LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for May 12, 2005SSH as a worm vectorIt has been quite some time since a serious Unix/Linux worm has made its way through the Internet. Such worms seem difficult to write, but few people would argue that they are impossible. To many, it is just a matter of time until a Linux-based worm gets loose. This event will slightly reduce the level of smugness in the community, and greatly reduce the credibility of claims that Linux is a more secure system. It is not something to look forward to.Meanwhile, a crucial security-related component of many systems is SSH, usually in the form of OpenSSH. Even the most severely locked-down systems will often have an SSH port open. So any sort of compromise which involves SSH is seriously frightening. Now, a paper [PDF] written by four MIT researchers (and commented on by Bruce Schneier) describes how SSH could be used as a vector for worm attacks. This threat appears to be real, and deserves attention from anybody responsible for the security of network-attached systems. SSH maintains a per-user "known hosts" file, where it stores the public keys of remote systems it knows about. This file enables SSH to issue that obnoxious warning whenever a host key changes; its purpose is to help prevent "man in the middle" attacks. It may be possible to redirect an SSH connection via a DNS compromise, but it will not normally be possible to keep SSH from noticing the switch. This is a good thing. The known hosts file, however, is a handy little database listing all of the systems a given user connects to. If that user's account is compromised, the known hosts file becomes a list of logical systems to attack next. If the user's password is known, chances are good that it will work on at least some of the systems found in the known hosts file. If the user has set up no-password, key-based logins to some of those remote systems, knowledge of the password will not be necessary. The result is that a purely local exploit could use the SSH databases and protocol to automatically propagate itself across the net. It's worth noting that a worm could be written today using this technique combined with, say, the just-announced core dump vulnerability. Sooner or later, somebody is going to go for it. The paper's authors are trying to collect more data to generate more metrics on how extensive the "web of known hosts" is; to that end, they are asking people to contribute their known hosts files. See this page for more information. Note that their data collection process involves running a perl script (supplied by them) as root. One assumes that these researchers are trustworthy, but one would be well advised to look over that script carefully before running it anyway. Twice. The authors also point out that OpenSSH 4.0 includes a defense mechanism in the form of hashed known hosts files. By using a hash rather than the remote system's name, OpenSSH is able to verify remote keys without actually storing a list of remote system names. This behavior must be explicitly turned on, however (by adding a "HashKnownHosts yes" line to the SSH client configuration file) and existing known hosts files must be converted to the new format. A couple of scripts have been provided to help with the conversion process. The community is lucky to have received advance warning of this issue. Now, however, it is up to us to act on that warning. With some diligence, it may be quite a few more years before we see a serious Linux-based worm.
The broadcast flag is defeated - for nowLWN covered the broadcast flag rule in November, 2003. This rule, adopted by the U.S. Federal Communications Commission, mandated that digital television systems implement and honor a flag, embedded within the TV signal, which would forbid copying or further redistribution of the content. This rule, in effect, forbids the creation of free television demodulator systems. No source-available system could implement the broadcast flag in a way which meets the "robustness rules" set out by the regulation.The DC Circuit Federal Court of Appeals made short work of this rule; the full ruling is available in PDF format. The decision is clear and narrow:
We can find nothing in the statute, its legislative history, the
applicable case law, or agency practice indicating that Congress
meant to provide the sweeping authority the FCC now claims over
receiver apparatus.
Thus, the broadcast flag is dead, because the FCC has no authority to make that particular regulation. The court offers no opinion on whether the concept of a broadcast flag is defensible or not - it was not asked to consider that issue. All that has been decided is that the FCC has no authority to give the entertainment industry veto power over our gadgets. For the time being, digital TV systems implemented with free software are legal. The next move in this game is obvious: the entertainment industry will go to Congress seeking a law which either (1) gives the FCC the authority to regulate devices which are not actually transmitting or receiving signals, or (2) implements the broadcast flag requirement directly. Cory Doctorow has claimed that the industry will not succeed in this goal:
The next move here is that the studios will take this to Congress
and try to get a law passed to make this happen. No chance. They
got ZERO laws passed last year. This year the best they've been
able to accomplish is making it slightly more illegal to videotape
movies in the theatre.
The fact is, elected lawmakers are not suicidal enough to break their constituents' televisions. Watch and see: over the next year, we're all going to roast any lawmaker who so much as breathes the words "Broadcast Flag" in a favorable tone. This view is probably overly optimistic. Experience says that the purveyors of ideas like the broadcast flag never give up; they bring their proposals to Congress over and over until the opposition has, finally, been worn down. The broadcast flag may well be defeated next year, but it will be back the year after that. Until elected representatives (and the wider world) understand why things like broadcast flags are such a bad idea, we will have to keep fighting this battle.
A new Harmony ProjectGeir Magnusson Jr. sent out a proposal for "Project Harmony" which would create an open source implementation of the Java 2 Platform, Standard Edition (J2SE) version 5 and a "community-developed modular runtime (VM and class library) architecture for independent implementations to share runtime components, all to be available under the Apache License, v2. The proposal calls for "a broad, collaborative community of contributors," and there is an impressive list of interested parties in Magnusson's proposal. We talked with Magnusson about the project, the interest which has been shown so far, and whether Sun had been approached to cut out the middleman and simply open source their implementation of J2SE to save everyone the hassle of doing it again. Magnusson said that the project "was a long time coming," but there was not a specific catalyst that made the group decide that now was the time to move forward. "Finally, we just decided that it's time." He also emphasized that Harmony is about "building communities that can collaborate...we're looking at inviting everybody who wishes to participate." With regard to Sun and open source Java, Magnusson said that "we respect Sun's right to make their decision [regarding licensing]." We also wondered whether Magnusson or someone from the Harmony project had approached Sun to confirm that the company isn't planning on an open source version of Java. Magnusson said that Sun had been made aware of the project, but that he "won't say we've gotten an assurance that they're not going to do this in the next two years." Sun's Graham Hamilton has also said that Sun will probably participate "at some level, although most of our efforts will continue to be focused on building Sun's reference implementation of J2SE." Although Hamilton puts a damper on the endorsement by adding:
I am not entirely sure if the world
really needs a second J2SE implementation, but at the same time I am also
glad to see that all the effort we put into getting the rules and the
licensing issues straightened out is actually proving useful!
Bruno F. Souza, "the number one Java Evangelist in Brazil," and another individual listed in the Harmony proposal, also comments on Harmony in his blog and on the need for a second implementation:
In this, Hamilton is wrong. How important would be J2EE if we had a single
application server? For a long time now the Java Community needs another
J2SE implementation. At this point we don't even have a proof that the JCP
specs are valid! In a recent talk with James Gosling at Café Brasil, while
we discussed Kaffe and Classpath, James commented on how important a clean
room implementation was for this very reason. The work of the FSF on the
Classpath and GCJ projects, and the teams of Kaffe, JamVM and others, are
all validating parts of the spec, what only strengthen our whole
community. The fact that these projects exists should be seen as positive
and should be supported and cherished by all developers, and not ignored
like they have been for so long.
Not only that, but another implementation promotes competition and foster innovation. An open source implementation helps in research, discussions and even in the evolution of the Compatibility Kit. Sun recognizes the value of that, that's why Mustang source code is now available on an ongoing basis, and why Sun proposed recent licensing changes to its implementation, to promote this very things. But this is not enough. Sun's licensing changes get to the edge of the water, but although noticing that the water is cold can be relaxing and beneficial, it don't really give you any of the benefits of swimming. I have already discussed elsewhere other reasons why I think an open source implementation of Java is needed. There is certainly plenty of need for an open source Java in the open source community. It's already been commented on, several times, that OpenOffice.org 2.0 has Java requirements that may pose problems for distributions that don't ship Sun's Java due to license problems. There is also the question of Java on operating systems and/or hardware architectures not supported by Sun. Magnusson agreed this was a "personal driver" for his interest in the Harmony project.
Of course, there are already efforts underway to create open source implementations of Java, such as Kaffe and GNU Classpath. Kaffe is an implementation of the Java virtual machine and class libraries to provide a Java Runtime Environment (JRE), while GNU Classpath is a project to create the core class libraries for use with virtual machines and compilers. There is also the GNU Compiler for Java (GCJ) and many other open source efforts. However, there are a few areas where Harmony may be more desirable in the long run. Firstly, Magnusson stressed the importance of certification for the Harmony project, to ensure compatibility with Sun's J2SE 5. Secondly, as an Apache project, the group may be able to draw from a wider group of contributors than Kaffe or other projects -- particularly from companies that would like to see a fully-compatible open source implementation of J2SE 5. Harmony seems to be getting quite a bit of interest already. Dalibor Topic, a contributor to both Kaffe and GNU Classpath, is one of the other individuals who have signed on to the Harmony proposal. He explains his interest in the project in his Advogato diary:
What the hell am I doing there, then, not being an Apache? Well, two
things: a) trying to help bring ASF and FSF closer together, and ASF using
and contributing to FSF's class libraries would be a pretty good thing to
happen no matter which path towards a runtime they chose, and b) the ASF
can reach a wide audience among developers programming in the Java
programming language that so far has either not heard, or been skeptical
about Free Software runtimes based on GNU Classpath. For whatever reason
the ASF seems to evoke much less fear and terror in some circles than the
FSF, which may make working with those circles through the ASF easier.
Whether the Harmony, GNU Classpath, Kaffe and other projects will be able to sort out licensing is another question. We asked Magnusson about the licensing hurdles, and he said that they are "working to fix licensing issues" and noted that the project was trying to solve licensing problems "in parallel," since "licensing discussions can bog down anything." There are also those who might prefer to forget Java altogether and concentrate on something like Mono instead. While Mono is an interesting technology, it's not always a substitute for Java and may not meet everyone's needs. It also seems unlikely we'll see broad support for Mono from all quarters soon, judging by Havoc Pennington's comments on the Java and Mono discussion with regards to Harmony:
I believe we have legitimate and non-evil reasons why we [Red Hat] can't
ship Mono. And I think open source Java looks plausible and a lot nicer
than C; Java and Classpath will even run on Mono, and if C# becomes more
viable later, experiments such as Graydon's or the Lucene port show that it
isn't hard to do a Java to C# conversion. And guess what, we need open
source Java in the desktop anyhow for OpenOffice.org and the browser plugin
at minimum.
I don't know what people expect Red Hat GNOME developers to do. We can't roll over and say "OK, we'll start hacking in C#, even though we don't see a path to shipping any of the stuff we're hacking on" - does anyone seriously expect that? ...I'm not trying to exhaustively belabor the Java vs. C# technical comparison but I am trying to point out that Java has a hell of a lot going for it including open source developer tools and libraries and huge momentum (largely open source) on the server side. Java 5 has some cute language features, too, and Tromey has shown how to make native code bindings easy. To get a general idea how long it might take for a group to implement J2SE, one might look at the Apache Geronimo project, which is an implementation of the Java 2 Platform, Enterprise Edition (J2EE). The project started in August 2003, and became an official Apache top-level project in May 2004. According to Magnusson, the Geronimo project is now working to pass Sun's TCK for J2EE 1.4, though it isn't clear how much more time will be required for it to reach full compatibility. For those interested in participating, Magnusson has sent out a FAQ about the project which includes instructions on joining the development mailing list. The project is not yet listed on the Apache Incubator site yet. If Harmony is successful, which looks quite likely given the interest it has stirred already, it will be quite beneficial to the open source community. While it would be much easier if Sun simply provided an open source implementation, the community has the tools needed to do so.
Security More firefox troubleA few weeks ago, we covered a set of vulnerabilities in Firefox that were closed with the 1.0.3 release. Once again, Firefox is in the news for security issues -- this time for two security vulnerabilities that, when combined, create a situation that could allow an attacker to install software on a user's machine without any notice to the user.What is particularly unusual about this disclosure is that it came not from the person who discovered the vulnerability, but from a third party who became privy to discussions about the vulnerability. While one might hope that the ethics of vulnerability disclosure would preclude "outing" a security vulnerability, particularly one discovered by another party, prior to the public release of a fix when it's known the vendor or project is actively working on the issue, the cat is out of the bag now. The first vulnerability relates to "IFRAME" JavaScript URLs, which can allow an attacker to execute arbitrary code in a user's session. Alone, it could allow malicious sites to steal information from sites previously visited. The second vulnerability is in the "IconURL" parameter in "InstallTrigger.install()", which is not properly verified. This can be exploited to run JavaScript with the escalated privileges of a "Chrome script." The combination of both vulnerabilities can actually allow whitelisted sites, or sites masquerading as a whitelisted site, to take any action of the user, including administrative actions if the user has admin privileges. (This is one of the reasons why users should not make a habit of running as root.) By default, the Mozilla Update websites were on the Firefox whitelist. The Mozilla Foundation has applied a server-side change to prevent attackers from using those sites. However, users who have added other sites to their whitelist may be at risk on those sites -- though an attacker would need to be able to guess what site a user has whitelisted. We talked to Chris Hofmann, Mozilla's director of engineering, about the most recent vulnerabilities and Mozilla's security record in general. According to Hofmann, the vulnerability is cross-platform and could potentially affect users of Firefox 1.0.3 on any platform. Hofmann said that the Mozilla Foundation was not aware of any exploits in the wild, and that the premature disclosure of the vulnerability was "a pretty rare exception."
The security researchers and people who are reporting the vulnerability are
pretty involved in all steps of the discovery and fixing and reporting
process, and that's something different from a commercial company where
researchers throw the report over the wall and hope a fix comes back from
the vendor. Most of the researchers like the Mozilla system better where
they can watch progress and complain if it's not proceeding at the right
pace... it's very unusual to see someone report something like this without
giving us a shot [to fix the problem first].
We also asked Hofmann if he thought it would be possible to catch all of these vulnerabilities at some point in the future. In short, it looks like the answer is pretty much "no," given the complexity of a Web browser and the nature of the interfaces between components where it is not completely understood how they interact. At this time, there is not a final Firefox 1.0.4 release, but there are candidate builds available with security fixes and a fix for a DHTML regression in 1.0.3. At a minimum, users should disable software installation until 1.0.4 is available.
New vulnerabilities apache2 buffer overflow
Ethereal: numerous vulnerabilities
firefox: multiple vulnerabilities
gaim: buffer overflow
GnuTLS: Denial of Service vulnerability
hteditor: multiple buffer overflows
kernel: ELF loader core dump vulnerability
libTIFF: buffer overflow
Oops!: Remote code execution
smail buffer overflow
squid: errors in http_access configuration
Updated vulnerabilities a2ps: input validation error
cpio - file permissions error
cURL: buffer overflow
cvs: multiple vulnerabilities
cyrus-imapd: buffer overflows
dhcp: format string vulnerability
Dnsmasq: poisoning and DoS
emacs21: format string vulnerability in "movemail"
enscript: arbitrary code execution
ethereal: buffer overflow
evolution: arbitrary code execution
evolution: message crash vulnerability
Foomatic: Arbitrary command execution in foomatic-rip
gaim: buffer overflow, DoS
gtk-pixbuf, gtk2: denial of service
gettext: Insecure temporary file handling
gftp: missing input sanitizing
ghostscript: symlink vulnerabilities
glibc: Information leak with LD_DEBUG
glibc: tempfile vulnerability in catchsegv script
gnupg: information leak
grip: buffer overflow
groff: insecure temporary directory
gzip: race condition and directory traversal
Horde Framework: multiple XSS vulnerabilities
htdig: cross site scripting
ImageMagick: heap corruption
imap: buffer overflow in c-client
imlib2: buffer overflows
infozip: privilege escalation, directory-traversal
junkbuster: heap corruption and settings modification
kdelibs: unsanitzied input
kdelibs: dcopserver vulnerability
kernel: multiple vulnerabilities
kernel: multiple vulnerabilities
kimgio input validation errors
Kommander untrusted code execution
libdbi-perl: insecure temporary file
libgd2: buffer overflows in PNG handling
libnet-ssleay-perl: weakened cryptographic operations
libtiff: buffer overflow
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
libXpm: new buffer overflows
lvm10: creates insecure temporary directory
mailman: path traversal
mc: buffer overflow
MediaWiki: multiple vulnerabilities
mikmod: buffer overflow
mod_python: remote access vulnerability
Mozilla Firefox, Mozilla Suite: multiple vulnerabilities
MPlayer: heap overflows
MySQL: input validation and temporary file vulnerabilities
nasm: Buffer overflow vulnerability
ncpfs: multiple vulnerabilities
nfs-utils: denial of service
nfs-utils: arbitrary code execution
OpenOffice.org: .doc parser buffer overflow
openssl: der_chop script temp file vulnerability
OpenSSL: denial of service vulnerabilities
Opera: multiple vulnerabilities
perl: setuid vulnerabilities
perl: symlink vulnerability
php4: integer overflow and denial of service
php4: denial of service vulnerabilities
phpMyAdmin: insecure SQL script installation
postgresql: EXECUTE privilege vulnerability
postgresql: database initialization errors
Pound: buffer overflow
prozilla: format string vulnerabilities
qt3: BMP image parser heap overflow
realplayer: arbitrary code execution
rp-pppoe, pppoe: missing privilege dropping
ruby: infinite loop
samba: integer overflow vulnerability
smartlist: wrong input processing
SpamAssassin: Denial of Service vulnerability
SquirrelMail: multiple vulnerabilities
sudo: environment variable sanitizing
File overwrite vulnerability in tar and unzip
tcpdump: multiple DoS issues
telnet: buffer overflows
UnAce: buffer overflow and directory traversal
vixie-cron: crontab allows any user to read another users crontabs
XChat 2.0.x SOCKS5 Vulnerability
xine-lib: two heap overflow vulnerabilities
xine-lib: buffer overflows
xine-ui - insecure temporary file creation
xloadimage: missing input sanitizing, integer overflow
xorg-x11: integer overflows
xpdf: buffer overflow
XV: multiple vulnerabilities
zlib: denial of service
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current stable 2.6 release is 2.6.11.9, which was released on May 11. It contains a fix for the ELF loader vulnerability and a couple of other fixes as well.The current 2.6 prepatch is 2.6.12-rc4, announced by Linus on May 6. Changes this time around include more "sparse" annotations, a CIFS update, various architecture updates, resource limits for niceness and realtime scheduling (covered in last week's Kernel Page), a JFS update, some networking tweaks, and more. See the long-format changelog for the details. Linus is currently on vacation, so no new patches have been added to his git repository since -rc4. The latest -mm release is 2.6.12-rc3-mm3. Recent changes to -mm include a rework of the huge page code, a bunch of UML updates, a device mapper update, and more fixes.
Kernel development news The coding style enforcerThe coding style document packaged with the kernel source contains a number of clear rules; here's one of them:
Don't put multiple statements on a single line unless you have
something to hide:
if (condition) do_this;
do_something_everytime;
Jesper Juhl recently found some code which evidently had something to hide, and submitted a patch to break the offending if statements onto two lines. Andrew Morton rejected it:
There are about 88 squillion of these in the kernel. I think it
would be a mistake for me to start taking such patches, sorry.
In further discussion, however, Andrew seemed to agree that, perhaps, cleaning up the kernel source to be more generally compliant with the coding style documentation might be a good thing. He just doesn't want to cope with hundreds of little patches to that end. He will, however, consider a small number of very large patches. So a major coding style cleanup seems likely to happen, perhaps before 2.6.12 comes out. Applying this sort of patch so late in the cycle should be safe; the intent is to change the formatting, but to make no actual code changes. Andrew also plans to drop any changes which do not apply against the -mm tree, in the hopes of minimizing the effects of the changes on patches maintained by other developers. If all goes according to this plan, the final 2.6.12 patch could be large indeed.
The mini_fo filesystemMarkus Klotzbuecher recently announced the release of mini_fo 0.6.0. Mini_fo provides (what has been called in other systems) a "translucent" or "copy on write" filesystem. A read-only, base filesystem (possibly from a remote system or CDROM) can be made to appear, via mini_fo, as a local, writable filesystem. This functionality is useful for sharing filesystems with local overrides, live CD systems, sandboxing applications, and more.At its core, mini_fo performs a simple fan-out operation. Each inode, dentry, and file structure associated with a mini_fo filesystem contains (via its private data) pointers to two other structures of the same type. One of them refers to the file or directory on the base filesystem; the other, instead, is for a local version of the file or directory on a local "storage filesystem." Both are hidden from user space, which thinks it is dealing directly with a file stored in the mini_fo filesystem. When a mini_fo filesystem is first created, it appears as an exact copy of the underlying base filesystem. Any operation which reads files or directories is simply passed through to the base filesystem, with almost no additional overhead. In this mode, mini_fo functions as a sort of loopback filesystem. Things change, however, when a file is opened for writing. In this case, mini_fo will create a copy of the file on the storage filesystem, with all of the data moved over. Any subsequent operations on that file will used the locally-stored version rather than the base version. So any changes made will appear locally, but they will not be propagated back to the base. Changes will be persistent across mounts as long as the storage directory used by mini_fo is not modified by anything except mini_fo. Modified files are not the full story, of course; mini_fo must also cope with operations like deletes and renames. To that end, it maintains a set of lists of files which it knows about locally; there is one list for modified files, one for deleted files, one for files created locally, etc. These lists are stored in-kernel as standard linked lists. They are also written to the storage filesystem in a magic file (named META_dAfFgHE39ktF3HD2sr, for what it's worth) and reloaded from that file when the filesystem is mounted. This release of mini_fo works with both the 2.4 and 2.6 kernels. Its author claims that it is intended for use with embedded systems, and thus has a small memory footprint. See the mini_fo web page for more information.
A system call for unsharingWhen a new process is created with the clone() system call, a set of flags is provided which tells the kernel which resources, if any, should be shared between that process and its parent. Potentially shareable resources include virtual memory, open files, signal handlers, and more. New processes also share, by default, the filesystem namespace seen by their parent (and, usually, by the system as a whole).In the current Linux kernel, the sharing decisions made at clone() time last for the lifetime of the processes involved. There is not usually a reason to change resource sharing, but recent discussions on supporting private mounts (with the filesystems in user space patch, or otherwise) have suggested that it would actually be useful for a process to be able to "unshare" resources after its creation. In particular, if a process could detach itself from the global filesystem namespace and create its own, it would be possible to set up that new namespace with whatever private mounts that process needs. If this functionality were used within a PAM module, it would be relatively easy for administrators to set up per-user views of the filesystem, complete with private mounts. To that end, Jenak Desai has posted a patch adding a new unshare() system call. The interface is simple enough:
long unshare(unsigned long flags);
The flags argument can be CLONE_NEWNS (to create a new filesystem namespace), CLONE_VM (to establish a private virtual address space) or CLONE_SIGHAND (to unshare signal handlers). If all goes well, when the call returns, the designated resource(s) will now be private to the calling process; otherwise the situation is unchanged. This patch has not yet made it to the linux-kernel mailing list, and may see some changes before it is considered for inclusion.
Execute-in-placeExecute-in-place (XIP) support for the Linux kernel has been on the embedded systems wishlist for some time. Such systems usually have the kernel and relevant application images stored in a directly-accessible ROM or flash memory. This memory generally contains a filesystem, and is treated as a disk drive. This mechanism works, but it can be inefficient: running a program from this memory requires that said program first be copied into (usually scarce) RAM. It would be much better if this code could be executed directly out of the flash-based memory.Carsten Otte (of IBM) has posted a set of patches adding XIP support to the 2.6 kernel. These patches, in addition, enable fast memory-to-memory block I/O for such devices, shorting out the page cache and most of the block layer. As a result, the XIP patches are useful in a number of situations, such as, as Carsten notes, for shared-memory block devices used to communicate between (virtual) systems. The first step is to add support at the block driver level. To that end, a new method is added to the block_device_operations structure:
int (*direct_access) (struct inode *inode, sector_t sector,
unsigned long *data);
This method, if implemented, should come up with a kernel virtual address corresponding to the given sector on the block device represented by inode. That address, which must remain valid until the device is closed, is returned in *data. The return value is zero on success or a negative error code in case of problems. The next step is a new method in the address_space_operations structure:
struct page *(*get_xip_page)(struct address_space *space,
sector_t blockno, int create);
This method's job is to translate a specific block number within a filesystem to a page structure pointing to its directly-mapped data. It is a filesystem-specific function which will translate blockno to a sector number on the underlying device, then use that device's direct_access() method to get an address. Carsten has posted an implementation for ext2 which shows how this method can be put together. So far, the XIP patches enable fast, memory-to-memory device access, but they do not yet implement true execute-in-place operation. The last step is to replace the usual nopage() VMA operation (filemap_nopage()) with a new version (filemap_xip_nopage()) when the underlying device and filesystem support XIP. The new nopage() method will (using get_xip_page()) handle page faults by causing a process's page tables to point directly to the on-"disk" pages, rather than reading those pages into RAM. Some other technique will be needed to run the kernel itself in an XIP mode, but anything that is invoked thereafter can be run directly from the memory device. Put the above pieces together, and Linux has a complete execute-in-place implementation. Supporting XIP at the block level is not the only way it could be implemented; David Woodhouse pointed out that an alternative approach is to use a special-purpose filesystem. Carsten's patches, however, point out a way in which any filesystem could be made to work in an XIP mode.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Security-related
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials First Look at Mandriva Linux 2005 (x86 and x86_64)After publishing a brief review of the x86_64 edition of Mandrakelinux 10.1 in January this year and highlighting some of the problems we encountered while testing the product, we received many heated emails arguing about some of the issues mentioned in the review. One of them was an email from the then Mandrakesoft's PR department which insisted that "what you've tested was a half-baked, unofficial product which is a bit unfair to the work we've done". Yes, we would certainly agree with the "half-baked" part of the above statement, but as for the "unofficial" part, it was hard to tell - we downloaded the distribution from the directory labeled as "Official", so it wasn't immediately obvious to us that it was, in fact, an "unofficial" product. Besides, what sane software company would upload a "half-baked" product to public download servers for the whole world to see?It has been 4 months since the controversial review and we decided to take another look at the company's latest product release - Mandriva Linux 2005 Limited Edition. Have the developers addressed the criticism? To our extreme delight, they did; as a matter of fact, every single issue we mentioned in our review of Mandrakelinux 10.1 was fixed in Mandriva Linux 2005! These included the geographical anomalies in the installer, location of FTP/HTTP mirror sites and, most importantly, the problem we had with setting up update sources to keep the distribution up-to-date with security and bug fix updates. Mandriva, which is the company's new name after Mandrakesoft's merger with Conectiva, has gone even further with this release. While the x86_64 edition of Mandrakelinux 10.1 was only available in the form of a boxed product for €120 (or as a "half-baked" FTP/HTTP install), this time the company released an ISO image of Mandriva 2005 for free download. This is obviously not the same as the 3-CD ISO image set for the i586 architecture, but it is progress nonetheless. The single CD packs as many of the most important software packages as possible (all the big applications suites, such as GNOME, KDE, OpenOffice.org are there), but if users need more, the installation program provides an easy way to configure a remote FTP/HTTP server for downloading and installing additional applications. In fact, the installation program includes a long list of available download servers so all we needed to do is to pick a nearby mirror and the installer downloaded the relevant software lists and automatically added them to the urpmi configuration file. We installed the i586 edition of Mandriva Linux 2005 on a Pentium 4 machine with an Intel 850 chipset and 384 MB of RAM, while the x86_64 edition found its home on a system powered by an AMD64 3500+ processor, with an MSI K8N Neo mainboard and 2 GB or RAM. Neither of them had any problems with detecting and configuring the included hardware. We used the i586 edition extensively for about a week and we have yet to find any problem with the distribution. The AMD64 box did not get to run the new Mandriva Linux much, but the installation process was trouble-free and a quick look around the desktop gave an impression that the 64-bit edition of the product is equally solid. Perhaps the best indication of the quality of this release is the low number of post-release bug-fix updates - after installing the distribution, complete with the GNOME and KDE desktops, but without any server software, the online update utility listed only a handful of packages that needed an update (some of the recent Mandrakelinux releases provided as much as hundreds of megabytes of bug-fix updates within a few weeks after the official release). Nevertheless, there were users on the distribution's mailing lists who reported problems under certain hardware configurations, so not even Mandriva Linux 2005 is perfect. What's new in Mandriva's first release under the new name? Although the included applications are less up-to-date that those in the recently released SUSE 9.3 or Ubuntu 5.05, both of which come with KDE 3.4 and GNOME 2.10, Mandriva 2005 has its own set of tricks up its sleeves. Besides the usual improvements in hardware support and package upgrade, the developers claim to have increased the performance of KDE by up to 10% - by compiling the KDE packages with the -fvisibility option. This is said to produce substantially improved binary code and is able reduce the load times of dynamic shared objects. The -fvisibility option has been introduced into GCC 4.0 so it seems that Mandriva compiled some of its binaries with a pre-release versions of GCC 4. Two other new features worth mentioning are the inclusion of NdisWrapper for utilizing Windows wireless network drivers, and a new ALSA package with sound multiplexing. Although Mandriva Linux 2005 has been released only recently, developers are already preparing for version 2006, currently scheduled to be released in September 2005. Some ideas for the new release have been discussed on the distribution's Bugzilla, Wiki pages and mailing lists, including a complete switch to UTF-8 encoding, work on reducing boot time, incorporation of RAID 10 support into the partitioning stage of the installation program, support for iPod, integration of OpenMosix utilities into the distribution, and many other features. There is even talk about building Ubuntu-style installation and live CD image sets for beta testing as well as final release. Of course, these are just ideas at this stage and it remains to be seen which of them will be accepted as new features in Mandriva 2006. Despite its status as a "transitional" release, we found Mandriva Linux 2005 an excellent, "fully-baked" product that is a delight to install and use. Compared to the previous version, it is also much more polished and comparatively bug-free. The fact that the developers have read our last review and made an effort to fix the problems reported in it is an extra bonus - it shows that the company listens to its users and is willing to improve its products based on users' feedback. Overall, a very impressive product in all departments, highly recommended.
New Releases Fedora Core 4 Test 3 releasedThe third Fedora Core 4 test release is out; click below for a list of mirror sites. If all goes well, this will be the final test release; Fedora Core 4 final is due on June 6.
QiLinux 1.2 releasedQiLinux, the Italian distribution completely made from scratch, has released version 1.2. Click below for a list of important changes and download information.
Trustix Secure Linux 3.0 Release CandidateA release candidate for Trustix Secure Linux 3.0 is now available. Click below for a list of new features or download it from a mirror near you.
White Box Enterprise Linux 4White Box Enterprise Linux version 4 has been released. "This release is starting out with i386 (ia32) and AMD64 (x86_64/ia32e) ports built from the exact same source package set, which is RHEL4 updated with all errata released through April 30." Click below for more release notes.
YES Linux 2.2 Build 3 availableThe YES Linux Release Team has announced the immediate availability of YES Linux 2.2 Build 3. Click below for release updates and download information.
Distribution News Debian AMD64 Archive MoveHere's an updates on the Debian AMD64 port. It is available, it is (mostly) working, it does not include non-free. "The Future? This archive will follow sarge with all point releases and what else might happen to sarge. Thats for sure. :)We will drop the unstable/main part of it, as soon as amd64 gets included into debian. We intent to provide a timeframe of about one or two weeks prior to the deletion, counting from the day on amd64 hit the 95% rate of built packages in Debian."
Debian Project Leader report for 2005-05-08Branden Robinson has posted (click below) the Debian Project Leader report for May 8, 2005. This report looks at the Sarge release, challenges and progress, hardware infrastructure issues, Woody security updates, Debian assets, a Leadership Team status report, and more.
Minutes from FDSCo (03-May-2005)These are minutes of the Fedora Documentation Steering Committee (FDSCo) meeting held on May 3, 2005. Click below to find out who was there, how to your name in lights or at least how to get starting writing much needed documentation, how to find out what documents are most needed, and much more.
Unofficial Fedora FAQ UpdateClick below for the official update (as of May 7, 2005) on the Unofficial Fedora FAQ. The update lists what's new or changed, new translations (Polish and Spanish) are now available, plus how to contribute to the Unofficial FAQ.
Trustix Secure Linux EOL remindersMaintenance of Trustix Secure Linux v1.5 and 2.1 ends June 30, 2005. These TSL users should plan on upgrading to TSL 2.2, which is the current stable version. "Note that this does apply to Trustix Secure Linux 2.1 only and not other products like Trustix OS - ES 2 (formerly known as Trustix Secure Enterprise Linux 2). Trustix OS - ES 2 is to be maintained to March 2007."
Goals for the Ubuntu 'Breezy' ReleaseA set of preliminary goals for the Ubuntu 'Breezy Badger' release has been posted. The Ubuntu developers cannot be faulted for lack of ambition; if they achieve a substantial portion of those objectives, Breezy will be a nice release indeed.
Distribution Newsletters Debian Weekly NewsThe Debian Weekly News for May 10, 2005 covers the Sarge freeze, the Debian ARM port, a licensing issue with Quagga, APT migration status, recent surveys, and more.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for the week of May 9, 2005 is out. Gentoo is recruiting printing experts, there's some news from the forums, this week's featured develeoper is Danny van Dyk, also several other topics are covered in this edition.
Mandriva Linux Community Newsletter #103The Mandriva Linux Community Newsletter for April 29, 2005 looks at the name change, the availability of Mandriva Limited Edition 2005, a Mandriva Club naming contest, and more.
Ubuntu MOTU report - Issue 3Click below for the third issue of the Ubuntu MOTU (Masters of the Universe) project, a group of volunteers maintaining most of the Universe and Multiverse packages.
DistroWatch WeeklyThe DistroWatch Weekly for May 9, 2005 has a mini-review of Gentoo and features Frugalware Linux.
Package updates Fedora updatesUpdates for Fedora Core 3: system-config-bind-4.0.0-11 (new, completely rewritten version of system-config-bind), dhcp-3.0.1-42_FC3 (dhclient-script no longer automatically honors $GATEWAY setting), lapack-3.0-26.fc3 (fixes problems in some lapack libraries), system-config-bind-4.0.0-12 (bug fixes), util-linux-2.12a-24.2 (bug fixes), libexif-0.5.12-6.fc3 (prevent infinite recursion), ethereal-0.10.11-1.FC3.1 (new release, several security flaws fixed).
Mandriva Linux MDKA-2005:023 - pwauthMandriva Linux has updated pwauth packages available for ML 10.2 (LE 2005) that fix apache support.
Trustix Secure Linux updatesTrustix updates are available for TSL 2.1, 2.2 and Trustix Operating System - Enterprise Server 2 for bind, bittorrent, bzip2, clamav, hwdata, ppp, spamassassin and apache, bzip2, dhcp, proftpd.
Newsletters and articles of interest My Workstation OS: Kanotix LiveCD (NewsForge)Here's a NewsForge article about Kanotix. "For my purposes, Kanotix LiveCD is ideal. Hardware detection is the best I have seen. Application software is well-considered and easily extended. Releases are frequent -- every two to three months -- and free for downloading. The user forum is active and helpful. There's also a #kanotix IRC channel on irc.freenode.net."
Distribution reviews Review: Kate Linux 2.0 (NewsForge)NewsForge has a review of Kate OS. "Kate is a lightweight, free GNU/Linux distribution from Poland released with the goal of allowing people to play games, watch movies, listen to music, and surf the Web. While it does do these tasks, it requires a lot of handholding, manual configuration, and knowledge on a user's part. A single-CD install (with an optional second CD) is all it takes to get you up and running with Kate, but you may need to have a computer nerd handy for the setup."
Page editor: Rebecca Sobol Development The Screem Web Development EnvironmentScreem is an HTML/XML editing system that is aimed at web site development.
SCREEM is a web development environment. It's purpose is to increase productivity when constructing a site, by providing quick access to commonly used features.
In general WYSIWYG editors do not produce good clean valid HTML, and can also slow you down if they do not support an element that you wish to insert. By utilising a text based editing system you can use the markup you want rather than what the application thinks you need, and also provide quick access to commonly used elements via toolbar buttons which insert the markup at the current cursor position.
As a testament to open-source project cooperation, the Screem PHP Function Reference code came from Bluefish, another popular HTML editor. Screem's feature list includes:
Screem version 0.14.0 was announced this week: "Most notable improvements are: support for inline dtds, syntax highlighting colours are once again editable, support for Dreamweaver templates, auto saving, highlighting of the current line, a split pane file browser, and greatly improved helper application features." For web site management situations that do not require the features of a full-blown content management system (CMS), Screem looks like the perfect tool.
System Applications Audio Projects Speex 1.1.8 ReleasedVersion 1.1.8 of Speex, a voice CODEC application, has been announced: "Lots of changes in this release. Initial TI C5x port, some fixed-point improvements and fixes, better temporary memory allocation (smaller), size of integer types now detected automatically, and a new SPEEX_PLC_TUNING option."
CORBA CLORB 0.6 releasedVersion 0.6 of CLORB, a Common Lisp implementation of CORBA 2, is out. "This version adds IIOP 1.1 and ASDF support, and improves the IDL compiler."
Database Software PostgreSQL releases: 7.2.8 - 7.3.10 - 7.4.8 - 8.0.3Several security issues have been identified over the past two weeks and new versions are available that fix these issues. "Please note that the security issues were those already reported by Tom Lane, as well as a manual fix for them. These releases are mainly to ensure that those installing and/or upgrading existing installations have those fixes automatically."
PostgreSQL Weekly NewsThe May 8, 2005 edition of the PostgreSQL Weekly News is online with the week's new PostgreSQL database articles.
Libraries FreeImage 3.7.0 released (SourceForge)Version 3.7.0 of FreeImage, a library with support for popular image formats, is out. "The main additions concern the support for HDR and 48-bit TIFF/PNG images, together with new tone mapping functions, a brand new GIF plugin supporting animation metadata and multipage files, a new color quantization function and a new lossless JPEG rotation and flipping function."
Mail Software Gmail Mobile v0.3 released (SourceForge)Version 0.3 of Gmail Mobile has been announced. "With this release, Gmail Mobile provides a feasible method to access your Gmail account and do most daily email tasks while you are on the move (except for the address book, which is the next item on the development list)".
Printing New CUPS Tutorials onlineThe Common UNIX Printing System (CUPS) site has a number of new tutorials online. Topics include: How To Assign Printing Administration Capabilities To Users, How To Restrict Printer Information Being Received From A Client Or Server, How To Restrict Printer Information Being Sent Out From A Server, How To Restrict Group Access To A Class Of Printers, How To Restrict User Access To A Class Of Printers, and How To Restrict Group Access To A Printer.
Web Site Development Apache Lenya 1.2.3 releasedVersion 1.2.3 of Apache Lenya is out. "Apache Lenya is an Open Source Java/XML Content Management System and comes with revision control, site management, scheduling, search, WYSIWYG editors, and workflow. Apache Lenya 1.2.3 is based on Cocoon 2.1.7. You can use [WWW] Cocoon features such as robust Caching, multi-channel output, it's many connectivity options to quickly build customized solutions to meet your specific needs that are not already covered by Apache Lenya today."
Latemp 0.2.0 - A Content Management System for Static HTMLInitial release version 0.2.0 of Latemp, a content management system for generating static html, has been announced. "Latemp allows one to create attractive, themable sites, which are very usable, accessible and fully standards compliant. Latemp is open-source software, fully usable, modifiable and distributable under the terms of the MIT X11 license." Thanks to Shlomi Fish.
The Nirawari web application engineThe first official release of Nirawari (in French), a web application engine, is out. "Nirawari helps the user build Web applications by describing their behavior and the information used. This allows easy creation and modification of prototypes, quick deployement, and modifications of a running component. It models an application not as a set of programs, but as a set of definitions."
UnCommon Web 0.3.9 releasedVersion 0.3.9 of UnCommon Web, a Common Lisp web application development framework, has been released. "This version improves the documentation, adds multithreading support to the mod_lisp backend, and more."
XRMS CRM 2005-05-07 Released (SourceForge)Version 2005-05-07 of XRMS, a PHP/web-based Customer Relationship Management system (CRM), has been released. "This release fixes over 30 bugs, and adds many many enhancements. We have added significant improvements to the Workflow system, usability across XRMS, related activity tracking, and the CSS themes. This version also introduces the User Preference system, starting with preferences for Language and Theme. RSS feeds for new companies, contacts, and activites have been added. Many new plugins have been contributed by companies using XRMS."
Miscellaneous moodss 20.0 (stable) released (SourceForge)Stable version 20.0 of moodss has been released. "Moodss is a modular GUI application that can monitor systems, networks, and databases. It displays data in graphical viewers, sends emails and execute scripts on thresholds, archive data in a SQL database, and includes a daemon for background monitoring. Around 100 modules (counting Nagios plugins) are available."
Desktop Applications Desktop Environments GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE CVS-Digest (KDE.News)The May 6, 2005 edition of the KDE CVS-Digest is online, here's the content summary: "HTML to SSML (Speech Synthesis Markup Language) working in kttsd. KStars adds ability to save observing lists. Add support for opening OASIS templates directly with a KOffice application."
KDE's Switch to Subversion Complete (KDE.News)KDE.News reports that the KDE project's switch of version control systems from CVS to Subversion is done. "This is the largest ever change from CVS to Subversion. The conversion script ran for a total of 38 hours from start to completion. Congratulation to Stephan Kulow, Oswald Buddenhagen and the other system administrators for the successful change."
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Xfce Weekly NewsThe April 27 - May 4, 2005 edition of the Xfce Weekly News is online with news from the Xfce lightweight desktop environment project.
Games WorldForge game releasesThe WorldForge game project has announced three new releases. Ember 0.3: "Ember is a fully functional 3d client for the WorldForge project. It takes advantage of the latest graphic cards to present a beautiful, fully interactive world. An easy to use GUI allows the player to interact with both the world and other players with ease. The focus for this release has been to expand on the GUI so that the game can be fully playable without having to use console commands." Mercator 0.2.2: "Mercator is a library for handling procedural world data, especially terrain. It is used by all WorldForge components. This API is still in development, and changes with each version." Eris 1.3.5: "Eris is the WorldForge client-side session layer, used by many existing clients. This release adds support for accelerations on entities, to enable accurate motion prediction of balistic movement."
Imaging Applications imgSeek 0.8.5 releasedVersion 0.8.5 of imgSeek, a photo collection management application, has been released. "imgSeek is a photo collection manager and viewer with content-based search and many other features. The query is expressed either as a rough sketch painted by the user or as another image you supply (or an image in your collection)." Changes include a new low-level jpeg loader, bug fixes, translation work, and more.
Music Applications Gungirl Sequencer Version 0.3.0Version 0.3.0 of Gungirl Sequencer, an audio sequencer that is used for making sound loops, is out. New features include automated fades, unlimited undo, sample stretching/trimming, unlimited tracks, and more.
MusE 0.7.2pre1 has been releasedVersion 0.7.2pre1 of MusE, a MIDI/Audio sequencer, is out. Changes include support for synchronization to external hardware, a MusE 0.6 song converter and bug fixes.
Office Suites OpenOffice.org build 1.9.100 releasedBuild 1.9.100 of OpenOffice.org has been released, it features bug fixes and some new capabilities.
Science GRAMPS 2.0.0 Released (GnomeDesktop)Version 2.0.0 of GRAMPS, the Genealogical Research And Management Programming System, has been announced. "The GRAMPS project is pleased to announce the 2.0.0 ("The Bright Side of Life") release of GRAMPS, the Genealogical Research And Management Programming System. After more than a year of development, GRAMPS is releasing the new branch that becomes its "stable" series." Many new features are included in this release.
Web Browsers Back and Forward Now Blazingly Fast (MozillaZine)The latest Mozilla Firefox builds include a new feature. "The latest nightly builds of Mozilla Firefox include a new feature that significantly improves the speed of the Back and Forward buttons. When using Back and Forward in older builds, the page is retrieved from the local cache rather than the Internet but Gecko still has to reparse the HTML and use it to rerender the page, which can take a while with more complex documents. With this new feature, the rendered page is kept in memory, which makes Back and Forward performance much faster (almost instantaneous)."
Mozilla Firefox 1.0.4 Release Candidates (MozillaZine)Mozilla Firefox 1.0.4 release candidate has been released with fixes for two security flaws that could allow arbitrary code to be executed. More information on the security issues is available here and here.
Word Processors AbiWord-2.3.0 releasedFootNotes is carrying the AbiWord 2.3.0 release announcement. 2.3.0 is a development release, not intended for general use. It does provide a preview of upcoming AbiWord features, however, including "table to text" and plugins for grammar checking, math support, embedded charts, and "experimental" OpenDocument support.
Languages and Tools C GCC 4.1 Status ReportThe May 4, 2005 edition of the GCC 4.1 Status Report is online with the latest Gnu Compiler Collection project information. Thanks to Sam Ravnborg.
Caml Caml Weekly NewsThe May 3-10, 2005 edition of the Caml Weekly News is online with the latest Caml language articles.
Haskell Monad.Reader Issue 2Issue #2 of the Monad.Reader, an online magazine about the Haskell language, is out. "For issue two, the subjects are Template Haskell, better module compatibility, exploring dark corners of GHC, domain specific languages, and the Foreign Function Interface."
Java A proposal for a free Java implementationSeveral Apache and free Java developers have posted a proposal (click below for the full text) for the creation of a project, under the Apache Incubator umbrella, which would develop a Java runtime platform under the Apache license. This effort has been called "Project Harmony"; one wonders if the developers have intentionally reused the name of the one-time project which worked toward a free version of the Qt libraries, which were not GPL-licensed at the time. A FAQ for the project has also been posted
Generic Types, Part 2 (O'ReillyNet)O'Reilly has published part two of a book excerpt series on Java. "In part one of this two-part excerpt from Java in a Nutshell, 5th Edition, David Flanagan described how to use generic types. This week David details how to write your own generic types and generic methods, and concludes with a tour of important generic types in the core Java API."
Lisp Initial release of cl-pdf-parserThe initial release of cl-pdf-parser is available. "The system, which is written in Common Lisp, "enables [the] cl-pdf [PDF generation library] to draw on existing pages and add new pages to an existing PDF document"."
Pascal Free Pascal 2.0 nearing completionVersion 2.0 of Free Pascal is nearing, the second release candidate is out. "Current development is preparing for a 2.0 release in the first quarter of 2005. The development releases have version numbers 1.9.x. The latest release is 1.9.8, which is the second release candidate for the 2.0 release." Thanks to Daniël Mantione.
Perl This Week in Perl 6 (O'Reilly)The April 26 - May 3, 2005 edition of This Week in Perl 6 is available with the latest Perl 6 development news.
Python Dr. Dobb's Python-URL!The May 9, 2005 edition of Dr. Dobb's Python-URL! is online with the latest Python language articles.
Ruby The Past, Present, and Future of RubyGems (RubyGarden)The RubyGarden is running part one of a history of RubyGems by Chad Fowler. "In year 2000, when I started using Ruby, one of the first discussions I remember on the English ruby-talk mailing list was about whether or not Ruby had some kind of equivalent to Perls CPAN."
Scheme Schemers Gazette 6Issue #6 of the Schemers Gazette is online with more Scheme language articles.
Tcl/Tk Dr. Dobb's Tcl-URL!The May 11, 2005 edition of Dr. Dobb's Tcl-URL! is online with the latest Tcl/Tk news and resources.
Cross Assemblers gputils 0.13.2 ReleasedVersion 0.13.2 of gputils, the GNU PIC Utilities, is out. The changes are: "Fixed bugs. Added gpstrip. Removed gpal."
Version Control monotone 0.19 releasedVersion 0.19 of monotone, a version control system, is out. "Monotone is a free distributed version control system. it provides a simple, single-file transactional version store, with fully disconnected operation and an efficient peer-to-peer synchronization protocol. it understands history-sensitive merging, lightweight branches, integrated code review and 3rd party testing. it uses cryptographic version naming and client-side RSA certificates. it has good internationalization support, has no external dependencies, runs on linux, solaris, OSX, windows, and other unixes, and is licensed under the GNU GPL."
svk 1.00 is outVersion 1.00 of svk has been announced. "svk is a decentralized version control system written in Perl. It uses the Subversion filesystem but provides additional, powerful features." See the change log for release details.
Page editor: Forrest Cook Linux in the news Recommended Reading Court yanks down FCC's broadcast flag (News.com)News.com reports that a Federal appeals court has tossed out the broadcast flag regulations. "'The broadcast flag regulations exceed the agency's delegated authority under the statute,' a three-judge panel unanimously concluded. 'The FCC has no authority to regulate consumer electronic devices that can be used for receipt of wire or radio communication when those devices are not engaged in the process of radio or wire transmission.'" The full ruling is online in PDF format.
Why Free Software Really Matters (Groklaw)Groklaw has an essay on why free software matters. "Everyone talks about how Free software is important because of its benefits to business. It can mean lower operating costs, happier IT departments, better interoperability, improved security, and lots of community goodwill. Everyone talks about how Free software is important legally. It is the vanguard of the revolution in intellectual property, both in courtrooms and in the minds of people around the world. A lot of people talk about how Free software is important because it will liberate end-users everywhere from the tyrrany of commercial software and end the problem of worms, viruses, and trojans forever. What almost no one talks about is Free software being important because of its educational potential."
Trade Shows and Conferences PyCon 2005 Coverage (Linux Gazette)Mike Orr has put together some coverage of the PyCon 2005 conference that was held recently in Washington, DC. "It's hard to decide what the highlight was: Guido's new beard, the success of the Open Space sessions, the number of attendees (just shy of 450), the international scope (I saw several delegates from Germany, and a few from Japan and Italy), the surprise sleeper hit (WSGI and integrating the web application frameworks was the most discussed topic), the Python CPAN (integrated with PyPI), the keynote from Python's most prominent user (Google), David Goodger's name ("pronounced like Badger but GOOD!"), or Guido's plans for static typing. ("Don't worry," he says about the latter, "it's just a bad dream.")"
Wine Weekly NewsletterThe May 5, 2005 edition of the Wine Weekly Newsletter is online with coverage of the WineConf 2005 event. "Some of you might be looking for the short summary version, so it's worth recapping some major highlights. First, Alexandre has imposed some deadlines for Wine. Second, having some of the core Samba team members show up was great and it may be possible to work together on some common items. Finally, the event itself was quite large with about 50 people attending from over a dozen countries meeting at the University of Stuttgart."
Companies IBM buys start-up to advance open source (News.com)News.com covers IBM's acquisition of Gluecode Software. "As part of the acquisition, IBM said it will contribute to the Apache Geronimo project, a Java 2 Enterprise Edition (J2EE) application server that forms the basis of Gluecode's product line. The 18 Gluecode employees will be part of IBM's software group; IBM said it will devote dozens of people to the Joe product."
Microsoft Relaxes Open Stance (eWeek)eWeek reports on a possible position shift from Microsoft, concerning open-source software. "At a recent conference in Cambridge, Md., sponsored by the Association for Competitive Technology, Brad Smith, Microsoft's general counsel, called for cooperation among Microsoft, its competitors and the open-source community. "I think that in the world of software development today, there is a broad panoply of software development models," Smith said. "I think we're going to have to figure out how to build some bridges between the various parts of our industry.""
Linux Adoption Ditching Microsoft can save millions (TES)The TES (a British education newspaper) previews a UK governmental study on software costs in schools. "The association analysed costs at 33 schools which use paid-for software, and compared them with 15 which have pioneered the use of free programs, known as open source, and the pared-down hardware to run them. Average costs, including software, hardware and support costs, were 24 per cent less per computer in secondaries using open source."
The Aloha state's commerce and consumer officials turn to open source (eWeek)eWeek presents a case study on Hawaii's switch to open source for its bookkeeping needs. "In 2002, exasperated state officials turned to the Linux operating system to change that. They wanted all budget and expenditure data in one data mart, with a front-end application that lets users download data to their PCs and crunch numbers as they see fit."
Interviews Interview with OpenOffice.org staff (NewsForge)NewsForge talks with OOo developers about OpenOffice.org 2.0. "OpenOffice.org is the most comprehensive open source office productivity suite available. Into its fifth year of existence, the project is set to release its next version, OpenOffice.org 2.0, with a major overhaul. The latest release, 1.9 (also popularly known as 2.0-beta), came out in March this year and was met with mixed reviews. While many were happy with the progress, many people criticized it for its use of Java. In this interview with Louis Suarez-Potts, Community Manager; and Martin Hollmichel, Release Manager of OpenOffice.org, they talk about what makes 2.0 different from the previous releases."
LinuxMedNews.com--Just What the Doctor Ordered (Linux Planet)Linux Planet interviews Dr. Ignacio Valdes, creator and editor of LinuxMedNews.com. "Valdes said that when he started the LinuxMedNews site it was a tight knit community with a crystal clear idea that FOSS (free and open source software) was the way to go in medicine. "The idea has become more accepted and may not be revolutionary anymore but it still has skeptics," he said. "Like everything, having the idea takes 10 minutes and implementing that idea takes years. The major changes are that there is gathering scientific evidence for what the FOSS community is doing and the number of and quality of real-world implementations has grown tremendously," he remarked."
Resources The Daemon, the GNU, and the Penguin - Ch. 7 (Groklaw)Groklaw has published chapter 7 of the online book "The Daemon, the GNU and the Penguin" by Dr. Peter H. Salus. Read about the origins of BSD and the Computer Systems Research Group.
Book Excerpt: Firefox and Thunderbird Garage (Linux Journal)Linux Journal presents a book excerpt from the book "Firefox & Thunderbird Garage. "The following is an excerpt from Firefox & Thunderbird Garage, a new book written by Chris Hofmann, Marcia Knous and John Hedtke and published by Prentice Hall Professional Technical Reference. The excerpt is taken from Chapter 10, "Setting Up Your Mail, RSS, and Newsgroup Accounts Using Mozilla Thunderbird"."
Mad Mac mini multimedia machine, Part 1 (developerWorks)developerWorks begins a series of articles on using a Mac Mini system as a Linux-based multimedia server. The first article covers (Yellow Dog) Linux installation, with an aside on intellectual property issues. "However, if you start selling a device that uses one of these open source player programs to play DVDs (even if you ignore the thorny issues surrounding DVD encryption and only support unprotected disks), you'll soon be receiving letters demanding license fees for each unit sold. An interesting data point I read recently is that the US$39.95 DVD players you commonly see at chain stores contain almost US$20 of patent license fees."
Simplify Network Programming with libCURL (O'ReillyNet)O'ReillyNet looks at curl and the back-end library libCURL. "curl's inner workings use the libCURL client library. So can your programs, to make them URL aware. libCURL-enabled tools can perform downloads, replace fragile FTP scripts, and otherwise take advantage of networking without any (explicit) socket programming. The possibilities are endless, especially with libCURL using a MIT/X-style license agreement."
Reviews Review: CentOS 4 (NewsForge)NewsForge reviews CentOS 4.0. "Some applications may refuse to install when they detect that you aren't running RHEL. None of the open source tools that I tried had this problem, but some commercial software does. The workaround is simple: Add a line in the /etc/redhat-release file."
Advanced image editing from the command line with ImageMagick (NewsForge)NewsForge has published part two of a review of ImageMagick. "ImageMagick (IM) is a command-line graphics creation and editing application. In a previous article we used it to add text and frames to images, and for other basic image manipulation. In this article we'll use the ImageMagick suite of commands to create a multi-image mosaic, draw some basic shapes, and create 3D logos."
Fun with Knoppix (Ars Technica)Ars Technica reviews Knoppix Hacks, by Kyle Rankin. "Knoppix Hacks, just like Knoppix, is targetted at a wide audience ranging from System Administrators to the family "computer guy" called on to fix his cousin's PC. There is a common misconception among people who have heard of Knoppix that it is only for Linux users. This perception couldn't be further from the truth. Knoppix, as demonstrated by the author, is an extremely useful tool regardless of your preferred operating system. This book is for anyone who has had to fix the computer of friends or family; the system administrator who has ever had to resuscitate a lifeless machine; even the average home user who's curious to try something new without replacing what they already have." (Thanks to Dale Quigg)
Linux Desktop Garage reviewed (Oceania)Oceania reviews the book Linux Desktop Garage and the live CD that comes with it. "Unlike the other books in the Garage series, this book contained a CD. Usually, CDs that accompany books are usually lost or never even used but this one was different. After looking over the disc's contents, I quickly discovered that the CD was bootable and it even contained some of the most popular Linux programs such as GIMP ( image editing program) and OpenOffice (office suite). Put it in my CD drive and it booted right up to a Linux desktop. No installation, no reformat. Very cool idea!"
Tellico: The Cook's Collection (Cooking with Linux)Marcel Gagné looks at Tellico, a KDE application for organizing collections. "Robby Stephenson's Tellico is billed as a collection manager though I like to think of it as a very versatile personal library system. It's a great tool for keeping track of your many cookbooks as well as Linux books, science fiction books, mysteries, and so on."
Miscellaneous Free Software Foundation Latin America lays groundwork (NewsForge)NewsForge covers the Free Software Foundation Latin America (FSFLA). "The organizing committee has been working since November 2004 to lay the groundwork for FSFLA. The committee currently consists of six members. All have backgrounds in free software, often combined with social or political activism."
Application of the Month: KPDF (KDE.News)KDE.News names KPDF as the April application of the month. "It might be late but that is because April's application of the month covers one of the finest additions to KDE 3.4: KPDF. The application overview takes us through the powerful features in KPDF: thumbnails, contents, scrolling, zooming and searching. We also have an interview with one of the creators of KPDF, Albert Astals Cid."
Page editor: Forrest Cook Announcements Non-Commercial announcements Free Software Foundation Latin America releases Declaration of IntentA new organization called Free Software Foundation Latin America has been launched. "Free Software in Latin America has taken a step forward. Yesterday, April 19th, six longtime Free Software advocates from Latin America published a Declaration of Intent, in which they announce the creation of a Free Software Foundation Latin America."
Gelato Foundation announces new membersThe Gelato Foundation has announced new Latin American members from Chile and Buenos Aires. "In the last two weeks, Universidad de Chile and Universidad de Buenos Aires (UBA) became two of the newest members of the Gelato Federation (http://www.gelato.org), an international organization composed of leading universities, supercomputing centers, national labs, and research institutes, dedicated to advancing Linux on the Intel® Itanium® processor."
Linux Professional Institute Improves Certification ProgramLinux Professional Institute has announced new improvements to its Linux certification program. "These improvements include regular rotation of exam questions, objectives review, and merging of the 101 exam forms that contain RPM and DPKG package management questions."
Software Freedom Law Center to represent the Wine projectThe Wine project has sent out an announcement that it will be getting legal representation from the Software Freedom Law Center. If there is a pressing legal problem to be solved now, the release does not mention it. "The commercial value of Free and Open Source Software (FOSS) today is increasing at an exponential rate and changing the playing field for the software industry. To be viable, productive and sustainable, open source projects, such as The Wine Project, need expert legal representation."
Commercial announcements AMD/Tyan/SUSE Set LAN Server Throughput RecordThe Neal Nelson & Associates benchmarking laboratory has announced the achievement of a new server bandwidth record using AMD Opteron processors running SUSE LINUX Professional 9.2. "One endurance test ran continuously for 48 hours and transferred over 1,000 terabits (1 petabit) of user data between 96 FTP client machines and the single FTP server. These data rates were achieved with the common IPV4 protocol and standard 1,500 byte packets."
BitDefender Antivirus for Samba Servers released releasedBitDefender has released version 1.6.2 of its BitDefender for Samba Linux File Servers. "BitDefender for Samba Linux File Servers was upgraded to version 1.6.2 today, and parts of it have been released under an open-source license. The antivirus for Samba shares is capable of scanning and disinfecting shared files and folders on access and on demand, and can be installed easily alongside BitDefender for Linux Mail Servers."
Black Duck Software Joins Open Source Software InstituteBlack Duck Software has announced that it has become a corporate member of the Open Source Software Institute (OSSI). As a member of OSSI Black Duck will serve as a technical contributor to the second open source software research and development programs between the U.S. Navy and the OSSI.
Novell acquires ImmunixNovell has announced the acquisition of Immunix, a one-time creator of a hardened Linux distribution. Novell seems most interested in the company's AppArmor security product.
Novell Announces Executive DepartureNovell, Inc. has announced that Richard Seibt has resigned his position as president of Novell(R) EMEA. Mr. Seibt was formerly president of SUSE LINUX, Inc.
QUALCOMM announces Linux support for mobile phone chipsetsQUALCOMM Incorporated has announced that it will be supporting Linux on its Mobile Station Modem(TM) (MSM(TM)) chipsets. "The new initiative provides manufacturers with further design and development efficiencies for 3G smartphones and other mobile handsets by leveraging the flexibility and reliability of the Linux operating system."
Red Hat to Present at Investor Conferences in MayRed Hat, Inc. has announced that it will hold two presentations at upcoming investor conferences. The events will be held on May 11 in San Francisco, CA and May 12 in Chicago, IL.
Sys-con dumps O'GaraMaureen O'Gara, the author of a set of increasingly vicious attacks on Linux and some of its defenders, has now been dropped from the lineup at Sys-con the publisher of LinuxWorld and several other sites. This change came about after LinuxWorld editor James Turner took a public "Maureen or me" stand. Whether Ms. O'Gara will resurface elsewhere remains to be seen.
TimeSys Introduces Linux Customization SolutionsTimeSys has announced new Linux Customization Solutions for embedded system developers. "LinuxDepot and LinuxEngine are accessible through the TimeSys Network(TM), a secure, hosted infrastructure which includes a continuously evolving Component Repository, automated Embedded Linux Platform Builder and the knowledge and community of the Developer Exchange."
Resources May 4 EDRI-gram newsletterThe EDRI-gram newsletter for May 4 is out. Among other things, it covers the French court decision on copy-protected DVDs and the next stage of the software patent fight. "The Europarl JURI committee will vote on the amendments on 20 June 2005. The parliament is scheduled to vote in plenary on 6 July 2005. Meanwhile, the European Commission has issued an explanatory statement about the scope of the directive on Intellectual Property Enforcement (IPRE). It also includes any kinds of patents. The directive provides strong new enforcement powers to right holders and thus gives an extra incentive to MEPs to very carefully avoid patentability of software and business methods, to avoid competitors spitefully raiding each others offices."
FSF Europe NewsletterThe May 5, 2005 edition of the FSF Europe Newsletter is online with the latest happenings from the Free Software Foundation Europe.
Dive Into GreasemonkeyMark Pilgrim has written a book about the "Greasemonkey" extension for Firefox and put the whole thing online in several formats. It would appear to be the definitive reference for anybody wanting to create Greasemonkey scripts.
The LDP Weekly NewsThe May 4, 2005 edition of the Linux Documentation Project Weekly News is online with the latest documentation releases.
Linux Gazette #114The May 2005 Linux Gazette is now available. Topics in this issue include Python for scientific use. Part I: Data Visualization, by Anders Andreasen, A Tale of Three Conferences, by Howard Dyckoff, Secure Knoppix on CD-ROM for Disaster Recovery, by Edgar Howell, Shelling your Linux box with Festival, by Maxin B. John, Right To Your Own Devices, by Kapil Hari Paranjape, Lock It Down With Arno's iptables-firewall, by S. Keeling, Introduction to Shell Scripting, part 4, by Ben Okopnik, and more.
Contests and Awards Mozilla Community Awards (MozillaZine)MozillaZine has announced the launch of the 2005 Mozilla Community Awards program. "It's been an amazing year, and it wouldn't have been possible without an inspired and dedicated community of contributors. We, no doubt, have one of the largest and most varied community of open source contributors, and while we cannot recognize each and every person who helped this last year to get us where we are, we'd like to take some time to acknowledge the outstanding contributions across the full breadth of community activities."
Upcoming Events aKademy 2005: Ready For Your Registration (KDE.News)KDE.News has announced the opening of registration for aKademy 2005. "As previously announced aKademy 2005 is to take place at the University of Málaga from Saturday 27th August to Sunday 4th September, with a KDE e.V. members-only meeting on Friday 26th. Everyone is invited to join the conference in Málaga."
Firebird World Conference 2005The Firebird database site has an announcement for an upcoming conference. "The world-wide Firebird Conference will take place at the Hotel Olsanka in Prague, Czech Republic, from the evening of Sunday, November 13 (opening session) until the evening of Tuesday, November 15 (closing session)."
Free/libre and open source at MIE2005 (LinuxMedNews)LinuxMedNews has announced the presence of open-source project members at the international Congress of the European Federation for Medical Informatics. "MIE2005 will be held in Geneva, Switzerland, on 28 August to 1 September, 2005"
Linux Desktop Development and KDevelop Developers Conference 2005 (KDE.News)The 2005 Linux Desktop Development and KDevelop Developers Conference has been announced. "The KDevelop Team and Open Source Developers Network Ukraine are proud to announce the First Linux Desktop Development and KDevelop Developers Conference that will be held in Kiev, Ukraine, 1st to 6th of July 2005."
A Panel Discussion on Open SourceA Panel Discussion on Open Source software will be held on Thursday, May 19, 2005 at the University of Toledo, Ohio. "Bill McCreary, Pilkington, has actively recruited top industry leaders from Microsoft, IBM, HP, Dell, Novell (and possibly more) to represent their positions on the issue of open source. The panel will also feature two CIOs who have bet their careers on opposing sides of the issue. After opening remarks from each participant, five to six key areas related to Open Source will be moderated by local CIOs."
Two Open Source Business Conferences AnnouncedOSBC has announced two new Open Source Business Conferences. "Expanding upon the San Francisco event, OSBCLegal in Seattle is scheduled to take place September 7, 2005 at the Grand Hyatt Seattle and will focus exclusively on the complex legal issues surrounding Open Source software. OSBC in Boston is scheduled to take place November 1-2, 2005 at the Boston Marriott Newton and will follow the format of the previous OSBC events in San Francisco."
Plone Symposium New Orleans 2005: Registration OpensRegistration is open for the next Plone Symposium. "New Orleans, LA. July 20-22 in the heart of the French Quarter. Learn about design, development and deployment techniques. Using Plone or Zope in a production environment? The Plone Symposium is the must-attend event of the year."
Sixth Symposium on Trends in Functional ProgrammingThe sixth Symposium on Trends in Functional Programming will be held on September 23 and 24, 2005 in Tallinn, Estonia. "The 2005 Symposium on Trends in Functional Programming (TFP '05) is an international forum for researchers with interests in all aspects of functional programming languages, focusing on providing a broad view of current and future trends in Functional Programming." A call for papers has been announced.
Events: May 12 - July 7, 2005
Miscellaneous Ubuntu Certification PollThe Ubuntu distribution is conducting a poll concerning a certification program: "Which of the following areas would you (or perhaps your staff) consider most important for official Ubuntu skills certification?"
Page editor: Forrest Cook Letters to the editor Comment on http://lwn.net/Articles/134720
Hello,
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Screem]](/images/ns/screem.png)
Unlike WYSIWYG editors,
Screem is geared toward the editing of raw HTML/XML code: