LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for December 16, 2004The Linux Core Consortium courts DebianThe Linux Core Consortium is an effort by Conectiva, Mandrakesoft, Progeny and Turbolinux to create a single, Linux Standard Base-compliant core distribution which each distributor can then use as a base for their products. The idea is to share some of the distribution engineering work and, simultaneously, to create a widely distributed, standard platform which independent software vendors can target for their products. See this LWN article for more information on the LCC.Bruce Perens has recently proposed to the Debian project that it work with the LCC. There are, according to Bruce, a few reasons why Debian would want to do that:
The first is that we should be influencing this group to do things
the Debian way, where that is important. The second is that the
group plans to lower the overhead of hardware and application
vendor certification for all of its participants, and we could
really use that sort of support. The third is that the group would
make certification by LSB and other standards bodies easier for all
of the participants.
Ian Murdock, the founder of the Debian project, has his own reasons for encouraging Debian to join:
How does Debian benefit from LCC? It's a route to the ISV and IHV
certifications that Debian has always lacked, and it is the lack of
these certifications that's preventing Debian from standing
alongside Red Hat and Novell/SuSE in the commercial space despite
comparable (and arguably greater) popularly. The industry simply
doesn't know how to engage us, and LCC provides them with a vehicle
for doing that.
Appealing to vendors of proprietary software has never been high on the Debian Project's list of priorities. Ian claims that vendor support is important, however, if Linux is to remain an open, free platform in the increasingly commercial context in which it operates. Working with the LCC would, essentially, require Debian to help develop, and then distribute, a set of standard binaries used by all LCC-based distributions. All of these distributions would use the same (binary) kernel, the same libraries, and many of the same configuration mechanisms. The use of identical binaries goes beyond the requirements of the LSB, which only requires that the same binary interface (ABI) be available. Ian claims that the LSB approach has proved to be insufficient:
...while there are numerous LSB-certified distros, there are
exactly zero LSB-certified applications. The reason for this is
that "substantially the same" isn't good enough--ISVs want *exactly
the same*, and there's a good reason for that, as evidenced by the
fact that while Debian is technically (very nearly) LSB compliant,
there are still a lot of edge cases like file system and package
namespace differences that fall outside the LSB that vastly
complicate the "certify to an ABI, then support all distros that
implement the ABI as defined by whether or not it passes a test
kit" model.
As one might imagine, there is some resistance within the Debian Project to distributing a set of binaries (including the kernel) provided by an outside organization. It will be a hard sell; from your editor's reading of the debate, the early signs are that the Debian developers aren't buying it. Debian users like to have a great deal of control over their systems, and the LCC looks like a way of giving up some of that control with no immediate benefits in sight.
Porting free software to WindowsA recent debate between KDE developers raises an interesting question: Does it help or hurt to port open source applications to closed platforms, such as Windows? One side argues that availability of open source applications on Windows diminishes the chances that users will choose to migrate to Linux or *BSD. The other side argues that open source on Windows can bridge the gap between Linux and Windows, thus making it easier for users to (eventually) migrate. First, there is the question of goals. While Microsoft has a coherent set of goals, the open source community does not. Some projects are dedicated to spreading open source as an end unto itself, others just see open source as the best model for their specific project. If the goal is simply to foster adoption of a specific application, like Firefox or OpenOffice.org, then porting that application to Windows is without question the right strategy. The vast majority of desktop users are on Windows, and it makes little sense to ask users to switch operating systems to use one application. However, if the goal is to spread open source in general, then one has to wonder whether users are likely to migrate to a new operating system if the best applications for that system (or most of them, anyway) are also available on the closed system that they're familiar with. The vast majority of users are motivated by factors other than licensing. This is not the first time the debate has been raised, nor is it likely to be the last. However, this may be a good time to look at the situation. Linux is acknowledged as a mainstream server operating system, but still looked at as a fringe desktop operating system. Desktop applications on Linux are starting to reach parity in ease-of-use and feature sets with their Windows counterparts, thus making it a viable platform for Windows users to migrate to, should they so choose. At the same time, many of those applications are available on Windows, allowing Windows users to adopt open source applications without migrating away from Windows. If this is the final result, then most Linux users would see porting open source applications to Windows as undesirable. As Aaron Seigo writes:
The more software we port to Windows the more we reinforce this application
availability imbalance and strengthen the user's inertia to stay on
Windows. If users had to make a choice between Windows or Linux (or BSD)
when it came to getting access to better applications they would find they
had a motivation to switch. And switch they would.
There is, however, the possibility that users will be more likely to adopt Linux or *BSD if they have a positive experience with some of the open source applications on Windows. Change is scary for many users, and it may be better to provide a means to gradually adjust to open source platforms rather than expecting a user to plunge in headlong and learn to swim right away. It's also worth considering that many Windows users would never be exposed to open source applications if they are not available on Windows. It's one thing to hear wonderful things about OpenOffice.org, Firefox, The Gimp, Apache or KDE, but another thing entirely to actually use those applications and become comfortable with them. For organizations, the gradual approach may be the best way to ensure the adoption of open source. As "pipitas" argues:
Even at the present stage there is a considerable share of IT desicion
makers in enterprises and government bodies who seriously evaluate options
and costs of a switch over. For most, it now looks like "all or nothing,"
and a big jump. A too big one in many cases. So they refrain. So they sign
another 5 year contract with MS...
To chop the task into smaller pieces, to take the direction, but only a few steps for now, to smooth the transition out over a period of time is very difficult. And it costs. Not only do you have to train the users. You also need to re-train the IT teams. So Microsoft is of course playing on the card of Total Cost of Ownership (TOC), with a liiiiiittle bit of (every marketeer's) exageration, but with a tiny bit of valid argument too. They keep winning, albeit often by a small margin. And they even start losing some rounds, lately. Both sides make compelling arguments. There are, no doubt, users and organizations that will adopt a handful of open source applications and stop there. Other users and organizations will adopt Firefox, OpenOffice.org and other open source applications and decide to go further. In the end, however, it's hard to argue for spreading open source by restricting users' choice. Most Linux users resent Microsoft for restricting their choices when using Windows, so it's somewhat hypocritical to suggest that Windows users should have to make an "all or nothing" choice to use Linux or *BSD to benefit from open source. While there's a risk that users will choose to stay on Windows, it's the ability to choose that led most of us to Linux in the first place.
Ubuntu Conference: The Mataró SessionsThe Ubuntu Conference was already in full swing by the time I arrived, late last Friday. Canonical employs thirty-seven people, located in twelve countries, and most of them are here in Mataró. For some this is their first chance to meet and talk to fellow developers face to face. The entire conference has been a series of workshops, BOFs and hack sessions all revolving around Ubuntu, LaunchPad and the various components of LaunchPad. A few visitors have joined in here and there, but only the sessions last Saturday were targeted to visitors. Presentations have mostly been in English, although Saturday's sessions were translated into Spanish and Catalan for the benefit of the many Spanish visitors. People drift in and out, but over all attendance averages around fifty people, and at least double that on Saturday.The conference is located at the Hotel NH Ciutat de Mataró, also home for most of the Canonical staff and your LWN editor. A typical day starts out with a buffet breakfast in the hotel dining room. All Canonical staff meet in the main conference room at 9:00 AM before breaking into smaller groups to talk about and hack on the various projects. The hotel provides a pack lunch so people can munch and continue working. By around 8 or 9 PM it's time to head for dinner at one of the many restaurants in Mataró. This is also done in smaller groups as some continue hacking until late and some go looking for different types of food. Mataró is on the Mediterranean coast so the weather is mild. Natives wear coats and scarves and hats, but those of us from more northerly climes find it pleasant with no more light a jacket even late at night. Canonical projects underway here at the conference include Ubuntu and the upcoming Hoary Hedgehog release, the proposed KDE version called Kubuntu and the application suite LaunchPad, with many a late night hack session devoted to one of the LaunchPad applications. For more on LaunchPad and its applications see Ubuntu Conference: The LaunchPad workshop. Briefly, the applications so far are the translation tool Rosetta, package manager Soyuz, version control system Bazaar, and bug tracker Malone. I chatted with Canonical founder Mark Shuttleworth briefly on Wednesday over lunch and asked him how Canonical plans to make money. Ubuntu is free, and LaunchPad will be free to use, but Canonical does aim to make some money in support. Additionally, he hopes to get some government grants to build localized distributions. By using the still incomplete LaunchPad suite it will be easy to create distributions for a wide variety of the world's subcultures. For now he keeps costs low by limiting the number of developers assigned to any particular project and by not having a centralized office, and enjoys Python hacking with his staff of talented developers. He also knows what he's willing to spend to make Canonical self-sustaining and how long that should take (though he did not share details with your editor). If it doesn't happen he'll pull the plug and move on. We're hoping that it does work out and Canonical will manage to survive, not only because Ubuntu is a nice distribution and quite stable on this laptop, but also because if LaunchPad can become the suite that Mark envisions, it could be as revolutionary as Linux itself. For now LaunchPad remains largely vaporware, with the exception of Rosetta, so it is too soon to tell if it can really live up to its potential, but with the team that Mark has put together it stands a good chance. This is Rebecca Sobol reporting from Mataró Spain.
Ubuntu Conference: The LaunchPad workshopHere at the Ubuntu Conference in Mataró Spain, Canonical developers are meeting with each other and with representatives of the Spanish government and other guests to talk about Ubuntu and LaunchPad, an application suite currently in development at Canonical. This article focuses mainly on the workshops that took place on December 11, wherein government representatives and other guests were treated to a view of some of the LaunchPad applications.
Carlos explained that Mataró is located in Catalunya, where Catalan is the local language and the local Linux distribution is Càtix. Other regions in Spain have their own language and culture, and each region wants to preserve that language and culture, and this is reflected in a variety of local Linux distributions customized into the various local languages.
During Alfonso's presentation we learned that the second version of Guadalinex has been released and that thousands of people use Guadalinex in schools, at home and at work. Guadalinex offers technical and non-technical support. Also Guadalinex shares many of the same problems that are faced by developers around Spain and around the world. Here is a short list of areas, as identified by the audience, in which small distributions, particularly those derived from larger distributions, are having problems.
Once the problems were identified it was time to talk about how LaunchPad might provide at least some of the solutions. The three LaunchPad applications closest to release are Rosetta, Malone and Soyuz. We should note here that while LaunchPad tools are designed to be used with open source software, they will not themselves be released as open source, at least not initially. Rosetta: Due for its first release this week, Rosetta may be out by the time you read this. This translation tool provides an easy-to-use web interface for translators, making it easy for a non-technical translator to provide a translation for an application. How does that work? Take any application included in your distribution. The user interface is typically presented in English. To localize the application you could go into the code and change all the strings to the language of choice. Then you'll have to recompile, deal with any introduced errors, and have a version of code that is different from upstream. Worse, the process starts over with each update to the application, even when the application's interface remains the same. Now imagine that you have translators from all over world who use Rosetta's interface to edit a POTemplate (or POT file) for that application. The application needs only to be aware that POT files exist to present the end user with an interface in their chosen language. New translations can be added and existing translations can be improved without any change to the code. Rosetta keeps track of translations and can export new or improved translations back to the original application. Rosetta can also show you your entire distribution to see what has been translated, and what still needs to be translated. Right now Rosetta only works with code, changing the face of the application for the non-English speaking user. Later releases of Rosetta will be able to handle man pages, DocBook and OpenOffice documents, and do spell checking. Those interested in using Rosetta may join the mailing list at rosetta-users@lists.ubuntu.com . Malone: Another piece of LaunchPad is Malone, an extraordinary bug tracking tool. Malone is for developers, not for end users to fill with their bug reports. It will coordinate with other tools such as Bugzilla, tracking bugs both upstream and between distributions. A developer using Malone will be able to see if a bug has been fixed, and where it was fixed so that the fixes can be incorporated into their own distribution. Expect to hear more about Malone in early 2005.
A few of the barriers to collaboration and convergence include government secrecy, lack of communication/language barriers, geography/time zones, different deadlines and priorities, lack of resources, infrastructure, branding, unrealistic requirements, different hardware/architectures, and so on. The idea of LaunchPad is to provide tools that will eliminate as many barriers as possible, so that all Linux distributions can share more and developers can spend less time reinventing the wheel. Soyuz is the package tracker, helping the developer to track the packages in the distribution, upload and build source, track bugs, keep information about the packages and their maintainers and provide a wrapper around the version control system. LaunchPad's version control system is called Bazaar and it's forked from Arch. But that's a story for another article. This is Rebecca Sobol reporting from Mataró Spain.
A couple of LWN notesAs has become our tradition, we will not publish the LWN.net Weekly Edition the week of December 30. We'll return to the usual schedule with the January 6, 2005 edition. The daily updates will continue to happen over the holidays.For various reasons, the 2004 Linux Timeline will be released a little later than usual. Rest assured that it is in progress, and that it will be out by the end of the year.
Security Anatomy of a kernel vulnerabilityThe Linux kernel has seen a great deal of code auditing work. Even so, longstanding security issues turn up regularly. Consider, for example, the __scm_send() vulnerability recently disclosed by Paul Starzetz. This problem, present in the 2.6.9 kernel, is also present in 2.4; it has been there for some years.This particular vulnerability hits the kernel socket API. Messages sent with the sendmsg() system call can have, embedded within them, control messages which can be used to transfer certain access rights to the recipient of the message. The control message header is defined as:
struct cmsghdr {
__kernel_size_t cmsg_len; /* data byte count, including hdr */
int cmsg_level; /* originating protocol */
int cmsg_type; /* protocol-specific type */
};
These control messages are passed to __scm_send() for checking. One of the first things done with each control message is to look at the length of the message; the 2.6.9 code which performs this check looks like this:
if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
(unsigned long)(((char*)cmsg - (char*)msg->msg_control)
+ cmsg->cmsg_len) > msg->msg_controllen)
goto error;
The programmer who wrote this code probably thought that all the bases were covered; the control message length was verified to be at least the minimum necessary, but not so large as to overflow the space allocated for control messages in the structure read in from kernel space. The problem is that the cmsg_len field is of type __kernel_size_t, which is an unsigned integer type. If a very large value is stored in cmsg_len, it will cause an overflow in this calculation:
((char*)cmsg - (char*)msg->msg_control) + cmsg->cmsg_len) When this overflow occurs, the resulting sum can be a small number, so cmsg_len does not appear to be overly large to this particular test. At a later point, however, that length will be added to a pointer into the list of control messages. Once again, the addition will cause an integer overflow, with the result that the pointer moves backward. The exploit created by Mr. Starzetz works by creating a message with two embedded control messages. The second one sets cmsg_len to -12. That length gets translated to a very large unsigned number (0xfffffff4 on 32-bit systems); it happens to be just the right value to bump the pointer in __scm_send() backward in the list, where it encounters the same control message structure again. An infinite loops results. Interestingly, this particular vulnerability seems to have been found by another researcher at about the same time. The fix was merged on December 8; the identification of the bug is credited to Georgi Guninski. It is, in any case, fixed, at least for 2.6.10. Some distributors have already made updated kernels available.
Security reports Vulnerability in Slash CVSAn advisory has gone out for users of the CVS version of the "Slash" weblog software. It seems a fairly serious vulnerability has been found in that code; details will be released shortly. The Slash hackers are recommending that people running sites upgrade to the current CVS version at their first opportunity.
New vulnerabilities atari800: buffer overflows
file: stack overflow
kernel: IGMP and scm_send vulnerabilities
ncpfs: buffer overflow
PHProjekt: configuration modification
vim: modeline problems
Updated vulnerabilities a2ps: input validation error
apache: arbitrary code execution
aspell: bounds checking problem
cdrecord: failure to drop privilege
ncompress: Buffer overflow
cyrus-sasl: remote buffer overflow
dhcp: format string vulnerability
Filename disclosure vulnerability in fam
flim: insecure file creation
Foomatic: Arbitrary command execution in foomatic-rip
FreeRADIUS: denial of service
gaim: buffer overflow in MSN protocol
Gallery: cross-site scripting vulnerability
gtk2, gdk-pixbuf: buffer overflows
gettext: Insecure temporary file handling
ghostscript: symlink vulnerabilities
glibc: Information leak with LD_DEBUG
glibc: tempfile vulnerability in catchsegv script
gnome-vfs: backend script vulnerabilities
groff: insecure temporary directory
gtkhtml: malformed messages cause crash
gzip: insecure temporary files
hpsockd: missing input sanitizing
ImageMagick: EXIF buffer overflow
imlib: buffer overflows in image decoding
imlib2: buffer overflows
iproute: local denial of service
iptables: missing initialization
kernel: vulnerabilities in the smb file system
kernel-utils: setuid vulnerability
libgd2: buffer overflows in PNG handling
libpng: multiple vulnerabilities
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
libxpm4: stack and integer overflows
logcheck: symlink vulnerability
lvm10: creates insecure temporary directory
Midnight Commander: extfs vfs vulnerability
mikmod: buffer overflow
mirrorselect: insecure temporary file creation
mozilla products: arbitrary code execution and other vulnerabilities
mpg123: buffer overflow bug
mpg321: format string vulnerability
mysql: several vulnerabilities
netkit-telnet: invalid free pointer
netpbm: insecure temporary files
nfs-utils: denial of service
openssl: der_chop script temp file vulnerability
OpenSSL: denial of service vulnerabilities
php: remotely exploitable memory errors
PostgreSQL: Insecure temporary file use in make_oidjoins_check
ProZilla: Multiple vulnerabilities
qt3: BMP image parser heap overflow
rp-pppoe, pppoe: missing privilege dropping
rssh, scponly: unrestricted command execution
ruby: infinite loop
sharutils: arbitrary code execution
sox: buffer overflow
SpamAssassin: Denial of Service vulnerability
SquirrelMail: cross-site scripting
Subversion: Remote heap overflow
sudo: environment variable sanitizing
File overwrite vulnerability in tar and unzip
tiff: buffer overflows
unarj: buffer overflow vulnerability
viewcvs settings not honored
WordPress: HTTP response splitting and XSS vulnerabilities
wv: buffer overflow
XChat 2.0.x SOCKS5 Vulnerability
xine-lib: buffer overflows
xine-ui - insecure temporary file creation
xorg-x11: integer overflows
xpdf: integer overflows
zgv: multiple buffer overflows
zip: arbitrary code execution
zlib: denial of service
Resources December CRYPTO-GRAM newsletterBruce Schneier's CRYPTO-GRAM newsletter for December is out. Topics include behavioral profiling, Google's desktop search, EPIC, and safe personal computing. "I am regularly asked what average Internet users can do to ensure their security. My first answer is usually, 'Nothing--you're screwed.' But that's not true, and the reality is more complicated. You're screwed if you do nothing to protect yourself, but there are many things you can do to increase your security on the Internet."
A set of data wipe toolsThomas C. Greene has announced a set of data wipe tools for Unix-like systems. They'll go and overwrite any old, sensitive data which may have accumulated in the swap area and in free areas of the disk; click below for the details.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch remains 2.6.10-rc3.The trickle of patches into Linus's BitKeeper repository continues; currently merged patches include a CIFS update, an IDE update, some networking fixes (including a fix for the IGMP vulnerabilities), a DVB update and various other fixes. The current patch from Andrew Morton is 2.6.10-rc3-mm1. Recent additions to -mm include a reworking of the VFS readahead code, parts of the page fault handler scalability patch set, hooks needed for the merging of the Xen architecture, a big set of user-mode Linux patches, in-inode extended attribute support for ext3, unlocked ioctl() support (see below), a set of SELinux patches, and lots of fixes. The current 2.4 prepatch remains 2.4.29-pre1; Marcelo has released no prepatches since November 25.
Kernel development news Quote of the week
Nothing like changing the byte order of structure fields to really
drive the "out-of-tree" driver writers crazy. I like it :)
DebugfsKernel hackers often need to be able to export debugging information to user space. This information is not needed for the regular operation of the system, but it can be highly useful for a developer who is trying to figure out why things are behaving strangely. Sometimes putting in a few printk() calls is sufficient, but, often, that is not the best way to go. The debugging information may only be useful occasionally, but the printed output clogs up the logs all the time. Using printk() also does not help if the developer wishes to be able to change values from user space.A common way of making debugging information available only when needed (and possibly for write access) is to create one or more files in a virtual filesystem. There are a few ways in which that can be done:
As a way of making life easier for developers, Greg Kroah-Hartman has created debugfs, a virtual filesystem devoted to debugging information. Debugfs is intended to be a relatively easy and lightweight subsystem which gracefully disappears when configured out of the kernel. A developer wishing to use debugfs starts by creating a directory within the filesystem:
struct dentry *debugfs_create_dir(const char *name,
struct dentry *parent);
The parent argument will usually be NULL, causing the directory to be created in the debugfs root. If debugfs is not configured into the system, the return value is -ENODEV; a NULL return, instead, indicates some other sort of error. The general-purpose function for creating a file in debugfs is:
struct dentry *debugfs_create_file(const char *name, mode_t mode,
struct dentry *parent, void *data,
struct file_operations *fops);
The structure pointed to by fops should, of course, contain pointers to the functions which implement the actual operations on the file. In many cases, most of those functions can be the helpers provided by seq_file, making the task of exporting a file easy. Some additional helpers have been provided to make exporting a single value as easy as possible:
struct dentry *debugfs_create_u8(const char *name, mode_t mode,
struct dentry *parent, u8 *value);
struct dentry *debugfs_create_u16(const char *name, mode_t mode,
struct dentry *parent, u16 *value);
struct dentry *debugfs_create_u32(const char *name, mode_t mode,
struct dentry *parent, u32 *value);
struct dentry *debugfs_create_bool(const char *name, mode_t mode,
struct dentry *parent, u32 *value);
Debugfs does not automatically clean up files when a module shuts down, so, for every file or directory created with the above functions, there must be a call to:
void debugfs_remove(struct dentry *dentry);
The debugfs interface is quite new, and it may well see changes before finding its way into the mainline kernel. In particular, Greg has considered adding a kobject parameter to the creation calls; the kobject would then provide the name for the resulting files.
Boot-time clock frequency selectionThe timer interrupt is the kernel's way of keeping track of the passage of time. Every so often, a programmable timer interrupts the kernel, which responds by updating its internal time value, performing various housekeeping tasks, and executing any delayed kernel work whose time has come. In the 2.6 kernel, on the x86 architecture, by default, the timer interrupt comes 1000 times per second; other architectures and configurations can vary.Playing with the timer tick frequency is almost as old as the kernel itself. The frequency with which the hardware timer interrupts the processor is well parameterized into a single compile-time variable (HZ); running the system with a nonstandard clock frequency is simply a matter of changing the definition of HZ (within reasonable bounds) and building a new kernel. There are legitimate reasons for playing with the timer frequency. A faster clock can allow the system to perform more precise delays, and to respond to events more quickly. Systems running at a higher clock frequency should have lower latencies in many situations. There is an overhead associated with the timer interrupt, however; a higher-frequency interrupt will take more CPU time. So, for server loads (where latency is less important), the overhead of a higher timer frequency is not worth it. On laptops, the default 1KHz timer can also defeat the CPU's power management features and significantly reduce battery life. In other words, there is no single value for the timer frequency which works for all users. Changing the frequency is still relatively hard, however; some people are more comfortable with building new kernels than others. Wouldn't it be nice if the frequency could be made into a boot-time parameter, so that it could be changed from one boot to the next without a kernel rebuild? As it turns out, Andrea Arcangeli has a patch which does exactly that. It's not even a new patch: SUSE has been shipping 2.4 kernels with boot-time timer frequency selection for some time. Andrea is now interested in merging this patch into the mainline, should the other developers be willing. The patch is relatively intrusive - it touches 143 files around the tree. The core change is the transformation of HZ from a constant value into a variable. Much of the kernel does not notice the change at all; a call like:
schedule_timeout(HZ/10);
will still set up a wakeup for 100ms in the future. There is some new overhead associated with fetching the value of HZ and performing the division at run time, but Andrea states that it is not really measurable. There are places in the kernel which require further changes, however. Compile-time initializations which depend on a constant HZ value will no longer work; those initializations must be moved to run time, or recast in terms of a known constant value. There are also places where values in timer-tick units are provided by user space. The kernel tries to hide its internal clock frequency from user space, but there are still places where it leaks through. A number of boot-time parameters are expressed in ticks, and some device drivers take parameters in ticks as well. To address these problems, Andrea's expands the use of a symbol called USER_HZ. It is a constant value, though its actual definition is architecture dependent, varying from 32 to 1200 - though most architectures set it to 100. All remaining compile-time initializations, and all values obtained from user space, are interpreted as being in USER_HZ and must be translated to internal values before being used. To that end, some new macros have been provided:
jiffies_to_clock_t(internal_hz); user_to_kernel_hz(user_hz); With these in place, it's just a matter of keeping track of which type of clock value is being used where. Andrea's patch renames variables containing user-space tick values (it prepends "__" to the name) as a way of indicating that a special value is contained there. Andrew Morton has said that some form of this patch is likely to be merged:
So I guess we're going to have to do this sometime - I don't think
there's any other solution apart from going fully tickless, which
would be considerably more intrusive.
Before the patch can be merged, however, a few details must be dealt with - porting it from 2.4 to 2.6, for example. So it's unlikely to go in immediately. Given time, however, it seems likely to be merged in some form.
ioctl(), the big kernel lock, and 32-bit compatibilityDespite efforts to remove the big kernel lock (BKL) from the 2.6 kernel, it still covers large amounts of code. Much of that code is implementations of the ioctl() method in device drivers and filesystems throughout the kernel. A poorly-implemented ioctl() method can block other processors for some time, wasting CPU time and creating high latencies. Fixing ioctl()'s BKL use has been on the "to do" list for some time, but nobody has dived in to get the job done.Mike Werner has recently taken a step in that direction, however, with this patch which aims to make it easy to wean driver ioctl() methods off the BKL one at a time. To that end, it creates a new method in the file_operations structure:
int (*unlocked_ioctl) (struct inode *inode, struct file *file,
unsigned int cmd, unsigned long arg);
This method behaves just like one would expect: if it is non-NULL, it will be called in preference to the regular ioctl() method, and the BKL will not be taken for that call. New drivers can be written to use this method, and the ioctl() methods of old drivers can be shifted over once they are known to be safe to call without the BKL. This is a different approach than was taken to get the BKL out of lseek() methods. In that case, the interface was changed by decree, and lseek() was called without the BKL. First, however, every in-tree lseek() method was enhanced with an explicit lock_kernel() call of its own. As a result, those methods still executed with the BKL held, but the taking of the BKL was made explicit and put into a place where it could be removed when it was no longer needed. A typical ioctl() method can be more complicated than most lseek() methods, however, so the creation of a new method must seem like the easier approach this time around. One commenter has suggested that the new method should not include the inode argument, since it is trivially obtained from the file structure anyway. The version of this patch which was merged into 2.6.10-rc3-mm1 retains that argument, however. Meanwhile, Michael Tsirkin has posted a different ioctl() patch which, while it provides a non-BKL migration path for that method, also solves another problem. One of the biggest challenges in writing portable ioctl() methods is dealing with 32-bit compatibility on 64-bit systems. When user space is running in 32-bit mode, it will have a different view of any structures passed into ioctl(), and the kernel must translate the 32-bit versions into something it can work with. The kernel provides some help with this translation in the form of a function called register_ioctl32_conversion():
typedef int (*ioctl_trans_handler_t)(unsigned int, unsigned int,
unsigned long, struct file *);
int register_ioctl32_conversion(unsigned int cmd,
ioctl_trans_handler_t handler)
After this call, any 32-bit ioctl() call using the given cmd will be passed to the handler function, which, presumably, knows how to deal with it. This mechanism works, but it has a few shortcomings. It relies on a global space for ioctl() command codes, for example. Every command is supposed to be unique, but things do not always happen that way - especially with out-of-tree drivers. The use of a hash table to look up handler functions slows things down a bit. And, as Andi Kleen pointed out recently, the current mechanism suffers from race conditions which appear to be unfixable without changing the interface. But, if you're going to change the interface, you might as well do it right. So Michael's patch adds two new ioctl() methods to the file_operations structure. The ioctl_native() method handles calls made from user-space processes which are using the same architecture model as the kernel, while ioctl_compat() is called in cases where the two differ. With this approach, the global table of commands can be eliminated, and its problems go away as well. Since the new ioctl_compat() method is invoked directly from the file_operations structure, it is easy to manage the module reference count to avoid unload races. Oh, and the kernel does not acquire the big kernel lock before calling either of the new methods; they are expected to be implemented with proper locking from the beginning. Michael's patch seems to solve all of the problems addressed by the unlocked_ioctl() approach, plus a few more. The debate has not yet begun, but it would not be surprising to see the two new methods win out in the end.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Architecture-specific
Security-related
Miscellaneous
Page editor: Jonathan Corbet Distributions Gentoo Linux on AMD64After having installed (been sufficiently impressed by) the AMD64 ports of both Debian Sid and Fedora Core 3 (see Debian on AMD64 and Fedora Core 3 on AMD64), we expected the same from our third victim - Gentoo Linux. Not only is Gentoo a distribution designed to be compiled locally and optimized for the system it is being installed on, Gentoo's AMD64 port has had plenty of time to mature - version 2004.3 was, in fact, the distribution's third stable release for this architecture. And although the road to a complete AMD64 Gentoo system had a lot more potholes than its Debian or Fedora counterparts, further intercepted by frequent side trips to the Gentoo forums and mailing lists, the end result was equally good - a powerful and incredibly fast high-end workstation.But let's start from the beginning. We installed the latest version of Gentoo on a system with the following specifications: AMD64 3500+ processor (2.2GHz), K8N Neo2 (Socket939) mainboard from Micro-Star International, 2 GB of DDR SDRAM, 2 x 120 GB Maxtor hard disks, Plextor PX-712A DVD/CD Rewritable Drive, and NVIDIA GeForce4 Ti 4600 graphics card. Those who are following the series might have noticed that the we have doubled the amount of RAM since the last time - that's because we noticed that even with 1 GB of RAM, the system was still making use of the swap partition, especially when compiling Gentoo packages in the background, while running a KDE desktop, several KDE and GNOME applications, and a web server. We launched the Gentoo installation program from a 52.3 MB minimal live CD (version 2004.3-r1) and followed the instructions in the Gentoo Handbook. If you haven't installed any recent Gentoo release, you should know that, despite some talk about automating parts of the Gentoo installer, the installation is still as manual (read "tedious") as ever. This is of course due to Gentoo's policy of making sure that users installing the distribution learn the basics of a Linux-based operating system early, rather than flood the mailing lists and forums with elementary questions later. While this attitude is understandable, even commendable, those of us who frequently install various distributions for testing purposes or for large-scale deployment would certainly welcome a more automated installation procedure. We decided to perform a full installation from "stage1". This would seem like a waste of time and effort on a AMD64 system - on traditional x86 architectures we could further optimize the build process to target our chip, whether that be a Pentium 4, an Athlon XP, or even a 486, but what do we optimize for on an AMD64 system? The Gentoo installation handbook doesn't deal with this issue either, but based on the information found in the GCC manual we decided to set CHOST to "x86_64-pc-linux-gnu" and CFLAGS to "-march=k8 -O2". We also defined some USE variables to indicate what type of system we are building before configuring the kernel and starting the long compilation process. Unfortunately, things didn't go all that well. While the base system compiled and installed without a hitch, we ran into problems when trying to compile ttmkfdir (a utility to create a fonts.scale file from a set of TrueType fonts) xterm and ncurses. These were relatively easy to solve compared to a later problem with ScrollKeeper - for some reason all ScrollKeeper executable files had been pre-fixed with a name of the architecture, so other applications trying to execute "scrollkeeper" were unable to find it. A trip to Gentoo forums revealed that several other users had suffered from the same issue, until a helpful soul came along and offered a workable solution: unmask and upgrade gcc-config, then remove the CTARGET line from /etc/env.d/05gcc (despite a stern warning not to touch the file!). The above is just an example of some of the potential setbacks facing users who attempt to compile hundreds of packages on Gentoo Linux. Since the version of Gentoo we attempted to install was a stable release (as opposed to a beta or development release), we expected things to go smoothly, but it wasn't the case. One of the solutions that we learned early to solve a compilation problem was to "unmask" a package (by placing its name in the /etc/portage/package.keywords file) and attempt to run emerge again. This often worked - for example, we weren't able to compile the "stable" mozilla-1.7.3 ebuild, but once we unmasked it, the emerge command went on to fetch and compile successfully a "testing" mozilla-1.7.3-r3 ebuild. On a positive note, we had no problems emerging KDE, and once we solved the Scrollkeeper and Mozilla issues, the remainder of the GNOME packages also compiled fine. For those who are wondering about the speed of compiling applications on this AMD64 system, here is an indication of the processor's power: emerging the xorg-x11 package (in its default configuration) took about 25 minutes. In contrast, emerging the same package on a 1.4 GHz Pentium 4 system took about 40 minutes. Mixing 32-bit and 64-bit applications on a Gentoo installation is achieved in a similar fashion as on Debian. The relevant libraries are stored in separate directories - /lib64 is a symbolic link to /lib and /lib32 is a symbolic link to /emul/linux/x86/lib. OpenOffice.org is only available in a 32-bit binary format and so are Opera, Flash Player, Acrobat Reader, and other binary-only applications. One nice thing about Gentoo (compared to Fedora Core) is that most of these applications are available from within the portage infrastructure (e.g. a simple "emerge corefonts" downloads and installs Microsoft TrueType fonts, "emerge nvidia-kernel" downloads and installs the NVIDIA binary driver), so there is no need to configure a third-party repository to be able to take advantage of some of the popular, but non-free software. Despite some bugs in the installation setup and the necessity to peruse Gentoo's community resources to solve several problems, the overall experience of installing and using Gentoo Linux on the AMD64 system wasn't overly negative. Sure, we cursed profusely every time the compile process came to a sudden halt with a loud error message, but luckily, none of the problems were showstoppers. Thanks to them, we had the opportunity to appreciate the quality of Gentoo's documentation and the helpfulness of users on the distribution's forums. When all was said and done, we ended up with a a complete, fast and powerful graphical workstation, just as we did with Debian or Fedora. And while the effort required to achieve that goal was far greater than with the other two distributions, there is little doubt that Gentoo Linux is an elegant operating system with powerful package management and truly superb documentation.
Distribution News NetBSD 2.0 releasedNetBSD 2.0 is out. The list of improvements in this release is quite large; see the announcement for the details.
DebianThe Debian Release-critical Bugreport for December 10 and the December 10 Work-needing packages report are available.
Fedora Core 3 for PowerPC platformsA version of Fedora Core 3 for the PowerPC platform has been released for testing. Click below for details, open issues with this release, and mailing list information.
Fedora CoreFedora Core 3 updates: libpng10 (latest version), libpng (latest version), glib2 (bug fixes), gtk2 (bug fixes), postgresql-odbc (64 bit fixes), shadow-utils (bug fixes), MyODBC (locale setting bug fix), grep (UTF-8 performance improvement), gstreamer (multilib support), mikmod (packaging change)Fedora Core 2 updates: libpng (bug fixes), libpng10 (latest version), glib2 (bug fixes), gtk2 (bug fixes), postgresql-odbc (64 bit fixes), postgresql (synchronize with FC3), shadow-utils (bug fixes), MyODBC (locale setting bug fix)
Unofficial Fedora FAQ UpdatedAn update of the Unofficial Fedora FAQ dated December 13, 2004 is available. Changes include several new translations, and various topic improvements.
MandrakelinuxMandrakelinux updates: evolution (bug fixes), mdkonline (bug fixes and windowless capability), libpng (invalid zlib header problem).
Trustix Secure LinuxTrustix Secure Linux updates: multiple packages.
The Ubuntu 4.10 starter guideChua Wen Kiat has put together an unofficial starter guide for the Ubuntu "warty" release. It is a wide-ranging document in the FAQ style which may become a required bookmark for anybody working with the Ubuntu distribution.
What's the Ubuntu community up to?The Ubuntu distribution has announced a new community work page. "Please update this page with projects/initiatives that you have/are undertaking, so everyone can read what's happening all over the world in sharing Ubuntu."
Distribution Newsletters Gentoo Weekly NewsletterThe December 13 issue of the Gentoo Weekly Newsletter is out; this week's issue looks at the new Chinese forum, virtualization techniques, and more.
Distribution reviews Product Reviews: BeatrIX GNU/Linux (LinuxTimes)LinuxTimes.Net reviews BeatrIX GNU/Linux, an Ubuntu/Knoppix-based live CD distribution. "BeatrIX is a functional, easy to use and easy to set up desktop system for the average user. Power users will find the lack of utilities in the default install annoying, but it may be worth the trade for a more custom environment and a smaller download."
My workstation OS: Slackware (NewsForge)Michael Stibane reviews Slackware 10 in a NewsForge article. "Working as a freelance Linux trainer and writer for a few German Linux magazines, I have to test a lot of software. If it's bleeding edge and packaged as RPM or DEB it usually causes major problems when I install the software on Debian or RPM-based distros. It's a pain to bring Debian package management back to a normal state once it's out of sync after a dpkg -i --force-things command. By contrast, there is nothing like Slackware's tgz packaging without dependency checks (except compiling from source). Install the package, run it from a terminal, and see which libraries are not found. Install those too and usually everything is fine. Slackware also takes RPM packages without questions if you supply the --nodeps switch."
Page editor: Forrest Cook Development XPP: The X Printing PanelWith last week's article on the The HP Linux Imaging and Printing System, December is turning into printer utility month on the LWN developer page. XPP, the X Printing Panel is a GUI printer control utility that is connected with the CUPS print spooler project. Its primary author is Till Kamppeter and the project dates back to the summer of year 2000. The XPP project is covered by the GNU General Public License (GPL). In true Unix/Linux fashion, XPP supports a full set of command line control capabilities along with its GUI features. The project is aimed at filling a long needed niche in Unix printing:
Did you envy the people working under Windows or MacOS choosing their printers
and doing the nicest stuff on them with a few mouse clicks? And you as Unix user
have to enter cryptic command lines or to start scripts written by a system
administrator or yourself to do things as double sided printing, taking paper from
the lower tray, adjusting colours, and so on? Or were these features of your printers
even not available for you?
XPP differs from similar printing utilities in that it aims to be a lightweight program:
Currently there are KDE Print, GtkLP, and others, but they are based on big,
memory-consuming desktop systems and GUI libraries. XPP uses the lightweight
library FLTK and therefore does not need a lot of resources and can be easily
installed on machines without the big desktops.
A few of the primary XPP features include:
Version 1.5 of XPP was released this week. The Change Log has details on what's new in this version. XPP looks to be a convenient way to easily access the many features available in a modern printer, it is exactly the kind of application that is needed by Linux for gaining dominance in the desktop world.
System Applications Backup Software Preliminary EA/ACL support in dump/restoreAccess control list support has been added to the dump/restore utilities. "Support of ACLs is a feature requested by many for a long time and I finally got the time to implement it. Since on Linux ACLs are only a particular case of EAs (Extended Attributes), I implemented full EA support, meaning that even security labels set (for example) by SELinux will be backuped."
Database Software Sleepycat Software Releases Berkeley DB XML 2.0Sleepycat Software has announced the availability of Berkeley DB XML 2.0. "The major new release includes support for XQuery 1.0, the emerging standard for XML data access, as well as significant performance and usability enhancements." The release lacks a download pointer; the software is available over here.
Firebird 1.5.2 RC 5 is hereVersion 1.5.2 RC 5 of the Firebird database has been released. See the release notes for details.
MySQL releases graphical database utilitiesMySQL has announced the availability of a pair of graphical query browsing and database administration utilities which have been released under the GPL.
New stable releases of Knoda and hk_classesNew stable releases of Knoda (Version 0.7.2) and hk_classes are available. Changes include SQLite3 support, view support, improvements, and bug fixes.
phpPgAdmin 3.5.1 releasedVersion 3.5.1 of phpPgAdmin, a web-based database administration tool, has been announced. It features several critical bug fixes.
PostgreSQL Weekly NewsThe December 7, 2004 edition of the PostgreSQL Weekly News is available with the week's PostgreSQL database development news and events.
PostgreSQL Weekly NewsThe December 14, 2004 edition of the PostgreSQL Weekly News is out with a new collection of PostgreSQL database articles and events.
Automating PostgreSQL Tasks (O'ReillyNet)Manni Wood shows how to automate PostgreSQL tasks in an O'Reilly article. "Databases aren't just create-once, ignore forever sinkholes for data. You'll likely spend time maintaining them, if not generating reports. Save your tender wrists and automate some of those routine tasks. Manni Wood demonstrates how to combine Perl, the shell, and the psql command-line utility to do repetitive jobs for you."
Libraries libxklavier 1.13 announcedDevelopment version 1.13 of the libxklavier keyboard handling library has been released. "It contains mostly bugfixes (related to the build process - the previous release was broken for people having X headers in /usr/include/X11). Also, it is possible to see now which backends are activated (at the end of the configure script) - and if none, the script fails. xmodmap support is on by default, from now."
Networking Tools Firestarter 1.0.1 announcedVersion 1.0.1 of Firestarter, a visual firewall tool for GNOME, is out with lots of changes and bug fixes.
TwistedSNMP version 0.2.12 releasedVersion 0.2.12 of TwistedSNMP, a set of SNMP protocol implementations for Python's Twisted Matrix networking framework, is out with numerous bug fixes.
Peer to Peer Ed Felten's tinyp2pEd Felten has released tinyp2p, a peer-to-peer system which requires all of 15 lines of code (it looks like an entry for an obfuscated Python contest). "I wrote TinyP2P to illustrate the difficulty of regulating peer-to-peer applications. Peer-to-peer apps can be very simple, and any moderately skilled programmer can write one, so attempts to ban their creation would be fruitless."
Web Site Development MediaWiki 1.4beta2 released (SourceForge)Version 1.4 beta 2 of MediaWiki, an open source wiki engine, is out. "MediaWiki 1.4beta2 is an experimental release, to help flush out remaining major problems in the code prior to a final public 1.4.0 release. It is not recommended to use this beta on a public site unless you're familiar with MediaWiki innards and are willing and able to help diagnose and fix problems that come up. All beta1 users should upgrade as soon as possible."
mnoGoSearch 3.2.27 announcedVersion 3.2.27 of mnoGoSearch, a web site search engine, has been released with a security fix. See the Change History document for details.
Quixote 2.0a3 releasedVersion 2.0a3 of Quixote, a web development platform, is available. Changes include updated documentation, static directory representation as html, work on the demos, and bug fixes.
Desktop Applications Audio Applications amaroK 1.2-beta2 releasedVersion 1.2-beta2 of the amaroK audio player is available with lots of new features. Changes include an improved DCOP interface, a new cross-fade capability, improvements to the PlaylistLoader, CSS support for the ContextBrowser, bug fixes, and more. "amaroK is a soundsystem-independent audio-player for *nix. Its interface uses a powerful "browser" metaphor that allows you to reate playlists that make the most of your music collection."
Business Applications Achievo 1.1.RC3 is outDevelopment version 1.1.RC3 of Achievo, a web-based free project management tool for small to medium businesses, has been announced. "Reported issues from the previous release candidate have been fixed."
Data Visualization Python Computer Graphics Kit v2.0.0alpha1The first alpha release of the Python Computer Graphics Kit version 2.0.0 is out. "The Python Computer Graphics Kit is a generic 3D package written in C++ and Python that can be used for a variety of domains such as scientific visualization, photorealistic rendering, Virtual Reality or even games. The package contains a number of generic modules that can be useful for any application that processes 3D data. This includes new types such as vectors, matrices and quaternions."
Desktop Environments GNOME Desktop and Developer platform 2.8.2Version 2.8.2 of the GNOME Desktop and Developer platform is out. This is a maintenance release; click below for the details. An updated version of the GARNOME distribution is available as well.
GARNOME 2.8.2 is outStable version 2.8.2 of GARNOME is available. "This release incorporates the GNOME 2.8.2 Desktop & Developer Platform, as well as plenty of new third-party package updates and funkey new features."
GARNOME 2.9.2.1 is availableDevelopment version 2.9.2.1 of GARNOME, the leading-edge GNOME distribution, is out with a number of build fixes that showed up in version 2.9.2.
KDE CVS-Digest (KDE.News)The December 10, 2004 edition of the KDE CVS-Digest is online with the following content summary: "mDNSResponder libraries moved to kdelibs. Krdc and Krbc now use DNS-SD. khtml improves CSS compliance. KNewStuff support for wallpapers."
KDE 3.4 Release Cycle Starts with KDE 3.4 Alpha 1 (KDE.News)KDE.News covers the progress of KDE 3.4. "For those who can't live without a bleeding edge KDE, but don't dare to run CVS, we have packaged KDE 3.4 Alpha 1. As you can read on the KDE 3.4 release schedule, this is only the start of the fun, so please hammer on it over the end of year holidays and add your contributions. We welcome code patches, translations, documentation, great icons, detailed bug reports - any kind of help."
Xfce 4.2 Release Candidate 2 releasedRelease candidate 2 of the Xfce lightweight desktop environment is out. "The second Release Candidate, which provides several bugfixes over the first Release Candidate, is a lightweight desktop environment with several features not found in the Xfce 4.0 series, including a brand new session manager, keyboard shortcut and desktop menu graphical editors, multihead support, "kiosk mode" support, a desktop menu plugin for the panel, CUPS and BSD-LPR printing support, and a new icon theme."
Electronics Covered 20041210 releasedVersion 20041210 of Covered, a Verilog code coverage utility, has been released. Here is the change summary: "Lots of GUI improvements as well as support in the GUI for toggle and combinational logic coverage information (summary and detailed). GUI Help manual, scoring optimizations, bug fixes included."
gEDA NewsThe latest releases from the gEDA project include new versions of the Spice GUI frontend gspiceui and the InFormal FNF and PSL verification processor.
XCircuit 3.3.4 releasedVersion 3.3.3 of XCircuit, an electronic schematic drawing application, is out with several bug fixes.
Financial Applications GnuCash stable version 1.8.10 releasedAfter a relatively long development period, GnuCash 1.8.10 is out. This release contains a fair number of small improvements, but little that is truly earth shaking; click below for the details.
Graphics KolourPaint 1.2.2 ReleasedVersion 1.2.2 of KolourPaint, a paint program for KDE, is out. "KolourPaint 1.2.2 fixes several longstanding bugs, improves performance and for the first time in history, includes translations to 32 languages."
GUI Packages New FLTK Reference DocumentationRevision 15 of the FLTK 2.0.0 reference documenatation has been announced on FLTK.net: "www.FLTK.net now has better FLTK reference documentation with built-in search engine, graphs that show dependencies between header files, new style sheet etc."
Mail Clients Evolution 2.1.1 is outUnstable release 2.1.1 of the Evolution mail client is available with a few new features and some bugs that need tracking down.
Gyrus 0.3.0 announcedVersion 0.3.0 of Gyrus, an IMAP/Cyrus client for GNOME, is available. Changes include new mailbox creation/deletion modules, GUI improvements, and more.
Medical Applications FreeMED 0.7.2 Released (LinuxMedNews)LinuxMedNews has an announcement for version 0.7.2 of FreeMED, an Electronic Medical Record and Practice Management system. "It is recommended that all users of previous versions upgrade. This is the last major release before version 0.8.0. More information and download links are available in the main story. This new release contains many bug fixes and new features."
Multimedia GnomeMeeting 1.2 releasedGnomeMeeting 1.2 is out, see the announcement for details. "GnomeMeeting 1.2 has many new features, including the ability to share your contacts between GnomeMeeting and Novell Evolution 2.00. Another big new feature is the possibility to do PC-To-Phone calls at interesting rates using only your soundcard, no extra hardware is required."
Orkid Media Engine: call for developersA call for developers has gone out for the Orkid Media Engine, a cross-platform framework for building multimedia applications. According to the author: "My primary development platform is windows (just because msvc .net is the easiest development environment for me to use, since I use it at my day job). That said, there are visual slickedit for linux nd Xcode for OSX projects also included. So I'm targeting cross platform - and I want feature parity on all platforms. So I need a linux developer or two to help keep the linux build going, because I cant support 4 platforms by myself (win32/linux/osx/ps2dev)."
RSS Software Tip: Use Universal Feed Parser to tame RSS (IBM developerWorks)Uche Ogbuji works with the Universal Feed Parser on IBM developerWorks. "RSS is supposed to be based on XML (or XML/RDF) standards. Unfortunately, the famous wild west community behind RSS has many renegade elements producing feeds that are not even well-formed XML. Mark Pilgrim's excellent Universal Feed Parser is a great tool for parsing even ill-formed feeds, and this tip demonstrates how to use it to extract feed data from RSS."
Streaming Media MediaFrame for Mpeg-4, public preview released (SourceForge)The first public preview of MediaFrame has been announced. "MediaFrame is an Open Source streaming media platform in Java which provides a fast, easy to implement and extremely small applet that enables over 97% of web users to view audio/video content without having to rely on external player applications or bulky plug-ins. MediaFrame does not require special servers, software or programming knowledge."
Miscellaneous Bakery 2.3.10 announcedVersion 2.3.10 of Bakery, a C++ Framework for creating document-based GNOME applications, has been released. "App_WithDoc::on_document_load() now returns a bool so that the application (as well as the document class) also has a chance to say whether the loaded document is OK."
Gnome Screen Ruler 0.5 ReleasedVersion 0.5 of Gnome Screen Ruler, a customizable screen ruler for Gnome is out. "This release simplifies the preference dialog by removing the ruler size options. Now, the ruler can be resized by dragging the ruler window border. The second (vertical) ruler has been removed, and the single ruler can be toggled between horizontal/vertical."
Gourmet Recipe Manager 0.6.7 Released (SourceForge)Version 0.6.7 of Gourmet Recipe Manager, a gtk-based recipe manager application, has been released. "Version 0.6.7 brings improvements in the handling of encodings of mealmaster files and works around buggy, slow behavior for some pygtk2.5 users."
KTTS 0.2.0 releasedThe first public release (version 0.2.0) of KTTS the KDE Text-to-Speech System, is available. "KTTS is a subsystem within the KDE desktop for conversion of text to audible speech. KTTS is currently under development and aims to become the standard subsystem for all KDE applications to provide speech output."
Languages and Tools Caml Caml Weekly NewsThe December 7-14, 2004 edition of the Caml Weekly News is online, take a look for some new Caml language discussion.
Groovy Ant scripting with Groovy (IBM developerWorks)Andrew Glover uses Ant and Groovy for code building on IBM DeveloperWorks. "Both Ant and Maven rule the world of build processing, but XML is occasionally a less-than-expressive configuration format. In this second installment in his new series on the practical applications of Groovy, Andrew Glover introduces Groovy's builder utility, which makes it especially easy to combine Groovy with Ant and Maven for more expressive and controllable builds."
Java Distributed Enterprise Messaging with MantaRay (O'Reilly)Amir Shevat introduces MantaRay on O'Reilly. "This article describes a unique distributed messaging solution and a JMS provider called MantaRay, and how it transformed a traditionally centralized and broker-based concept like JMS to a fully distributed system. It also shows what happens behind the scenes in a distributed system when performing JMS operations."
URLs and URIs, Proxies and Passwords (O'Reilly)O'Reilly has published an excerpt from the book Java Network Programming by Elliotte Rusty Harold. "One of the challenges faced by the designers of the Web was dealing with the differences between operating systems. These differences can cause problems with URLs: for example, some operating systems allow spaces in filenames; some don't. Most operating systems won't complain about a # sign in a filename; but in a URL, a # sign indicates that the filename has ended, and a fragment identifier follows. Other special characters, nonalphanumeric characters, and so on, all of which may have a special meaning inside a URL or on another operating system, present similar problems."
Perl This Fortnight in Perl 6The December 1-6, 2004 edition of This Fortnight in Perl 6 is online. "When someone says "I want a programming language in which I need only say what I wish done," give him a lollipop. -- Alan J. Perlis"
PHP PHP 5.0.3 RC2 releasedVersion 5.0.3 RC2 of PHP has been released. "This is the second release candidate and should have a very low number of problems and/or bugs. Nevertheless, please download and test it as much as possible on real-life applications to uncover any remaining issues.
Three-Tier Development with PHP 5 (O'ReillyNet)Luis Yordano Cruz demonstrates the separation of data storage, manipulation, and display in PHP 5 applications, in an O'Reilly article. "This article will demonstrate the power of three-tier development in PHP 5, using PEAR::DB_DataObject for the business logic and Smarty for display logic. I assume that you have some familiarity with HTML, Smarty, PEAR::DB_DataObject, MySQL, and PHP 5."
PostScript AFPL Ghostscript 8.50Version 8.50 of AFPL Ghostscript, a PostScript renderer, has been announced. "Artifex Software, Inc. and artofcode LLC are pleased to annouce a new major release of Ghostscript, the first in the 8.5x stable series. More than a year in the making, this is our most comprehensive version to date. We recommend upgrading for all our users. In addition to numerous bug fixes, the release has several major new features, in particular improved font handling and rasterization, and support for new PDF 1.5 features, including JPEG 2000 images."
Python Dr. Dobb's Python-URL!The December 10, 2004 edition of Dr. Dobb's Python-URL! is available with the week's collection of Python articles and resources.
PSF Licensing FAQ announcedThe Python Software Foundation has announced a new licensing FAQ. "The Python Software Foundation (PSF) board recently wrote up a licensing FAQ that we hope will help to clear up some of the confusion that has surrounded the PSF License. There are quite a few projects out there (on Source Forge and otherwise) that misuse this license in ways potentially detrimental to those projects."
Tcl/Tk Dr. Dobb's Tcl-URL!The December 10, 2004 edition of Dr. Dobb's Tcl-URL! is online with lots of Tcl/Tk article links and resources.
Dr. Dobb's Tcl-URL!The December 13, 2004 edition of Dr. Dobb's Tcl-URL! is out with a second set of Tcl/Tk articles for this week.
XML Full XML Indexes with Gnosis (O'Reilly)Uche Ogbuji further explores the Gnosis Utilities on O'Reilly. "I covered the data binding feature of David Mertz's Gnosis Utilities in my earlier article, "XML Data Bindings in Python, Part 2". As I mentioned, Gnosis Utilities is a Python package with a variety of utility classes for data management and especially for XML processing. Another useful module in Gnosis is the indexer, which creates full-text XPath indices of XML documents."
On Folly (O'Reilly)Edd Dumbill discusses XML-Aware programming languages on O'Reilly. "In this week's column, I'd like to indulge in some gentle fun at the expense of pundits and pronouncers. While XML is as rich a field as any for crackpots and timewasters, we must be careful not to pour cold water on experimentation and innovation. The topics of XML-oriented programming languages and the Semantic Web have been targets of mockery in their time, so this week I'm asking whether the true believers might be right."
What's new in JAXP 1.3? Part 2 (IBM developerWorks)Neil Graham and Elena Litani continue their IBM developerWorks series on JAXP 1.3. "In this article, the authors follow up on their overview of JAXP 1.3 in Part 1. They touch on utilities that add support for concepts defined in the Namespaces in XML specification, and describe changes to the javax.xml.transform package. They also discuss the new Java types defined and how these allow for the completion of native Java language support for W3C XML Schema datatypes. They conclude by giving details on JAXP's data model- and vendor-neutral XPath API."
IDEs DrPython 3.7.5 releasedVersion 3.7.5 of DrPython, a cross-platform Python IDE that has been implemented in wxPython, is available. See the Change Log for a description of the new features and fixed bugs.
Page editor: Forrest Cook Linux in the news Recommended Reading Longhorn, Blogs, Linux: Predicting '05 (ComputerWorld)ComputerWorld has gotten an early start on predictions for 2005. Number nine: "Linux will be adopted in greater numbers by IT, but desktop Linux will not. Linux is already a mainstream server solution for many IT shops. That success won't travel over to the desktop, however. Too much fragmentation, combined with a lack of critical desktop applications and increasing dependence on the Windows platform, will prevent desktop Linux adoption from increasing significantly."
Linux Lab at the University of South Florida Opens Eyes (Linux Journal)Tom Adelstein looks at the effects of Microsoft domination in US universities. "Check the curriculum at the University of South Florida, and you find a campus offering mainly Microsoft technology courses. As with the vast majority of the nation's universities and schools of higher education, you can learn how to use the Excel spreadsheet program, but you cannot find much about Linux kernel internals. Although many schools claim to have embraced open source, don't you believe it. One of the issues I consider when visiting a university campus is the loss of technology leadership. As a nation, the US had failed to continue the tradition of sparking innovation on the campus."
Resources An apt-get primer (NewsForge)NewsForge has posted a detailed introduction to apt-get. "If you know how Debian's archive system works, and how to choose the sources that apt-get uses, and use a few precautions in your upgrades, then the chances are that dependency problems will never bedevil you."
Cooking with Linux, Part 1 (O'ReillyNet)O'ReillyNet presents excerpts from Linux Cookbook by Carla Schroder. "Whether you want tips on installing a program for easy uninstall, killing user processes, or better logins without passwords, Carla poses the problems and offers solutions. Too bad not all recipes can be this clear, quick, and painless. Join us again in a couple of weeks when Carla shares tips on running different window managers simultaneously with Xnest and hosting multiple domains with Apache."
Linux MIDI: A Brief Survey, Part 3 (Linux Journal)LinuxJournal has published part three in a series about Linux MIDI applications by Dave Philips. This edition covers: "An introduction to several Linux MIDI utilities, including JSynthLib, Midirgui and SynthEd."
Create a Letterhead Using OpenOffice.org Writer (O'ReillyNet)O'ReillyNet has posted a detailed OpenOffice tutorial. "This article describes how to create and use a letterhead with OpenOffice.org. Along the way you'll learn how to use a wizard, templates, styles, and even a field or two. The principles described apply to many other documents as well, so even if you don't need a letterhead, you should find this exercise useful."
Reviews Getting stressed by the season? Try Blob Wars (NewsForge)Joe Barr reviews the game Blob Wars. "The holiday season is hard upon us. The stress of shopping for loved ones, making travel plans, or preparing for holiday guests is building. If you're starting to feel like you might need a gun to take and to hold a parking place, it might be time for a stress-buster. That's where Blob Wars comes in. No, it's not a new diet. It's a free, fun, frenzied chance to gun down the bad guys and rescue fair maidens. It's also an SDL-based game which runs well on Linux. And the 1.0 release might be here before the new year."
Do-it-yourselfer's EDA project wins open-source fans (EEDesign)EEDesign reviews the gEDA project, an open-source suite of electronic CAD tools. "Adherents say the biggest attraction is not so much that the gEDA tools are free but that they provide an open design system, with files that will always be readable, source code that's always available and no licensing hassles. But EDA vendors are quick to point out that open-source tools are unsupported and lack many of the features of commercial packages." Thanks to Ales Hvezda.
Logging Into Linux (Popular Mechanics)Popular Mechanics checks out desktop Linux. "I wanted to find out just what all the fuss was about and if my geek friends were telling the truth--that Linux truly is a consumer alternative to the Windows behemoth. So I installed Linux on an IBM ThinkPad previously running Windows 98 and took it for a test drive. And after a few weeks playing around with Linux, I'm convinced. Linux measures up." (Thanks to Jay R. Ashworth).
Page editor: Forrest Cook Announcements Non-Commercial announcements Firefox downloaded 10 Million times in 32 daysThe Firefox browser has passed the 10 million download mark, according to this announcement. "In little more than a month, Firefox has been downloaded more than 10 million times. Take a moment and think about that. If you remember, it took us 10 days to reach 2 million downloads of the Firefox Preview Release. This time, in only 32 days, we quintupled that number".
Global Education and Learning Community GrowsSun Microsystems, Inc. has announced growth in the Global Education and Learning Community, which promotes open-source educational tools. "Sun Microsystems, Inc. today announced that the Global Education and Learning Community (GELC) is thriving, growing to more than 1330 members with more than 177 projects in less than eight months. Sun convened the first advisory board meeting in September 2004 to gather the key influencers in technology and education to focus on developing the technology community's collaborative open standards-based projects and tools for teaching and learning."
Commercial announcements Arkeia Announces PostgreSQL Hot Backup Plug-InArkeia Corp has announced a new plug-in for performing hot backups on PostgreSQL databases. "The new hot backup plug-in is compatible with the company's flagship product Arkeia Network Backup, as well as Arkeia Server Backup. It allows Arkeia backup solutions to protect the database without interrupting PostgreSQL services."
Bull to build 60 teraflop clusterBull has announced that it will be building a 60-teraflop cluster for the French Nuclear Power agency. The system will have 544 nodes, each of which will hold eight dual-core Itanium processors; it will, says Bull, be the most powerful computer in Europe. Yes, it will run Linux.
Coverity's kernel code quality studyCoverity is the company which was formed on the work of the "Stanford checker" group; it is selling static code analysis tools. The checker has found large numbers of kernel bugs in the past. Coverity has now put out a press release (click below for the full text) stating that, by their statistics, the kernel has 985 bugs, or 0.17 bugs per thousand lines of code. "Commercial software typically has 20 to 30 bugs for every thousand lines of code, according to Carnegie Mellon University's CyLab Sustainable Computing Consortium. This is equivalent to 114,000 to 171,000 bugs in 5.7 million lines of code."
Cybersource's TCO studyCybersource has published a new total cost of ownership study (PDF) comparing Windows and Linux deployments. Despite having given several advantages to Windows, the study concludes that switching to Linux is 36% cheaper if existing hardware is used, and 26% cheaper if new hardware is part of the switch. The savings are less (but still significant) if the Red Hat Enterprise products (and associated support contracts) are purchased.
LPI Announces Two New Affiliates in France and UKThe Linux Professional Institute has announced the signing of new affiliates, the Agence Universitaire de la Francophonie (AUF) and OpenForum Europe (OFE).
OSDL/IDC's Linux market predictionsOSDL has announced the results of a Linux market survey conducted by IDC. The bottom line: in 2008, the Linux market will be $36 billion, of which $14 billion will be "packaged applications and infrastructure software running on Linux." A PowerPoint-style version of the study is available in PDF format.
Pillsbury Winthrop on free software and patentsHere's a lawyergram from Pillsbury Winthrop LLP on free software and patents; the clue level is higher than one might expect. "The suggestion that users of OS software are more likely to be sued for patent infringement than those that use proprietary software, like Microsoft's does not appear supported by actual experience. It is interesting to note that while Microsoft has had several dozen patent infringement lawsuits filed against it in the past few years, none have been reported against Linux, the most popular of all [open source] programs."
Professional Support for Firefox and ThunderbirdMozSource has launched an email support service for Firefox, Thunderbird and Mozilla at a rate of $4.99 per incident. "MozSource, the independent company that operates the Mozilla Store and the Netscape Store, today announced the launch of its new high-quality, affordable technical support service for Mozilla Firefox, Thunderbird and Mozilla 1.7. Available from http://support.mozsource.com, end-user email support for the Firefox web browser, the Thunderbird email client and the Mozilla 1.7 Internet suite will be provided by an experienced team of support professionals who have years of experience with Mozilla-based products."
Red Hat and IBM Launch Linux ISV Certification Support Program in EuropeRed Hat and IBM have announced a joint Linux ISV Certification Support Program in Europe. "The programme - fulfilled by the IBM Innovation Centres for Business Partners in Hursley (UK), Moscow (Russia), Paris (France) and Stuttgart (Germany) - provides support for Independent Software Vendors (ISVs) who wish to certify applications on Red Hat Enterprise Linux running on IBM hardware and IBM middleware."
Xandros PCs available at Walmart and Amazon.comWallmart.com and Amazon.com will be selling a series of Microtel PCs loaded with the Xandros distribution, starting at around $200.
New Books "Jakarta Commons Cookbook" Released by O'ReillyO'Reilly has published the book Jakarta Commons Cookbook by Timothy M. O'Brien.
No Starch Press to Release "Silence on the Wire"No Starch Press will publish the book Silence on the Wire by Michal Zalewski.
Resources free!music CD 1.0 available for downloadDownloadable ISO images of the ALT Linux free!music CD is available. "This CD contains Ogg Vorbis encoded music from 30 groups and individual performers in quite different styles (rock, traditional etc). According to FREE!MUSIC declaration all tracks can be copied, sold, reused in movies etc. -- whatever you like, but you always have to keep name of the authors and their contacts information, so that anyone can mail or phone them and suggest a contract or a gig etc :)"
Contests and Awards Konqueror wins MozillaQuest Magazine Editor's Choice awardKDE's Konqueror browser has been awarded a MozillaQuest Magazine Editor's Choice award. "The KDE Konqueror browser seems to take less memory than do the Firefox, Mozilla, and Netscape browsers. Konqueror seems faster too. Moreover, Konqueror has a very good, open source, rendering engine. In our opinion, Konqueror is more efficient than the Firefox, Mozilla, and Netscape browsers."
Upcoming Events Evolution EPlugin Hackfest on IRC, December 16An EPlugin hackfest will be held online. "On Thursday Dec. 16th, 2004 the Evolution Team is going to have an EPlugin Hackfest on irc in #evolution on gimp net. We want everyone to see just how cool EPlugin is, to help shake out bugs and implement those niggly little features you've always wanted. It should start around 10am Perth Australia time and go as long as we can!"
CodeCon CFP deadline nearingPapers and proposals for CodeCon 4.0 are due in by December 15, 2004. The event will be held in San Francisco CA on February 11-13, 2005.
Linux Installfest workshops in Davis, CAThe Linux Users' Group of Davis has announced another Linux Installfest. The event will take place on December 19, 2004 in Davis, California.
EclipseCon 2005 Announces Gold-Level SponsorsThe EclipseCon gold level sponsors have been announced. "Six leading technology companies, Accelerated Technology, Inc. a Mentor Graphics Division, Actuate Corporation, Agitar Software, Borland Software Corporation, HP and IBM will be the key sponsors of the conference."
Lightning Talks at FOSDEM2005: Call for PapersA Call for Papers has gone out for the FOSDEM2005 Lightning Talks. "A Lightning Talk is a very short presentation of a software project in 15 minutes maximum. So the presentation should be very sharp, small and clear. Presentations only about free software projects will be accepted. The presentation should be presented in English." Proposals should be submitted by February 25, 2005.
UK Python Conference call for papersA call for papers has gone out for the UK Python Conference. The event will take place on April 20-23, 2005 in Oxford, England.
The Red Hat SummitRed Hat has sent out a press release announcing that the first annual "Red Hat Summit" will happen June 1 to 3 in New Orleans. "The Red Hat Summit will blend different views and content into a program useful for attendees building and enabling open source architectures. General sessions will be held each morning of the three-day Summit followed by in-depth sessions grouped into three main tracks for attendees to choose from. Tracks include the Practical, Technical, and Business and Current Issues Tracks."
The LinuxWorld Conference and Expo/MexicoIDG World Expo has announced a Mexican LinuxWorld Conference & Expo. "LinuxWorld Conference & Expo in Mexico will be co-located with E.J. Krause's EXPO COMM MEXICO, the most important international telecommunications and IT business forum in Mexico. LinuxWorld Mexico is scheduled for February 2006 in Mexico City at Centro Banamex." Preceding the event, the LinuxWorld Mexico Summit will be held on June 9-10, 2005.
Events: December 16, 2004 - February 10, 2005
Mailing Lists KDE Graphics Programming (KDE.News)A new KDE Graphics Programming mailing list has been announced. "The list is developer oriented and will be the central place for all eye-candy development within KDE. Developers and researchers from the computer graphics field are welcomed and strongly encouraged to subscribe. Everything computer graphics related will be on topic - that includes developments within the X.org community, uses of OpenGL within a desktop environment or simply sharing your latest computer graphics research findings with others."
Miscellaneous DiDio rides againThe Yankee Group has concluded that now would be a good time to put out a scary press release on the dangers of using Linux without indemnification. "A corporate Linux or open source user that lacks indemnification and product warranty will expend its own time, money and resources fighting legal action. In addition to the potential monetary costs associated with protracted litigation, a corporation risks incalculable loss to its reputation, which could deter existing and prospective customers from signing on new business."
Page editor: Forrest Cook Letters to the editor Gnome Backgrounds, workspace specific
I'm a bit of a long-time Linux user and have come really like Gnome
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
