSDL Enterprise Linux Summit. The summit will be held in Burlingame, CA from January 31 to February 2, 2005. "Taking place on February 2, 2005 with speakers Dave McAllister, Carl Kesselman, and Akmal Khan, the panel will explore utility computing's approaching tipping point in enterprise adoption. Moderated by Dan Kusnetsky of IDC, the discussion will center around the enormous business opportunities for ISVs who can move quickly and capitalize on Linux's early role as the critical platform for utility computing. Issues such as identifying technical challenges, managing the business risks associated upon using this IT strategy and why customers are looking to independent third parties as part of their utility computing solutions, will be discussed."
UKUUG LISA/Winter Conference 2005 CFP A Call for Participation has gone out for the UKUUG LISA/Winter Conference. The event will take place on February 24 and 25, 2005 in Birmingham, UK.
Israeli "Welcome to Linux" Series 2004 A Welcome to Linux Series will start on November 3, 2004 in the Israeli cities of Haifa, Tel Aviv, and Jerusalem.
F/OSS and MIE2005 (LinuxMedNews) LinuxMedNews has posted a query about a possible open-source medical software meeting. Interested participants should reply. "The IMIA Open Source Working Group is exploring the idea of a working conference and/or F/OSS 'summit' to be held in conjunction with MIE2005 in Geneva 28 August - 1 September 2005. We would probably be looking at approx. 2-3 Sept. for the meeting."
PyCon 2005: Call for Proposals A Call for Proposals has gone out for the PyCon DC 2005 Python conference.
Events: October 28 - December 23, 2004
Web sites PythonBlogSoftware A new wiki site called PythonBlogSoftware has been formed to catalog the available Python-based Blogging packages.
Software announcements This week's software announcements Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Miscellaneous Steve Ballmer's "executive letter" For the curious, here is Steve Ballmer's letter attacking Linux. "According to statistics posted on the security Web site Secunia, Red Hat Enterprise Linux 3 has averaged 7.4 security advisories per month, compared with 1.7 advisories for Windows Server 2003. And as Yankee Group noted in its Linux, UNIX and Windows TCO Comparison study, 'Linux-specific worms and viruses are every bit as pernicious as their UNIX and Windows counterparts - and in many cases they are much more stealthy.'"
Page editor: Forrest Cook
Letters to the editor InfiniBand
I just read the coverage of Greg K-H's concerns about the InfiniBand licensing in last week's kernel section (which just became freely available). As one of the main developers of free InfiniBand software, there are a few things I wanted to clarify. First, we just got rid of the dumb new $9500 charge for the spec (and will retroactively refund anyone who actually paid that amount). There seem to be two objections raised in your article. First is the restrictive language used for non-member access to the specification. Since pretty much every company on the IBTA steering committee is actively involved in the OpenIB effort, we should be able to get that sort of issue resolved soon as well. In the meantime, everyone working on the code is affiliated with an IBTA member company, which means we received our copies of the spec without any such restrictions. The second objection that was raised was about patent licensing. However, sadly enough, the IBTA patent terms are pretty much par for the course. For example, the PCI SIG has nearly word-for-word the same patent licensing terms (see below), but we don't see anyone asking for the removal of drivers/pci or saying, "the end result is that PCI looks like a closed, proprietary standard, and not something which can be supported in free software." In any case, no matter what the IBTA member agreement patent language is, the fact remains that there are far more patent holders who are not members than IBTA members (most notably Microsoft, who are no longer IBTA members). Since I don't think anyone benefits from a high profile news source like LWN spreading what is essentially FUD, I would appreciate it if you could publish some clarification. Thanks, Roland Here's a snippet of the PCI SIG bylaws (http://www.pcisig.com/membership/about_us/bylaws/): SECTION 15.3 LICENSING OF MEMBER INTELLECTUAL PROPERTY RIGHTS When the Member or its Affiliate makes a Contribution to a Specification of the Corporation, including revisions thereto, or when the Corporation adopts and approves for release a Specification after providing notice as set forth in Section 15.2, above, the Member and its Affiliates hereby agree to grant to other Members and their Affiliates under reasonable terms and conditions that are demonstrably free of any unfair discrimination, a nonexclusive, nontransferable, worldwide license under its Necessary Claims to allow such Members to make, have made, use, import, offer to sell, lease and sell and otherwise distribute Compliant Portions, .... SECTION 15.5 RETENTION OF RIGHTS Nothing contained in this ARTICLE 15 shall be deemed as requiring a Member or its Affiliates to grant or withhold a nonexclusive license or sublicense of an individual Member's patents containing Necessary Claims to non-Members on such terms as the Member or its Affiliates may determine. Pretty much identical to the IB language, eh? For good measure here's a similar snippet of the Bluetooth SIG patent and copyright license agreement (https://www.bluetooth.org/foundry/sitecontent/document/Pa...): 5. License Grant. (a) To Associate or Adopter Member. Effective upon the adoption by Bluetooth SIG of each Bluetooth Specification, the Promoter Members and their Affiliates hereby grant to each Associate and Adopter Member and its Affiliates (collectively, Licensee ) a non-exclusive, royalty-free, perpetual, irrevocable, nontransferable, nonsublicenseable, worldwide license under the Promoter Member s Necessary Claims with respect to the Bluetooth Specification and/or Foundation Specification solely to make, have made, use, import, offer to sell, sell and otherwise distribute and dispose of Compliant Portions; provided that such license need not extend to any part or function of a product in which a Compliant Portion is incorporated that is not itself part of the Compliant Portion.
Kernel development
Dear LWN Kernel development should serve, very broadly, three classes of user: private users, corporate users and kernel developers, and it is important that the needs of all three are met. Recently the needs of the middle group have not been met. Since version 1.0, over ten years ago, kernel versions have followed the elegant and simple scheme whereby odd point releases are development kernels and even point releases are stable kernels. The 2.6 kernel has had, and continues to have, major subsystems completely rewritten, not in the interests of bug fixing, but in the interests of development. That the old kernel development model had shortcomings in the eyes of the developers I accept, but the current model has shortcomings in the eyes of corporate users. I currently maintain around 25 servers in a lights-out environment: were I to install 2.6 on them, which version of 2.6 should I consider to be "stable"? For corporate users, the 2.4 series is stable. The only changes now are genuine bug fixes or porting for new hardware (eg, SATA disks). The 2.6 series has some features which are attractive to corporates (eg, built-in VPN), but few will risk installing such a rapidly-changing kernel on a 24x7 server. A development methodology that serves all three classes of user is required. Forking a development "odd-dot-zero" release near-simultaneously with the release of the production "even-dot-zero" version worked well for almost ten years. Should we return to that scheme? Best regards, Keith Edmunds http://www.TheLinuxConsultancy.co.uk
IE vs. other web browser security
While it is disappointing that so much software fall over with bad HTML, at least it *only* falls over. If you use IE then there are lots of ways of installing, and running, arbitary code on your computer if you just visit a web page, or preview HTML email in some cases. About 3 came in the same week bugtraq reported the browser reliability results. Banner ads on CNN et al for less than wholesome websites, and worms, have been known to apply these techniques. Most of the IE exploits use hair-brained ideas that only IE supports, and nobody else supported because of the obvious security implications. My conclusition is that despite the relaibility result IE is the least secure browser around because of hair-brained design. Bugs can be fixed but hair brained design is unfixable. What you exoect from an outfit that has *earned* the assumption that their software is insecure until proved otherwise? -- Duncan (-: "software industry, the: unique industry where selling substandard goods is legal and you can charge extra for fixing the problems."
With regards your analysis on Open Source sustaiability
Dear sir, I am sure, by now, you have received numerous e-mails on your article in the Financial Times. However, I feel I may be able to make some points that others may have missed on the issues you have raised. First you state that, in Open Source, the source code must be available to all. Actually, this is not entirely correct. There are three popular Open Source licenses - the GPL, the LGPL and a license modelled after the Berkeley UNIX license known as the BSD license. The GPL states that you are required to make the source code available to those whom you make the binaries available. Thus, if the program is used internally within an organization, it is only required that the source be available to those people. No distribution beyond that scope is required. Each of those users can modify the source and distribute it themselves, but there is nothing in the license that entitles such users to expand the scope of distribution. The GPL prohibits a reduction in rights, but that is all. The LGPL is similar to the GPL, except that only the common public code needs to be distributed. If you have proprietary extensions, or have proprietary applications which make use of LGPL code, no distribution of the source for those extensions or applications is required. The BSD license takes a different approach. Redistribution is permitted, but not required. Anyone can make proprietary modifications to the common source code and sell binary-only versions based on those modifications. The common pool of knowledge is treated no differently than the contents of a public library, in that anyone can go in and read the contents, but what they do with that information is entirely their own business. Now we move onto the interpretation of the GPL, when GPLed works are included in other works. The GPL allows for "fair use", in that you have to incorporate more than a trivial element of a GPLed work into another work before the GPL applies. It must actually be intrinsically embedded, not merely linked. The GPL prohibits non-trivial inclusion of GPL code in a non-GPL/LGPL work, but it does permit non-trivial interactions between GPLed and non-GPLed code. (This is why non-GPLed drivers are perfectly valid and legal, when loaded into the Linux kernel, even though the Linux kernel is GPLed. The kind of linking involved is not considered to be covered by the GPL.) But what remedies are permitted, if someone violates this? You incorrectly say that the GPL offers none. In fact, the GPL states that the GPL is the only license an individual or organization has to distribute the code and that violations of the GPL result in a nullification in that license for that individual or organization. In other words, including GPLed code in a non-GPL product, or vice versa, in such a way as to produce a new work (not merely two distinct works combined) that is distributed under terms that violate the GPL results in a revocation of the permission to distribute the GPLed code. The distributor is still entitled to do what they like with their own code, including selling it as a proprietary binary. Their work is theirs and is not covered by the remedy. The sole restriction is that they may not include the GPLed code as part of their distribution. The scenario of A creating a derivative work that is covered by the GPL, and then B using it without prior knowledge of it being GPL, is a violation of the GPL by A. The GPL clearly states that GPLed source code clearly declares itself as such and that the license be included. If B is genuinely not aware of the license (because proper copyright notices are not included and/or the license is absent), then A has violated the GPL. Since violating the GPL voids all rights to distribute the code, B would likely be entitled to damages against A in proportion to the damage against B's business interests. However, it must be noted that this applies only to the GPL and (within certain limitations) the LGPL. The BSD license freely allows BSD code to be used in proprietary products and distributed in binary-only form, without restriction. Indeed, Microsoft already uses BSD code within Microsoft Windows - the TCP/IP driver is a direct derivative of the standard BSD TCP/IP driver. There have been no complaints over this, because it was this kind of re-use of BSD code in commercial products that the license writers had in mind. The next issue raised is who owns the capital. What happens when a member of the "Open Source" workforce leaves? This argument is based on the fallacy that the source code (and therefore the value of that code) is centrally owned. The author of a book will continue to receive royalties for that book, long after they retire. Indeed, they will continue to do so for between fifty to senenty-five years after their death (depending on their country of origin). Membership of some publishing commune is not required to claim that income. Where, though, is the income from Open Source? The GPL, LGPL and BSD licenses all permit sale and resale with no restrictions or limitations, so physical income certainly exists. Far more often, though, such source code has indirect value. A person gains no royalties from redistribution of their PhD thesis, but individuals with PhDs frequently have higher earning power than those without. We see much the same thing with certification programs. It actually costs money to be certified, but again it has indirect value, in that a certified individual will often have far greater earning power and have a far greater range of opportunties. How does this apply to Open Source? Well, if Linus Torvalds were to apply for a job in computer programming tomorrow, he is very likely to be considered eligable - and of considerable interest - for just about any position he should choose to apply for. His name would attract media attention and potential sponsorship, in much the same way as a celebrity sports player does for whatever team they play for. The combination of proven talent (eg: the Linux kernel) and endorsement value would give him considerable value to any company. Precisely because any company would rather such value came to it, rather than a competitor, companies would likely pay him extremely well to ensure his continued affinity. Finally, I will briefly mention why the economic model of Open Source is viable, sustainable and scalable. Economics defines the "Closed Source" model as a Nash Equilibrium. (DEFINITION: Nash Equilibrium If there is a set of strategies with the property that no player can benefit by changing her strategy while the other players keep their strategies unchanged, then that set of strategies and the corresponding payoffs constitute the Nash Equilibrium.) Closed Source is a Nash Equilibrium, because the computer industry prefers stability and consistancy. This is why Microsoft has retained compatibility with DOS applications, even though DOS is over 30 years old, and why Apple - which does try to change strategies, as technology shifts - has failed to benefit. Indeed, it is a proven fact, in computing, that changing strategy leads directly to failure, whilst retaining a working strategy is the only way to profit. This is the requirement and definition of a Nash Equilibrium, and therefore this is the best model for such a market. However, Professor Nash's work goes further than to describe the stagnant scenario. His work on the non-zero-sum scenario - where personal greed is NOT the motivating force, and where cooperation rather than competition drives the market. In such a scenario, the sum total of profit is non-zero. A company does not earn by taking from another. There may be no interaction at all, or two or more companies may work for the positive benefit of the group. Open Source is the non-zero-sum scenario. Personal gain is certainly permitted, and even encouraged within certain constraints, but there is a net guarantee that the profit of one is not at the expense of another. The non-zero-sum model is provably superior to the zero-sum case and, therefore, in a free market must inevitably supplant it. Economics theory shows the results, and shows why they must eventually occur. In the years since Professor Nash's work, there has been little to contradict his conclusions. In the years since Open Source has hit the scene, there has been little to contradict the assessment that it conforms to the non-zero-sum scenario. In conclusion, whilst it is certainly meritous to raise difficult issues with Open Source and ensure that those issues are properly addressed and tackled, it is not useful to consider Open Source vs. Closed Source. Closed Source is simply not a sustainable model, if in pure competition with Open Source. Because Open Source forces the market into a cooperative, non-zero-sum environment, either the two will cooperate and co-exist, or Closed Source will die off. It is very right to debate, but to be beneficial, it must be the right debate. Jonathan Day
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||