LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for November 18, 2004Fedora: an example of community involvementThe Fedora Project, after more than one year, has not become a "community" project by any means. It is centrally controlled, and many crucial decisions seem to come from some sort of smoke-filled room in Raleigh. The long-promised publicly-available source code repository ("intended to be available by the release of Fedora Core 2") is nowhere to be seen, the governing councils have not been created, and the project's technical leader is rarely seen on the mailing lists. In many ways, Fedora looks more like an open beta testing program run by Red Hat than a true community project.That said, a couple of things are worth pointing out. One is that the Fedora Project has clearly succeeded in creating, evolving, and supporting a top-quality distribution with bleeding-edge software and predictable release cycles. The other is that, in some ways at least, Fedora's interaction with its user community is yielding clear benefits. Simple testing and filing of bugs is probably the biggest part of it. Beyond that, however, the project does seem to listen to its users and be influenced by what they say, even if Red Hat does have the final word on important decisions. And, at times, members of the community can truly help to make the distribution better. As an example, consider this challenge recently posted by Owen Taylor. He noted that a Linux system still takes a couple of minutes to boot, which is too much:
Ideally, system boot would involve a 3-4 second sequential read of
around 100 megabytes of data from the hard disk, CPU utilization
would be parallelized with that, and all queries on external
systems would be asynchronous ... startup continues and once the
external system responds, the system state is updated. Plausibly
the user could start work under 10 seconds on this ideal system.
Owen asked for help from the community in figuring out what was slowing
down the boot process. That help was all of two days in coming, when Ziga
As it turns out, rhgb gets into a loop where it simply spins in the CPU, slowing down everything else. A bugzilla entry was created, the bug was fixed, and life improved. Ziga made a new chart showing an improved situation - and a boot time of 46 seconds. Fedora users may have even more to cheer soon. Ziga made yet another chart which follows the process through a GNOME graphical login. One of the big culprits there is the obnoxious, throbbing Red Hat Network update applet. It turns out that Red Hat developers detest that applet too and tend to kill it on their systems. Now that it has been shown to be a major factor in making users wait to be able to do anything with their systems, it may just get some needed attention. Meanwhile, the bottom line is this: Fedora may not be a community project like, for example, Debian. But neither is it a sealed product from a corporate cathedral. Fedora is clearly a better distribution as a result of its interactions with its users. Hopefully, someday, Red Hat will follow through on its promises (source code management server, community governing council) and bring the community further into the process. Fedora is blessed with a community of users who want to help; it shouldn't let the desire for corporate control keep them from being part of the project.
Book review: SELinux![[Cover]](/images/ns/selinux-book.png)
The NSA's Security Enhanced Linux project is controversial. To some, it is
the future of Linux computing; with SELinux, many of our current security
nightmares will cease to trouble us. To others, SELinux is a morass of
complexity which is difficult, if not impossible, to understand well enough
to get any sense of whether it is configured in a secure way or not. This
whole situation is not helped by the current state of SELinux
documentation. There are few resources out there for people wanting to
know how SELinux works, how to manage it, or even whether to try to adopt
it.
There is, however, a new book on the shelves: SELinux: NSA's Open Source Security Enhanced Linux, by Bill McCarty. At 254 pages, this book is relatively thin by contemporary technical book standards. It offers a finicky editor a fair number of things to grumble about, but those grumbles should not overshadow the important point: this book is an important step in the process of bringing SELinux to a level where software developers and system administrators can make some sense of it. Let's get the grumbles out of the way first. The book shows some signs of having been written and produced in a hurry; as a result, it has more than the desirable number of typos and contradictions. It talks alternately about the runcon and run_con command, for example. It claims that "domain" and "type" are interchangeable terms for the same concept, then says "Recall that a general type is one not related to a specific domain." Readers are directed to the kernel source (said to be found in the deprecated /usr/src/linux directory) to associate a device name with a major number when a quick look at /proc/devices would do the job. We are told "SELinux is generally stable and free of trouble," which would, by itself, strain many readers' ability to suspend disbelief, but then the author suggests avoiding using X on SELinux systems, or, if that is impractical, learning to love GNOME to avoid problems with KDE. And so on. The reader finds these things often enough that they become a significant distraction from the real content of the book. The book starts with a general overview of SELinux, including the obligatory set of scary statistics on the frequency of attacks. A number of approaches to security are looked at, including, of course, mandatory access control schemes. The second chapter is a quick overview of SELinux, where the important concepts (roles, types) are introduced. The two mechanisms which can cause type/domain transitions (file creation and exec() calls) are introduced. Everything is fairly vague at this point, but the discussion is enough to let some of the important ideas sink in. The author then takes a diversion into how to install SELinux on several distributions, with special attention paid to Debian, Fedora, and Gentoo. This information will certainly be useful to some readers, but (especially in the future) most readers are likely to find SELinux on their systems already. If you are trying to figure out how to make your Fedora system work, Chapter 3 will just be a distraction. (Incidentally, the book covers Fedora Core 2). Chapter 4 gets into high-level SELinux administration: turning enforcement on and off, installing new policies, dealing with file labels, etc. There is useful stuff here, but the presentation leaves a little to be desired. For example, loading policies requires the use of the newrole command (which will remind old-time Unix users of the obnoxious newgrp command made necessary by certain vendors' kernels which could only handle membership in one group at a time). Policy loading is covered before newrole, however, leading to a fair number of forward references in the text. Reordering the discussion would have made things easier to follow. That said, this chapter provides a reasonable start for administrators trying to find their way around their SELinux systems. The next three chapters form the technical core of the book, with detailed descriptions of the language used to define role-based access control and type enforcement rules. There's lots of cute railroad diagrams for those who want pictures, and a detailed examination of how the policy for the ping utility is put together. If you are trying to make sense of the policy files that come with your SELinux distribution, these chapters provide the information that you will need. The book then winds down with a chapter on ancillary policy statements and one giving some pointers on how to carry out simple policy changes. A topic which is missing entirely is how one might design a security policy from the beginning. The implicit assumption is that few, if any, readers will have such ambitious goals; they will, instead, be trying to make things work with the policy shipped by their distributor. That is probably a good assumption; designing an SELinux security policy from the beginning is not for the faint of heart. Still, as we'll explore in a companion article, there may be reasons for wanting to take on such a project. Meanwhile, if SELinux takes off the way many people clearly expect it to, there will be a strong need for developers and administrators who truly understand how it works. For that reason, your editor predicts that this book will become required reading for a lot of people. For all of our quibbles, we must say that Mr. McCarty has succeeded in shedding some much-needed light into a dark and difficult corner of Linux systems administration.
Solaris 10As the release date for Solaris 10 nears, Sun Microsystems has been powering up the hype machine accordingly, and trying to convince the world that Solaris 10 is the best OS ever. According to Sun, Solaris 10 will offer more than 600 new, "breakthrough" features. That's a few too many for this article, but we'll take a look at some of the most notable features that are slated for inclusion in Solaris 10. One interesting feature is Solaris Dynamic Tracing (DTrace). DTrace is a system for troubleshooting problems in real time, by allowing admins and developers to observe and tune system behavior. Another feature that Sun is touting is Solaris Containers. Containers are essentially virtual machines, which allow an admin to create "private execution environments" on a machine, to isolate applications from one another and essentially create multiple hosts on a single server. This is, of course, nothing new to Linux users who have already discovered User-Mode Linux or any of the other virtualization solutions available for Linux. Solaris 10 also comes with a new file system, ZFS. This is a 128-bit file system that offers far greater capacity than the current UFS, and 64-bit checksums for data stored on the filesystem. ZFS works with "virtual storage pools," and is supposed to greatly reduce the difficulty of administering file systems. According to Sun's website:
For example, with Solaris ZFS, to add mirrored file systems for three users
and then add more disks, the number of tasks is reduced from 28 to 5. And
the time taken to perform this function has been reduced from 40 minutes to
10 seconds, so administrators can spend more time solving business
problems, rather than managing storage.
The TCP/IP stack gets special attention in Solaris 10. Sun has rewritten its networking stack, and claims that delivers a 50-percent or better speed boost for "many networked applications." Solaris 10 also includes built-in kernel support for the Stream Control Transmission Protocol (SCTP) and Session Initiation Protocol (SIP) in an effort to make Solaris 10 attractive for VoIP deployments. Despite the slew of new features, Sun has fallen into an unenviable position with Solaris: Having to go to customers with a emulation technology to run their existing programs. When Linux was the underdog, much was made of the ability to run Solaris and other *nix binaries on Linux, as a way to allow companies to move their existing applications to Linux. With Solaris 10, Sun is promising a Linux Application Environment (LAE) to run Linux binaries on Solaris 10 on x86 systems. Pricing for Solaris 10 has changed as well. Sun is, literally, giving it away. Sun is giving a "right-to-use" (RTU) license and security updates for Solaris 10 at no charge. Customers who want to utilize support or have access to all Solaris 10 updates and fixes start at $120 per year for a 1-4 CPU machine. The company is also making much of binary compatibility with Solaris 10 -- promising customers that older Solaris applications will be able to run unchanged on Solaris 10. Perhaps the most interesting feature for Solaris 10 is the licensing, if we ever find out what it is. According to Sun's executives, Solaris 10 will be open source. However, the company has not yet announced a license, whether the license will be OSI-compliant or exactly how much of Solaris 10 will be under this open source license. Further, assuming that the license is open enough to encourage contribution, Sun hasn't set out any information about accepting contributions from the community. A more ominous possibility exists: Sun could release its code under a license which is not only non-free, but which creates problems for any free software developers who look at that code. If Sun's fortunes continue to decline, there is a definite possibility that the company could look to litigation for its salvation. This possibility should be kept in mind by anybody who contemplates going anywhere near the Solaris code. Obviously, Sun is trying to regain some of the ground that it has lost with Linux. It seems unlikely, at least to this writer, that Sun will make much headway in regaining lost customers with Solaris 10. While Solaris 10 offers some undeniably useful and interesting features, it's fairly obvious that most organizations do not choose operating systems on features alone. Sun lacks the momentum that Linux has gained over the past few years. Companies that have already invested time and money into migrating to Linux are less likely to spend additional time and money evaluating Solaris 10 if Linux is meeting their needs. Companies that are already utilizing Linux are unlikely to even bother evaluating Solaris 10 unless Linux does not meet their needs. Also, Sun's LAE won't be available in the first release of Solaris 10, meaning that organizations that are willing to consider migrating from Linux to Solaris will have to hold off until Sun releases LAE in an update to Solaris 10. This puts Sun even farther in the hole with regards to losing customers to Linux. If the Solaris 10 license is GPL-compatible, many of Solaris 10's interesting features will no doubt find their way into Linux. It seems unlikely that Sun would choose that path. On the other hand, if Sun chooses a less friendly open source license, it will have a tough time creating a community that will drive Solaris development or adoption in the same way that the GPL has driven Linux. Either way, Sun seems set to lose with its open source ploy. Solaris 10 looks to be a fine operating system, but it may very well be too little and too late to help Sun regain its market share.
Poland gets cold feet on EuropatentsA press release has gone out stating that the Polish government has officially decided that it is unable to support software patents in Europe.
Consequently, the EU Council is unable to formally adopt that
legislative proposal as its common position. Without the support of Poland,
those countries that supported the proposal in May now fall short of a
qualified majority by 16 votes.
Needless to say, this is an important development. Software patents will probably not be defeated quite this easily, but this is an important step in that direction.
LWN comes early next weekNext week's LWN Weekly Edition will be published on November 24 - one day earlier than usual - so that the LWN staff can prepare themselves for the annual Thanksgiving feast. We'll return to the usual schedule on December 2.
Security Civilizing SELinuxOn its face, SELinux offers a number of attractive capabilities. It enables a Linux system to be partitioned into lots of little realms ("domains" or "types") with fine-grained control over the capabilities of each realm. For example, the named DNS server can be empowered to bind to the DNS ports (but no others), write to its log and cache files (but no others), and read from its configuration files (but from nowhere else). It can read random numbers, but cannot access any other device files. And so on. The end result is that, even if named falls to a remote code exploit, there is very little that exploit can actually do. A vulnerability which, on a current Linux system, could lead to a full system compromise is limited to a denial of service problem, or, at worst, the provision of bogus DNS information.This promise is worth something. Currently, any sort of compromise of any daemon on the system has a good chance of being escalated to full control of the system itself. SELinux cannot prevent security holes in server processes, but it does have the potential to strictly limit the damage which can be done by exploiting those holes. SELinux could be the mechanism which turns Linux into the most secure widely-used operating system on the planet. The only problem is that getting there could be a challenge, and, along the way, we risk turning Linux into a system we no longer wish to use. Like all good kernel code, SELinux does not, itself, contain a security policy. That policy, instead, is defined by the system administrator and loaded from user space. Defining that policy, however, is not the easiest thing to do. The book SELinux: NSA's Open Source Security Enhanced Linux, just reviewed by LWN, notes that a typical set of policy files contains some 250,000 lines of code. More to the point:
The SELinux source policy is a sophisticated software system. It
includes dozens of object classes, scores of defined permissions,
more than 1,000 type transitions, thousands of object instances,
and tens of thousands of access-vector rules.
As an aside, all of this code is written in a language which, as of this writing, probably has no more than a few dozen expert authors. So a couple of questions come immediately to mind: how is it possible for anybody to truly understand a system's security policy, and how can that policy be shown to be correct? Complexity and obscurity are enemies of security, and SELinux has large amounts of both. There are complications. Installing a new program on a full-blown SELinux system required updating the security policy. There has been talk of a day when applications are routinely shipped with SELinux policy files, just like they currently contain makefiles. But that talk assumes that large numbers of application developers will learn the SELinux policy language well enough to write a secure policy for their code. It assumes that system administrators will understand those files well enough to decide whether they are safe to install. In an SELinux world, malicious policy files may become a required part of any self-respecting trojan horse; vigilance will be required. Perhaps the biggest problem, though, is the assumption that a single policy file will fit into the security policies running on systems worldwide. If everybody ends up with a single, uniform security policy derived from the SELinux sample policy, that assumption might hold. But how can a single security policy make sense for all situations? The sheer difficulty of creating a radically different policy will likely keep experimentation to a minimum, but there will inevitably be pressure for different policies for different situations. In the future, we may see new offshoot distributions which differ mainly in their SELinux policies. Divergent security policies will be good for user choice, and the diversity may be good for the security of the net in general. But they will make it hard to write a portable application policy file. SELinux depends on "labels" applied to almost all files on the system. Those labels define the type(s) of the files, and, thus, who can access them, and in which way. These labels are also a crucial part of the domain system which allows the isolation of specific daemons and utilities. Maintaining the integrity of these labels proves to be a challenge, however. Consider this warning from the SELinux book:
If you use vipw, vi, or some other means to
modify /etc/passwd, /etc/group, or
/etc/shadow, you'll likely remove the security context
labeling [from] the file, which will make the file inaccessible.
Relabeling files is something every SELinux administrator needs to know how to do. The Fedora boot process checks for labeling problems, and, when they are found, it automatically relabels things. Relabeling is a fact of life in the SELinux world. It turns out that the proper labels are stored in the SELinux policy; what's on the files themselves can be thought of as a sort of cached version. In other words, SELinux has imposed a new file permissions scheme which is maintained outside of the kernel. If the files are manipulated by non-aware applications, or by way of a non-SELinux kernel, those permissions will become unsynchronized. Applications installed by the administrator will have labeling problems of their own. The end result is that SELinux could lead to systems which are too complex to administer, which have a single security policy created by the distributor, and which are highly resistant to the installation of software not provided by the distributor - or to changes in general. That is not a world which most of us would like to live in; we should think carefully before we run too quickly in that direction. Of course, that is a worst case scenario, and the Linux community is unlikely to let things get that bad. Some steps have already been taken in the right direction. The Fedora Project's decision to fall back to a "targeted" mode, where SELinux only applies to certain system daemons, is a good start. The targeted mode reduces the complexity of the security policy and makes experimentation easier. Fedora has also introduced "policy booleans" to the mix. These booleans are runtime variables which provide (relatively) high-level control over the system's security policy. Booleans in Fedora Core 3 control whether Apache can run CGI programs or read home directories, whether yellow pages can be used, and more. The booleans point in an important direction. Perhaps part of the real problem with SELinux is that policies must be written in the equivalent of assembly language. Most programmers do not want to worry about individual register assignments, and most system administrators would rather not deal with domain transitions and access vectors. If, in some future day, a system's security policy can be specified with, at most, a few hundred lines of high-level declarations, that policy may just be manageable. If that can be done, SELinux might just be the answer to a lot of our security worries. (See also: this just-released, beta Fedora document which describes what is involved in using SELinux to control Apache).
Brief items EFF on mailing lists and spamThe EFF has put out a a lengthy document describing its concerns with contemporary spam filtering techniques. "Blind keyword or phrase blocking is the determination that messages will not be delivered because they contain specific words or phrases. This method is imprecise and unnecessary, especially now that more sophisticated tools are available. Moreover, it can be used to block messages for political reasons. In short, there's no defensible reason to label email as spam based solely on keywords or phrases."
freedesktop.org site compromisedVisitors to freedesktop.org will see a message noting that the site was compromised on November 15. The project does not believe that any code on the site was tampered with, but they are rebuilding everything from the beginning anyway. More info will come as we get it. (Thanks to Thomas Kirby).
New vulnerabilities BNC: Buffer overflow vulnerability
bogofilter: denial of service
ez-ipupdate: format string vulnerability
openssl: der_chop script temp file vulnerability
SquirrelMail: cross-site scripting
sudo: environment variable sanitizing
unarj: buffer overflow vulnerability
Updated vulnerabilities apache: arbitrary code execution
apache2: denial of service
aspell: bounds checking problem
cdrecord: failure to drop privilege
ncompress: Buffer overflow
cyrus-sasl: remote buffer overflow
dhcp: format string vulnerability
Filename disclosure vulnerability in fam
flim: insecure file creation
Foomatic: Arbitrary command execution in foomatic-rip
freeamp: arbitrary code execution
FreeRADIUS: denial of service
gaim: buffer overflow in MSN protocol
gaim: command execution via smiley themes
Gallery: cross-site scripting vulnerability
gtk2, gdk-pixbuf: buffer overflows
gettext: Insecure temporary file handling
ghostscript: symlink vulnerabilities
glibc: Information leak with LD_DEBUG
glibc: tempfile vulnerability in catchsegv script
gnats: format string vulnerability
gnome-vfs: backend script vulnerabilities
groff: insecure temporary directory
gtkhtml: malformed messages cause crash
gzip: insecure temporary files
imagemagick: buffer overflow vulnerability
ImageMagick: EXIF buffer overflow
imlib2: buffer overflows
iproute: local denial of service
iptables: missing initialization
Kaffeine, gxine: remotely exploitable buffer overflow
kernel-utils: setuid vulnerability
libgd2: buffer overflows in PNG handling
libpng: multiple vulnerabilities
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
libxpm4: stack and integer overflows
logcheck: symlink vulnerability
lvm10: creates insecure temporary directory
Midnight Commander: extfs vfs vulnerability
mikmod: buffer overflow
mozilla products: arbitrary code execution and other vulnerabilities
mpg123: buffer overflow bug
mpg321: format string vulnerability
mtink: insecure tempfile handling
mysql: several vulnerabilities
netkit-telnet: invalid free pointer
netpbm: insecure temporary files
openssh: timing attack leads to information disclosure
OpenSSL: denial of service vulnerabilities
pavuk: buffer overflow
perl: insecure temp file creation
php: remotely exploitable memory errors
PostgreSQL: Insecure temporary file use in make_oidjoins_check
qt3: BMP image parser heap overflow
rp-pppoe, pppoe: missing privilege dropping
ruby: infinite loop
samba: remote DoS vulnerability
shadow: unauthorized modification of account information
sharutils: arbitrary code execution
sox: buffer overflow
SpamAssassin: Denial of Service vulnerability
Speedtouch USB driver: Privilege escalation vulnerability
Subversion: Remote heap overflow
File overwrite vulnerability in tar and unzip
tiff: buffer overflows
WordPress: HTTP response splitting and XSS vulnerabilities
wv: buffer overflow
XChat 2.0.x SOCKS5 Vulnerability
xine-lib: buffer overflows
xine-ui - insecure temporary file creation
xpdf: integer overflows
zgv: multiple buffer overflows
zip: arbitrary code execution
zlib: denial of service
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch is 2.6.10-rc2, announced by Linus on November 14. Patches merged since -rc1 include fixes for the ELF loader security problems, Anubis block cypher support, an ALSA update, a number of networking updates, kprobes support for the x86-64 architecture, a frame buffer device update, a set of user-mode Linux patches, an NTFS update, version 2.0 of the USB gadget serial driver, some kernel build tweaks (the preferred name for kernel makefiles is now Kbuild), the ext3 block reservation and online resizing patches, sysfs backing store, locking behavior annotations for the "sparse" utility, a reworking of spin lock initialization, the un-exporting of add_timer_on(), sys_lseek(), and a number of other kernel functions, an x86 signal delivery optimization, an IDE update, I/O space write barrier support, a frame buffer driver update, more scheduler tweaks, some big kernel lock preemption patches, a large number of architecture updates, and lots of fixes. See the long-format changelog (600KB) for the details.Linus has noted that now would be a good time to calm down and stick to bug fixes until 2.6.10 comes out. His BitKeeper repository shows that he is sticking to that; it contains mostly fixes. There is also a memory technology device (and JFFS2) update, a frame buffer device update, some user-mode Linux patches, some page allocator tuning, and a few architecture updates. The current prepatch from Andrew Morton is 2.6.10-rc2-mm1. Recent changes to -mm include some kmap_atomic() changes (see below), the ability to disable a subset of "magic sysrq" features, some SELinux scalability work, enhanced I/O and memory usage accounting data collection, and an updated reiser4 filesystem. The 2.4.28 kernel has been released; Marcelo announced its availability on November 17. The biggest change since 2.4.27, for many people, will be the serial ATA and networking improvements, but many other fixes have gone in as well.
Kernel development news Quote of the week
Well, yes, your base appetites have led you to the name "pud",
where my refined intellect led me to "phd", with h for higher ;)
-- Hugh Dickins on the philosophy of page table naming.
On not getting burned by kmap_atomic()"High memory," on a Linux system is, by definition, memory which is not normally mapped into the kernel's virtual address space. It is a mechanism which enables 32-bit architectures to make use of more physical memory than would otherwise be possible. When the kernel needs to directly manipulate the contents of a high-memory page, it must explicitly create a virtual address for it. The traditional functions for creating and removing those addresses are:
void *kmap(struct page *page);
void kunmap(struct page *page);
These functions work as intended, but they can be expensive to use. The virtual address space they use is limited, and shared across all processors. As a result, each kmap() and kunmap() invocation requires a global TLB flush. Often, however, high memory does not need to be mapped for long periods of time, and does not need to be shared across processors. To improve performance in such situations, the notion of an "atomic kmap" was added:
void *kmap_atomic(struct page *page, enum km_type type);
void kunmap_atomic(void *address, enum km_type type);
Atomic kmaps use a very small set of predefined virtual "slots," which are not shared across processors. The type argument specifies which slot is to be used, with the callers taking responsibility for not stepping on each others' toes. Slots are dedicated to specific purposes - two for code called in user context, two for interrupt handlers, two for page table management, etc. In practice, it all works out; conflicts over atomic kmap slots don't happen. Another problem has come up, however, and that has led to a small change in the prototypes of the atomic kmap functions in the -mm kernel. The regular kmap functions have a symmetrical interface in that both take a struct page * argument. kunmap_atomic(), instead, takes a void * argument - the kernel virtual address to be unmapped. It is a common mistake, however, to pass in the associated struct page pointer instead. Since the argument type is void *, the compiler does not complain, and the discovery of the problem does not come until (possibly much) later. The solution is straightforward: redefine the function as follows:
char *kmap_atomic(struct page *page, enum km_type type);
void kunmap_atomic(char *address, enum km_type type);
With this change, the compiler will issue a warning whenever somebody tries to pass a struct page pointer to kunmap_atomic(). The patch has generated a surprising number of follow-on fixes, mostly to suppress warnings caused by the change. Many kunmap_atomic() calls now explicitly cast the address argument to the char * type. In the end, though, the result should be one more potential mistake which can be caught before it burns somebody - as long as programmers don't "fix" warnings by casting struct page pointers.
Trustees LinuxLinux currently offers a wealth of projects which are working to extend the classic Unix permissions mechanism with more flexible schemes. One recent entry is an LSM port of Trustees Linux, which has been done by Andrew Ruder. Trustees Linux starts with the idea that access control lists are overly complicated and inefficient; achieving the desired goals can require hanging ACLs on thousands of files, and keeping all of those ACLs in sync can be a challenge.The Trustees approach, instead, is to create a separate, central database which contains filesystem permissions. This database can assign a "trustee" to a directory; this trustee provides access permissions which apply to the directory and, by default, everything below that directory. A single rule can, thus, cover a large part of the filesystem hierarchy. The trustee rules cover the usual sorts of permissions; who can search for, read, and write files in a given subtree. The format is somewhat terse; one of the rules provided in the examples is:
[/dev/hda1]/var/log:zavadsky:REB
This rule enables user "zavadsky" to wander around in (and under) /var/log and read files there. Mr. Ruder's port is centered around the Linux security module inode_permission() hook; that code examines the trustees which apply to a given inode and decides whether the requested access is to be allowed or not. It's all pretty straightforward, but there is an interesting twist to how Trustees works with file permissions: the module gives the CAP_DAC_OVERRIDE capability to every process, allowing them to override the existing Unix file permissions. The Trustees module will, in turn, apply those permissions itself much of the time, but it is possible to write rules which override them. In this sense, Trustees functions as an authoritative module, which is not how LSM modules are supposed to work. If Trustees Linux is ever proposed for merging into the mainline, that little feature could come back to haunt it.
Stopping unwanted OOM killer experiencesThere has, in recent times, been a small increase in the number of complaints from users who have seen processes killed by the kernel in response to an out-of-memory (OOM) situation. The only problem is that the system should not have been quite that hard up for memory at the time. Even if the user is doing something which requires completely irrational amounts of memory ("yum update", say), it seems like the system should have been able to muddle along without killing low-priority processes, like the ssh server. These unwanted OOM killer experiences have driven a few developers to take a closer look at what was going on.Marcelo Tosatti has been working on the problem for a bit; he put together a patch which tries to avoid invocations of the OOM killer if things might get better soon. The idea is that, while a full scan of a memory zone may have failed to turn up any free pages, it may have kicked I/O into motion that will, very soon, make some pages free. So the OOM killer is kept in its cage until the no-memory situation has persisted for a few seconds. Marcelo reported that this patch improved things significantly for his test cases. It turns out, though, that the real problem was elsewhere; the token-based thrashing control patch appears to be the real culprit. This patch, remember, tries to reduce system thrashing in memory-constrained situations by exempting one process at a time from the page reclaim mechanism. That process will, in theory, make use of its sheltered time to make some real progress before the token moves on and its pages are, once again, subject to eviction. The token-based mechanism has been shown to truly improve the situation when memory is tight. Until it gets too tight, as it turns out. A process which needs a page, but which does not hold the token, may find that all of the (otherwise) reclaimable pages belong to the process currently holding the token. The unlucky process thus finds no pages to grab, and pushes the big red OOM button. The system is not truly out of memory, however; it has simply been told that all the good pages are temporarily off limits. Rik van Riel put his finger on the problem, and Andrew Morton put together a simple patch to fix it. Essentially, the VM subsystem will now ignore the swap token when finding reclaimable pages gets too hard. During normal operation, the token-based mechanism holds sway, but it can be set aside as a preferable alternative to killing random processes in the system. The patch appears to have solved the problems without taking away the benefits of the token-based approach. Marcelo acknowledged that this was the right fix, grumbled that he had wasted a bunch of time, and promised "Next time I should be looking into the easy stuff before trying miraculous solutions." It was his work, however, which shone a light on the problem in the first place, and led to its eventual solution.
Patches and updates Kernel trees
Core kernel code
Device drivers
Janitorial
Memory management
Architecture-specific
Security-related
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials SUSE Linux Enterprise Server 9[Editor's note: this article was written a couple of months ago, but for various reasons we delayed publishing it. Now we are pleased to present this review of SLES 9.]A few weeks ago, Novell released SUSE Linux Enterprise Server (SLES) 9. We decided to take the distribution for a spin, and see what it has to offer. We installed SLES 9 on an SMP system with dual 500MHz PIII Xeons with 1 GB of RAM and 40GB drive. Installation of SLES is a breeze, though there's a lot of CD-swapping during package install. YaST2 did just fine at detecting and configuring all system hardware. The automatic disk partitioning scheme, however, was a bit odd. We chose to use the "Expert" partitioning mode, which is actually quite simple to use as long as one is familiar with Linux partitioning. SLES defaults to the Reiser Filesystem for new partitions, though users have the option of using Ext3, Ext2, JFS or XFS if they prefer. SLES 9 ships with the 2.6.5 kernel, but doesn't seem to include a 2.4.x series kernel. This is somewhat surprising, since it seems likely that some SUSE/Novell customers may be standardized on the 2.4.x series and not quite ready to move. One interesting feature we discovered is the ability to install a UML virtual host using YaST2. Unfortunately, and for no apparent reason, this requires a network installation source -- users who have installed from CD will have to set up an FTP or NFS installation source to make use of the UML feature in YaST, negating the convenience of the feature in the first place. For the most part, though, SLES 9 was very easy to set up and configure. YaST2 has really matured into a nice system administration tool over the years. For example, YaST2's DNS Server module makes it very simple to set up DNS zones. YaST includes modules for administering services, hardware, software package management, user administration and much more. We're still not quite sure what a pineapple icon has to do with "Misc" settings in YaST2, though. The default desktop is KDE 3.2.1, though GNOME is available as well as a FVWM and twm. For a "server" OS, SLES 9 also comes with a odd selection of desktop software -- though there are a few packages that are conspicuously absent. For example, OpenOffice.org does not seem to be available, nor is The Gimp. Obviously, desktop users interested in SUSE will probably want to use SUSE 9.1 instead. Users might wonder whether they should be looking at SLES 9 or SUSE 9.1, and what SLES 9 has that you won't find in the retail package. For the most part, SUSE 9.1 Professional comes with the same features you will find in SLES 9. You will find support for Novell management tools that isn't present in SUSE 9.1 Professional, and a few YaST2 modules that aren't available in 9.1. For example, 9.1 doesn't include HA configuration or UML configuration through YaST2. The end-user experience for SLES 9 and SUSE 9.1 is pretty much the same, though and there's no steep learning curve or anything for users migrating to SLES 9 from SUSE 9.1 or older versions. What do companies and organizations get for their extra money when buying SLES 9? Long-term support, for one thing. While the retail packages have a two-year period for updates and so on, SLES 9 will be eligible for full maintenance through August 31, 2007, and security maintenance through August 31, 2009. Companies and organizations that are considering a platform for long-term use should be looking to SLES rather than SUSE's home user offerings. Another consideration for SLES 9, though not something we were in a position to test, is that Novell is working towards Common Criteria Evaluation Assurance Level (EAL) 4+, though it has not yet been awarded that certification yet. SLES 8 received EAL 3+. For environments where this is an issue, SLES is the obvious choice. We reviewed SLES 9 for x86, but it bears mentioning that there are also versions available for 64-bit x86 processors, Itanium, IBM Power processors, IBM S/390 and IBM zSeries. A full list of packages for each version of SLES is available through SUSE's website. Novell does make a "evaluation" version of SLES 9 available for download, though users who want online updates past the 30-day trial will have to buck up for a subscription. The x86 line carries a $349 price tag for one year for up to two CPUs. In all, we were pretty happy with SLES 9. It's a robust system that's easy to use and administer. It will make a good impression on those new to Linux, and it's still a usable system for longtime Linux users as well.
Distribution News Gentoo Linux 2004.3 ReleasedGentoo Linux 2004.3 is out. This appears to be, mainly, a bug fix release; click below for the announcement or see the 2004.3 release information page for more information.
Lycoris SME server roadmapLycoris contribs.org, the new home of the SME server, has announced a roadmap for the distribution. "For our first release, we do minor touch-up to the current 6.01 contribs.org release. We have both a GPL edition for free download and a Lycoris-branded commercial release." (Thanks to Brock Frazier)
Debian Bug squashing in Cambridge, November 27th to 28thDebian users and developers in the Cambridge UK area are invited to a Bug Squashing on November 27-28, 2004. Click below for details.
Using Apache with SELinux on FedoraA beta-quality document on using Apache with SELinux on Fedora Core 3 systems has been released. It will likely become required reading for Fedora administrators, but, even for people who are not Fedora users, this document is a good introduction to the complexities of making SELinux work with even a single system daemon.
Fedora CoreFedora Core 3 updates: system-config-users (bug fixes), libxml2 (bug fixes), subversion (includes the latest release of Subversion 1.1), gdb (bug fixes), abiword (bug fixes), authd (upgrade to v1.4.3 fixes a segfault seen on x86_64 arches), and gaim (bug fixes).Fedora Core 2 updates: libxml2 (bug fixes), and subversion (update to 1.0.9).
Trustix Secure LinuxTSL 2.2 updates: many packages (bug fixes in apache automake bind console-tools courier-imap cracklib cups cyrus-imapd cyrus-sasl filesystem foomatic-filters freetype ghostscript glib glibc gzip lynx mod_perl mutt mysql netatalk ntp openldap openssh openssl openswan perl perl-convert-uulib perl-dbi perl-unicode-map php postfix postgresql proftpd python razor-agents rp-pppoe rsync spamassassin squid stunnel swup syslinux tsl-utils uw-imap vim wget words) and iptables (autoloads fewer modules)
Slackware LinuxPatrick Volkerding has been seriously ill for some time. As a result, updates to Slackware have not been happening. You can read the gory details here. We wish Patrick well and hope he recovers from this illness.
Distribution Newsletters Debian Weekly NewsThe November 16 Debian Weekly News is out. Topics this week include a release status update (getting closer), GNOME 2.8 for sarge, and several others.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for the week of November 15, 2004 is out, with a look at the Gentoo Linux 2004.3 release, a call for developers on Gentoo's X11 team, kernel housecleaning, and more.
Ubuntu Traffic #11The Ubuntu Traffic report for November 5, 2004 is out, with a look at several mailing list topics of discussion. This edition's topics include Ubuntu Book, Hoary Says: "Get Your UTF-8 On", Ubuntu Learns a Few More Languages, Ubuntu Artwork Sites, Hoary Woes, Documentation Meeting, Ubuntu Bug Reporting, Ubuntu Conference, Separating Language Packs and Hoary Status.
DistroWatch Weekly, Issue 75The DistroWatch Weekly for November 15, 2004 is out, featuring Yggdrasil Linux, with a look at Gentoo Linux for G5 processors, and more.
Minor distribution updates BG-Rescue LinuxBG-Rescue Linux has released v0.4.0. "Changes: Support for USB mass storage (USB stick) devices was added. The Pocket Boy patch was applied. Support for DHCP IP address negotiation was added. An automatic tool (which runs under Unix/Linux and Windows 9x/ME/NT/2k/XP) was added to download the recent versions of BG-Rescue Linux and F-Prot and create the bootable ISO image. The Linux kernel was updated to 2.4.27. busybox was updated to 1.00, gpart to 0.1h to support ReiserFS 3.6, lilo to 22.6, mdadm to 1.7.0, ntfsprogs to 1.9.4, pcmcia-cardmgr to 3.2.8, reiserfsck to 3.6.18, smbclient to 1.9.18p8 to support pipes, and syslinux to 2.11. rzip and tphdisk were added."
Coyote LinuxCoyote Linux has released v2.16. "Changes: This release adds muti-language support to the Web administrator. Currently English, Spanish, French, Portuguese, and Romanian translations are available."
floppyfwfloppyfw has released development v2.9.13. "Changes: A few more images to pick from (Soekris and Flash/USB), and build scripts to make it all from scratch (in a uClibc buildroot or the floppyfw devkit). wondershaper has been added to the base."
Hakin9 LiveHakin9 Live has released v2.3.D. "Changes: Kernel 2.4.26 is included. WiFi cards support and xDSL support were enhanced. Cryptoloop support was added. New utilities were added."
RUNT (ResNet USB Network Tester)RUNT has released v4.0. "Changes: This version features scripts to make USB booting easier, the bootdisk can now be created from the pen drive, there is now keyboard layout selection by typing 'keymap' at the boot prompt. This version is based on Slackware 10.0 with kernel 2.4.26, and now has support for Nforce built-in ethernet devices."
SLAX-Live CDSLAX-Live CD has released v4.2.0. "Changes: This version contains KDE 3.3.1 and X.org 6.8.1. A new user called guest was added, and a new boot parameter home= was implemented."
uClinuxuClinux has released v20041116. "Changes: This test release included Linux 2.6.9, Linux 2.4.27, Linux-2.0.39, uClibc 0.9.26, glibc 2.2.5, busybox 1.00, and much more."
Newsletters and articles of interest Thin client OpenLab Linux 3.2 released (Tectonic)Tectonic covers the release of OpenLab 3.2. "AJ Venter, lead developer on the OpenLab project at DireqLearn, says "OpenLab is a different approach to the design of a GNU/Linux distribution, built on the premise of 'working out of the box'. Version 3.2 makes significant strides toward an even greater user experience. For example, OpenLab makes the set-up of a thin-client server easier than it has ever been before. All you need to do is say 'yes' when asked if you want it. No further user input is required.""
Review: 'Knoppix Hacks' (NewsForge)NewsForge reviews the book Knoppix Hacks. ""Knoppix Hacks" is a collection of activities that involve many of the programs and applications that make up Knoppix. These hacks can be a neat project, a set of tips and tricks, or a creative recipe that simplifies what was once a difficult task. The book starts out with simple tasks, and as the book progresses, the hacks tend to require more time, technical prowess, and resources from the reader."
FreeBSD for Linux Users (O'ReillyNet)O'ReillyNet looks into the differences between FreeBSD and Linux. "Most introductory Unix courses start with the differences between SysV and BSD. Students, unimpressed by this fascinating bit of theoretical trivia, tend to jot down a few notes dutifully, and then wait patiently for the hands-on portion of the class. Within the hour, though, someone will make a panicked discovery and shout out, "Where are my runlevels?" There's an inevitable and incredulous follow-up of "What do you mean there aren't any runlevels?" and "Where'd all my startup scripts go?""
Installing Gnome 2.8 on Suse 9.1 (Tuxme.com)Tuxme.com presents a how-to article on installing Gnome 2.8 on SUSE Linux 9.1. "To make a long story short, I now am able to run Gnome 2.8 alongside KDE 3.3.1 without any problems thanks to APT and Mr. Ogley's rpm packages. (Why do I always want to type pancakes when trying to type packages?). The process wasn't smooth as butter, there was some manual 'rpm -Uvh package', find the missing dependencies, thank god for google once more, and repeat. But if you're a little savvy and adventures, you can do it, too. You might want to make a backup of your system if you'd hate to lose anything valuable."
Distribution reviews Feather Linux: The Swiss Army Knife of LiveCDs (O'ReillyNet)O'ReillyNet takes a look at Feather Linux. "To demonstrate how well Feather Linux works as a rescue CD, I'm going to pose a common administrative problem and demonstrate how to solve it with the LiveCD. Think of it like a MacGyver computer exercise, with a Feather CD as the Swiss Army knife. While doing this, we will practice the Unix Way, taking full advantage of its tools: bash, Perl, pipes, redirections, and the rest of the arcane Unix heritage."
gnuLinEx 2004 Launched (Linux Journal)Linux Journal looks at gnuLinEx. "In August 2004, the new version of gnuLinEx, the operating system used by the government of the Autonomous Community of Extremadura, Spain, was released. This new release confirms that the regional government is determined to bet on free software."
Novell Linux Desktop reviewed: A New Linux Desktop for Enterprise Customers (LXer.com)LXer.com has published a review of Novell's new Linux Desktop. "A tip of the hat to Novell for its commitment to open standards, Linux and its new business model. Many people should find your desktop a worthy entry into the market. You'll have some growing pains, but your product has excellent potential."
Novell Linux Desktop 9: First Impressions (OrangeCrate.com)OrangeCrate.com reviews Novell Linux Desktop 9. "NLD is distributed on three ISO CD images, and that represents roughly 3/5ths of the SUSE Linux 9.2 Professional edition. This means that many of the extra packages in the SUSE Linux Professional Edition are not available in NLD. This is not a bad thing however, for a business desktop doesn't need the extraneous packages that add servers, games and other things that don't add value for the business user."
Page editor: Rebecca Sobol Development Wired: a music production and creation systemThe first official release (version 0.1) of Wired, a Linux-based audio and MIDI recording application, was announced this week.
Wired aims to be a professional music production and creation software running on the Linux operating system.
It brings musicians a complete studio environment to compose and record music without requiring expensive hardware.
Wired supports unlimited Audio/Midi tracks playback and recording, and introduces a Plugin system for instruments and effects. It can also read AKAI CDs and import 18 different Wave formats.
The Wired features that have been implemented to date include:
Wired has been released under the GNU General Public License (GPL), the source code is available for download here. Dependencies include GTK2, wxWidgets, PortAudio, SoundTouch, and libsndfile.
System Applications Audio Projects ALSA 1.0.7 releasedFollowing several alpha releases, version 1.0.7 of the ALSA sound driver is stable and ready for download.
Planet CCRMA ChangesThe latest changes from the Planet CCRMA audio utility packaging project include new versions of Ecasound, Timemachine, the SWH LADSPA Plugins, and Lilypond.
Database Software Daffodil Software Open Sources replication tool (SourceForge)Daffodil Software has released its Daffodil Replicator software under the GPL. "Daffodil Replicator will provide a unique option to users in certain respects. It supports heterogeneous databases including Oracle, DB2, SQL-Server, PostgreSQL, Derby and Daffodil DB. It is platform-independent by virtue of being built in Java, and supports bi-directional data replication. Now Open Source, it offers users the power to understand its architecture and code, and also modify it if required."
phpPgAdmin 3.5 ReleasedVersion 3.5 of phpPgAdmin has been announced. "A new major version of phpPgAdmin is now available. phpPgAdmin is a web-based administration tool for all 7.x and the new 8.0 version of PostgreSQL. Major emphasis on this release is in supporting all the new 8.0 features."
PostgreSQL Weekly NewsThe November 9, 2004 edition of the PostgreSQL Weekly News is out with the week's PostgreSQL database news.
PostgreSQL Weekly NewsThe November 15, 2004 edition of the PostgreSQL Weekly News is out with the week's collection of PostgreSQL database news.
RSS Feeds from PostgreSQL with SRSSSSRSSS is a new project that can connect an PostgreSQL database to an RSS feed, according to this announcement. "The Simple RSS Service (SRSSS) generates and serves RSS feeds through a common interface via CGI-enabled webservers. It uses modules to extract items for feeds from various sources, and has a virtual filesystem where feeds can be read by CGI-clients."
Libraries GLib 2.5.6 (unstable) releasedUnstable version 2.5.6 of GLib, the low-level core library for GTK+ and GNOME, is out with several changes. Testing is in order.
Mail Software DSPAM 3.2.2 releasedVersion 3.2.2 of DSPAM, a server-side statistical anti-spam filter is out. Changes are mainly bug fixes, see the release notes for details.
spamprobe 1.1x4 released (SourceForge)Version 1.1x4 of spamprobe, a bayesian spam filter, has been announced. "This release adds the final missing pieces to the new parser code. MBX files and Content-Length headers are now supported. Database cleanup when signals are caught has also been improved. I would like to move 1.1 into the stable branch fairly soon so if folks would test out this release and report any problems it would be a big help!"
Web Site Development Analog 5.92beta1 is outVersion 5.92beta1 of Analog, a web server log file analyzer, has been released. Starting with this version, the project license has been changed to the GPL. Firebird and Firefox are now in the recognized browsers list, see the what's new document for more information.
New mnoGoSearch releasesNew versions of mnoGoSearch-php and mnoGoSearch-php-extension are available from the mnoGoSearch web site search engine project.
Build Your Own Blogging Application, Part 2 (O'ReillyNet)O'Reilly has published part two in Matthew Russell's series on blogging software. "In part one, Matthew Russell showed you how to build a front end for your blogging app using Tcl/Tk and some XHTML fundamentals. Here in part two, he uses two parts Perl and a sprinkle of Bash to explain how to build the back end."
Desktop Applications Audio Applications New abcde versionVersion 2.2.0 of abcde, a frontend to the cdparanoia CD ripper, is out. "It is a major release, with plenty of new features. See the changelog at www.hispalinux.es/~data/abcde.php".
Ecasound 2.3.5 releasedVersion 2.3.5 of Ecasound, a multi-track audio processing utility, is out. Here are the changes: "Various Mac OS X specific build issues have been resolved. Minor changes have been made to the OSS soundcard support to avoid limitations of certain OSS drivers. Many minor updates have been made to user documentation and to build system scripts."
Business Applications Grace 0.1.1 Released (SourceForge)Version 0.1.1 of the Grace Receipting System is out. "The Grace Receipting System allows non-profits to track their donors and contributions, and prints receipts and reports."
SQL-Ledger Version 2.4.4Version 2.4.4 of SQL-Ledger, a web-based accounting system, has been released. Changes include session control and cookie-based authentication, ship via search, bug fixes, and translation improvements.
CAD Nineteenth release of PythonCAD now availableRelease 19 of PythonCAD, a Python-based CAD application, is out. "The nineteenth release of PythonCAD fixes a file saving bug found shortly after the eighteenth release was made public. The bug affected drawings that had text entities. A fix for this bug was found and tested by the bug reporter (thanks Ed Richley!) and confirmed to fix the problem."
Data Visualization Fl_2D_Gl_Contour 0.3 is outA new release of Fl_2D_Gl_Contour and related widgets is available for FLTK. "Fl_2D_Gl_Contour, OpenGL based contour widget for Linux, it allow you to graph contour and color map of irregular data set, by now two-dimensional graphics are available but 3D graphis will be soon" See the developer's web site for more information.
JGraphpad v5.1.0 Released (SourceForge)Version 5.1.0 of JGraphpad, a graph component for Java, is out. "JGraphpad 5.1.0 fixes a number of minor bugs, corrects the default behaviour for various functionality and introduces several new features. Of note, the image export functionality is improved, GPUserObjects have a number of fixes and jumping to ports behaviour has been corrected."
JUNG 1.5 released (SourceForge)Version 1.5 of JUNG, the Java Universal Network/Graph Framework, is available. "The current distribution of JUNG includes implementations of a number of algorithms from graph theory, data mining, and social network analysis, such as routines for clustering, decomposition, optimization, random graph generation, statistical analysis, and calculation of network distances, flows, and importance measures (centrality, PageRank, HITS, etc.)."
Desktop Environments The Upcoming Changes of the Gnome Subsystem (GnomeDesktop)GnomeDesktop reports that Anders Carlsson of Imendio outlines and explains the API changes that are coming with the Gnome 3.0 release in the future. "One of the most horrible parts of libgnome is GnomeProgram; the code that handles start-up and argument parsing for GNOME programs. This code also sets up the program to be more "integrated" with the rest of GNOME. For example, when your application segfaults you get this nice dialog allowing you to report a bug. When you have accessibility enabled, GnomeProgram calls the necessary hooks for that. All that is done by GnomeProgram."
GARNOME 2.9.1Version 2.9.1 of Garnome, the leading-edge GNOME distribution, has been released. "This release incorporates the GNOME 2.9.1 Desktop & Developer Platform, as well the usual assortment of third-party updates to keep even the most seasoned developer frustrated beyond belief."
KDE CVS-Digest (KDE.News)The November 12, 2004 KDE CVS-Digest is online with the following content summary: "KJSEmbed QT events now work on Windows. Kdm adds themes. Media kioslave now can use HAL. Kate improves Java and Perl syntax highlighting. KWallet adds search, empty password support, and XML data import."
Xfce 4.2 Release Candidate 1 is outRelease Candidate 1 of Xfce 4.2, a lightweight desktop environment, is available. "This first Release Candidate offers several new and awaited features in comparison with the previous 4.0 stable release, while continuing to be lightweight, including a brand new session manager, keyboard shortcut and desktop menu graphical editors, multihead support, "kiosk mode" support, a desktop menu plugin for the panel, CUPS and BSD-LPR printing support, and a new icon theme." See the Change Log file for more information.
Desktop Publishing Passepartout 0.6 released (GnomeDesktop)Version 0.6 of Passepartout, a desktop publishing application for GNOME, has been announced. "Among the new features are PDF output (albeit with some limitations) and TrueType support. It also now uses FontConfig to find font files, an addition that should please and be a relief to users of previous versions."
Writing "Learning PHP 5" (O'Reilly)David Sklar describes the tools he used to write his latest book. "What are the tools and processes that I used to write Learning PHP 5? Each chapter (and appendix) is its own file, formatted with the Docbook Lite XML dialect. I used XEmacs to edit the files. XEmacs's xml-mode provides helpful assistance with well-formedness checking and context-sensitive tag insertion. It also works with XEmacs' font-lock mode to make tags, attributes, and other XML goodies appear in pretty colors for easier readability."
Financial Applications Grisbi (GnomeDesktop)GnomeDesktop.org introduces the personal finance application Grisbi. "It's a cool financial/personnal accounting application written with Gnome and Gtk, and it is released under the GPL licence. It features budgeting, a Win32 port and GTK2 interface."
Graphics DiaCanvas2 0.14.2 is outVersion 0.14.2 of DiaCanvas2, a GTK+ 2 widget for working with diagrams, is available. This release features several bug fixes.
GUI Packages GTK+ 2.5.5 releasedUnstable version 2.5.5 of the GTK+ GUI toolkit is available with numerous improvements and bug fixes.
gtkmm 2.5.1 announcedVersion 2.5.1 of gtkmm, a C++ interface to GTK+, has been released. "gtkmm 2.5 wraps new API in GTK+ 2.5, and is API/ABI-compatibile with gtkmm 2.4. The new API is unstable, until this become the API/ABI-stable gtkmm 2.6 when GTK+ 2.5 becomes the API-stable GTK+ 2.6."
Imaging Applications F-Spot 0.0.3 Released (GnomeDesktop)Version 0.0.3 of F-Spot has been released. "After quite some time from the previous release, the Mono-based, Novell-sponsored, F-Spot, an image catalog/viewer application, reached version 0.0.3." See the changes document for details.
Instant Messaging Gaim 1.0.3 released (GnomeDesktop)Version 1.0.3 of Gaim, an internet chat application, has been announced. "This is a bug-fix release."
Multimedia gst-python 0.8.0 announcedStable version 0.8.0 of gst-python, a set of python bindings for the GStreamer streaming media framework, is out. "gst-python is a set of python bindings for GStreamer, it has a good coverage and is already used by several applications. The tarball contains minimalist examples, for example a video player and a command line based music player."
News Readers Liferea 0.6.2 has been announcedVersion 0.6.2 of Liferea, the Linux Feed Reader, has been released. Changes include cookie support, security improvements, http authentication support, and bug fixes.
Office Suites ooo-build-1.3.6 announcedBuild 1.3.6 of the ooo-build fork of OpenOffice.org is available. "This package contains Desktop integration work for OpenOffice.org, several back-ported features & speedups, and a much simplified build wrapper, making an OO.o build / install possible for the common man. It is a staging ground for up-streaming patches to stock OO.o."
Video Applications Kino Tips: Installing from Scratch and Exporting MPEG Videos (Linux Journal)Olexiy Tykhomyrov and Denys Tonkonog explain the process of building and installing Kino, a video editing application in an article on Linux Journal. "Kino is not a monolith program, but it does call some extra stuff and uses many libraries while running. A tree of the main dependencies is shown below in Figure 1. In order to compile Kino successfully, you have to install all the needed packages beforehand and compile them from source. Hopefully, the configuration script will help you determine the required software."
Web Browsers Epiphany 1.2.10 releasedStable version 1.2.10 of the Epiphany browser has been released. It fixes a tabbed browsing security vulnerability.
Epiphany 1.4.5 releasedDevelopment version 1.4.5 of the Epiphany browser has been released. It fixes a tabbed browsing security vulnerability and includes many more changes.
GNOME-Fx 1.0.0: "GNOME Firefox themes"Version 1.0.0 of GNOME-Fx, the GNOME Firefox themes, has been released. "I finally got around updating the GNOME-Fx themes for Firefox 1.0. No big changes, just support for Firefox 1.0 The GNOME-Fx themes try to make Firefox look like a native GNOME application. Version 0.10.1 is a huge improvement because the themes use more native looking GTK widgets and also the help is GNOMEized."
Miscellaneous Browser Bookmarks Menu (Gnome Applet) 0.3Version 0.3 of the GNOME Browser Bookmarks Menu applet is available. "Version 0.3 was supposed to focus on packaging and installation, but that turned out to be more complicated than I was expecting (and any help would be appreciated). So I went for features instead."
Coaster 0.1.2 announcedVersion 0.1.2 of Coaster, a CD burning application, is available. New features include undo/redo, icon themes and caching, and more.
gperfmeter v2.0.25 releasedStable version v2.0.25 of gperfmeter, the GNOME performance meter, has been released. "This release is so that there is an official distribution tarball for the possible inclusion of gnome-perfmeter in the JDS release for Solaris 10."
Languages and Tools C Inside memory managementJonathan Bartlett discusses memory management on IBM developerWorks. "Get an overview of the memory management techniques that are available to Linux programmers, focusing on the C language but applicable to other languages as well. This article gives you the details of how memory management works, and then goes on to show how to manage memory manually, how to manage memory semi-manually using referencing counting or pooling, and how to manage memory automatically using garbage collection."
Caml Caml Weekly NewsThe November 9-16, 2004 edition of the Caml Weekly News is out with the week's Caml language articles.
Haskell Haskell Communities and Activities ReportThe November, 2004 edition of the Haskell Communities and Activities Report is available with Haskell language coverage. "The Haskell Communities and Activities Report was initiated at the 2001 Haskell workshop, as a status report of the Haskell community as a whole, to be updated twice a year. The purpose is twofold: (a) to establish what communities, people and projects are out there, working with or on Haskell, and what their areas of interest are; (b) to feed back summary information about ongoing activities in the diverse Haskell sub-communities and amongst Haskell users (commercial or otherwise) to the Haskell Community as a whole." Thanks to Shae Matijs Erisson.
Java SableVM 1.1.7 Released (SourceForge)Version 1.1.7 of SableVM, a Java Virtual Machine, is available. "In this version, we added an experimental generational garbage collector, we imported a new GNU Classpath snapshot, we added handling of Jar/Zip files on boot classpath, we added user-friendly failure messages for bootstrap problems, we added added a profiling switch, we made sablevm-classpath install its files in standard locations, we made jikes and gcc be less verbose by default, and we made several important bugfixes and improvements."
Extending Struts (O'ReillyNet)Sunil Patil talks about extending struts on O'Reilly. "I have seen lot of projects where the developers implemented a proprietary MVC framework, not because they wanted to do something fundamentally different from Struts, but because they were not aware of how to extend Struts. You can get total control by developing your own MVC framework, but it also means you have to commit a lot of resources to it, something that may not be possible in projects with tight schedules."
Memory Contention in J2EE Applications for Multiprocessor Platforms (O'Reilly)Ramchandar Krishnamurthy and Deepak Goel look into multiprocessor J2EE memory contention issues on O'Reilly. "With the need for highly scalable J2EE applications in the enterprise environment, parallel processing of threads is required on multi-processor platforms. The memory requirements in the JVM heap for the processing of these threads and concurrent processing have caused to create performance and scalability bottlenecks in the deployment of these J2EE applications. This article explores the issue of synchronization of threads while accessing the memory within the JVM heap on a multi-processor platform for a J2EE application."
ML MLton 20041109 is outVersion 20041109 of MLton, the Standard ML compiler, is out. Changes include support for more platforms, MLBasis file support, dynamic libraries, new structures, and more.
Perl Perl 5.8.6 RC1 is out (use Perl)Release Candidate 1 of Perl 5.8.6 is out. "This is a regular maintenance release for perl 5.8.x, providing bug fixes and integrating module updates from CPAN."
Implementing Flood Control (O'Reilly)Vladi Belperchinov-Shabanski uses perl to manage Flood Control in an O'Reilly article. "'Flood control' is a method of controlling the processing-rate of a stream of events. It can reject or postpone events until there are available resources (CPU, time, space, etc.) for them. Essentially the flood control restricts the number of events processed in a specific period of time."
PHP PHP Weekly Summary for November 15, 2004The PHP Weekly Summary for November 15, 2004 is out. Topics include: BC, PostgreSQL and Boolean values, Upload progress meter cont, __get 'feature', php_fork, PDFlib versions, PDO meeting, Operator overloading, Date support, and Much ado.
Python Dr. Dobb's Python-URL!The November 10, 2004 edition of Dr. Dobb's Python-URL! is online with another batch of Python article links.
urwid 0.8.3 releasedVersion 0.8.3 of uruwid, a curses-based UI/widget library for Python, is available. Changes include support for CJK double-byte encodings, a word wrapping mode, support for regular and double width characters, and more.
gnome-python 2.6.1 announcedVersion 2.6.1 of gnome-python, the Python language wrappers for the GNOME APIs, is out. Changes include performance improvements, bug fixes, and more.
Python 3D Software CollectionMike C Fletcher has assembled the Python 3D Software Collection, "A small collection (51 packages) of pointers to Python software for working in three dimensions"
PYRO: Python RoboticsVersion 3.4.1 of the Python Robotics project is out. "Pyro is a library, environment, graphical user interface, and low-level drivers to explore AI and robotics using the Python language." Support has been added for the Sony Aibo robot, see the What's New document for release information.
Ruby One Mans Journey of Dependency-Injected Discovery (Ruby Garden)Jamis Buck describes the evolution of the Coopland project into Poseidon, and Ruby dependency injection issues in an article on the Ruby Garden.
S RPy 0.4.0 releasedVersion 0.4.0 of RPy is out. "RPy is a very simple, yet robust, Python interface to the R Programming Language. It can manage all kinds of R objects and can execute arbitrary R functions (including the graphic functions). All errors from the R language are converted to Python exceptions. Any module installed for the R system can be used from within Python." See the News page for release details.
Tcl/Tk Dr. Dobb's Tcl-URL!The November 15, 2004 edition of Dr. Dobb's Tcl-URL! is online with the latest Tcl/Tk article links.
UML Gaphor 0.7.0 announcedVersion 0.7.0 of Gaphor, a Python-based UML modeling environment, is out. New features include an XMI export plugin, item alignment, an undo mechanism, copy/paste operation, and more.
XML Ali 0.4 was releasedVersion 0.4 of Ali is out with new UTF-8 support. "Ali is a simple to use C API to parse XML data. It's scanf like approach is much easier than using SAX or DOM. A tutorial, complete reference documentation, and code examples in the download are all provided. Ali is pronounced like "Alley""
Announcing csv2xml version 0.5 (SourceForge)Version 0.5 of csv2xml, a csv to xml converter, is out. "Version 0.5 has just been released, it is reccomended that people do not use versions earlier than 0.5 as it fixes a memory leak. The new version provides command line options for greater flexibility. Allowing the user to customise the xml output format, depending on users needs."
Introduction to XML Events (IBM developerWorks)Micah Dubinko introduces XML Events on IBM developerWorks. "A number of markup technologies involve attaching behaviors to specific parts of a document. XML Events is a W3C Recommendation that allows declarative attachment of a behavior -- which can be a predefined bundle of actions defined in XML or a more general call to a scripting language -- to a specific element. This article gives an overview of how XML Events came about, what it's useful for, and how it works."
XML, the Web, and Beyond (O'Reilly)Edd Dumbill covers developments in the XML world in his O'Reilly column. "Welcome to this week's column, in which I'm excited to be able to tell you about changes in prospect for next year's XML Europe conference, and report on a discussion about when multiple schemas for XML documents should be used."
Build Tools Got Project Automation? (O'ReillyNet)Mike Clark presents an overview of project automation techniques on O'Reilly. "In his new book, Pragmatic Project Automation, Mike Clark gives you soup-to-nuts recipes for automating your software project: creating one-step builds with Ant, scheduling continuous builds with CruiseControl, generating software releases at the push of a button, installing and deploying applications with ease, and monitoring builds and running programs via email, RSS, your cell phone, and, yes, even lava lamps."
Cross Assemblers An MPLAB plugin for gputilsThe gputils project (GNU Pic Utilities) has announced a new plugin that supports the Microchip mplab Universal Device Programmer.
Debuggers Emacs Mode for GDB (Linux Journal)Nick Roberts introduces the Emacs interface to the GDB debugger. "Graphical front ends are available for GDB, including Insight, but they require a separate editor. Until now, Emacs used a mode that originally was written by Eric Raymond in 1992. This comprised of the GUD buffer, where GDB commands were entered as though on the command line, and the source buffer, where a arrow string ("=>") pointed to the current line of program execution. In this article, I describe a new mode, which I call GDB-UI, that is a part of the next release of Emacs (21.4) and offers the GUI features of many modern debuggers. The advantage of this mode over the other debuggers is the powerful features of Emacs are available for tasks such as editing and searching to provide a truly integrated development environment."
IDEs Wing IDE 2.0 announcedVersion 2.0 of Wing, an IDE for Python, is available. "New features in Wing IDE 2.0 include a completely redesigned customizable user interface, call tips, syntax error indicators, editor tabs and splits, multi-file wildcard and regular expression searching, integrated documentation and tutorial, a German localization, and Unicode support."
Page editor: Forrest Cook Linux in the news Recommended Reading Factory of the Future? (Newsweek)Newsweek has published a look at Nathan Myhrvold's patent shakedown startup. "Sources familiar with Myhrvold's strategy say that he has raised $350 million from some of the largest companies in high tech: Microsoft, Intel, Sony, Nokia and Apple. Google and eBay also recently invested. With this large bankroll, the company is out buying existing patents in droves. (Myhrvold won't comment on these activities, but sources say he has already purchased about 1,000 patents.) The strategy is to set up a sort of patent marketplace. Patent owners get money upfront for the dusty ideas sitting on their shelves, the investors get the rights to use the ideas without being sued and Myhrvold gets to rent those same ideas to other companies that need them to continue creating products."
Dear IE, I'm leaving you for good (ZDNet)A ZDNet columnist breaks up with his browser. "With Mozilla Firefox, at least I know where I stand. The code is open source, built from the ground up, clean--not recycled. No more hidden agendas. At least when there's a flaw in Firefox, this browser alerts me on its toolbar. It doesn't try to hide its mistakes, waiting until the second Tuesday of the month to offer me a patch for some flaw that's been out there for six months already."
Prelude to MS-Linux (CBS)CBS MarketWatch is carrying a Dvorak column on Microsoft's investment in Vintela. "When these two purchases are analyzed along with other recent Microsoft actions, you have to conclude that it is about to bring out a version of Linux under its own brand name. I suspect it will simply be termed Microsoft Linux or MS-Linux."
The SCO Problem Fact and fiction in the Microsoft-SCO relationship (News.com)News.com has posted a lengthy article claiming to lay down the truth behind Microsoft's involvement in the SCO case. There is some decent research there, but some things are missing: the name "Mike Anderer" never appears, for example. "But it was Microsoft that helped ensure that SCO could mount the fight, by providing major financial help at least twice in 2003. (SCO's finances are currently being tallied for the quarter ended Oct. 31, with the results to be reported in late December.) Though it doesn't appear that Microsoft was in the driver's seat when it came to SCO's legal attack on Linux, Microsoft's financial assistance was unusual and crucial."
Companies CollabNet: Bringing open source to the rest of us (Silicon.com)Silicon.com covers CollabNet. "Five-year-old CollabNet doesn't feel ashamed to get more deeply involved in open source than just providing the tools for development. When it saw the need for an open-source version control tool to succeed the industry standard CVS (Concurrent Versions System), it spearheaded the creation of the Subversion project by hiring four employees to get the process started and build a community around it."
Red Hat opens office in China (News.com)Red Hat has opened a new office in China, according to this article on ZDNet. "The company said it will work with industry partners such as Hewlett-Packard, IBM, Intel and Oracle, as well as with Chinese business partners, to serve the rapidly growing Chinese software market. Red Hat's office will be located in the nation's capital, Beijing."
Sun deputizes Versora for Microsoft attack (the Register)The Register reports that Sun will be working with Versora in an effort to move customers off of Microsoft web servers. "Versora, a small company based in Santa Barbara, California, is the newest member of Sun's iForce partner program. The firm makes products that automatically move code from Windows IIS servers to Apache servers. Sun will be looking to shift customers onto both Apache and its own Java System Web Server."
Sun to set Solaris free, after a fashion (News.com)News.com sees Open Solaris as Sun's attack on Red Hat. "The pricing strategy, to be announced at a quarterly product launch event in San Jose, Calif., is the first half of an ambitious effort to retrieve relevance that Solaris lost to Linux. The second half will arrive in 60 to 90 days as Sun releases the source code of Solaris under an open-source license, Loiacono said."
Business Firefox fortune hunters (News.com)News.com looks at businesses built around Mozilla. "One result of these and other efforts is that Mozilla developers who cut their teeth as volunteers are now finding paid work in the Mozilla-based marketplace--a trend reflected in the open-source ecosystem as a whole."
Linux Adoption Norway reports additional benefits from move to Linux (Desktop Linux)Desktop Linux looks at Linux adoption in Norway. "In the midst of a migration to Linux, the city of Bergen, Norway has reportedly expanded its estimates of the cost savings and other benefits it expects to achieve in switching from Microsoft Windows technologies. In a report at ZDNet published last week, Bergen CTO Ole-Bjorn Tuftedal says he expects to save 30 percent on hardware costs alone thanks to the efficiency of Linux -- this, in addition to cost savings associated with licensing fees and other economic benefits he had expected prior to testing open source for city-wide deployment."
Venezuelan government institutions may adopt GNU/Linux (VHeadline.com)VHeadline.com reports that Venezuela is looking at Linux. "Venezuela's National Assembly (AN) has started a debate on a bill to implement "free software" in government institutions ... the proposal was introduced October 21 by AN deputy Luis Tascon and urges the five independent branches of Government: Executive, Legislative, Judiciary, Moral and Electoral including all official entities to adopt free software as an exclusive working platform via the GNU/Linux operative system."
Legal Senate May Ram Copyright Bill (Wired)Wired examines the latest silliness before the U.S. Congress. "The bill would also permit people to use technology to skip objectionable content -- like a gory or sexually explicit scene -- in films, a right that consumers already have. However, under the proposed law, skipping any commercials or promotional announcements would be prohibited. The proposed law also includes language from the Pirate Act (S2237), which would permit the Justice Department to file civil lawsuits against alleged copyright infringers."
Monopolies of the mind (Economist)The Economist has run a leader on patent problems. "Europe has not, so far, made the same blunder, but the European Parliament is considering the easing of rules for innovations incorporated in software. This might have a similarly deleterious effect as business-method patents, because many of these have been simply the application of computers to long-established practices."There is also a (subscribers only) article on fixing the patent system. "Later this month, the European Council of Ministers will discuss draft legislation on harmonising policy on computer-implemented innovations. Many small software companies in Europe, as well as 'open-source' software developers that make non-proprietary software, oppose the initiative. They fear that it is a first step towards adopting controversial software patents, already awarded in America, which could block different implementations of the same features. Were further proof needed that this may not be an entirely positive development, look no further than the mighty software monopolist, Microsoft, whose chairman, Bill Gates, has called on employees to increase the number of patents that the company files."
MS and Indemnification (Groklaw)Groklaw has taken a detailed look at Microsoft's indemnification offer. "Refund the full amount they paid for the software? How can you resist a generous offer like that? Maybe we need to look at the fine print here."
Interviews Interview: OSDL chief Stuart Cohen - Part 2 (vnunet)Vnunet is running part two of an interview with OSDL's Stuart Cohen: "There are people who think Linux is going to run Microsoft into the ground. I don't believe it for a minute. It's too smart, too well managed, too well run. [But] it'll listen to its customers. When it gets to some market share number, or some customer sets, or some customer rating, then some [Windows] applications will run on Linux. It'll try different things, probably in different geographies, to see what works."
Novell CTO on hot Linux apps and closing gaps (Enterpriselinux)Enterpriselinux interviews Novell CTO Alan Nugent. "Some corporate IT pros say they have a hard time finding the applications that they need for Linux. Do you think this is still valid, or do they just need to do more research?""Nugent: I think it is still valid in some areas. If I am at a Fortune 500 insurance company, I can't find a great claims management system that runs on Linux just yet. But, if I am in the electrical CAD business or mechanical CAD business, I can. So, it depends on the market. A year ago, that question would have been valid for a much broader segment of the market. They really couldn't find applications that would run on Linux; but it is getting better every day. Companies can now begin to use Linux much more broadly than for Web servers or firewalls. We work with dozens and dozens of companies which have either completed ports or are in the process of doing ports to Linux. Many of them are household names."
Interview with NVIDIA Engineers (LinuxQuestions)LinuxQuestions.org interviews some unnamed NVIDIA engineers. "Demand has continues to grow for high quality Linux drivers with each new generation of GPUs. Around 15-20% of our workstation users ship with Linux. Some industries in the workstation business are 100% Linux. We have users using our Linux OpenGL drivers for things like designing automobiles, operating medical equipment, broadcasting television, and creating the latest special effects in movies."
Interview with Red Hat Vice President of Open Source Affairs Michael Tiemann (LinuxQuestions.org)LinuxQuestions.org talks with Michael Tiemann. "As a Linux distribution, Fedora shines, pure and simple. But it's hard not to: the work that the GNOME team, the Open Office team, the Evolution team, the Firefox team, the kernel team, I could go on..., are doing is simply amazing. And the Fedora community is blessed with a large number of people seriously committed to making it great. I think that Fedora does a fantastic job of showing people "the best of what works today in 100% free and open source software". I think that Fedora is the perfect balance of leading edge technologies, yet robust enough that I can give my dad 4 CDs, he can install them, and then tell me "everything worked, as expected.""
Resources Securing Linux, Part 2: Planning the installation (IBM developerWorks)IBM developerWorks helps build a secure Linux system. "The first step -- before inserting your distribution's CDs and launching the installer -- is to develop a security plan: determine what services the system will provide, which hardware will be used, what software is necessary, and how the installation will be organized. By making the effort to develop such a plan before the actual installation, lots of possible security issues can be identified and eliminated at a very early stage. This is beneficial as it helps to minimize the risk of a system intrusion or outage. Furthermore, it provides a sound basis for quickly reacting in case of attack or publication of software vulnerabilities and patches."
FreeBSD for Linux Users (O'Reilly)Dru Lavigne presents part one of an O'Reilly introductory article on FreeBSD. "In today's article, I'll cover some of the big-picture differences from the perspective of a Linux user being introduced to FreeBSD. In Part 2, I'll discuss command equivalents between Linux and FreeBSD."
Reviews What's New in Fedora Core 3 SE Linux (Linux Journal)Linux Journal examines Security Enhanced Linux in Fedora Core 3. "The default SE Linux policy in FC3 is the targeted policy. Two types of policies are offered--targeted and strict. Targeted policy is new in FC3. Under the targeted policy, only some of the more commonly used daemons run with SE Linux restricting what they can do. These daemons include named, httpd, dhcpd, portmap, squid, nscd, syslogd, snmpd and ntpd. These daemons run in their own domains; httpd, for instance, runs in the httpd_t domain."
Miscellaneous TiVo hacks flourish (ZDNet)ZDNet looks at some of the interesting modifications that are being done to the Linux-based TiVo video recorders. "TiVo hacks available for download do everything from adding a Web interface to the TiVo unit, converting programs to DVD and other formats, altering TiVo native features, expanding the unit's hard drive, transferring files back and forth from the unit to the PC, and archiving shows at smaller file sizes. "TiVo is missing some tremendous opportunities," said Riley Cassel, a programmer who last year released a popular, unauthorized extension called MFS_FTP. "There's no technical reason you couldn't watch TV across the Net...Of course, the problem is that the same software can be used to broadcast HBO or Discovery HD, so Hollywood would go nuts.""
Page editor: Forrest Cook Announcements Non-Commercial announcements An open letter to the NIH (Bioinformatics.Org)Bioinformatics.Org has posted an open letter to the US National Institutes of Health (NIH) regarding the freedom of scientific research materials and related software issues. "We also wish to take this opportunity to address some related problems with the current publishing model. First, there is often no requirement for the availability of the software used in bioinformatics and related research for results to be published, thus preventing the necessary condition of reproducibility. Not only should the software be available in binary form, but one should also be able to obtain and/or inspect the source code of that software to ensure the accuracy of the results. It is too often the case that a non-public entity has conducted an experiment with its own, proprietary software, making it impossible to independently verify the results."
Commercial announcements Absoft Announces New Cluster Builder's KitAbsoft Corporation has announced version 2.0 of its Cluster Builder's Kit. "Absoft Corporation has announced a new Cluster Builder's Kit version 2.0 which replaces its Beowulf Tool Kit v1.0. The Cluster Builder's Kit (CBK) is used in conjunction with Absoft high performance compilers and debugging solutions and is designed to facilitate building and setting up cluster systems."
BEA Announces Open-Source Milestones for Apache BeehiveBEA Systems, Inc. has announced milestones in the company's open-source efforts including code release milestones, updated tools and additional platform support for Apache Beehive. They'll be showcasing Apache Beehive at ApacheCon.
Conectiva, Mandrakesoft, Progeny, and Turbolinux form consortiumFour distributors - Conectiva, Mandrakesoft, Progeny, and Turbolinux - have announced a project to build a common core distribution compliant with LSB 2.0. The newly-formed Linux Core Consortium plans to put out a release every 18 to 24 months. Click below for the press release, or see the LCC FAQ for more information, including an answer to the obvious "isn't this just another UnitedLinux?" question.
HP Drives Mainstream Adoption of Open Source Software with JBoss DealHP has announced an agreement with JBoss, Inc. to provide a single point of contact for JBoss support, as well as a full range of consulting services.
McObject and MontaVista announce eXtremeDBMcObject and MontaVista Software Inc. have announced the release of eXtremeDB, an in-memory embedded database.
ReelTime to Deploy Linux Operating SystemsReeltime Rentals, Inc, a video rental outfit, has announced that it will be using Linux on its IRDS video rental servers. "According to Alex Stanczyk, CEO of Reeltime Rentals, "Using Linux as the OS on our IRDS Servers is a very exciting step for the company. Due to the robust nature of the platform coupled with its security and uptime, ReelTime will be able keep its cost infrastructure extremely low allowing the Company to greatly increase its profitability."
Terra Soft announces new PowerPC clustersTerra Soft Solutions, Inc has announced its new IBM PowerPC 970-based clusters.
Slashmail.org announces improvementsUCE Bee has announced improvements to it's email service, Slashmail.org. "Slashmail.org is powered by Open Source technologies. Riding the wave of creativity and grassroots genius inherent with the Open Source software model, Slashmail.org is committed to supporting a simple business model: For a nominal annual charge, Slashmail.org will provide a clutter-free email service that allows you to focus on the task at hand: "personal and private communications"."
Voyager Capital Becomes the First Venture Firm to Join the Open Source Development LabsThe Open Source Development Labs has announced that Voyager Capital, a Pacific Northwest information technology venture firm has become the latest member of OSDL. "Voyager will bring its network of important business contacts, its insights into developments of both software and hardware technologies, and aid in the expansion of OSDL's member consortium."
New Books "Gaming Hacks" Released by O'ReillyO'Reilly has published the book Gaming Hacks by Simon Carless.
"Inside the Spam Cartel" Released by Syngress PublishingSyngress Publishing has published the book Inside the Spam Cartel by Stu Sjouwerman and others.
"Java Network Programming, Third Edition" Released by O'ReillyO'Reilly has published the book Java Network Programming, Third Edition by Elliotte Rusty Harold.
Building Applications with the Linux Standard BaseIBM Press has published the book Building Applications with the Linux Stanndard Base by the Linux Standard Base Team.
"SELinux" Released by O'ReillyO'Reilly has published the book SELinux by Bill McCarty.
"Smart Home Hacks" Released by O"ReillyO'Reilly has published the book Smart Home Hacks by Gordon Meyer.
SpamAssassin : A Practical guide to Configuration, Customization and IntegrationPackt Publishing has published the book SpamAssassin: A Practical guide to Configuration, Customization and Integration by Alistair McDonald.
Resources Is Open Source the new cell phone?A survey by VA Software Corporation has revealed that while Open Source tools, technologies and techniques are used in a majority of enterprises, executive resistance to Open Source may be hindering greater adoption of Open Source development methods for internal software development.
The LDP Weekly NewsThe November 17, 2004 edition of the Linux Documentation Project Weekly News is online with the newest documentation releases.
SSC Publishing to Launch TUXSSC Publishing has announced the launch of a new monthly print and online publication, TUX, a magazine for new Linux users. The magazine will launch February 1, 2005.
Contests and Awards KPDF Icon Contest Announces Winner (KDE.News)KDE.News has announced the winner of the KPDF icon contest. ""But who won?" you might ask. Well the jury have given their scores, and it has become clear that Marco Martin has won the icon contest for another kpdf icon. Congratulations Marco!"
Upcoming Events GNOME Love Day (GnomeDesktop)A new GNOME Love Day event has been announced. "Sunday, November 21st is a very special GNOME love day dedicated to spreading the love for Yelp, GNOME's own rocking help browser. Our friendly and experienced hackers will be on hand to help bring new developers up to speed."
Bug squashing in Cambridge, November 27th to 28thA Debian bug squashing event will be held in Cambridge, Mass on November 27 and 28, 2004.
JavaPolis 2004 announcedJavaPolis 2004 will be held in Antwerp, Belgium on December 13-17, 2004.
PHP Quebec Call For SpeakersA call for speakers has gone out for the 2005 PHP Quebec conference. The event will take place in Montreal, Canada from March 30 - April 1, 2005.
Computers, Freedom and Privacy Conference 2005 CFPA Call for Proposals has gone out for the Computers, Freedom and Privacy Conference 2005. The event will take place in Seattle, WA on April 12-15, 2005.
Events: November 18, 2004 - January 13, 2005
Mailing Lists Zope 3 Users Mailing ListA new Zope 3 users' mailing list has been created: "on popular demand from a couple of people we have decided to create a new Zope 3 Users mailing list that will serve to answer your questions about Zope 3. The Zope 3 developers have made a commitment to answer your questions in a timely manner. We hope that this way the generic Zope and Zope3-Dev mailing list will be disburdened from user-related questions."
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Miscellaneous Celebrate Mozilla Firefox 1.0 with mozparty2 (MozillaZine)A series of international mozparty2 events have been announced: "aeneas wrote in to remind us about mozparty2, a network of parties taking place around the globe to celebrate the release of Mozilla Firefox 1.0. At the time of writing, 372 parties are planned, with most taking place next weekend (19th-21st November)"
Page editor: Forrest Cook Letters to the editor How Microsoft can improve Internet Explorer
> If ZDNet Australia readers have suggestions for features they would like
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Boot chart]](http://www.klika.si/ziga/bootchart/bootchart.png)
![[Wired]](/images/ns/wired.png){kind=small}
Wired contrasts with
