LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for March 31, 2005Autopackage 1.0The Autopackage project hit 1.0 on March 26th. Autopackage is a "multi-distribution binary packaging framework for Linux systems." To put that in layman's terms, Autopackage is something like an InstallShield application for Linux users.Autopackage is not an attempt to replace native package management -- it doesn't replace RPM, dpkg or any other system of package management for Linux distributions. Instead, Autopackage is designed as a packaging system for projects and vendors that wish to ship applications for multiple Linux distributions without having to make packages for every variant of every distribution they wish to support. The Autopackage system is primarily designed for use with packages for desktop users, like Abiword, Inkscape, Gaim and others. The default front-end for Autopackage uses Gtk2, but there is a a Qt frontend available as well. It's worth noting that Autopackage is licensed under the Lesser General Public License (LGPL), which makes it suitable for free software and open source projects as well as proprietary software. The package format itself is a gzipped tarball with a "stub script" at the beginning of the file. It is, in other words, a sort of executable, self-extracting archive format.
The first package we tried to install was Abiword, which is available from
the Autopackage
downloads page or directly from Abisource.
We first tried to install Abiword on an Ubuntu Linux system. Unfortunately,
Autopackage complained that it failed to find the "enchant" spelling checker,
even though it was installed on the system in We tried the Autopackage for Inkscape next on Ubuntu, and found that it installed with no problems. We also tried removing the packages and re-installing them to see if there were any glitches or unwanted side-effects. The Autopackage system handled removing and re-installing the package just fine. We even used Autopackage to uninstall itself, and were able to do so without any problems. Overall, we were pleased with the operation of Autopackage. Autopackage does have a number of limitations, however. First, it's limited to x86 systems. Third parties that want to package applications for Linux on other architectures will not be able to use Autopackage, at least for the time being. The Autopackage system also does not integrate with the system's package management. This means that RPM or dpkg will not "know" about the existence of an application or libraries installed via a .package file. For some packages, this may not pose a significant problem. For example, if a user wished to install the Linux version of Yahoo! Messenger, it's unlikely they'd have other packages that depend on it or any need to manage the package via RPM or dpkg. Another drawback for Autopackage is the lack of support for package signatures. The Autopackage FAQ discusses the rationale for this. Since Autopackage is not a centralized source for software, unlike Red Hat, it creates some complications for package signing. Finally, since Autopackage depends on a working Network connection, it could pose a minor headache for users on dial-up who download their first Autopackage and then try to install the software when not connected to the Internet. We didn't actually try creating any Autopackage packages, but from the documentation, it doesn't seem that creating an Autopackage is much more difficult than creating RPM or Debian packages. The project is now working on bugfix releases in the 1.0.x series, and development towards the 1.2 release. The project TODO list provides an indication of where Autopackage is headed for future development. The Autopackage team has a Flash installation demo and 4-step tutorial that show how easy it is to use Autopackage. Overall, Autopackage is a very promising project. It makes it possible for third-parties to distribute software for Linux users without the need to create sets of RPMs and Debian packages suitable for many different Linux distributions. It's also easy to use, and should require little skill for users to manage. It's too bad that such a system is still necessary at this time, but it fills a necessary gap until the day that Linux distributions can settle on a standard base system and packaging format.
De.visi.ve?del.icio.us is an interesting site. In its simplest form, it provides a sort of centralized bookmark service. Bookmarks are stored in a flat structure, with any of a number of "tags" assigned to them. Since the bookmarks are stored on the server, they are available anywhere on the net. The tags and bookmarks are absolutely public, so anybody can see what everybody else is interested in. The site as a whole forms a sort of spontaneous index of the web, sorted by popularity. del.icio.us has attracted a great deal of interest as a collaborative guide to the net as a whole.It is not surprising that competitive sites would pop up. Still, many del.icio.us users were surprised by the debut of de.lirio.us, which differs in these significant ways:
Users of del.icio.us are somewhat annoyed. The creation of an outright clone strikes many of them as dishonest, and they would rather have seen the effort go into creating a better "folksonomy" at the original site. Most of them see little reason to put any effort into an imitation of del.icio.us when they have the real thing. The advent of de.lirio.us does raise some interesting questions, though. Does the open-sourcing of the code justify the creation of a clone site? Steve Mallett, the creator of de.lirio.us, seems to think so. (Steve is also, incidentally, the OpenSource.org webmaster and the editor of OSDir). The Linux kernel was created for very similar reasons; it was a clone which made an established interface available as free software. To the extent that the del.icio.us interface was successful, it made sense to copy it rather than invent something new, but less effective. The new site perhaps could have tried for a slightly different look, however. One del.icio.us user questioned the wisdom of making this sort of software free in the first place:
The biggest issue with open sourcing social software is that I feel
it's counterproductive: the issue of fragmenting the userbase into
a thousand pieces is the main problem.... my thoughts are that,
paradoxically, more openness in the software would result in such a
fragmentation that it would have the effect of closing the
community up into discrete little parts. I think a more "Leviathan"
approach than "invisible hand" might be better here.
This is an interesting variant on the fragmentation argument: social software must remain centrally controlled or its user community will split asunder. Whether this is true - or undesirable - is irrelevant, however. People have little interest in being forced into "communities" which do not appeal to them, and, on the net at least, they will find alternatives. Another event worth noting is that del.icio.us creator Joshua Schachter has announced his intention to make a business out of the site. Depending on where his plans take him, del.icio.us users could find themselves happier than ever. If commercialization takes the site in the wrong direction, however, many of those users who are currently upset about de.lirio.us may decide that the existence of an open source alternative is not an entirely bad thing after all.
A quick LWN updateWe occasionally get a request for an update on how LWN is doing. It seems about time for another one of those; it's been a while, and, besides, it's a relatively slow news week.Back when we started the subscription experiment, we set a goal of signing up 4,000 subscribers. The good news is that we seem to have done that. Between our individual subscriptions and the various group subscribers, the current count is almost exactly 4,000. This is a major milestone, one we are happy to have reached. Our thanks go out to every one of our subscribers; it is you who make this whole exercise possible. The bad news was probably pretty predictable from the beginning: 4,000 subscribers is not enough. Some of our costs (notably health insurance) have gone up significantly, and others (outside writers) had not been predicted at all. We also very much need to bring in another top-level editor so that we can expand our content and do things like attend conferences or take vacations without seriously straining the whole operation. So the push for more subscribers will continue. Exactly what form that effort will take is still being worked out; it will probably include more benefits for subscribers (without taking anything from non-subscribers), some attempt to expand the content mix, and a more focused sales effort. Making all this happen with the current staff will be a bit of a reach; we'll get there, but we ask your indulgence if LWN shows occasional signs of stress in the mean time. Thanks once again to all of you for supporting LWN; it is a privilege to write for such an outstanding group of readers.
Security Unexpected features in Acrobat 7Linux users may have been pleased to find that Adobe has finally made available a new version of its Acrobat Reader, with accessibility features, a much slicker interface than Acrobat 5.x and new and other spiffy features. However, there are a few other features that Linux users should be aware of.A company called Remote Approach is promising to alert PDF publishers as to the "reach and use of their materials." We were curious to find out how Remote Approach was going to make good on its promise, given that PDF has largely been seen as a one-way medium. To find out, we created a test account and uploaded a PDF to be "tagged" by Remote Approach, and then downloaded the modified document to see whether Remote Approach could log our use of the document. Remote Approach's reporting did not work when we viewed the document with Kpdf, Xpdf and Adobe Reader 5.0.10. It also failed using Apple's "Preview" application on Mac OS X. The document was still viewable with no apparent glitch in other PDF readers, but the reporting function did not work. However, when we opened the file using Adobe Acrobat Reader 7, Remote Approach started logging views from our IP address. After doing a little research, we found that Adobe's Reader was connecting to http://www.remoteapproach.com/remoteapproach/logging.asp each time we opened the document. The information is submitted over port 80 using HTTP, so it is unlikely that a home or office firewall would, in a normal configuration, block the activity, unless the firewall administrator is attempting to block Web browsing. Apparently, Remote Approach's "tag" to our document included the addition of JavaScript code causing Acrobat to report back to their server; the information reported includes the fact that the document had been read, our IP address, and which viewer it had been read in. (Interestingly, Remote Approach does not seem to recognize the Linux version of Acrobat Reader, as it left the "User Agent" field blank in its reports.) What many Linux users may not have realized, since Adobe did not release an Acrobat Reader 6.x for Linux, is that Adobe has added JavaScript support to PDF and the official Acrobat readers since Acrobat 6.x. For those interested in the JavaScript support and its abilities in Acrobat, see Adobe's scripting reference or scripting guide. (Both are PDFs, of course.) By default, Adobe Reader 7 turns on JavaScript, so the "tagged" document is able to "phone home" without the user's awareness. Turning off JavaScript disables the document's code, and prevents Remote Approach (or any other entity) from tracking views of the document. No doubt, Remote Approach is using features that would normally be used to submit information from a PDF form. The inclusion of JavaScript in Adobe Reader 7 for Linux no doubt provides a number of welcome features for users, but it also raises some privacy issues. The reader does not inform the user that information is being submitted, so users are likely to be oblivious to the fact that another party is aware of their PDF reading habits. While a user may not find it objectionable to notify the publisher, there are those of us who don't care to allow publishers to snoop on activities taking place on our personal computers. Lucky for us, there are plenty of alternatives to Adobe's Reader. Free PDF readers are unlikely to adopt features allowing the reader to silently phone home in response to code stored within the document itself. If you must use Acrobat, however, you may want to have a look at the JavaScript settings first.
New vulnerabilities cdrecord: insecure temp file
devhelp: buffer overflow
epiphany: buffer overflow
evolution: buffer overflow
gtk-pixbuf, gtk2: denial of service
kernel: multiple vulnerabilities
mailreader: cross-site scripting
mc: buffer overflow
mozilla: multiple vulnerabilities
smarty: remote code execution
sun-jdk: injection vulnerability
telnet: buffer overflows
thunderbird: buffer overflow
Updated vulnerabilities a2ps: input validation error
cpio - file permissions error
cURL: buffer overflow
cyrus-imapd: buffer overflows
dhcp: format string vulnerability
dyndnsupdate: multiple vulnerabilities
emacs21: format string vulnerability in "movemail"
enscript: arbitrary code execution
Ethereal: Multiple vulnerabilities
evolution: arbitrary code execution
evolution: message crash vulnerability
f2c: insecure temp files
firefox: multiple vulnerabilities
Foomatic: Arbitrary command execution in foomatic-rip
gaim: client freezes
gettext: Insecure temporary file handling
gftp: missing input sanitizing
ghostscript: symlink vulnerabilities
glibc: Information leak with LD_DEBUG
glibc: tempfile vulnerability in catchsegv script
gnupg: information leak
grip: buffer overflow
groff: insecure temporary directory
gtkhtml: malformed messages cause crash
htdig: cross site scripting
imagemagick: .psd image file decode vulnerability
imagemagick: format string vulnerability
imap: buffer overflow in c-client
imlib2: buffer overflows
IPsec-Tools: denial of service
kdelibs: unsanitzied input
kdelibs: dcopserver vulnerability
libdbi-perl: insecure temporary file
libexif: improper validation
libgd2: buffer overflows in PNG handling
libtiff: buffer overflow
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
libXpm: new buffer overflows
LTris: buffer overflow
lvm10: creates insecure temporary directory
mailman: cross-site scripting
mailman: path traversal
MediaWiki: multiple vulnerabilities
mikmod: buffer overflow
mod_python: remote access vulnerability
mpg321: format string vulnerability
mysql: several vulnerabilities
MySQL: input validation and temporary file vulnerabilities
mysql-dfsg: insecure temporary files
nasm: Buffer overflow vulnerability
ncpfs: multiple vulnerabilities
netkit-telnet: invalid free pointer
nfs-utils: denial of service
nfs-utils: arbitrary code execution
openssl: der_chop script temp file vulnerability
OpenSSL: denial of service vulnerabilities
Opera: multiple vulnerabilities
perl: setuid vulnerabilities
perl: symlink vulnerability
php: multiple vulnerabilities
postgresql: EXECUTE privilege vulnerability
python: illegal function internals access
qt3: BMP image parser heap overflow
rp-pppoe, pppoe: missing privilege dropping
ruby: infinite loop
rxvt-unicode: buffer overflow
samba: integer overflow vulnerability
sharutils: arbitrary code execution
SpamAssassin: Denial of Service vulnerability
SquirrelMail: multiple vulnerabilities
sudo: environment variable sanitizing
sylpheed: buffer overflow
File overwrite vulnerability in tar and unzip
tiff: buffer overflows
UnAce: buffer overflow and directory traversal
XChat 2.0.x SOCKS5 Vulnerability
xine-lib: buffer overflows
xine-ui - insecure temporary file creation
xloadimage: missing input sanitizing, integer overflow
xorg-x11: integer overflows
xpdf: buffer overflow
xpdf: buffer overflow
zlib: denial of service
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current stable 2.6 kernel is 2.6.11.6, which was released (with a handful of security patches) on March 25.The current 2.6.12 prepatch remains 2.6.12-rc1; no 2.6.12 prepatches have been released in the last week. Linus's BitKeeper repository contains a number of architecture updates, an XFS update, some netpoll improvements, a new __nocast annotation which allows "sparse" to catch certain type mismatches, a change from io_remap_page_range() to io_remap_pfn_range(), and lots of fixes. The current -mm tree is 2.6.12-rc1-mm3. Recent changes to -mm include the addition of David Miller's networking tree and Herbert Xu's crypto tree, some core page table handling cleanups, a big DVB update, a number of cleanups to the (ugly and insecure) ISO9660 filesystem code, and lots of fixes. The current 2.4 prepatch is 2.4.30-rc4, released by Marcelo on March 30 with a couple of regression fixes. Previously, 2.4.30-rc3 was released on March 26. The -rc3 patch contained a single fix to a serious problem introduced in 2.4.30-rc2 which had been released (with several fixes) the day before.
Kernel development news Quote of the week
In NFSv4 we often want to serialize asynchronous RPC calls with
ordinary RPC calls (OPEN and CLOSE for instance). On paper,
semaphores would appear to fit the bill, however there is no
support for asynchronous I/O with semaphores. <rant>What's
more, trying to add that type of support is an exercise in
futility: there are currently 23 slightly different arch-dependent
and over-optimized versions of semaphores (not counting the
different versions of read/write semaphores).</rant>
Realtime preemption and read-copy-updateIngo Molnar's massive realtime preemption patch is an attempt to bring near-realtime response to the stock Linux kernel. It works by making almost everything in the kernel preemptible. Spinlocks turn into preemptible mutexes; interrupt handlers get moved into preemptible kernel threads, etc. The result is a major change in how the scheduling of kernel code is done and quick response to external events. This work has been quieter in recent times, but it has not stalled by any means.When LWN last looked at the realtime preemption patch, one of the remaining rough spots was its interaction with the read-copy-update (RCU) mechanism. RCU, remember, encapsulates a conceptually simple (though a bit more gnarly in the implementation) technique. A resource of interest (a routing table entry, say) is referenced by a pointer. When that resource must be changed, a copy is made and the changes are done there; the pointer is then directed at the new copy. At some future, safe time, the old version can be freed. Linux RCU works by requiring that all accesses to RCU-protected data structures be atomic; with that constraint, a "safe time" can be defined as "after every processor on the system has scheduled." Since scheduling while holding a reference to an RCU-protected structure is against the rules, any such structure which was made inaccessible before all processors schedule cannot be referenced by any processor afterward. Since accesses to RCU-protected structures must be atomic, the RCU locking function (rcu_read_lock()) disables preemption. But disabling preemption is exactly what the realtime preemption patch is trying to get away from, so something had to give. Ingo had solved this problem by requiring that all RCU users identify an explicit lock which protects the structures in question, and modifying the RCU locking functions to take that lock as a parameter. This approach was never optimal. It caused the creation of a whole new family of new RCU functions to cope with every type of lock that might be used, and, simultaneously, decreased the flexibility of the RCU read locking mechanism. And, to a great extent, it simply replaced RCU with more traditional locking which, while it works, does not have the scalability advantages which were the motivation for RCU in the first place. The RCU issue was clearly on Ingo's mind:
If PREEMPT_RT is merged into the upstream kernel then it will (at
least initially) be at a status similar to NOMMU: it will be
tolerated as long as it causes no 'drag' on the main code. The RCU
API variants i introduced clearly violated this requirement, and
were my #1 worry wrt. upstream mergability.
So Ingo was pleased when RCU creator Paul McKenney proposed some approaches for making RCU and realtime preemption work together. Paul's message goes through a series of increasingly complex solutions, and is worth reading in its own right. The core idea, however, is that, in a fully preemptible world, RCU cannot depend on atomic access to data structures, and thus cannot use the "all processors have scheduled" heuristic to know that the time has come to execute a given set of RCU cleanup functions. So the tracking of code executing within RCU critical sections must be made more explicit. Paul's solutions used a reader/writer lock for that purpose, but the approach taken in Ingo's latest realtime preemption patch is a little different. The code executed to go into an RCU-protected section now looks like this (when configured for realtime preemption):
void rcu_read_lock(void)
{
if (current->rcu_read_lock_nesting++ == 0) {
current->rcu_data = &get_cpu_var(rcu_data);
atomic_inc(¤t->rcu_data->active_readers);
smp_mb__after_atomic_inc();
put_cpu_var(rcu_data);
}
}
The idea is simple: a per-CPU count of processes in RCU critical sections is kept. When a process goes into a critical section, a pointer to the current CPU's counter is stored with the task information, so that the right counter will be decremented later on. There is also a per-process variable which keeps track of RCU section nesting. No further work needs to be done before the process can access the protected structure; in particular, no locks are acquired. When the process exits the critical section, the process is reversed: the nesting count is decremented. When that count goes to zero, the per-CPU count is decremented as well. If the per-CPU count drops to zero, then that processor is deemed to have "quiesced," with no processes running within RCU critical sections. Once all CPUs have quiesced in this way (as tracked by a bitmask of processors in the system), all RCU cleanup functions queued before their respective processors quiesced can be called. This scheme restores the core RCU functionality, allowing lock-free access to fast-path data structures. It also retains the current RCU API, with the result that the realtime preemption patch becomes significantly less intrusive. It is not a perfect implementation, however. It requires that each CPU regularly find itself with no processes executing within RCU critical sections. Since these sections are now preemptible, the "quiet" times could be quite far apart on heavily-loaded systems. While the system is waiting for a processor to quiesce, the RCU callback structures for the cleanup functions will continue to accumulate, to the point that quite a bit of memory could be used before the cleanup actually happens. For the realtime case, this tradeoff is acceptable: latency, not memory use, is the most important factor. Since the existing RCU algorithm is used when realtime preemption is not configured in, everybody should be happy. In practice, further work may be required; in particular, it may be necessary to find a way to force RCU cleanup when the system gets low on memory. Meanwhile, however, the realtime preemption patch appears to have gotten past one more major hurdle on its way toward possible inclusion into the mainline.
The __nocast attributeAttentive readers of patches being merged for 2.6.12-rc2 will have noticed the use of a new attribute: __nocast. For example, the prototype of kmalloc() has changed to:
void *kmalloc(size_t size, unsigned int __nocast flags);
For normal compilation, this attribute expands to an empty string; it has no effect. When the sparse tool is being used, however, the __nocast attribute disables many of the implicit type conversions performed by the compiler. In the kmalloc() case, sparse will complain whenever a signed integer value is passed as the flags argument. Since the GFP flags passed to kmalloc() are explicitly defined as unsigned values, they will not cause a warning to be issued. Any normal integer variable or constant, however, will be flagged. Similarly, the use of an integer value where an enumerated type is expected will be caught. Thus, this little tweak should help with the automated detection of another class of errors that the compiler will not find.
io_remap_pfn_range()io_remap_page_range() has always been a strange function. Its stated purpose is to portably map I/O memory into a process's address space. Its prototype has always differed from one system to the next, however, making portable use difficult. On most architectures it looks like this:
int io_remap_page_range(struct vm_area_struct *vma, unsigned long virt_addr,
unsigned long phys_addr, unsigned long size,
pgprot_t prot);
The sparc64 architecture, however, defines it this way:
int io_remap_page_range(struct vm_area_struct *vma, unsigned long virt_addr,
unsigned long phys_addr, unsigned long size,
pgprot_t prot, int space);
The extra argument (space) was necessary to deal with the inconvenient fact that I/O addresses on the sparc64 architecture would not fit into an unsigned long variable. The change from remap_page_range() to remap_pfn_range() was done, in part, to address (so to speak) this issue. Since remapping must be done on a page-aligned basis anyway, there is no real point in using a regular physical address, which contains the offset within the page. Said offset, after all, must be zero. By using a page frame number instead, the range of the phys_addr argument is extended far enough to reach into I/O memory on all architectures. The remap_pfn_range() work stopped short of actually fixing the io_remap_page_range() problem, however. Randy Dunlap has now finished the task with a set of patches adding io_remap_pfn_range():
int io_remap_pfn_range(struct vm_area_struct *vma, unsigned long from,
unsigned long pfn, unsigned long size,
pgprot_t prot);
This function has the same prototype on all architectures. In-tree callers have been modified, and the feature removal schedule has been updated: io_remap_page_range() will go away in September, 2005.
Network block devices and OOM safetyiSCSI is, for all practical purposes, a way of attaching storage devices to a fast network interconnect and making them look like local SCSI drives. There is a great deal of interest in iSCSI for high-end "storage area network" applications, and a few competing iSCSI implementations exist for Linux. Top-quality Linux iSCSI support would be a good thing to have; it turns out, however, that iSCSI raises an interesting issue with how the block subsystem works, especially when it must interact with the networking layer.When the system gets short of memory, one of the things it must do is to force dirty pages to be written to their backing store, so that those pages may be freed. This activity becomes doubly urgent when the system runs completely out of memory. What happens, however, if the act of writing those pages to disk also requires a memory allocation? In the iSCSI case, those pages must be written via a TCP socket, so the networking layer must be able to allocate enough memory to handle the TCP protocol's needs. If the system is completely out of memory, where will this additional allocation come from? This particular problem was solved for the block layer some time ago with the mempool mechanism. A mempool sets aside a certain amount of memory for emergencies. When all else fails, the block layer can allocate needed memory from the mempool; in that way, it is guaranteed of being able to make at least some progress and free memory for the system. A similar mechanism could be put in place for network-based devices, probably through a special socket option which would cause a mempool to be set up for a specific connection. Attaching a mempool to a socket would guarantee that the system could send data through that connection. Unfortunately, in this case, using a mempool in this way does not solve the entire problem. When a block driver writes data to a local device, it can easily tell when the operation has completed (and the relevant memory can be freed). In many cases, it is simply a matter of waiting for an interrupt and querying ports on the host controller. Newer, more complex protocols can be handled by setting aside a small amount of memory for replies from the controller. The controller is unlikely to overwhelm the system with spurious messages; about the only thing that will come back is responses to operations initiated by the system. In the iSCSI case, a write to the device cannot be deemed to have succeeded until the device sends back an acknowledgment, which will arrive as one of possibly many TCP packets. If the system does not have memory available to receive those packets and process the ACKs, it will be unable to complete the write operations and free up more memory. So everything stalls, or, in the worst case, deadlocks completely. Just creating another mempool for incoming packets is not a solution, however. The number of packets arriving on a network interface can be huge, and the bulk of them are likely to be entirely unrelated to the crucial outstanding iSCSI operations. A system which is in an out-of-memory state simply cannot attempt to keep up with the full flood of packets arriving on its network interfaces. But, if it is unable to deal with the specific packets it is looking for, it may never get out of its memory crunch. Various possible solutions have been floated. Many network interfaces can be programmed, in great detail, to drop uninteresting packets. So, when the system hits a memory crunch, it could instruct its network drivers to restrict the incoming packet stream to acknowledgments on high-priority connections. This approach would work, but it would require complicated communications between network drivers and the higher layers of the system. Network adaptors are also limited in the amount of programming they can handle; this limitation would restrict the number of iSCSI devices which could be reliably supported by the system. Another possible solution was posted by Andrea Arcangeli. When an attempt to allocate memory for an incoming packet fails, the system would perform the allocation from one of the mempools (chosen at random) associated with sockets routed through the relevant interface. Once the packet was fed into the networking layer, a quick check would be made to see if the packet is, in fact, associated with one of the high-priority sockets; if not, it would be quickly dropped and the memory returned to the mempool. Packets belonging to high-priority sockets would be processed normally, resulting, hopefully, in the completion of write operations and the freeing of memory. This discussion has not reached any sort of consensus, and has made it clear that a number of issues arise when the block and networking layers interact. The attempt to find a solution, in this case, is likely to be deferred to the Kernel Summit, to be held in Ottawa this July. It should be an interesting session.
Kernel Planet launchesDave Airlie has launched KernelPlanet.org, which is an aggregation of weblog entries from several kernel hackers.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Revisiting RHEL ClonesShortly after Red Hat split the freely available Red Hat Linux into a community-like Fedora Project and a high-end Red Hat Enterprise Linux (RHEL), a new breed of Linux distributions emerged - the clones of RHEL. With source packages for RHEL freely available on Red Hat's download servers, several user communities and small businesses started building what is essentially a re-packaged Red Hat Enterprise Linux - complete with security updates, but without the expensive support contract that comes with the real thing. We looked at the early attempts of some of these projects about a year ago. With the release of RHEL 4 earlier this year, this might be a good time to check how far they have progressed and what they are offering today.If traffic on the CentOS mailing lists is anything to go by, then clearly, there is much demand for these distributions. The number of mailing list posts increased dramatically after the release of CentOS 4.0 and is now reaching the levels normally found only on those of major distributions; in contrast, Red Hat's own mailing lists see hardly any traffic. As one satisfied CentOS user put it, it is not just the cost factor that had attracted him to CentOS, but also the level of free community support available on the lists. Another reason why some users might prefer a RHEL clone over, say, Fedora is that Fedora is sometimes perceived as just a beta release of RHEL; in fact the developers of Lineox Enterprise Linux have noted that 87% of packages in Fedora Core 3 final were passed on to RHEL 4 Beta 2 without any modifications. The above-mentioned CentOS distribution has now become a de facto standard among the RHEL clones. Although donations are encouraged, this is a pure community projects with no strings attached, and excellent infrastructure in terms of community support and download mirrors. More importantly, CentOS is building a complete set of releases for all architectures supported by RHEL (at the time of writing, i386, ia64 and x86_64 builds are completed, while ppc, s390 and s390x are expected to follow). CentOS is also the purest rebuild where the only modifications done to the original source packages were those that required the removal of Red Hat logos and trademarks. Security updates are handled by up2date and CentOS Networks. These tend to be released fairly promptly; checking the difference between the time a security update was announced by Red Hat and the time the said update was released by CentOS, we found that this process normally takes between 1 and 7 days. Lineox Enterprise Linux is another popular RHEL clone. Built by a Finland-based company of the same name, Lineox is a commercial product which provides free CD/DVD ISO images for download, but charges a modest fee for security updates (€5 - 15 per system per year, depending on the number of systems). This seems to be a successful business model that might appeal to users willing to pay a small price in order to provide an incentive for the company to continue the update service. Lineox is extremely fast in building security updates - these are normally available within 24 hours after they are released upstream by Red Hat. The distribution has replaced the up2date infrastructure with apt and yum (with Synaptic and Yumex as their respective graphical front-ends) with apt being the preferred update method. Yum is only provided in the x86_64 edition - this is because apt does not work well with systems that contain a mix of 32-bit and 64-bit applications and libraries. Scientific Linux is a relatively new entry among the RHEL clones. Developed by a collaborative effort at several universities in the United States, Switzerland and other countries, Scientific Linux is a free community project that not only rebuilds the source packages for RHEL, it also adds a handful of enhancements. Browsing through its download directory we spotted a few packages that are missing from RHEL, including the Pine mail client, XMMS with MP3 support, and OpenAFS - a distributed file system product which IBM has handed over to the open source community for development and maintenance. Security updates in Scientific Linux are provided reasonably fast, usually within a week of upstream updates. Scientific Linux 4.0 is currently in development - the i386 edition has reached a release candidate stage, while the x86_64 edition is in early alpha. Tao Linux is another community project attempting to compile the RHEL source RPMs into installable CD and DVD images. Although not nearly as popular as CentOS, its mailing lists are reasonably busy and, like CentOS, it provides builds for all architectures supported by Red Hat. Security updates, handled via yum, are released extremely fast - often faster than those by CentOS. The i386 edition of Tao Linux 4 has been in beta testing for a couple of weeks, so it shouldn't be long before we see a final release. It is not clear whether the developers plan to provide version 4 for non-i386 architectures. Pie Box Enterprise Linux is yet another RHEL clone. This is a commercial product by the UK-based PixExcel and not available for free download. Updates, charged at £15 per system per year, are provided via a custom edition of yum, which has to be downloaded separately. This product is similar to CentOS in that there are no modifications made to the original sources other than the removal of Red Hat logos and trademarks. At this time, only a i386 edition of Pie Box Enterprise Linux is available. Other distributions that set out on the same path as the above five have yet to produce a new release based on RHEL 4. The best-known among them is White Box Enterprise Linux, the developers of which are reportedly working on version 4. The project's reputation has been somewhat tarnished by falling behind on providing security updates, although lately they seem to have improved in this department. There are several other projects that have released distributions based on RHEL 3, but no yet given an indication about their future plans. Nevertheless, both X/OS Linux and Fermi Linux continue to provide timely security updates for their existing products. In contrast, Eadem Enterprise Linux has fallen behind in recent months, while StartCom Enterprise Linux has not published any security updates since September last year. Conclusion? If you are in this market, your best bet is probably CentOS or Scientific Linux, both of which are excellent, free community projects that are likely to be around for some time. Lineox and Tao Linux are very fast in terms of providing security updates, and could also be considered, but bear in mind that both are essentially "one-man" projects, which is not very reassuring when you have to rely on a single person to provide security updates for the next 5 years. Also, if Red Hat releases a new RHEL version every 18 months, with each of them having a life span of 5 years, it can be tedious for a single person to support so many different releases for several architectures. As for Pie Box, it is comparatively expensive since both the installation media and security updates require cash outlay. The remainder of the distributions listed above have not yet produced a new release based on RHEL 4, but both X/OS Linux and Fermi Linux continue supporting their older releases.
New Releases Mandrakelinux Clustering announcedMandrakesoft has announced a new version of its "Mandrakelinux Clustering" offering. This release includes the 2.6 kernel, InfiniBand support, and a set of installation and administration tools. Base price is $2200.
Gentoo Linux 2005.0 releasedGentoo Linux 2005.0 is out; click below for the announcement and pointers for downloads. "This release has had a few setbacks including a complete security rebuild, but with the help of the many teams within the Gentoo developer community, we believe that this release will be one of the best that we have ever had."
LinspireLive! Five-0 OutLinspire has released their free LiveCD edition through BitTorrent. This edition cannot be installed, but it is useful for rescue and demo purposes. Download it from here: linspire_live_5.0.69.torrent (646MB).
Ubuntu 5.04 release candidate availableThe first Ubuntu 5.04 ("Hoary Hedgehog") release candidate is available; this could be the last chance to test out Hoary before the final release, which is scheduled for next week. Click below for the details.
Kubuntu Release CandidateThe Kubuntu 5.04 Release Candidate is now available. This is the last testing release before our first full release next week. Click below for details.
Experimental UserLinux packages for UbuntuBenjamin Mako Hill has announced the availability of a set of UserLinux metapackages for Ubuntu Hoary. "Metapackages which means all they do is install other packages. UserLinux doesn't provide its users with separate packages of its own -- it uses whatever is in Debian. You can do now install these on on Ubuntu and get a sort of Ubuntu-flavored UserLinux."Note also that the Ubuntu 5.04 ("Hoary") release candidate is expected to be released shortly.
Debian-Installer rc3 releasedThe Debian Installer team has announced (click below) the third release candidate of the Debian Installer for Debian GNU/Linux Sarge. "We love doing this so much that we couldn't resist updating the installer one more time before the official release of Debian 3.1."
Distribution News Debian Project Leader ElectionsDavid Schmitt has made available his summaries of questions posted to debian-vote, along with answers from the candidates.Debian Project Secretary, Manoj Srivastava, has issued a second call for votes in the Debian Project Leader elections. " At the time of writing, half an hour into the second week of the vote, we have the lowest participation ever in a Debian project leader election seen so far (ever since we started tracking voting rates)." Votes must be received by April 10th.
Slackware drops GNOME, restores MozillaThe latest Slackware ChangeLog Notice (click below) contains a bit of a surprise: the Slackware distribution has dropped the GNOME desktop. "Please do not incorrectly interpret any of this as a slight against GNOME itself, which (although it does usually need to be fixed and polished beyond the way it ships from upstream more so than, say, KDE or XFce) is a decent desktop choice. So are a lot of others, but Slackware does not need to ship every choice." Also contained in the changelog is the return of the Mozilla browser.
New Distributions QiLinuxQiLinux is made in Italy, completely from scratch. The QiLinux staff has developed a desktop and live version as well as a server and advanced server version. QiLinux 1.2pre2 was released March 16, 2005, with a final 1.2 release expected in late April 2005.
Distribution Newsletters Debian Weekly NewsThe Debian Weekly News for March 29, 2005 is out. This week's edition looks at the addition of two developers to the ftpmaster team, Debian-Installer RC3, three new localisation lists (Arabic, Czech and Korean), and more.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for the week of March 28, 2005 covers the release of Gentoo 2005.0, the return of Paypal, SSL support for Gentoo Bugzilla, and several other topics.
Ubuntu Recent Community Council MeetingsThe latest Ubuntu Community council meetings are available online in both summary and full log format. These meetings are dated March 8, 2005 and March 22, 2005. There is also a wiki page with an agenda for next meeting. Click below for the links.
DistroWatch Weekly Issue 93The DistroWatch Weekly for March 28, 2005 is out. "The delayed release of Gentoo Linux was the highlight of the otherwise very quiet Easter weekend. Elsewhere, future releases of Slackware Linux will no longer ship with the GNOME desktop and Mandrakesoft is once again implementing major changes to its release mechanism. Also in this issue - a couple of fun links for your entertainment, and no fewer than eight new Linux distributions on the waiting list. Enjoy!"
Minor distribution updates Puppy LinuxPuppy Linux v1.0.0 is out. "The big news item for this release is Scribus, version 1.2.1. This is the premier Linux desktop publishing application. It is really great and extremely easy to use. Of course, it is big, hence the size jump in the ISO files."
Package updates Fedora updatesUpdates for Fedora Core 3: lsof-4.72-2.2 (fix a problem where "lsof -b" hangs), selinux-policy-targeted-1.17.30-2.90 (allow system_mail_t access to random_device_t), thunderbird-1.0.2-1.3.2 (bug fixes), spamassassin-3.0.2-0.fc3 (upstream bug fixes), sylpheed-1.0.4-0.fc3 (fixes another buffer overflow), libaio-0.3.103-5 (fixes the wrong SONAME problem), system-config-services-0.8.21-0.fc3.1 (fix typos and bugs), foomatic-3.0.2-13.3 (update to a newer version), initscripts-7.93.7- (bug fixes).Updates for Fedora Core 2: mozilla-1.7.6-1.2.5 (removes FC3 dependencies), sylpheed-1.0.4-0.fc2 (fixes another buffer overflow).
Newsletters and articles of interest The Big Arch Linux Interview (OSNews)OSNews interviews the developers of Arch Linux. "What is the main reason that keeps you working on Arch with the same passion for years now? Judd Vinet: The thrill of creating something that other people use and like. I think that's the main motivation for me now. Arch has already reached a point of "best-suited distribution for me" so it's already fulfilled the goals set out when I started it. Now I find myself looking forward to adding features that other users will find helpful, and looking forward to working with other Archers. I'm truly proud of the calibre of our community and the way we've carved ourselves a little niche in the over-crowded distro contention."
Distribution reviews Linux in Government: Linux Desktop Reviews, Part III (Linux Journal)Linux Journal looks at Red Hat's Desktop offering for business and government desktops. "Prior to using Red Hat's Enterprise Linux desktop, I gave Sun's Java Desktop System my highest rating for look and feel, ease of use and administration. As of this writing, Red Hat has pulled ahead as the "best of class" desktop. One example of why RHEL took the lead can be seen in Figure 2; here, you can see that Red Hat greatly simplified its launch menu and improved its desktop rendering. Even compared with Fedora's design and the last RH public version, RH 9, the menu system has become easier to use and the graphical presentation has improved."
My workstation OS: PCLinuxOS Preview 8 (NewsForge)NewsForge has a mini-review of PCLinuxOS Preview 8. "PCLinuxOS may be the best Linux distro available for home use. It's handsome, thoughtfully integrated, easily accessible to newcomers, and stable. It's hard to imagine a better introduction to Linux. Texstar is targeting the release of version 1 for later this year, but it's already light years ahead of the competition. P8 is my desktop of choice."
Page editor: Rebecca Sobol Development OSAF Releases Chandler 0.5 PIMThe Open Source Applications Foundation (OSAF) has announced the release of Chandler 0.5, a GPL-licensed Personal Information Management application (PIM) with an emphasis on shared use. Several years ago, LWN covered the initial release of the project, Chandler 0.1.
A major lesson learnt from the last two years, is that we took on too much, and had too high an ambition level for the near-term. This "great leap forward" strategy didn't pan out. Instead, we have primarily switched to a "dog food" strategy to quickly develop a first release that is minimally usable, on a day-to-day basis, for us within OSAF and for our info-intensive, techno-savvy early adopters.
The version 0.5 README document details the changes in the current release. Work was mainly focused on calendar software and reliability. The version 0.6 planning (cleaning and polishing) and 0.7 planning (polish email system and add new features) documents show where the next two releases are headed. After version 0.7, Chandler should be stable enough for daily use by early adopters. One fundamental change in the project has been to move from a peer-to-peer mode of sharing data to the use of Web enabled Distributed Authoring and Versioning (WebDAV) servers. Email connectivity has been added to Chandler through the Twisted networking framework. Chandler 0.5 is fairly easy to get running, all one has to do is download the code, unpack it, and run the provided binary. The documentation warns that version 0.5 may only work on machines with the Fedora Core 2 distribution, your author had no trouble running it on Fedora Core 3. The new release is still experimental, the initial startup screen warns users that the product is under development and should not be trusted to keep user data safe. Nonetheless, Chandler appears to be on-track in the goal of producing a working utility, we look forward to the group's upcoming releases.
System Applications Database Software PostgreSQL Weekly NewsThe March 28, 2005 edition of the PostgreSQL Weekly News is out with the week's coverage of PostgreSQL database development.
Interoperability Samba 3.0.13 Available for DownloadStable version 3.0.13 of Samba, a Windows-compatible network file and print server, is out with several bug fixes.
Mail Software Sendmail 8.13.4 releasedVersion 8.13.4 of Sendmail, a mail transfer agent, has been announced. "Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.13.4. It fixes several bugs and omissions and adds some additional checks to deal with situations that should not occur."
Networking Tools Twisted version 2.0 announcedVersion 2.0 of Twisted, a Python-based event-driven networking framework, has been announced. "Twisted 2.0 was released late at night on the twenty-second of March, 2005, from Christopher Armstrong's secret underground stronghold in Australia. The Earth indeed shook not only in response to the millions rioting in the streets after the release, but also from the testing of the new functionality in 2.0, including the (patented) Subatomic Resonator, capable of harnessing the power of any form of matter to produce world-destroying explosions." See the release notes for more details.
Desktop Applications Desktop Environments GNOME Power Manager project gets underway (GnomeDesktop)GnomeDesktop looks at the current state of power management software under GNOME. "GNOME Power Manager listens for HAL events and responds with user-configurable reactions. Currently it supports UPS's, laptop batteries and AC adaptors. Its goal is to be architecture neutral and free of polling and other hacks. Linux power management on laptops sucks. Project Utopia is all about making things "Just Work" and that's how power-management should be."
GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE CVS-Digest (KDE.News)The March 25, 2005 edition of the KDE CVS-Digest is available. Here's the content summary: "dnssd adds invitation support. KChart adds png export. KPDF adds annotation support. Speedups in khtml, KPDF, Kmail, and Plastik. Plus, getting ready for Subversion. The move from CVS to Subversion seems imminent. Everyone who accesses the KDE repository will want to make preparations for the change."
KDE Software AnnouncementsThe following new KDE software has been announced this week:
XFree86 4.5.0 is outVersion 4.5.0 of XFree86 has been announced. It features a number of new capabilities, see the release notes for details.
Electronics gEDA/gaf 20050313 snapshotA new snapshot of gaf, an electronic schematic capture application and associated utilities, is out. The change summary says: "Lots and lots and lots of code cleanup, refactoring, and bug fixing by Patrick Bernaud, Stuart Brorson, Carlos Nieves Onega, Werner Hoch, and Dan McMahill. This applies to all parts of gEDA/gaf. The amount of cleanup is quite staggering, so please look at the various ChangeLogs for more info. Many thanks to all who lent a hand in this rather difficult task!" See the release notes for details.
XCircuit 3.3.12 is outVersion 3.3.12 of XCircuit, an electronic schematic drawing package, has been released. Changes include modification of the netlist connectivity highlight display, bug fixes, and more.
GUI Packages FLTK NewsNew released from the FLTK (Fast, Light ToolKit) project include a new FLTK weekly snapshot and new versions of Tux ToDo List Manager, the Flmm Widget Set, and SPTK. An new article on resizing is also available.
Music Applications kluppe 0.4 releasedVersion 0.4 of kluppe, a jack-enabled loop player for linux, is out. New features include an adjustable metric grid, CV sync support, and bug fixes.
PSindustrializer 0.24 announcedVersion 0.24 of PSindustrializer, a tool for the physical modeling of sound, is out. "This version features gtk2 port (please use --disable-openGL, if you are compiling it with gtk+-2.6.4) and several fixes."
Miscellaneous Evolution 2.2.0The Evolution Team has announced the release of Evolution 2.2.0. "Evolution 2.2 is the stable series of the 2.1 development series. It will upgrade your existing 1.4 install, and will perform one minor update on an existing 2.0 install to support weather calendars."
GSview 4.7 releaseVersion 4.7 of GSview, a PostScript viewer application, has been announced. It features bug fixes and other enhancements.
Languages and Tools Caml Caml Weekly NewsThe March 22-29, 2005 edition of the Caml Weekly News is out with the latest collection of Caml language articles.
Java Using Aspects to autonomic-enable legacy applications (IBM developerWorks)Brian Temple covers Java Aspects on IBM developerWorks. "Learn how to use Aspects to generate Common Base Events in any legacy Java application, without modifying the original application source. This article shows you how and also provides an example framework that can be used with your applications today."
Flexible Event Delivery with Executors (O'ReillyNet)Andrew Thompson covers the use of J2SE events on O'Reilly. "Event-handling is critical to any GUI application, and many developers know the hazards of making a method call to unknown or poorly behaved code from the event-dispatch thread. J2SE 5.0's concurrency utilities offer more fine-grained control over how code executes. Andrew Thompson applies that to offer better ways to handle events."
Java Component Development: A Conceptual Framework (O'ReillyNet)Palash Ghosh uses components under Java on O'Reilly. "Component-based design and development is not a new topic at all to professionals who are following Object-oriented analysis and design (OOAD) methodology. The goal of this article is to arrive at a common conceptual framework to develop a Java component step by step, following Java best design practices, and starting from scratch."
JSP Create internationalized JSP applications (IBM developerWorks)Sing Li writes about JSP internationalization on IBM developerWorks. "Designing Java Server Pages (JSP) applications for an international audience is more of an art than a science, involving much more than meets the eye. The key to success is to understand the unique server-side problems associated with internationalization. Java developer Sing Li clarifies the key problem and presents two solutions based on tried-and-true techniques."
Lisp OpenMCL 0.14.3 releasedVersion 0.14.3 of OpenMCL, an implementation of Lisp for the PowerPC platform, is out. "This version adds many documentation strings, some support for allocating Lisp vectors in foreign memory, partial support for funcallable class instances, and new examples."
SBCL 0.8.21 releasedVersion 0.8.21 of SBCL (Steel Bank Common Lisp) has been released. "Mainly new in this version are some incompatible changes (to threads, the REPL, and initialization files loading), and a more robust x86-64 disassembler."
Perl This Fortnight in Perl 6 (O'Reilly)The March 7-21, 2005 edition of This Fortnight in Perl 6 is online with the latest Perl 6 news.
Python Python 2.4.1 releasedPython 2.4.1, a bugfix-only release, is available; click below for details and download information.
Dr. Dobb's Python-URL!The March 24, 2005 edition of Dr. Dobb's Python-URL! is online with the latest Python articles.
Dr. Dobb's Python-URL!The March 30, 2005 edition of Dr. Dobb's Python-URL! is online with another weekly collection of Python language articles.
Ruby Ruby Weekly NewsThe March 27th, 2005 edition of the Ruby Weekly News has been posted. It summarizes the latest news and discussion from the ruby-talk mailing list.
Scheme Schemer's GazetteIssue #5 of the Schemer's Gazette is online with more Scheme language articles and information.
Shells fish 1.5 releasedVersion 1.5 of fish, a user friendly shell intended mostly for interactive use, is available. "Among new features are the 'open' command for launching the default handler for a file and tab completion and syntax highlighting inside of subshells. Version 1.5 also includes several important bugfixes."
Tcl/Tk Dr. Dobb's Tcl-URL!The March 24, 2005 edition of Dr. Dobb's Tcl-URL! is online with the latest Tcl/Tk news and information.
Dr. Dobb's Tcl-URL!The March 30. 2005 edition of Dr. Dobb's Tcl-URL! is out with the week's Tcl/Tk news and resources.
XML Getting Started with XQuery, Part 2 (O'Reilly)Bob DuCharme continues his O'Reilly introductory series on XQuery with Part Two. "This week, we'll learn more about how a query can manipulate the XML that it pulls out of a collection, and how user-defined functions can provide even greater flexibility in the sorting and arrangement of that data."
Use XSLT to prepare XML for import into OpenOffice Calc (IBM developerWorks)Uche Ogbuji works with OpenOffice.org spreadsheet data on IBM developerWorks. "The popular open source office suite OpenOffice.org is XML-savvy at its core. It uses XML in its file formats and offers several XML-processing plug-ins, so you might expect it to have nice tools built in for importing XML data. Unfortunately, things are not so simple, and a bit of work is required to manipulate general XML into delimited text format in order to import the data into its spreadsheet component, Calc. This article offers a quick XSLT tool for this purpose and demonstrates the Calc import of records-oriented XML. In addition to learning a practical trick for working with Calc, you might also learn a few handy XSLT techniques for using dynamic criteria to transform XML."
What Are Microformats? (O'Reilly)Micah Dubinko discusses Microformats on O'Reilly. "Like any ecosystem, XML world is subject to Darwinian natural selection and periodic adjustments. The best ideas tend to stick around. The idea of microformats is particularly being explored of late. Previously, XML-Deviant discussed several microformats in the context of Google's good example of utilizing new technologies. But what exactly is a microformat?"
Profilers Valgrind 2.4.0 is availableVersion 2.4.0 of Valgrind, an open-source tool suite for debugging and profiling x86-Linux programs, is out. "2.4.0 brings many significant changes and bug fixes. The most significant user-visible change is that we no longer supply our own pthread implementation. Instead, Valgrind is finally capable of running the native thread library, either LinuxThreads or NPTL. This means our libpthread has gone, along with the bugs associated with it. Valgrind now supports the kernel's threading syscalls, and lets you use your standard system libpthread."
Version Control CVSGrab 2.2.1 released. (SourceForge)Version 2.2.1 of CVSGrab is out with bug fixes and other improvements. "CVSGrab is a simple CVS client that bypass any firewall blocking port 2401 used by cvs. It relies on the ViewCVS web interface to the repository to work, and supports other types of web interfaces (CvsWeb, SourceCast...)"
Page editor: Forrest Cook Linux in the news Recommended Reading GPL 3 won't split projects, Moglen says (News.com)News.com looks into GPL v3 concerns. "Eben Moglen, general counsel of the Free Software Foundation, said Thursday that there shouldn't be a problem in persuading Linux developers to migrate to GPL 3, as the license will be developed with their input. "I don't think it will be a difficulty," Moglen said. "When the FSF finishes its work to produce the first discussion draft of GPL 3, there will be an extended comment period, which will be a chance for everybody to have their say. We will take as long in listening as people need to take.""
A History of Free and Open Source - Introduction ~ by Peter H. Salus (Groklaw)Groklaw introduces "A History of Free and Open Source". "Historian Peter H. Salus is writing "A History of Free and Open Source", and I'm delighted to tell you that he is going to be publishing it in serialized form here on Groklaw. We thought that, with ADTI back with its Grim Fairy Tales, it would be useful to tell the FOSS story truthfully and in a scholarly way, so readers now and historians in the future can rely on the facts. Here's the first installment, the Introduction, and I know you will enjoy it. Look for the next episode on the 6th or 7th of April and every Wednesday or Thursday after that."
Trade Shows and Conferences Evidence that Python is advancing into the enterprise (NewsForge)NewsForge presents a report from PyCON 2005. "Mission-critical development organizations often regard only a handful of languages -- C#, Java, XML, SQL, and few others -- as safe enough for serious projects. From this perspective, Python has been traditionally lumped with "experimental" or "toy" languages. Over and over, however, speakers at this conference presented evidence to the contrary."
The PyCon BlogA PyCon Blog site is online with coverage of the recent PyCon (Python Conference) that was held in Washington DC.
The SCO Problem IBM's Memo in Support of Proposed Scheduling Order (Groklaw)For the curious: the back-and-forth continues in SCO v. IBM. Groklaw has IBM's memo in support of a scheduling order that might actually bring an end to the whole show at some point. "For example, if SCO were to identify Linux code that it contends is derived from AIX, Dynix, or UNIX System V and was improperly contributed to Linux, then IBM would need to take discovery to determine the facts relating to the code in question, including but not limited to (i) who wrote the code, when, how, and why, (ii) whether and to what extent it is in the public domain and (iii) whether and to what extent it is protectable by contract or copyright."
Companies EDS: Linux 'strategically important' (ZDNet)ZDNet covers a reversal of position on Linux from EDS. "Outsourcing specialist EDS said it was "proactively engineering" Linux into its product portfolio, backtracking on previous statements that the open-source software was insecure and unscalable. EDS' management in the United States moved to clarify its position on Linux in a statement issued to ZDNet Australia today after Robb Rasmussen, the vice-president responsible for alliances, unleashed a storm last week by denigrating the open-source platform's readiness for large enterprises."
The reinvention of Progeny (NewsForge)NewsForge has published a study of how Progeny survived the dotcom crash. "Not that Progeny Debian was a failure in the end, [Progeny founder Ian] Murdock hurries to add. Admittedly, the product failed in the stores. However, the simple fact that the company had built the distribution provided proof that it understood Debian and could develop a product that would be downloaded by thousands of people. If Progeny had not developed Progeny Debian, he now believes, then the company would have had no tangible proof of its skills to secure new custom development contracts."
Linux Adoption Brazil: Free software's biggest and best friend (News.com)News.com is carrying a New York Times article on Brazil's support for free software. "By the end of April, the government plans to roll out a much-ballyhooed program called PC Conectado, or Connected PC, aimed at helping millions of low-income Brazilians buy their first computers. And if the president's top technology adviser gets his way, the program may end up offering computers with only free software, including the operating system, handpicked by the government instead of giving consumers the option of paying more for, say, a basic edition of Microsoft Windows."
Legal Microsoft Patent Too Close to IPv6, Lawyers Say (eWeek)eWeek looks at a dispute over a Microsoft-held patent. ""We are aware that the patent should not have issued in view of the prior art available to the patent office but not cited by Microsoft in its application," Moglen said. The patent in question, USP 6101499, filed in 1998 and issued in 2000, concerns automatic generation of IP addresses to facilitate simple network connections. The technology described therein bears "more than a passing similarity" to IPv6, one of the backbones of the Internet, according to Frank Bernstein, a lawyer with Kenyon & Kenyon, a San Jose, Calif., firm."
Interviews Mitchell Baker on NPR 'Science Friday' (MozillaZine)MozillaZine mentions several interviews with Mitchell Baker. "Today, we reported on Mitchell Baker's Slashdot interview. However, that's not the only interview the Mozilla Foundation's Chief Lizard Wrangler has been doing recently: earlier this month she appeared on the National Public Radio programme Talk of the Nation as part of their Science Friday segment. Speaking in fairly general and non-technical terms, Mitchell talked about Mozilla Firefox and the work of the Mozilla Foundation and took a couple of questions from callers."
Jim Fulton Interview (ZopeMag)ZopeMag interviews Jim Fulton, CTO of Zope Corporation. "Of course, Zope 3 has many things to offer too that are not found in Zope 2. As far as maturity is concerned, we are being very careful to provide backward compatibility for released features. You can build on features and application programming interfaces (APIs) released in Zope 3.0 knowing that they will work in Zope 3.1 and 3.2, and that, should they change, there will be plenty of early-warning."
Robert Sutor on the IBM patent commons initiative (IBM developerWorks)IBM developerWorks has an interview with Robert Sutor. "Find out why the recent release of 500 IBM® patents will help fuel innovation in open source technology through this detailed interview with Dr. Robert Sutor. At IBM, Dr. Sutor has been a member of IBM Research, and Director of Web Services Technology, and is now the Vice President of Standards. He has been involved in open standards actively since the earliest days of XML, and is a frequent speaker on standards and open source, and Web services, and Service-Oriented Architecture (SOA)."
Resources make for Nonprogrammers (O'ReillyNet)O'ReillyNet takes a look at make from a BSD perspective. "This article covers some make basics so you have an idea what is happening behind the scenes. It also examines some of the options you have available when issuing make commands."
Syncing the Treo 650 with Bluetooth (Linux Journal)Dovid Kopel shows how to connect a PalmOne Treo 650 smartphone to a Linux machine over a Bluetooth link. "The Treo 650 is capable of accessing all aspects of the Internet, providing one has a data plan, at a reasonable speed and cost. Until the release of the 650 model, you had to connect the Treo to your computer in order to communicate with it. With the addition of Bluetooth, however, the process has become significantly easier. With the touch of a single button, I now can hotsync my Treo or surf the Web without ever touching a wire."
Reviews Java fallout: OpenOffice.org 2.0 and the FOSS community (NewsForge)NewsForge examines OpenOffice.org 2.0 and its dependence on a Java Runtime Environment. "One of the few technical arguments against OpenOffice.org's use of Java is that it undermines the project's goal to be a cross-platform office suite. Many operating systems currently supported, including FreeBSD and GNU/Linux for the PowerPC, have no official version of Java. Those who wish to use OOo 2.0 on such platforms must use GNU/Linux emulation or work with an often incomplete free Java implementation. Either way, the new requirement places new pressures on the already overworked teams of OpenOffice.org volunteers working on these ports."
Open source Mambo CMS succeeds admirably (NewsForge)NewsForge reviews Mambo, an open-source web content management system. "Mambo is not a portal-oriented CMS. You can use it to run a portal, of course, but Mambo is much more versatile. In fact, Mambo is targeted at the corporate market. All content pages are dynamically generated from a MySQL database. The look of a Web site running on Mambo is defined by a template. Three templates are provided with Mambo, and there are many free templates that you can use, which you can find at sites such as MamboHut and MamboPortal."
Linux Desktop Improves Search (eWeek)eWeek takes a look at Novell's Linux Desktop. "Among the new features Novell hopes will draw the masses to the new desktop operating system, due next year, is Beagle, a desktop search and metadata technology that indexes all the content on a user's hard drive, including Web sites visited and instant messaging conversations, making this content all instantly searchable."
Miscellaneous With Linux, enough is sometimes too much (InfoWorld)Here's an InfoWorld article that says that most Linux distributions come with too much other stuff. "You could argue that it never hurts to have too many options, but I disagree. Under the hood, any Linux PC is a system of incredible complexity. Adding more applications to the mix only increases that complexity and gives the end-user more blind alleys to wander down. Anything that raises the barrier of entry to Linux is harmful, no matter how good the intentions."
Page editor: Forrest Cook Announcements Non-Commercial announcements Notes from the Grokster hearingLawyer Timothy Armstrong has posted his notes from the MGM v. Grokster arguments in the U.S. Supreme Court. "On balance, not quite as bad a day for Grokster as I think a lot of people were expecting. Not a sure (or even a probable) victory for them by any means, but the Court did seem quite attuned to the effects on innovation of whatever liability rule it ultimately adopts. None of the Justices was talking as if the case could be disposed of on Sony alone, but there will be at least a few votes against abandoning that standard altogether."
Commercial announcements Announcing CrossOver Office, Version 4.2Version 4.2 of CrossOver Office has been announced by CodeWeavers. "This includes a long awaited update to our server product, CrossOver Office Server Edition. This release includes support for Quicken 2005, as well as new support for Quickbooks, versions 2001-2004 (note that Quickbooks 2005 is not yet supported). This release now supports the latest version of iTunes, and the iPod support code has been tuned to work with that version. We've also started an effort to properly support EndNote."
Eagle 4.14 ReleasedVersion 4.14 of Eagle, a commercial printed circuit CAD application with a free minimized demo version, is available. This version features many improvements, see the Change Log for details.
Concurrent's iHawk Control Systems selected for Australian SynchrotronRedHawk Real-Time Linux has been chosen for use in the control systems of the Australian Synchrotron Project. "iHawk, powered by Concurrent's RedHawk(TM) real-time Linux(R), was selected for its highly deterministic response and high performance capabilities to respond to ASP's data acquisition and I/O control (IOC) system requirements. These high performance and distributed IOCs will provide the foundation control system for the synchrotron light beam storage ring."
LinuxForce acquires Cyber LoftLinuxForce has announced the acquisition of Cyber Loft. "LinuxForce, the leading provider of Debian GNU/Linux outsourced systems administration services, announced today that it has signed an asset purchase agreement to substantially acquire the assets of Cyber Loft, Inc, a web hosting and web application development provider formerly based in Irvine, California."
OSDL Appoints Frank J. Fanzilli Jr. to Board of DirectorsOpen Source Development Labs has announced the appointment of Frank J. Fanzilli Jr. to its board of directors. "As the former managing director and Global CIO of Credit Suisse First Boston (CSFB), Fanzilli brings Wall Street, venture capital and global IT enterprise expertise to help OSDL drive Linux initiatives around the world."
SourceLabs releases "certified AMP stack"SourceLabs has announced the release of its "certified AMP stack." The company has put together a distribution of Apache, MySQL, and PHP which has been put through a certification process as an integrated unit. Note that the "L" has been removed from "LAMP" - the company plans an AMP offering for Windows as well. The plan is to make money on support services and maintenance subscriptions.
StreetFire Sound Labs joins linuxaudio.orgStreetFire Sound Labs has joined the linuxaudio.org consortium. "StreetFire Sound Labs is the 20th and newest member of the linuxaudio.org consortium. This San Francisco company designs open audio hardware based on Linux, and its first product is a networked audio server that can control and manage Sony CD jukeboxes."
New Books "Apache Security" Released by O'ReillyO'Reilly has published the book Apache Security by Ivan Ristic.
"Firefox Hacks" Released by O'ReillyO'Reilly has published the book Firefox Hacks by Nigel McFarlane.
"Java in a Nutshell, Fifth Edition" Released by O'ReillyO'Reilly has published the book Java in a Nutshell, Fifth Edition by David Flanagan.
No Starch Press "Silence on the Wire"No Starch Press has published the book Silence on the Wire by Michal Zalewski.
Resources KDE Contributors Worldwide (KDE.News)KDE.News mentions an update of the worldwide.kde.org contributors map. "The worldwide.kde.org contributors map has hot fresh updates. The contributor map on worldwide.kde.org shows developers, translators, doc writers, artists, packagers and other contributors of KDE in all the world."
The LDP Weekly NewsThe March 30, 2005 edition of the Linux Documentation Project Weekly News is online with the latest new documentation releases.
Contests and Awards Ghostscript Bug Bounty programA new Ghostscript Bug Bounty program has been announced. "Earlier programs were quite successful, but since the 8.50 stable release we've accumulated a number of new boutiable bugs, so we're starting the program up again. As before we're paying US $500 for bugs marked bountiable in the tracker; $1000 for those set with priority P1 or P2! So if you're a coder, here's your chance for a little extra cash."
Surveys Desktop Environment User Interface SurveysThe HASE (Human Aspects of Software Engineering) group at the University of Maryland Baltimore County has a couple of surveys out, looking at the usability of desktop interfaces. There's a GNOME Survey and a KDE Survey. (Found on GnomeDesktop and KDE.News)
Gnome bounty research (GnomeDesktop)GnomeDesktop.org has an announcement for research on the GNOME programming bounties. "I'm a graduate student at Harvard Business School in Boston. I'm conducting a survey on Gnome's programming bounties. In particular, who works on them, who chooses not to, whether or not regular users (not just the regular contributors) are attracted to them, etc." Award certificates are available for contributors.
Upcoming Events Hurricane Electric Hosts Security SeminarHurricane Electric has announced a Linux security seminar, to be held in Fremont, CA. "Hurricane Electric, a leading Technical Service Provider, will host "Linux Security for Beginners," an informative security seminar targeted at Linux newbies. The seminar, being held on April 30, 2005, follows five successful seminars hosted by Hurricane Electric on business and technology topics."
International PHP Conference 2005The Spring 2005 International PHP Conference 2005 will be held at the RAI Conference Center in Amsterdam on May 2-5, 2005.
Latin American Free Software Install Fest April 2The Latin American Free Software Install Fest has been announced. "On Saturday the 2nd of April/2005 we are holding the Latinamerican free software install fest, an event with the goal of promoving the use of free software and bringing closer together free software user groups in all the countries in Latin America. To achieve this we will hold simultaneous events in different cities, where local technical experts will install free software in any computers brought for this purpose. This will be done in an entirely legal manner and the service will be provided free of charge." Thanks to Marcelo E. Magallon.
Events: March 31 - May 26, 2005
Web sites MozillaWiki Upgraded and Redesigned (MozillaZine)MozillaZine has announced an upgrade to the Mozilla developer wiki. "The Mozilla developer wiki has been upgraded and now sports a design much more similar to that of the main mozilla.org site. MozillaWiki is a wiki that is primarily used by developers to document and plan future Mozilla development work. If you want to read some (sometimes technical) information about what you might be seeing in future Mozilla releases, it's well worth a browse."
Planet SBCL site launchedThe new Planet SBCL site has been launched. "Zach Beane has announced the creation of Planet SBCL on 25 March 2005. Planet SBCL is a web site aggregating the weblogs of developers and hackers of the SBCL Common Lisp implementation."
Whitedust Security Site launchedWhitedust.net is a new security-related web site. "The Whitedust Security group are pleased to announce the launch of www.Whitedust.net, the first unbiased web site dedicated to providing news and articles from Information Security insiders. Untainted and timely security news available side by side with articles covering a diverse range of security related topics, from opinion pieces to technical papers covering theoretical attacks and defences."
Miscellaneous 'Movies for the Masses.org' Independent Film ProjectThe concept of "open source" has made its way into film making. IBI Films has announced the launch of Movies for the Masses, a web site that aims to provide an independent film alternative. ""Movies for the Masses" (http://www.moviesforthemasses.org) is a unique Web site that allows moviegoers to select from a group of possible full-length indie films in development, and vote for which ones they'd like to see made."
Page editor: Forrest Cook Letters to the editor Software Patents in Europe
[Reply to: patent at ramatthews dot free-online dot co dot uk]
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Autopackage screenshots]](/images/ns/autopackage-sm.png)
![[OSAF]](/images/ns/osaf.jpg){kind=small}
The Chandler