LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for July 14, 2005The European software patent voteJust as last week's LWN Weekly Edition was being finalized, the word came out that the European software patent directive had, after years of strange maneuvers, lobbying, and politics, been rejected by the European Parliament. And this was not any ordinary rejection: the final vote was 648 to 14. That is quite an outcome, considering that, not particularly long ago, a good result in the final parliamentary vote was seen as a long shot at best.This vote is not a result of a sudden general understanding that software patents are a bad idea. In the end, most parties went against the directive because (1) it had been amended to the point that nobody liked it anymore, and (2) the parliament was not pleased with how it had been treated by the European Council. So the vote should not be seen as a definitive statement from Europe on software patents; it also should not be seen as the end of the debate. For now, the software patent situation in Europe remains unchanged. In theory, such patents are not legal, but the European Patent Office (EPO) has issued quite a few software patents anyway. Some European member states are more friendly to software patents than others. So the situation remains muddled, and is likely to stay that way for a while. Court battles to determine the legitimacy of EPO-issued software patents seem almost certain. So software patents are still a threat, at some level, for European free software developers and users. Even if a software patent issued by the EPO is eventually thrown out of court, it's still no fun to be the one in court trying to make that happen. In other words, this outcome is very much a mixed result. It is far superior to a directive which would have enshrined software patents in European Union law; the rejection of that language is an unambiguous victory. But it would have been far nicer to pass a version of the directive which clearly disallowed patents on software. It would have been nicer to put an end to this problem - in Europe, at least. Because this debate certainly is not over. The European Council once said that, if the directive were to fail to pass the Parliament, there would be no further attempts. For those who truly believe that: we have some nice ocean-front property in Luxembourg we'd be willing to sell you. This sort of issue, backed as it is by interests with lots of money in the bank and even more in their eyes, almost never goes away. Software patents in Europe will be back, at the EU and member state levels. For now, though, the free software community can celebrate an important victory. There is still no global software patent regime in place, and there is a far higher awareness of the issue than there was a few years ago. All the effort put in by so many people working to fight this directive has paid off. Great congratulations are due to each and every person who contributed to this fight, whether that contribution took the form of massive organizing or a quick letter to a member of parliament. You have shown that you can influence policy, even on an obscure technical issue, and even in the face of well-funded opposition. Well done!
The Xandros Business DesktopEver since the launch of Xandros Corporation four years ago, the company has settled into a regular release cycle. New versions of Xandros Desktop OS for home users ("Standard" and "Deluxe" editions) have come out towards the end of each calendar year, followed by high-end "Business" editions some six months later. Continuing in this practice, Xandros Desktop OS 3 Business was unveiled last month when it became available to customers from the company's online store for $129.As the name suggests, the "Business" edition is designed as a desktop system for small and medium-size businesses. This product should appeal to those production environments that have been evaluating the possibility to move their desktops to Linux, but have not found a suitable replacement for their Windows systems - either because many of the popular Linux distributions lack certain required functionality or because their existing infrastructure is overly dependent on Microsoft Windows and Office, and possibly even SQL Server, migration of which would be a costly and tedious task. Xandros Business Desktop was specifically designed for the latter group. The company claims that these businesses can keep their current Windows server infrastructure, MS Office files, and even run many of the Windows applications they depend on, but can still migrate their desktop computers from a virus- and spyware-prone operating system with less than a stellar security reputation to a more secure and less maintenance-intensive Linux-based system. Although the initial migration will certainly cost some capital, Xandros argues, the overall long-term savings should be considerable. Xandros is walking a tight rope here. On one hand, businesses that consider migrating their desktop systems to Linux have likely started experimenting with Linux already, probably with one of the freely available distributions, such as Fedora, Mandriva or Ubuntu. If these fit their requirements, they would almost certainly prefer one of them over a $129-per-seat Xandros Desktop OS. If they haven't found a suitable replacement, Xandros might still be a viable option, but it doesn't take a genius to figure out that a business with a few dozen computers will end up having to pay license fees that are not much lower than those for Windows. If this is the case, why bother with a costly migration to Linux? Probably the best reason is to save on system maintenance. As we know, keeping Windows boxes free of viruses, spyware, worms and other Internet malware is a costly and time-consuming exercise, so replacing Windows with Linux, wherever possible, would certainly eliminate most of this expense. The next question is: why Xandros? If you have never installed and used this distribution, you will be forgiven for asking - that's because Xandros remains our firm favorite as the best and most user-friendly desktop Linux distribution there is. From the moment you insert the installation CD into your CD-ROM drive until you finally boot into your new desktop, you will see true usability features not found in any other distribution. Xandros has not built an operating system by just integrating its individual pieces from freely available software on the Internet, it also developed many utilities that conform to the definitions of software usability better than most other distributions. Besides all the well-established features of Xandros Desktop, such as the Xandros File Manager, Xandros Networks (for downloading and installing software and security updates), the integrated drag-and-drop CD/DVD-burning application, enhanced KDE Control Center, CrossOver Office (with support for MS Office, Adobe Photoshop and other Windows applications), file system encryption and excellent hardware detection, the Business edition adds further incentives. Among them, Windows networking features are probably the biggest selling point of Xandros Business Desktop - especially when considering its ability to authenticate to both Windows NT and Active Directory domains, to browse NFS shares, and to perform drag-and-drop operations on network shares, as well as FTP servers. This edition of Xandros Desktop OS comes with an extra Application CD, an excellent 350-page User Guide, and a 9-page Getting Started Guide. Inserting the CD immediately brings up a software installer dialog, providing an opportunity to browse through the available packages. Among the more interesting applications included on the CD are OpenOffice.org 1.1.2 and StarOffice 7 with various dictionaries, together with a number of development packages and database servers, as well as Citrix and SAP clients. The manual is identical to the one available with the Deluxe edition and Xandros deserves praise for making an effort to put together a really useful guide. Despite developing a superb package, Xandros might still have hard time selling the product in desirable quantities. It seems that most of the migration efforts we get to hear about these days tend to revolve around one of the free distributions (the current migration to Linux by the municipalities of Munich and Vienna are good examples), customized to their needs. Also, we haven't heard of any success stories involving Xandros Business Desktop, an event that would surely result in a self-congratulatory press release by the company. As good as Xandros Desktop is, it still remains a largely proprietary system, not particularly cheap, and with a potential of another vendor lock-in, which is a trap that many businesses would rather avoid. This brings up the next question: is the company's current business strategy of selling boxed products, as opposed to giving the products away and charging for services, a sustainable business model? If the history of open source software companies is anything to go by, selling services tends to result in sustainable growth, while selling software boxes is likely to lead towards stagnation at best, and bankruptcy at worse. There are far too many examples of the latter to ignore the danger!
Next week: OLS + KS/DDCNext week is the annual pilgrimage to the Ottawa Linux Symposium, one of the key Linux development events worldwide. The schedule has been posted for those who are interested; it looks like the usual collection of great talks. LWN editor Jonathan Corbet will be giving an updated version of the "2.6 Kernel Roadmap" talk at 10:00 on Wednesday.The Desktop Developers' Conference is happening the two days prior to the opening of OLS. We would love to be able to report from that event, but your editor will, instead, be downstairs at the annual kernel summit. Look for our coverage from that event early in the week. There will be reports from OLS as well, though your editor has learned, from experience, to rest well before the famous closing party. See you in Ottawa.
Security The Personal Data Privacy and Security ActThe good news is that the U.S. Congress is turning its attention to identity theft. The bad news is that Congress is unlikely to produce truly effective legislation. The Personal Data Privacy and Security Act of 2005 is one bill that attempts to address ID theft and misuse of personal information. It was introduced at the end of June by Senators Arlen Specter and Patrick Leahy. Text of the bill is available from thomas.loc.gov. The bill's summary sounds good:
To prevent and mitigate identity theft; to ensure privacy; and to enhance
criminal penalties, law enforcement assistance, and other protections
against security breaches, fraudulent access, and misuse of personally
identifiable information.
The bill does have some sensible provisions. It would specifically prevent companies from selling social security numbers, for example, without explicit consent of the individual. The bill would also require notification to individuals that their personal information had been compromised, and would require "data collectors" to disclose information being collected upon request. The bill would also beef up penalties for identity theft, and for concealing security breaches. While there is a lot to like about the bill, it has more than its share of flaws. Section 422 of the act requires "any business entity or agency engaged in interstate commerce that involves collecting, accessing, using, transmitting, storing, or disposing of personally identifiable information" to provide written notification of an information compromise or, if the address is unknown, notification by phone. The problem with requiring a written notice or phone call is that many sites that would be required to comply with the law do not necessarily collect addresses or phone numbers. Forcing them to start gathering that information would be burdensome, intrusive on the privacy of the people who are allegedly being protected, and would add to the amount of data that can be stolen in the event of a successful attack. The act also provides for a posting on the affected site, if more than 1,000 residents of the U.S. have been affected, and notice to "major media outlets serving that State or jurisdiction" if more than 5,000 residents of a state or jurisdiction are affected. However, these seem to be aggregate requirements -- so if a company has been affected, it seems to require that they notify all individuals by phone or mail, and post a notice, and send notice to "major media outlets." There are a few flaws of omission in the bill as well. For example, as Jon Oltsik points out, there's no provision for monitoring compliance with the bill. While the bill prescribes heavy penalties for failing to comply, the only way that non-compliance will come to light, in the bill's present form, is once it's too late and a breach has occurred. This is of little comfort to those who have already had their information stolen and misused. Penalties for misuse and theft of data are fine, but prevention would be much better. While the bill requires data collectors to disclose information upon request, it does not require any notification of collection. It's unlikely that the average person even knows what organizations are collecting data in the first place. To really "ensure privacy" the bill should prevent unauthorized data collection altogether. Also, the bill protects social security numbers, which in and of itself is a good thing, but too specific. To be truly effective, now and in the future, the bill should cover any government-issued IDs. For example, it would be prudent to include IDs that fall under the Real ID Act. It would be nice to see a national data security law that would provide notifications to individuals in the event that their information has been stolen, and give additional control to individuals over the aggregation and dissemination of personal data such as social security numbers. The proposed Personal Data Privacy and Security Act of 2005 takes some tentative steps in the right direction; hopefully its weaker points will be addressed as the bill moves forward.
New vulnerabilities acroread: arbitrary code execution
centericq: temporary file vulnerability
dhcpcd: denial of service
FUSE: information disclosure
ht: arbitrary code execution
krb5: double-free flaw
leafnode: fetchnews vulnerabilities
sharutils: temporary file vulnerability
Updated vulnerabilities a2ps: input validation error
bzip2: race condition and infinite loop
cacti: SQL injection and PHP file inclusion
ClamAV: denial of service
cpio - file permissions error
cpio: directory traversal
crip: insecure temporary files
cURL: buffer overflow
cvs: multiple vulnerabilities
cyrus-imapd: buffer overflows
dbus: information disclosure
dhcp: format string vulnerability
Dnsmasq: poisoning and DoS
emacs21: format string vulnerability in "movemail"
enscript: arbitrary code execution
ettercap: format string vulnerability
evolution: message crash vulnerability
Foomatic: Arbitrary command execution in foomatic-rip
gdb: multiple vulnerabilities
gtk-pixbuf, gtk2: denial of service
gedit: format string vulnerability
gettext: Insecure temporary file handling
gftp: missing input sanitizing
ghostscript: symlink vulnerabilities
glibc: tempfile vulnerability in catchsegv script
gnupg: information leak
grip: buffer overflow
groff: insecure temporary directory
gxine: format string vulnerability
gzip: race condition and directory traversal
Heimdal: buffer overflow vulnerabilities
htdig: cross site scripting
ImageMagick: xwd coder denial of service
imap: buffer overflow in c-client
imlib2: buffer overflows
infozip: privilege escalation, directory-traversal
junkbuster: heap corruption and settings modification
kdelibs: unsanitzied input
kernel: ELF loader core dump vulnerability
kernel: multiple vulnerabilities
kernel: multiple vulnerabilities
kimgio input validation errors
libconvert-uulib-perl: arbitrary code execution
libdbi-perl: insecure temporary file
libgd2: buffer overflows in PNG handling
libnet-ssleay-perl: weakened cryptographic operations
libTIFF: buffer overflow
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
libXpm: new buffer overflows
lvm10: creates insecure temporary directory
mailman: path traversal
mc: buffer overflow
mod_python: remote access vulnerability
Mozilla Firefox, Mozilla Suite: multiple vulnerabilities
mozilla firefox: javascript vulnerabilities
MPlayer: heap overflows
MySQL: input validation and temporary file vulnerabilities
ncpfs: multiple vulnerabilities
Net-SNMP: fixproc insecure temporary file creation
nfs-utils: arbitrary code execution
openssh: directory traversal
openssl: der_chop script temp file vulnerability
OpenSSL: information leak
OpenSSL: denial of service vulnerabilities
perl: setuid vulnerabilities
perl: symlink vulnerability
php4: integer overflow and denial of service
phpbb: arbitrary command execution
php-pear: remote code execution
phpsysinfo: cross-site-scripting
postgresql: EXECUTE privilege vulnerability
postgresql: database initialization errors
Pound: buffer overflow
razor-agents: denial of service
RealPlayer HelixPlayer arbitrary code execution
rp-pppoe, pppoe: missing privilege dropping
ruby: arbitrary command execution
samba: integer overflow vulnerability
SpamAssassin: Denial of Service vulnerability
SpamAssassin: denial of service
squid: DNS spoofing
SquirrelMail: multiple vulnerabilities
SquirrelMail: several XSS vulnerabilities
sudo: race condition
File overwrite vulnerability in tar and unzip
tcpdump: denial of service
tcpdump: multiple DoS issues
telnet: buffer overflows
Tor: information disclosure
trac: file upload vulnerability
vixie-cron: crontab allows any user to read another users crontabs
wget: file overwrites and arbitrary code execution
XChat 2.0.x SOCKS5 Vulnerability
xine-lib: buffer overflows
xine-ui - insecure temporary file creation
xorg-x11: integer overflows
xpdf: buffer overflow
XV: multiple vulnerabilities
zlib: buffer overflow
Events USENIX Security SymposiumThe USENIX Security Symposium is happening starting July 31 in Baltimore. Click below for the details.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch is 2.6.13-rc3, released by Linus on July 12. Changes this time around include a new DES (crypto) implementation with better performance, multi-block operation support in the crypto layer, "almost-skas" mode support for user-mode Linux, a big memory technology device (MTD) update, user-space I/O initiation for InfiniBand, and the long-awaited inotify patch. "There's a bit more changes here than I would like, but I'm putting my foot down now. Not only are a lot of people going to be gone next week for LKS and OLS, but we've gotten enough stuff for 2.6.13, and we need to calm down." See the long-format changelog for the details.Linus's git repository contains a small number of fixes added after the -rc3 release. The current -mm tree is 2.6.13-rc2-mm2. Recent changes to -mm include a set of swapper fixes, a big InfiniBand update, and lots of fixes. The class-based kernel resource management patches have since been added for (presumably) 2.6.13-rc3-mm1.
Kernel development news Some 2.6.13 API changesThe flood of patches going into the mainline 2.6.13 brings with it the usual assortment of changes to the internal kernel API. Here's a subset of those changes.The configurable HZ patch has been merged. If there is, somehow, code which has survived this far with assumptions about the value of HZ, it should probably be fixed sometime soon. There is a new timer function:
int try_to_del_timer_sync(struct timer_list *timer);
This function will make a best effort to delete the timer. Should the timer function actually be running at the time, however, this version will not wait for it to complete; it will return -1 immediately. It can thus be used in interrupt handlers and other contexts where waiting for a timer function to finish is not an option. The block_device_operations structure has a new member:
long (*unlocked_ioctl) (struct file *filp, unsigned cmd,
unsigned long arg);
If an unlocked_ioctl() method exists, it will be called (in preference to ioctl()), and the big kernel lock will not be held. Drivers which perform their own locking (which should be all of them, really) can use the new method to avoid the overhead of the BKL. The netif_rx() function, used by network drivers (when not in NAPI mode) to feed packets into the kernel, has traditionally returned one of several values indicating how congested the system was. The idea was that drivers could use this information to reduce load on the kernel as congestion increases. No drivers do this, however; instead, NAPI is used for high-traffic situations. So netif_rx() now will return one of two values: NETIF_RX_SUCCESS if all is well, or NETIF_RX_DROP if the packet was dropped. It's also worth noting that the sk_buff structure has changed again, leading to the usual troubles with binary-only drivers. Authors of PCI drivers who want to squeeze out every bit of DMA performance from their hardware can use a new function to determine the optimal DMA burst size:
void pci_dma_burst_advice(struct pci_dev *pdev,
enum pci_dma_burst_strategy *strat,
unsigned long *param);
On return, strat will tell which strategy works best on the current platform. PCI_DMA_BURST_INFINITY says that bursts should simply be made as large as possible; in this case, param contains no information. PCI_DMA_BURST_BOUNDARY tells the driver to not burst across memory boundaries which are a multiple of the value returned in param. And PCI_DMA_BURST_MULTIPLE sets a maximum size (returned in param) on each individual burst. Thomas Graf has contributed a generic text searching mechanism for the kernel. It can handle searching through non-contiguous data, and is designed to work with pluggable searching algorithms. A couple of search modules have been provided: a straight Knuth/Morris/Pratt string matcher and a finite state machine version which provides a limited regular expression mechanism. The initial application for this library is for flexible packet classification in the networking traffic control code, but other uses are possible. Performing a search requires first setting up a configuration:
struct ts_config *textsearch_prepare(const char *algorithm,
const void *pattern,
unsigned int patlen,
int gfp_mask, int flags);
Here, algorithm is the searching algorithm to use; "kmp" will get Knuth/Morris/Pratt. pattern is the actual pattern to search for; patlen is its length. The usual memory allocation flags are provided in gfp_mask, and flags is for search-specific flags. Currently, the only flag is TS_AUTOLOAD, which allows the kernel to load a module implementing the desired search algorithm, if necessary. The return value is a pointer to a configuration structure to be used with the other functions, or an error value (as determined by IS_ERR()). A ts_config structure, once initialized, can be reused as many times as desired. It contains no per-search state, so it can be used in parallel searches as well. When the structure is no longer needed, it should be returned with a call to textsearch_destroy(). If the data to be searched is a single, contiguous block, then searching is a matter of calling:
unsigned int textsearch_find_continuous(struct ts_config *config,
struct ts_state *state,
const void *data,
unsigned int datalen);
unsigned int textsearch_next(struct ts_config *config,
struct ts_state *state);
For these calls, config is a configuration returned from textsearch_prepare(), and state is a local state variable. A call to textsearch_find_continuous() must come first; it will initialize state for a search through the given data array. Both functions will return the offset of the beginning of the match, or UINT_MAX if no (further) match is found. If the data to be searched is not contiguous in memory, things get a little more complicated. The caller must provide a method which can obtain a pointer to a block of data:
unsigned int (*get_next_block)(unsigned int consumed,
const u8 **dst,
struct ts_config *config,
struct ts_state *state);
This function will be called by the textsearch code when it needs more data to look through. It should locate the first byte beyond consumed and store its address in *dst. The config pointer will not normally be used; state->cb is a 40-byte "control buffer" which can be used to store data between calls to get_next_block(). The return value is the length of the block, or zero if there is no more data. Another method:
void (*finish)(struct ts_config *config, struct ts_state *state);
will be called after each search completes. Note that there can be several get_next_block() calls for each call to finish(). Both of these methods are stored in the ts_config structure; they should be set there after the call to textsearch_prepare(). The first search is performed with:
unsigned int textsearch_find(struct ts_config *config,
struct ts_state *state);
Subsequent searches can be performed with textsearch_next().
PCI error recoveryThe PCI bus is the interconnect of choice for the bulk of the architectures supported by Linux. Most peripherals on such systems - including disk, network, and USB controllers - communicate with the CPU via this bus. Linux device drivers (regardless of the bus used) must be written with the idea that the device being controlled can fail. Most drivers, however, assume that the bus used to communicate with the device will work flawlessly. This assumption exists because (1) it tends to be true, and (2) the Linux kernel has never provided an infrastructure which enables drivers to detect (and respond to) PCI errors. Work is under way to provide that infrastructure, however; there are currently two entirely different interfaces being proposed for this role.The first approach, posted by Linas Vepstas, works by way of callbacks. It enhances the pci_driver structure by adding a new set of methods:
struct pci_error_handlers
{
enum pci_channel_state error_state;
int (*error_detected)(struct pci_dev *dev,
enum pci_channel_state error);
int (*mmio_enabled)(struct pci_dev *dev);
int (*link_reset)(struct pci_dev *dev);
int (*slot_reset)(struct pci_dev *dev);
void (*resume)(struct pci_dev *dev);
};
A PCI driver is not required to supply any of these callbacks. Any driver which will perform PCI error recovery must provide at least error_detected(), however. That method will be called sometime after the PCI subsystem detects an error on the bus; the error parameter will be set to one of these values:
enum pci_channel_state {
pci_channel_io_normal = 0, /* I/O channel is in normal state */
pci_channel_io_frozen = 1, /* I/O to channel is blocked */
pci_channel_io_perm_failure, /* pci card is dead */
};
The error_detected() method should shut down any ongoing I/O operations, but should not attempt to communicate with the adapter itself. This method can take locks and sleep; it is called from process context. The return value tells the error recovery subsystem how to proceed; it can be PCIERR_RESULT_CAN_RECOVER (the driver thinks it will be able to recover just by talking to the adapter), PCIERR_RESULT_NEED_RESET (a hard reset of the adapter will be required), or PCIERR_RESULT_DISCONNECT (the situation is hopeless, and the adapter should be considered permanently dead). If all drivers on an affected PCI segment think they can recover from the problem, the next step is to turn memory-mapped I/O back on and let the drivers try. To this end, each driver's mmio_enabled() callback will be invoked. This callback should do whatever port banging is required to get the adapter back into a reasonable state, then return one of PCIERR_RESULT_RECOVERED (it worked), PCIERR_RESULT_NEED_RESET (it failed, try resetting), or PCIERR_RESULT_DISCONNECT (it failed, abandon all hope). Regardless of the outcome, the driver should not restart I/O from this callback. The link_reset() method is similar to mmio_enabled(), but it is only applicable for PCI-Express adapters which might be fixable via a link reset operation. The return codes are the same as for mmio_enabled(). If a reset is called for, the PCI subsystem will perform the reset, then call slot_reset() to let the driver know. The driver should attempt to bring the adapter back to a working state, re-download firmware, etc., then return a status code indicating whether things worked or not. If reinitialization fails, it is possible that slot_reset() could be called more than once as the PCI subsystem employs an increasingly large hammer. Finally, if all seems to be well, the driver's resume() callback will be called; this is the point where I/O operations can be restarted. A very different approach is taken by the IOCHK interface posted by Hidetoshi Seto. This patch expects drivers to perform more of their own error checking, but gives more control over the timing of recovery operations. The IOCHK patch works by defining a new opaque type called iocookie. A driver which is about to engage in a conversation with one of its devices would initialize one of these cookies with:
void iochk_clear(iocookie *cookie, struct pci_dev *dev);
The driver then performs its device operations, reading and writing memory-mapped I/O registers as necessary. At any point, the driver can check to see whether an error has occurred with:
int iochk_read(iocookie *cookie);
A non-zero return indicates trouble; should that happen, the driver can respond by resetting the device, disconnecting it, or going into hysterics. There is no core support for operations like resetting adapters. The obvious question which has been raised is why two interfaces are needed. It seems that some situations are better handled by an asynchronous notification mechanism (such as implemented by Linas's patch), while others are better suited to a synchronous approach. So it may well be that, at some point in the future, the kernel will go from no PCI error handling interfaces to two of them. Before that happens, however, one assumes that some work will be done to unify the underlying support code and to make the two interfaces appear more like parts of a single API.
Manual driver binding and unbindingOne new feature in the 2.6.13-rc3 kernel release, is the ability to bind and unbind drivers from devices manually from user space. Previously, the only way to disconnect a driver from a device was usually to unload the whole driver from memory, using rmmod.In the sysfs tree, every driver now has bind and unbind files associated with it:
$ tree /sys/bus/usb/drivers/ub/
/sys/bus/usb/drivers/ub/
|-- 1-1:1.0 -> ../../../../devices/pci0000:00/0000:00:1d.7/usb1/1-1/1-1:1.0
|-- bind
|-- module -> ../../../../module/ub
`-- unbind
In order to unbind a device from a driver, simply write the bus id of the device to the unbind file:
echo -n "1-1:1.0" > /sys/bus/usb/drivers/ub/unbind
and the device will no longer be bound to the driver:
$ tree /sys/bus/usb/drivers/ub/
/sys/bus/usb/drivers/ub/
|-- bind
|-- module -> ../../../../module/ub
`-- unbind
To bind a device to a driver, the device must first not be controlled by any other driver. To ensure this, look for the "driver" symlink in the device directory:
$ tree /sys/bus/usb/devices/1-1:1.0
/sys/bus/usb/devices/1-1:1.0
|-- bAlternateSetting
|-- bInterfaceClass
|-- bInterfaceNumber
|-- bInterfaceProtocol
|-- bInterfaceSubClass
|-- bNumEndpoints
|-- bus -> ../../../../../../bus/usb
|-- modalias
`-- power
`-- state
Then, simply write the bus id of the device you wish to bind, into the bind file for that driver:
echo -n "1-1:1.0" > /sys/bus/usb/drivers/usb-storage/bind
And check that the binding was successful:
$ tree /sys/bus/usb/devices/1-1:1.0
/sys/bus/usb/devices/1-1:1.0
|-- bAlternateSetting
|-- bInterfaceClass
|-- bInterfaceNumber
|-- bInterfaceProtocol
|-- bInterfaceSubClass
|-- bNumEndpoints
|-- bus -> ../../../../../../bus/usb
|-- driver -> ../../../../../../bus/usb/drivers/usb-storage
|-- host2
| `-- power
| `-- state
|-- modalias
`-- power
`-- state
As the example above shows, this capability is very useful for switching devices between drivers which handle the same type of device (both the ub and usb-storage drivers handle USB mass storage devices, like flash drives.) A number of "enterprise" Linux distributions offer multiple drivers of different version levels in their kernel packages. This manual binding feature will allow configuration tools to pick and choose which devices should be bound to which drivers, allowing users to upgrade only specific devices if they wish to. In order for a device to bind successfully with a driver, that driver must already support that device. This is why you can not just arbitrarily bind any device to any driver. To help with the issue of adding new devices support to drivers after they are built, the PCI system offers a dynamic_id file in sysfs so that user space can write in new device ids that the driver should bind too. In the future, this ability to add new driver IDs to a running kernel will be moved into the driver core to make it available for all buses.
CFQ v3Jens Axboe's completely fair queueing (CFQ) I/O scheduler has been regarded by many as the best available in the 2.6 kernel for a while. Said scheduler has just been through another major upgrade which should implement a higher degree of fairness while providing "excellent" throughput for the system as a whole.One of the big additions this time around is time sharing: processes now get time slices during which they are able to dispatch I/O requests. The scheduler will allow a drive to go idle - briefly - during a process's time slice to give that process an opportunity to generate more I/O requests. In this way, it behaves similarly to the anticipatory scheduler; it allows the process to get the most out of its slice while, hopefully, taking advantage of the locality of that process's requests. If, however, a process's requests end up causing too much seeking, that process will temporarily lose its right to hold the disk idle. Tied in with the time sharing implementation is the notion of I/O priorities. Each process has its own I/O priority, which, by default, is derived from its CPU priority. Processes with higher priorities will preempt lower-priority processes, while sharing the drive in a round-robin fashion with equal-priority processes. There is also a realtime priority level which does not do round-robin sharing, and an "idle" level which is only allowed to dispatch requests when the drive has been idle for a sufficiently long period. There is a temporary priority boosting mechanism designed to avoid priority inversion problems when a low-priority process holds important resources. Two new system calls have been added for working with I/O priorities:
int ioprio_set(int which, int who, int priority);
int ioprio_get(int which, int who);
Here, which controls whether the call applies to a single process, process group, or user, and who is the appropriate ID (usually the process ID). A call to ioprio_set() will apply the new priority (subject to the usual permissions checks) while ioprio_get() returns the current value.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet Distributions Debconf 5 - Debian Derivatives and Custom Debian DistributionsThis week your editor had the opportunity to travel to Helsinki, Finland for Debconf5 - thanks to the conference organizers for making this possible! The following article is based on a round table discussion
on Debian Derivatives, lead by Benjamin "Mako" Hill, and a talk by Andreas
Tille titled 'CDD - Custom Debian Distributions'.
Fledgling distribution projects often use a larger, more established project as a base for beginning development. These days Debian is the most popular distribution to use as a base for creating a new distribution. DistroWatch lists one hundred twenty-nine projects based on Debian. The LWN Distribution list identifies nearly one hundred distributions with roots in Debian. Some are derived distributions, some are custom Debian distributions (CDDs). What's the difference? CDDs are part of the Debian Project and appear on Debian CDD website. Anything else can be considered a derivative. Why is Debian such a popular starting point for CDDs and derivatives? One reason is the large number of packages in the Debian archive, something for almost every special interest. Why create a custom distribution? Most often it's to get a subset of packages to focus on a particular interest, or for a particular language. Whether it's a Chinese desktop or a live CD with a good selection of security tools, many people want more focus from their distribution. Businesses don't want their employees to have access to thousands of packages but they may want non-free applications or customized configurations. Many users are overwhelmed by the size and complexity of Debian and they appreciate a smaller distribution focused to their interests. Specialized distributions provide preconfigured, easy to install (or live CD) versions of the software they want, without the clutter of thousands of packages that may not be well described, or not described in a language they understand. Some packages might be highly inappropriate for some users; for example, the parents of the young children using Debian Jr. might not want them to have access to hot babe. Desktop users in China will appreciate a system where the default interface is in a language they can read. Someone who wants forensic tools on a live CD probably doesn't want a lot of games taking up space on that CD. From Debian-Med to Skolelinux; Quantian to DeMuDi; smaller and more focused is better. One notable exception to that rule is Ubuntu, which aims for a wide variety of packages for a general purpose audience, though with fewer available platforms and above all a predictable release cycle. Meanwhile, Debian continues to grow, with more packages available, more maintainers to care for those packages, and support for more architectures. As Debian grows so grows the number of users, the number of derivatives, and, so it seems, the time between releases. Debian's infrastructure is strained with the growth. Some fear a decline in the quality that has made Debian a first class distribution. Derived distributions take some of the strain off, but at a cost. Even those working the CDD projects have complained that their patches don't always make it back into the main Debian archive. Certainly while there was a Sarge freeze there were times when patches couldn't be included immediately, but even without that constraint, a common complaint of derived distribution developers was that their patches were often ignored by the package maintainer. In other cases the derivative developers were fixing bugs, improving translations, adding features and making changes without a word to Debian or any other project. All in all there has been considerable duplication of effort between the many projects using Debian, and not nearly enough collaboration. We have reported previously on Canonical's suite of tools designed to make collaboration easier. Progeny and HP are two more companies that will provide customized Debian distributions, and both companies have been working on tool kits to make that job easier. Better tool kits are only part of the solution. Everyone agrees that there needs to be better communications between Debian developers and the developers of Debian derivatives. There needs to be better documentation of what changes are made and why these changes were deemed necessary. Generally there needs to be better collaboration between Debian and its offshoots. The Debian Derivers Council has been formed to help with communications and better collaboration. We look forward to seeing some positive results from the various tool kits and the actions of the Council. This is Rebecca Sobol in Helsinki, Finland.
New Releases AGNULA/DeMuDi 1.2.1 is outVersion 1.2.1 of the AGNULA/DeMuDi audio distribution has been announced. "This release is the second of the 1.2.x series , and sports a complete integration with Debian, using the Sarge Debian Installer and the CDD (Custom Debian Distributions) concept."
Distribution News Debian Project Leader report for 2005-07-07Branden Robinson has posted his third report as Debian Project Leader. This report covers the Sarge release, the status of security support, delegation activities, the need for a new hosting site and new hardware, and more.
Debian Security Support in PlaceThe Debian Project's security support system has been fixed. "The Debian project confirms that the security infrastructure for both the current release Debian GNU/Linux 3.1 (alias sarge) and the former release 3.0 (alias woody) is working again. The security team is now able to provide updates on a regular basis again."
Bits from the CD team: plans for debian-cd v3.0Steve McIntyre has sent out an update regarding the Debian-cd effort. "At Debconf we've had a couple of very good discussion sessions about changes that are wanted/needed in debian-cd. Firstly we had several members of the debian-cd team thrash out what we wanted to do for the next version, then a second chat with some more of the debian-cd users to see what they would like us to do for them. I came to Debconf with some ideas of my own for discussion, and several of these other people have thrown extra things into the pot. Here's a summary of what we came up with; I'll follow up to debian-cd with more details."
Slackware Changelog NoticeThe latest Slackware Changelog Notice is out for July 9, 2005 with coverage of the latest modifications to slackware.
Announcing Launch of ($10m) Ubuntu FoundationMark Shuttleworth and Canonical have launched the Ubuntu Foundation, with an initial funding of $10m. "The Ubuntu Foundation will employ core Ubuntu community members to ensure that Ubuntu (www.ubuntu.com) will remain fully supported for an extended period of time, and continue to produce new releases of the distribution. As a first step, the Foundation announces that Ubuntu version 6.04, due for release in April 2006, will be supported for three years on the desktop and five years on the server."
Distribution Newsletters Debian Weekly News - July 12th, 2005The July 12, 2005 issue of the Debian Weekly News is online, here's the content summary: "Bill Allombert called for arm porters to support the ARM port of Debian. As this year's Debian conference is taking place now, Debian Planet carries a lot of content from the attending developers."
Fedora Weekly News #4The fourth issue of the Fedora Weekly News is out. This week's topics include an installer crash workaround, Fedora Core 4 books, the preliminary FC5 schedule, and several others.
Gentoo Weekly NewsletterThe July 11, 2005 Gentoo Weekly Newsletter is online.
Mandriva Linux Community Newsletter #105The July 8, 2005 edition of the Mandriva Linux Community Newsletter is online. Topics include: Mandriva acquires Lycoris, Multi Network Firewall 2 released, New Club site beta available to members, Limited Edition 2005 reviewed at playREACTION, and Mandriva Updates.
Package updates Fedora updatesFedora Core 4 updates system-config-nfs (several fixes), grep (bug fix), kernel (bug fixes, I2C drivers), kdegraphics (bug fix), audit (new interpretive mode, bug fixes), libxml2 (bug fixes), dhcp (bug fixes), lam (bug fixes), vixie-cron (bug fixes), procps (bug fixes), libwnck (new feature), metacity (new feature), gaim (bug fixes), net-snmp (security update), bind (bug fixes), selinux-policy-targeted (policy change). There is also a new set of kernel modules for clustering: GFS-kernel, dlm-kernel, gnbd-kernel, and cman-kernel.Fedora Core 3 updates dhcp (bug fixes), lam (bug fixes), vixie-cron (bug fixes), procps (bug fixes), gaim (bug fixes), bind (bug fixes).
Mandriva updates drakxtools packagesMandriva has issued an update advisory for the drakxtools packages, three bugs have been fixed.
Slackware Changelog Notice for PHPSlackware has issued a Changelog Notice that addresses a security issue with the PHP pear-xml_rpc vulnerability.
Trustix updates initscripts, php, php4 and pangoTrustix Secure Linux has released a Bugfix Advisory for initscripts, php, php4 and pango.
Newsletters and articles of interest SPI 2005 Annual Report AvailableThe annual meeting of Software in the Public Interest was held on July 1, 2005. The report covers SPI's finances, elections, board members, committees, member projects, and other significant changes throughout the year.
Page editor: Rebecca Sobol Development Edit audio file tags with EasyTAGEasyTAG is a tag editor which supports a variety of audio file types:
EasyTAG is a utility for viewing and editing tags for MP3, MP2, FLAC, Ogg Vorbis, MusePack and Monkey's Audio files. Its simple and nice GTK+ interface makes tagging easier under GNU/Linux.
Tag info is metadata that is embedded in an audio file. Tag fields include the track title, artist, date, genre, album, comments, copyright, URL, Encoder name and even an attached photo.
The software was written in C and uses a GTK-based user interface, it has been licensed under the GNU General Public License. Installation of an older version on a Fedora Core 3 system was fairly easy, it involved locating and installing rpms for the id3lib and flac libraries and installing the EasyTAG rpm files from the project download site (there is also a package in Fedora extras). Packages are available for Debian, Fedora, Mandriva, Slackware, SUSE, NetBSD and MacOSX. Source code can be compiled for other platforms and distributions. Development version 1.99.7 of EasyTAG was released this week, it features a lot of bug fixes and translation improvements. Operation of the basic features was easy and obvious, editing tag information on mp3 and ogg was trivial. The tag information on a test mp3 file showed up on both the mpg123 and mpg321 players with no troubles. EasyTAG will definitely go into this editor's collection of useful audio utilities.
System Applications Database Software ZODB 3.2.9 final releasedVersion 3.2.9 final of ZODB, the Zope Object Database, is out. "In addition to minor bugfixes, there is one critical bugfix in 3.2.9, concerning data consistency after a subtransaction commit. This was discovered by code inspection, and a test case showing the problem was constructed from that analysis."
Interoperability Samba 3.0.20 pre2 AvailablePreview release 2 of Samba 3.0.20 has been announced. "There has been a substantial amount of development since the 3.0.14a stable release (and since the 3.0.20pre1 release as well). We would like to ask the Samba community for help in testing these changes as we work towards the next official, production Samba 3.0 release. This is the last anticipated preX release before moving onto the Release Candidate state of testing."
LDAP Software LAT 0.6 ReleasedVersion 0.6 of LAT, the LDAP Administration Tool, is out. It features Active Directory support, initial Samba support, GNOME Keyring support, bug fixes, and more.
Networking Tools iptables 1.3.2 releasedVersion 1.3.2 of the iptables network filtering system has been announced. "The final 1.3.2 version contains accumulated bugfixes to the last 1.3.1 version. No new targets/matches have been added."
Web Site Development Custom-Compiling Apache and Subversion (O'ReillyNet)Manni Wood looks at the use of Subversion with Apache on O'Reilly. "Subversion is a useful, powerful, and modern revision-control system that builds on well-understood and powerful tools including Apache. This layering has many benefits--and drawbacks, if the defaults aren't quite right for you. You can compile them yourself, though; Manni Wood demonstrates how."
MediaWiki 1.4.6, 1.5beta3 released (SourceForge)Versions 1.4.6 and 1.5 beta 3 of MediaWiki have been released, they address a security issue. "Incorrect escaping of a parameter in the page move template could be used to inject JavaScript code by getting a victim to visit a maliciously constructed URL. Users of vulnerable releases are recommended to upgrade to this release."
Desktop Applications Audio Applications liboggz 0.9.2 ReleasedVersion 0.9.2 of liboggz, an interface and command-line tool set for reading and writing Ogg files and streams, is out. Changes include improved examples, build improvements, and bug fixes.
Desktop Environments Dropline GNOME 2.10.2 is here! (GnomeDesktop)Version 2.10.2 of dropline GNOME has been announced. "The wait is over! We're proud to announce dropline GNOME 2.10.2, the third in the series of our "All Roads Lead to GNOME" releases. This release incorporates several updates for the GNOME 2.10 desktop and development platform, as well as several months of refinement, to produce our best release to date."
GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Commit Digest for July 8, 2005 (KDE.News)KDE.News has announced the July 8, 2005 edition of the KDE Commit-Digest. Here is the table of contents: "KPDF can now open PS files. Kexi form designer supports drag and drop of database fields to create forms. Krita now has a pixelize filter, bumpmapping and watercolor painting. KRDC now has KWallet support. KRecipes improves printing. Also bug fixes and speedups in khtml."
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Desktop Publishing Announce Scribus 1.2.2.1Version 1.2.2.1 of the Scribus desktop publishing application is out. "The Scribus team urges all users and distros to use this latest release. We have replaced our 1.2.2 release with this release to fix one issue and update some documentation."
Electronics Kicad release 2005-07-04Release 2005-07-04 of Kicad, an electronic schematic capture and printed circuit CAD application, is available. It features bug fixes.
Financial Applications SQL-Ledger version 2.4.13 releasedVersion 2.4.13 of SQL-Ledger, a web-based accounting system, has been released. It features new point of sale buttons, bug fixes, translation work, and more.
Fonts and Images Open Clip Art Library Release 0.15 Announcement (GnomeDesktop)GnomeDesktop.org covers the latest release of the Open Clip Art Library. "Release 0.15 of the Open Clip Art Library is now on-line for download as an individual package consisting of 4336 images submitted by over 430 artists from around the world. The amount of high quality clip art has increased much with the inclusion of Nicu Buculei's Playing Cards collection and Gerald Ganson's package submission."
Graphics Coin3D 2.4.3 releasedVersion 2.4.3 of Coin3D, a 3D graphics library with SGI Open Inventor compatibility, has been released. "Yesterday's Coin 2.4.2 release contained a couple of ugly regressions. They are now fixed, and here is the new 2.4.3 patchlevel release."
Medical Applications FreeB2 Standalone Released (LinuxMedNews)LinuxMedNews covers the release of the standalone version of FreeB, a Medical Billing engine. "FreeB supports X12 837p and CMS(HCFA) 1500 formats. FreeB is a standalone engine, it can interface with any practice management system or EMR to provide medical billing capabilities to that system. FreeB is the sister project of ClearHealth."
Multimedia libannodex 0.7.0 ReleasedVersion 0.7.0 of libannodex, a C library that supports the reading and writing of Annodex media, is out. Changes include CMML 2.1 support, build fixes, and more.
Web Browsers Firefox 1.0.5 is outMozilla Firefox 1.0.5 is available. This release contains a number of security fixes and general bug fixes; an upgrade is recommended. See the release notes for details and downloads.
Google Releases Toolbar and Extensions for Mozilla Firefox (MozillaZine)MozillaZine looks at a new Google Toolbar for the Firefox browser. "Search engine giant Google today improved its offerings for Mozilla Firefox, launching a beta version of its Google Toolbar for Firefox and also two experimental Google Firefox extensions. Previously, the Google Toolbar a browser add-on that offers easy access to Google's search and other features has only been available to users of Microsoft Internet Explorer."
Deer Park Alpha 2 Candidate Builds Available (MozillaZine)The alpha 2 candidate builds of Deer Park, the Mozilla Firefox 1.1 testing release, have been announced. "As previously reported, Deer Park is the codename for Mozilla Firefox 1.1 and is being used by the Mozilla Foundation to refer to the 1.1 alpha releases in an attempt to dissuade end-users from downloading them. In addition to testers of the program itself, Deer Park Alpha 2 is intended to be used by extension, theme and Web application developers for compatibility and feature testing." More information is available here.
Minutes of the mozilla.org Staff Meeting (MozillaZine)MozillaZine has announced the minutes from the June 27, 2005 mozilla.org staff meeting. "Issues discussed include releases and the QA planning meeting."
Minutes of the mozilla.org Staff Meeting (MozillaZine)The minutes from the July 6, 2005 mozilla.org staff meeting have been announced. "Issues discussed include releases, server transition and marketing."
Miscellaneous G11NToolKit 1.2.0 (SourceForge)Version 1.2.0 of the G11NToolKit is out with changes to the package naming conventions. "The G11NToolKit is a set of Java classes that can be used to aid in extracting and preparing source code strings for translation. The classes are designed to work together to accomplish the tasks desired. The tool kit is intended to be used in a defined process in conjunction with other translation tools."
Languages and Tools C GCC 4.0.1 releasedVersion 4.0.1 of GCC, the GNU Compiler Collection, has been released. The change log details the fixed bugs.
Caml Caml Weekly NewsThe July 12, 2005 edition of the Caml Weekly News is online. Take a look for the latest Caml articles. Topics include: Sparse structure, LablGtkSourceView, Line printer daemon, Polymorphic map and OO syntax extension, LablPCRE - a PCRE binding for Objective Caml and Wyrd 1.0.0.
Groovy Programming Tools: Java Scripting Languages (Linux Journal)Reg. Charney introduces Jython and Groovy in a Linux Journal article. "I recently returned from JavaOne 2005 in San Francisco. The show was impressive for a number of reasons. The attendance seemed to be about 30% larger than last year's. The same could be said for the number of tutorials, sessions and BOFs. For example, there were enough BOFs to run until 11:00pm at night. Many of the sessions were filled to capacity, with over 600 attendees each technical presentation. Given my strong background in C++, I am used to a more amorphous attitude toward languages. Therefore, I was surprised to see that there still is a vibrancy to Java that I do not see with C++."
Perl This Week in Perl 6 (O'Reilly)The June 29-July 5, 2005 edition of This Week in Perl 6 is online with the latest Perl 6 development news.
PHP PHP 4.4.0 ReleasedPHP version 4.4.0 has been released. "This is a maintenance release that addresses a serious memory corruption problem within PHP concerning references. If references were used in a wrong way, PHP would often create memory corruptions which would not always surface and be visible. In other cases it can cause variables and objects to change type or class. If you encountered strange behavior like this, this release might fix it." See the change log for more details.
Python python-dev SummaryThe June 15-30, 2005 edition of the python-dev Summary is online with coverage of activity on the python-dev mailing list.
Ruby Ruby Weekly NewsThe July 10th, 2005 edition of the Ruby Weekly News summarizes the latest discussions on the ruby-talk mailing list.
Tcl/Tk Dr. Dobb's Tcl-URL!The July 12, 2005 edition of Dr. Dobb's Tcl-URL! is online with the latest Tcl/Tk news and resources.
Page editor: Forrest Cook Linux in the news Recommended Reading The BBC seeks escape from patent minefield (InfoWorld)Here's an InfoWorld article on the BBC's efforts to create an open-source, patent-free multimedia codec. "The obvious losers in that kind of deal are open source projects, which often are but loosely knit groups of individuals in no position to pay any kind of fee, no matter how 'reasonable.' But potential users of those projects lose, as well. Consider the growing number of people in the developing world who rely on open source for all their computing needs, and you'll see how patent-encumbered technologies do not pose a long-term solution for a media organization with a mission similar to the BBC's."
Vendors Team on Debian-Based Enterprise Linux (eWeek)eWeek looks at plans for a new collaborative distribution effort that will be based on Debian. "Sources close to Mandriva, Progeny and Turbolinux say the trio of companies will be announcing a new enterprise Linux distribution based on Debian Linux at the LinuxWorld event in San Francisco in August. This new enterprise distribution, which may include other companies as well, will be built on the foundation of the Debian 3.1 "Sarge" Linux distribution."
Spammers Most Likely Users Of E-Mail Authentication (TechWeb)TechWeb reports that, as expected by many, email authentication schemes have done little for the spam problem. "MX Logic tracked a sampling of 17.7 million messages that passed through its servers from June 19 through June 25, and found that of the 9 percent from domains with published SPF records, 84 percent was spam. Of the even smaller number of messages from domains with published Sender ID records (just 0.14 percent), 83 percent were spam."
The SCO Problem New trial date in IBM-SCO case (News.com)News.com covers the new trial date in the IBM vs. SCO case. "U.S. District Court Judge Dale Kimball reset the trial date to Feb. 26, 2007, in SCO's lengthy and contentious legal battle against IBM, which focuses on allegations that the computer maker infringed on SCO's intellectual property. Previously, the trial was scheduled to begin on Nov. 1."
Companies LimeWire: Open source brings commercial success (NewsForge)NewsForge looks at the business behind LimeWire, an open source Gnutella client. "On the development side, LimeWire LLC engages open source developers by paying bounties for features. Small bounties, listed as being 'good for beginners,' pay $50; medium bounties, 'good for learning the intricacies of the code,' pay $200; and large bounties, for projects that are 'difficult, but very useful,' pay $500."
Microsoft Surprises with Linux 'Hands-On Lab' (eWeek)eWeek reports on a hands-on Linux lab conducted by Microsoft at its annual worldwide partner show. "Titled "Linux and Open Source: Understanding the Competitive Challenge," and run by Don Johnson, an electrical engineer from Techstream Inc., the lab let attendees, many of whom were not familiar with Linux, experiment with KDE (K Desktop Environment) as well as see the Apache Web server in action. In addition, Johnson, who has been a system administrator and is familiar with both Microsoft and open-source solutions, gave them an overview of some Linux concepts and what he believed were the key tradeoffs between Windows and Linux. However, it was clear that his bias lay firmly on the Windows side for the most part."
Business Database vendors eye open-source effect (News.com)News.com examines the effect of open source offerings on the database market. "But the effects of open-source pricing and products are already being felt, according to Noel Yuhanna, an analyst at Forrester Research. 'The pressure is on and is starting to build up,' Yuhanna said. Established database vendors 'will be lowering prices in large deals, probably offering more discounts just from the pressure of open source.'"
Legal Re-grokking Grokster (Linux Journal)Linux Journal's Doc Searls examines the effect of the MGM v. Grokster ruling on the spread of new technology. "Mark Cuban, for example, is an exceptionally innovative American individual who works on both sides of the Entertainment/Technology fence. From Broadcast.com to the Dallas Mavericks to HDnet to his own TV show, Mark knows how the games are played and has played them all very well. He's smart, shrewd and nobody's fool.* At the Web 2.0 conference last fall, he said, "When you're sitting around a table at a tough negotiation, you need to look around and see who the sucker is. If you don't find one, it's you.""
The coming Web security woes (News.com)Here's a News.com article (from last week) on a proposed new U.S. data security law. "Anyone who runs a Web site with registered users and receives income from it (Blogads and Google Ads count) should be concerned. The Specter-Leahy bill says that if that site's list of user IDs or e-mail addresses is compromised, each registered user must be notified via U.S. mail or telephone. Refusal to do so can be punished with $55,000-a-day fines and prison time of up to five years." How many such sites even have postal mail addresses or phone numbers for their users?
Interviews Ian Murdock on the Debian Core Consortium and Ubuntu Foundation (ZDNet)ZDNet talks with Ian Murdock about the Debian Core Consortium and Ubuntu. "Debian is increasingly just another upstream source for [Ubuntu]. Personally, I think this is a huge mistake on their part-sure, they have lots of momentum, but that's largely because Debian seemed to be faltering for a little while. But now that sarge is out there, the real momentum is behind Debian again, though Ubuntu still has momentum on the desktop side. If I were them, I'd continue focusing on that. I certainly wouldn't be so eager to unhook from the Debian train just yet."
Cornelius Schumacher on KConfig XT (KDE.News)KDE.News interviews Cornelius Schumacher "C.S.: While KConfig is a powerful and efficient way to handle configuration settings it doesn't address two things: Type safety and GUI. KConfig is great as backend, but to address these two areas we had to put another layer on top of it. That's what KConfig XT is. The key feature of KConfig XT is that it provides a machine-readable description of the configuration settings, so that we can do all kind of fancy stuff like generating type-safe code to access the settings, associate the settings with a GUI or provide tools like Zack's KConfigEditor with the ability to give the user the needed context for editing configuration files."
Resources Apache's eXtended Server Side Includes (O'ReillyNet)Kostas Pentikousis explores Apache SSI on O'Reilly. "In the early days of web publishing, SSI was an easy way to include dynamic content in pages. Though large server-side application frameworks have more popularity, SSI lives on--especially in Apache XSSI. Kostas Pentikousis demonstrates how XSSI makes it possible to build powerful, clean, maintainable, and fast web sites."
The Daemon, the GNU and the Penguin - Ch. 15, by Dr. Peter Salus (Groklaw)Groklaw has published chapter 15 of Peter Salus's The Daemon, the GNU and the Penguin. This chapter covers Commercial UNIXes and BSDI.
Command-line animations using ImageMagick (NewsForge)Shashank Sharma shows how to create animations with ImageMagick in a NewsForge article. "If the success of the "Shrek," "Toy Story," "Stuart Little," "The Incredibles," and many other Hollywood hits is any indication, animations add glitz to the mundane. While animation in the movies still requires professional animation packages like Blender, you can make simple animations using the command-line wizardry of ImageMagick."
Linux in the Classroom: a Look Back (Linux Journal)Last April Dr. Mike LeVan designed a Course in Linux System Administration. Now Linux Journal has a follow up article. "Although we did not have a live Webcast, plenty of people went to the Web site to download the assignments and notes to try to keep up with the material. Several people also started discussions in our social forum to try to make the class more of a community. In a sense, it was a typical global community that you find with Linux. We had people from Argentina, Lebanon, Canada, Singapore, Austria, Finland and many other countries. It really turned into a good experience for my students, and I hope it was for those who signed up to follow the class on-line."
Reviews db.* proves it's a database survivor (NewsForge)NewsForge looks at the history of db.*, a proprietary database turned open-source. "db.* has been in the market for more than 20 years. Originally, it was a proprietary product called dbVista developed by a company called Raima. During the dot-com boom, it was acquired by a company called Centura and released into open source under a modified Mozilla license. Centura spent millions of dollars to bring the code base up to standards, including overhauling the documentation. However, in 2001, Centura dot-bombed and went belly up, leaving db.* orphaned. Unlike an orphaned proprietary product though, another company could -- and did -- step in."
Fundable.org helps open source projects find support (NewsForge)NewsForge examines the use of the Fundable.org project for fueling open-source development. "Fundable.org is a new service that allows people who need funds to connect with those who are willing to contribute. Co-founder John Pratt isn't sure where the idea came from, but he and partner Louis Helm have been working on it day and night since the inspiration hit them in January, 2005. The concept, while unique, is quite simple. Anyone who has a product or service to sell, or needs monetary support for a charitable cause, or who wants to organize a group purchase, posts their requirement on Fundable.org."
Google map API transforms the Web (ZDNet)ZDNet looks at new applications for the recently released Google Maps API. "We are getting a great demonstration right now of open source power, as applications using the Google Maps API begin to appear. Mapquest, owned by AOL, has been around for many years, but it's a proprietary offering. Yahoo Maps has been around for years, but it has been late to this party. It's Google, using the open source process, that has blown the field apart. The code has only been out a few weeks but already we're seeing several really great applications."
MythTV: Easy personal video recording with Linux (NewsForge)NewsForge reviews MythTV, a video recording/time shifting system. "After trying MythTV on SUSE 9.1 Professional client, I found an even easier way to get everything running in less time. If you want to use your box exclusively as a media center, try KnoppMyth, a Linux distro based on Knoppix, aimed solely at providing an out-of-the-box system optimized for MythTV. The installation, although not graphical, is a no-brainer, and doesn't take much time. When it finishes, KnoppMyth helps you configure most of the options for MythTV to get it up and running".
Miscellaneous Windows tipped for EDA standard (Electronics Weekly)Electronics Weekly covers comments by John Tanner, CEO of Tanner EDA, on the future of EDA (Electronic Design Automation) applications. "Windows will become the de facto standard operating system for EDA applications, in the same way as the PC has superseded dedicated Unix boxes, and EDA firms currently migrating their software to Linux are running up a blind alley." Thanks to John Rigg.
Black Duck - But No SCO (IT-Director)Robin Bloor looks at Black Duck and other topics on IT-Director. "What the technology does is analyze source code and 'finger print' it. (To be precise, it maps the pattern of the code, but it's easier to think of it as a fingerprint). It can then look at code and determine its origin, with some degree of certainty. Even code that is not identical or partly rewritten can be identified. This is a useful capability because companies can 'black duck' the applications they've written and make sure that no code has been pilfered from SourceForge and added in, in violation of some Open Source license. (Black Duck has some customers that have had to do a little recoding because they discovered such chunks of code)."
Page editor: Forrest Cook Announcements Non-Commercial announcements European Parliament says no to software patents, yes to innovationThe FFII congratulates the European Parliament on its clear "no" to bad legislative proposals and procedures in this press release (click below).
OSDL Appoints New Director to Lead Efforts in EuropeOpen Source Development Labs has appointed Claude Beullens as director for Europe, the Middle East and Africa. "Beullens brings nearly 30 years of experience in enterprise computing, sales and marketing to lead OSDL's efforts and initiatives throughout the region."
Open Source NHIN RFP Set-Aside (LinuxMedNews)LinuxMedNews reports on a funding source for open-source software development by the U.S. Health and Human Services Department (HHS). "HHS, in a July 1 amendment to its request for proposals for the NHIN, said it will set aside one unrestricted award for open-source software which meets the following criteria: free redistribution, inclusion of source code, permission for modifications and non-specific licensing."
Software Freedom Law Center Announces Plone as Newest ClientThe Software Freedom Law Center has announced its newest client, the Plone Foundation. "The Software Freedom Law Center (SFLC), provider of pro-bono legal services to protect and advance Free and Open Source Software (FOSS), today announced it will represent the Plone Foundation. The Foundation, based in Houston, Texas, supports the development and promotion of the open source content management system, Plone, and its developer community."
Commercial announcements Excel Software Updates Linux Development ToolsExcel Software has announced the availability of new Linux development tools. "QuickUML 1.1.1 and QuickBugs 1.0.4 include an updated installer and many user interface enhancements. QuickBugs now has the ability to associate files or a zipped archive of files to bug reports, shortcuts for navigating or processing each bug and additions to the scriptable report generator. QuickCRC is a software design tool for discovering objects and related information for an object-oriented software development project."
Fujitsu and Novell Deliver Linux for High-Performance ServersNovell, Inc. has announced an agreement with Fujitsu to provide Linux-based server support. "As part of the agreement, Fujitsu will offer support services for Novell's SUSE(TM) LINUX Enterprise Server, which will soon be available worldwide on Fujitsu's mission-critical PRIMEQUEST(TM) and PRIMERGY(TM) servers."
Mathematica 5.2 adds 64-Bit SupportWolfram Research has announced the release of Mathematica 5.2, a mathematical simulation package. "Hot on the heels of Mathematica 5.1, itself released just eight months ago, 5.2 brings 64-bit technology to all supported platforms-an industry first. More than 4.3GB of memory (the 32-bit address limit) can now be addressed, and high-precision or large numbers are processed in 64-bit rather than 32-bit digit chunks for faster computation."
OpenLogic Launches BlueGlue 3.2 management suiteOpenLogic has launched version 3.2 of its BlueGlue management suite. "At JavaOne, OpenLogic introduced BlueGlue 3.2, an Open Source management suite that can tie together, in any combination, 120 of the most popular Open Source software applications available today. Developers can get a stack working in minutes and BlueGlue will test, update and validate the project constantly."
Opera technical preview adds BitTorrent supportOpera Software has announced a technical preview of the Opera browser with support for the BitTorrent file-downloading technology. "With BitTorrent, Opera hopes to make it easier for users to download the large amount of legal material available, such as Linux software and computer game demos. The Opera browser will also be offered for download as a torrent file."
PloneLive 1.0 ReleasedVersion 1.0 of PloneLive, an online book describing the Plone content management system, has been announced. " PloneLive 1.0 is a "live" book, meaning that it is updated every month with new material and corrections. Over the next year, we will be updated the book 12 times, tracking the changes and newest trends in Plone and covering new, as yet unreleased versions of Plone. The subscription cost is 29.95, this will get you access to an online repository of the full book and any of its more recent updates."
Systemax Releases Custom-Build PCs with LinuxLinspire, Inc. and Systemax, Inc. have announced a customizable Systemax desktop PC pre-installed with Linspire Linux. "The Systemax Venture L335 System is outfitted with top-quality components, including an Intel Celeron D processor, 40GB hard drive, CD-ROM and 256MB of RAM, plus keyboard, speakers and mouse. The Systemax Venture L335 is available for $299.99 direct to consumers at TigerDirect.com and GlobalComputer.com."
Zend Core for IBM ReleasedIBM and Zend have announced the Zend Core project. "IBM and Zend today announced the availability of Zend Core for IBM, the industry's first integrated solution specifically designed to help developers deploy database applications and services based on the popular PHP Web language. IBM and Zend also announced that they are jointly working on furthering PHP technology to include improved high-level database integration frameworks and enhanced PHP Web services standards."
New Books Advanced Perl Programming, Second Edition - O'Reilly's Latest ReleaseO'Reilly has published the book Advanced Perl Programming, Second Edition by Simon Cozens.
"Talk is Cheap" - O'Reilly's Latest ReleaseO'Reilly has published the book Talk is Cheap by James E. Gaskin.
Resources FSF Europe NewsletterThe July 8, 2005 edition of the Free Software Foundation Europe Newsletter is online with the latest FSFE news.
Linux Gazette #116The Linux Gazette for July 2005 is out. In addition to the usual features this issue has articles on Automatic creation of an Impress presentation from a series of images, Booting Knoppix from a USB Pendrive via Floppy, Introduction to Shell Scripting, part 6, User-Centered Design, and more.
Contests and Awards Bug 300000 Sweepstake Results Announced (MozillaZine)MozillaZine has announced the winner of the Bug 300000 Sweepstake. "Gervase Markham has announced the results of the Bug 300000 Sweepstake. Gerv writes: "bugzilla.mozilla.org bug 300,000 was filed on 2005-07-07 at 13:54 ZST by long-time Mozilla contributor 'timeless'. Of all the entrants in the 300,000 bug sweepstake, the person who guessed closest was Takeshi Nishimura, who guessed 2005-07-07 07:06 - over a period of nearly 4 months, he was only 6 hours, 48 minutes out!""
Upcoming Events GUADEC 2006 Slated For BarcelonaThe initial press release for GUADEC 2006 has been posted. The event will take place in Barcelona, Spain in May 2006.
Linux Bangalore PlanningA planning announcement has gone out for the next Linux Bangalore event. There is a request for: "More suggestions from you, more recommendations, more comments."
linux.conf.au 2006 - Call For PapersA call for papers has gone out for the 2005 linux.conf.au event. The conference will be held in Dunedin, New Zealand in January, 2006. Papers are due by September 5, 2005.
Linux Installfest workshops in Davis - Saturday, July 16thThe Linux Users' Group of Davis will hold another Linux Installfest workshop in Davis, California on July 16, 2005.
ToorCon 2005 Call for PapersA Call for Papers has gone out for ToorCon 2005, a hacker convention that will be held in San Diego on September 15-18, 2005. Papers are due by August 15.
Events: July 14 - September 8, 2005
Web sites Social Bookmarking for Linux and Open SourceLinuxQuestions.org has announced a new LQ Bookmarks site. "LQ Bookmarks allows you to bookmark, tag, annotate and share links to Open Source and Linux related sites. It also allows you to access your bookmarks from any browser on any machine. The ability to share and see what others are sharing is called social bookmarking."
Audio and Video programs LQ Radio Show - Episode #2Episode number 20 of the LQ Radio Show is available. "The show is hosted by jeremy and includes a panel of LQ moderators. Topics include Linux on the desktop, beagle, Apple moving to Intel, blogging, Linux appliances, broadcom, Google's Linux app, the Vienna Linux migration and much much more."
Miscellaneous Another fun DMCA caseAttorney William Patry's weblog looks at a new DMCA case, which, at its core, is claiming that a failure to heed a web site's robots.txt file is a circumvention of a technical copyright protection measure. "Those who decry the DMCA as an (attempted) tool of oppression will find more than ample support in this effort."
Page editor: Forrest Cook Letters to the editor European rejection of software patents is a victory for open source
The Open Source Initiative welcomes the news that European Parliament
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[EasyTAG]](/images/ns/easytag.png)
A condensed feature list of the latest version follows: