LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for August 18, 2005The Open Software License, Version 3.0In December, 2004, a committee tasked by the European Commission issued a report [PDF] on open source licensing. This report concluded that, while the existing open source licenses achieved a number of important goals, none was 100% suited to the task of licensing software in Europe. The shortcomings they found led the committee to suggest that the EU should adopt either a modified version of the Open Software License or a completely new license drafted with European requirements in mind.Most of the problems found by this committee were related to terminology. Most open source licenses, for example, allow the licensed software to be redistributed. Under the European interpretation, however, "redistribute" has a narrower meaning; in particular, it does not include acts like making the software available for general download on the net. The essential right for this sort of redistribution is "communicate to the public." Without an explicit grant of the right to communicate the licensed code to the public, the possibility remains that some court, somewhere, could conclude that putting a tarball on a web site is a violation of the license. "Virality" is another concern of the authors, who see the GPL is being rather more "viral" than the alternative licenses. In particular, the authors see dynamic linkage as a barrier over which the concept of a "derived work" cannot cross:
The viral effect through mere dynamic linkage (also called "strong
copyleft") is a much more debated question, and currently discussed
on its legal grounds. From our point of view, there is no legal
provision in the EC 91/250 directive on which this viral effect
could be grounded. On the contrary, when a program dynamically
linked with another, no code is reproduced in the program as such:
the only reproduction of code that is made occurs in the RAM of the
computer, where both the programs are "merged".
The Free Software Foundation, instead, does not feel that the type of linking used affects the copyright status of the resulting program. This distinction is important; it could, for example, affect the status of proprietary kernel modules. Because they disagree with the FSF's interpretation, the report's authors shy away from the GPL, even though other "copyleft" licenses contain similar language - and copyleft is what the authors say they want. A few other details caught their attention. Licenses in Europe, for example, are generally not allowed to outlast the corresponding intellectual property protection period. The terms of a copyright license thus cannot be imposed after the covered work has gone out of copyright, should that ever be allowed to happen again. Some details in warranty disclaimers are different, and there are certain types of warranty which cannot be disclaimed. In response to this report, Lawrence Rosen, the author of the Open Software License, has announced a draft version 3.0 of the OSL [PDF] for review. The draft is annotated so that it is easy to see what has changed from the current version (2.1). Most of the changes are fairly obvious given the discussion above: the OSL now explicitly grants the right to "communicate" the software, for example. The license is no longer "perpetual"; instead, the copyright and patent grants are for the copyright and patent protection periods, respectively. There are a couple of new terms which might not be popular with all users of this license, however. The "acceptance" clause now includes the following text:
If You distribute or communicate copies of the Original Work or a
Derivative Work, You must make a reasonable effort under the
circumstances to obtain the express assent of recipients to the
terms of this License.
This language is a response to concerns about whether a license can truly be binding in Europe if the licensee has not explicitly accepted it. The "reasonable effort under the circumstances" might include an active copyright acceptance step required at download time or when the software is installed. It is unclear what might be expected of a distributor shipping OSL-licensed software mixed in with thousands of other packages. The new license also adds:
Unless You obtain a separate license or a waiver of this sentence
from the Licensor, (i) You must display Licensor's copyright and
patent notices on copies of the Original Work and Derivative Works
that You distribute, in the same places and with the same
prominence as You display Your own copyright and patent notices,
and (ii) You must display a statement to the effect that "Your work
is a Derivative Work of Licensor's Original Work licensed under the
Open Software License version 3.0" in copies of Derivative Works
that You distribute, in the same places and with the same
prominence as You display Your own trademarks.
This looks like the return of the unlamented BSD advertising clause. It is less onerous, however, in that it only requires attribution in places where the redistributor is asserting copyright claims. Still, a splash screen for an application built from several OSL-licensed libraries could get unwieldy. Mr. Rosen states:
This change has nothing to do with the other changes I made in
response to the EC proposal for a license that conforms more
closely to their language and needs. It was made because certain
open source companies who contribute free software have told me
they need a way to prevent downstream distributors from simply
making it appear that the new distributors -- and not the original
author -- are the ones responsible for the work.
It is not clear how much of a problem this has been in the real world, and whether it truly needs fixing. The OSL is not a hugely popular license; Freshmeat claims that the OSL applies to 0.15% of the projects listed there. There are some important projects using the OSL, however, including Rails, Globus, ImageMagick, and sparse. This license is well respected and carries a certain influence. Its importance could grow if it comes to be seen as the license to use for those who are especially concerned about adherence to European law. So this proposed update is significant. For those who are interested, the discussion is happening now on the Open Source Initiative's license-discuss mailing list.
GNOME and the way forwardIt is not often that a straightforward software release announcement generates over 100 comments on LWN, so the recent GTK+ 2.8.0 announcement is special. One might think that the commenters were excited about the new GTK+ features, including Cairo graphics, composite extension support, or that sexy new file browser widget. But no such luck. It would seem that what people really want to talk about is key bindings, which are unchanged in 2.8.0. Certain users see GNOME as moving steadily away from its initial user base, and away from the traditions of Unix as a whole, and they are vocal about their discontent with this state of affairs.Certainly, the GNOME desktop offers enough annoyances to make just about any user grumpy. Your editor is burned daily by the metacity "a new window gets the keyboard focus regardless of the pointer position" policy; having the focus yanked away in the middle of a sentence does not seem like the most user-friendly policy. Why can't gthumb's forms do the right thing when the user hits "enter," rather than forcing another trip back to the mouse? Where, exactly, is the little option to get emacs key bindings? Clicking on a window does not mean the window should be raised; there is a separate combination for that. The new, "electron cloud" busy-cursor behavior in the Rawhide version of GNOME 2.12 is distracting and annoying, requiring a trip to an external site for a new cursor theme. Dia's aggressive use of "tool tips" makes a nice drawing application almost unusable. Why is there no easy way to move settings from one system to another? And so on. Annoyances are part of using a computer, however. It is hard to imagine that a desktop as complex and featureful as GNOME would be free of glitches. These things can be smoothed out over time to make room for new bits of obnoxious behavior. The GNOME debate goes beyond the current set of misfeatures, however, and into a couple of fundamental issues which are worth a look. One of these is: to what extent is GNOME a "Unix" desktop, and to what extent should it preserve the traditional Unix way of doing things, whatever that might be? At the 2000 Ottawa Linux Symposium, Miguel de Icaza delivered his famous "Unix sucks" talk. Unix, he said, had gone stale and had not been the source of any significant innovation for quite some time. The GNOME project intended to move beyond hidebound Unix ways and deliver something new. Miguel's vision, which seemed to involve switching over to hidebound Microsoft ways, does not appear to be driving the GNOME project at this time, but the project does appear willing to break from the past - even its own past - if that offers hope of a better desktop. And that is how it should be. The Unix way of doing things worked well in a different era, when users were clueful, systems were small (in capability, if not in actual size), and an ADM 3 terminal in one's office seemed like a major step up. How do many of the fundamental Unix ideas - writing programs as small, text-oriented filters, for example - fit into the creation of a modern, graphical desktop? Clearly, developers wishing to pull Linux forward into a larger world with a broader user community have to be willing to do some things differently. One may not agree with everything that the GNOME project has done, but the GNOME hackers are (like their counterparts at KDE and elsewhere) trying to change the world for the better. It would be surprising indeed if there were a consensus on what "better" is, especially before it has been implemented and pounded on. The GNOME idea of "better" may or may not win out in the end, but, because the developers are working at it, we will have the opportunity find out. And that is a good thing. The other issue which comes up with some regularity is a perceived arrogance from some in the GNOME camp. Experimentation with the desktop will go best when accompanied by careful attention to the resulting cries of agony from the user community. Users have often been heard to complain, however, that the GNOME hackers Know Too Much to listen to those cries as they follow the One True Course. A tendency by some developers to describe user requests as "crack" probably has not helped in this regard. Recent posters have complained about the refusal by the Evolution maintainers to accept a patch enabling the use of external editors. There is a hard line to follow here; the maintainer of any successful free software project must learn to say "no" to features and requests much of the time, or that project will likely collapse under its own weight. Say "no" too often, however, and both users and developers will leave for a more accommodating environment. The GNOME developers may well be guilty of occasionally erring on the "no" side of that line, however. The project probably hit its low point early in the 2.x series, when configuration options were being jettisoned in a seemingly indiscriminate manner and few apologies were forthcoming. The situation seems to have improved, however, even if work remains to be done; chances are that 2.12 will be the best GNOME release yet. The nice thing about all this is that we are dealing with free software. Using GNOME is not required to get the most out of Linux. The KDE project is out there, and several other desktops as well; it should not be hard to find one to suit the needs of any particular user. One can even still operate a Linux system via an ADM 3 terminal, using the traditional key bindings. The GNOME hackers are doing the right thing in a general sense by pushing toward their vision of a better desktop. If they fail to meet the needs of the user community - or to listen to that community's feedback - there are plenty of alternatives to choose from. Or even the option of forking the project, should that seem like the best course. For the time being, however, this project has made major progress in the creation of a powerful Linux desktop, and the whole thing is free software. There are limits to how much one should complain about that. [As a footnote, it's worth noting that long-time GNOME release manager Jeff Waugh is stepping down; his replacement will likely be Elijah Newren. Congratulations are due to Jeff for heading up several smooth, on-time GNOME releases.]
Security Wiretapping and emailThe legal protection for email has been expanded, just slightly. The full First Circuit Court of Appeals has overturned a First Circuit panel decision that allowed Bradford Councilman to monitor the content of his users' incoming email. Councilman was vice president of Interloc, a company that ran an online service that listed rare and out-of-print books, and offered its customers an email at "interloc.com." (Interloc has become Albris.) In January 1998, Councilman directed employees to copy incoming email from Amazon.com to subscribers. A procmail script was used to copy those messages, without any notice to Interloc's users, into a mailbox that Councilman could read in an attempt to gain a commercial advantage. In 2001, a grand jury charged Councilman with conspiracy to violate the Wiretap Act. This count was dismissed by district court, and the dismissal was affirmed by a panel hearing of the First Circuit Court last year, but the full court granted an en banc hearing which overturned the panel decision. The judgment has been vacated and the case has been remanded to the district court. The case centers on whether email is an "electronic communication," or whether Congress meant to -- by exclusion -- exempt "communications in transient storage" from the Wiretap Act. The Electronic Communications Privacy Act (ECPA) of 1986 updated title 18 of the United States Code (the Wiretap Act), making it an offense to "intentionally intercept, endeavor to intercept, or procure any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication." If email is considered an electronic communication, then it is considered protected under the ECPA. However, Councilman argued that email was not "electronic communication" when it was copied because it was "in storage" at the time. The court has decided that Councilman's interpretation "is inconsistent with Congress's intent."
The statute contains no explicit indication that Congress intended to
exclude communications in transient storage from the definition of
"electronic communication," and, hence, from the scope of the Wiretap
Act. Councilman, without acknowledging it, looks beyond the face of the
statute and makes an inferential leap. He infers that Congress
intended to exclude communications in transient storage from the definition
of "electronic communication," regardless of whether they are in the
process of being delivered, simply because it did not include the term
"electronic storage" in that definition. This inferential leap is not a
plain text reading of the statute.
It's also worthwhile to note the court's comments on the Stored Communications Act, saying that "Councilman's conduct may appear to fall under the Stored Communications Act's main criminal provision," but that he would also fall under the provider exception, which says the Act "does not apply with respect to conduct authorized by the person or entity providing a wire or electronic communications service." The Stored Communications Act, according to the Court's decision, appears to establish "virtually complete immunity" for service providers in handling email on their systems. However, the Stored Communications Act does not provide a "safe harbor" for Councilman, since the Wiretap Act has a much narrower service provider exception, which only allows interception as "necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service." Obviously, Councilman's actions do not fall within this definition. The court concluded that "electronic communication" includes "transient electronic storage that is intrinsic to the communication process for such communications" and that "interception of an email message in such storage is an offense under the Wiretap Act." Assuming this decision holds, the Councilman decision is a victory for users and protects email in transit -- whether that is "on the wire" or in temporary storage on a server awaiting delivery to its final destination -- granting email the same protection from interception and monitoring that is given to phone calls.
Brief items An overview of multilevel securityOne of the many features added to the 2.6.12 kernel is multilevel security support for SELinux. The only problem is that few people actually understand what MLS is. James Morris has posted a multilevel security overview which makes a good starting point. "The reason why we have categories as well as sensitivities is so that sensitivities can be further compartmented on a need to know basis. For example, while a user may be cleared to Secret, they may not need to know anything about project WarpDrive (which could be the name of a category)."
The Hidden Boot Code of the XboxThe Xbox Linux Project site has posted a detailed article on how the Xbox was designed to prevent the booting of "unauthorized" software, and how that scheme was defeated. It is an interesting look at the design of non-free hardware. (By way of Bruce Schneier).
New vulnerabilities Adobe Acrobat Reader: arbitrary code execution
awstats: command injection vulnerability
bluez: command execution
evolution: format string issues
kdeedu: tempfile handling vulnerabilities
Mozilla: frame injection spoofing
Updated vulnerabilities a2ps: input validation error
affix: two remote vulnerabilities
amd64: multiple vulnerabilities
httpd: off-by-one overflow and cross-site scripting
bzip2: race condition and infinite loop
ClamAntiVirus: integer overflows
cpio: directory traversal
CUPS: multiple vulnerabilities
cyrus-imapd: buffer overflows
dbus: information disclosure
dhcpcd: denial of service
emacs21: format string vulnerability in "movemail"
enscript: arbitrary code execution
epiphany: Mozilla regression vulnerability
ethereal: dissector vulnerabilities
evolution: message crash vulnerability
fetchmail: buffer overflow
Foomatic: Arbitrary command execution in foomatic-rip
gaim: buffer overflow
gdb: multiple vulnerabilities
gtk-pixbuf, gtk2: denial of service
gedit: format string vulnerability
gettext: Insecure temporary file handling
ghostscript: symlink vulnerabilities
glibc: tempfile vulnerability in catchsegv script
gnupg: information leak
grip: buffer overflow
groff: insecure temporary directory
gzip: arbitrary command execution
heartbeat: insecure temporary files
htdig: cross site scripting
imap: buffer overflow in c-client
imlib2: buffer overflows
junkbuster: heap corruption and settings modification
kdelibs: kate backup file permission leak
kernel: ELF loader core dump vulnerability
kernel: multiple vulnerabilities
kernel: multiple vulnerabilities
krb5: double-free flaw
libconvert-uulib-perl: arbitrary code execution
libdbi-perl: insecure temporary file
libgadu: memory alignment bug
libgd2: buffer overflows in PNG handling
libnet-ssleay-perl: weakened cryptographic operations
libtiff: insufficient validation
libTIFF: buffer overflow
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
libXpm: new buffer overflows
mc: buffer overflow
mod_python: remote access vulnerability
mysql: low-impact security fix
ncpfs: multiple vulnerabilities
nfs-utils: arbitrary code execution
OpenSSL: information leak
OpenSSL: denial of service vulnerabilities
pam_ldap: plain text authentication leak
perl: setuid vulnerabilities
perl: symlink vulnerability
phpsysinfo: cross-site-scripting
postgresql: database initialization errors
Pound: buffer overflow
ProFTPD: format string vulnerabilities
pstotext: remote execution of arbitrary code
rp-pppoe, pppoe: missing privilege dropping
ruby: arbitrary command execution
shorewall: rule bypass vulnerability
SpamAssassin: Denial of Service vulnerability
SquirrelMail: several XSS vulnerabilities
sudo: race condition
sysreport: insecure temporary file
File overwrite vulnerability in tar and unzip
tcpdump: denial of service
tcpdump: multiple DoS issues
thunderbird mozilla firefox: multiple vulnerabilities
Tor: information disclosure
ucd-snmp: denial of service
vim: arbitrary command execution
vixie-cron: crontab allows any user to read another users crontabs
wget: file overwrites and arbitrary code execution
XChat 2.0.x SOCKS5 Vulnerability
xine-lib: buffer overflows
xine-ui - insecure temporary file creation
xorg-x11: integer overflows
xpdf: buffer overflow
xpdf: denial of service
zlib: buffer overflow
zlib: buffer overflow
Resources (IN)SECURE Magazine issue 3The third issue of (IN)SECURE magazine is out; covered topics include PDA attacks, adding signatures to nmap, SQL injection, and an interview with Michal Zalewski.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current stable 2.6 release is 2.6.12.5, which was announced on August 14. Among other things, this update contains fixes for a few security problems.The current 2.6 prepatch remains 2.6.13-rc6. There has been a slow but steady stream of fixes trickling into Linus's git repository. It is unclear, as of this writing, whether the quantity of patches is sufficient to force another -rc release before 2.6.13 comes out. The current -mm release remains 2.6.13-rc5-mm1; there have been no -mm releases since August 7.
Kernel development news A CLOCK-Pro page replacement implementationVirtual memory management appears to be a perennially unsolved operating systems problem. Nobody has yet figured out how to perform page replacement in such a way as to ensure that the pages that will be needed in the future may be found in main memory. Crystal balls, it seems, remain fiendishly difficult to implement.The reigning algorithm used in most systems is a variant of the least-recently-used (LRU) scheme. If a page has not been used in a long time, the reasoning goes, it probably will not be needed again in the near future; pages which have not been used for a while are thus candidates for eviction from main memory. In practice, tracking the usage of every page would impose an unacceptable amount of overhead, and is not done. Instead, the VM subsystem scans sequentially through the "active list" of pages in use, marking them as "inactive." Pages on the inactive list are candidates for eviction. Some of those pages will certainly be needed soon, however, with the result that they will be referenced before that eviction takes place. When this happens, the affected pages are put back on the active list at the "recently used" end. As long as pages stay in the inactive list for a reasonable time before eviction, this algorithm approximates a true LRU scheme. This mechanism tends to fall apart with certain types of workloads, however. Actions like initializing a huge array, reading a large file (for streaming media playback, for example), starting OpenOffice, or walking through a large part of the filesystem can fill main memory with pages which are unlikely to be used again anytime soon - at the expense of the pages the system actually needs. Pages from files start in the inactive list and may, at least, be shoved back out relatively quickly, but anonymous memory pages go straight to the active list. Many Linux users are familiar with the occasional sluggish response which can come after the active list has been flushed in this way; with some workloads, this behavior can be a constant thing, and the system will consistently perform poorly.
Rik van Riel has recently posted a set of patches aimed at improving the
performance of the VM subsystem under contemporary loads. The algorithm
implemented is based on CLOCK-Pro,
developed by Song Jiang, Feng Chen, and Xiaodong Zhang. CLOCK-Pro attempts
to move beyond the LRU approach by tracking how often pages are accessed
and tweaking the behavior of the VM code to match. At its core, CLOCK-Pro
tries to ensure that pages in the inactive list are referenced less
frequently than those on the active list. It thus differs from LRU
Implementing CLOCK-Pro requires that the kernel keep track of pages which have recently been evicted from main memory. To this end, Rik's patches create a new data structure which tries to perform this tracking without adding much extra overhead. There is a new kernel function:
int do_remember_page(struct address_space *mapping, unsigned long index);
The VM code will, when moving a page out of main memory, first call remember_page() with the relevant information. This function implements a data structure which looks a little like the following:
![[Cheezy nonresident page diagram]](/images/ns/kernel/nonresident_page.png)
When a page is to be remembered, a hash value is generated from the mapping and index parameters; this value will be used as an index into the nonres_table array. Each hash bucket contains a fixed number of entries for nonresident pages. do_remember_page() treats the hash bucket like a circular buffer; it will use the hand index to store a cookie representing the page (a separate hash, essentially) in the next available slot, possibly overwriting information which was there before. The size of the entire data structure is chosen so that it can remember approximately as many evicted pages as there are pages of real memory in the system. The cost of the structure is one 32-bit word for each remembered page. At some point in the future, the kernel will find itself faulting a page into memory. It can then see if it has seen that page before with a call to:
int recently_evicted(struct address_space *mapping, unsigned long index);
A non-negative return value indicates that the given page was found in the nonresident page cache, and had, indeed, been evicted not all that long ago. The return value is actually an estimate of the page's "distance" - a value which is taken by seeing how far the page's entry is from the current value of the hand index (in a circular buffer sense) and scaling it by the size of the array. In a rough sense, the distance is the number of pages which have been evicted since the page of interest was pushed out. Whenever a page is faulted in, the kernel computes a distance for the oldest page in the active list; this distance is an estimate taken from how long ago the oldest page would have been scanned (at the current rate). This distance is compared to the distance of the newly-faulted page (which is scaled relative to the total number of recently evicted pages) to get a sense for whether this page (which had been evicted) has been accessed more frequently than the oldest in-memory page. If so, the kernel concludes that the wrong pages are in memory; in response, it will decrease the maximum desired size of the active list to make room for the more-frequently accessed pages which are languishing in secondary storage. The kernel will also, in this case, add the just-faulted page directly to the active list, on the theory that it will be useful for a while. If, instead, pages being faulted in are more "distant" than in-core pages, the VM subsystem concludes that it is doing the right thing. In this situation, the size of the active list will be slowly increased (up to a maximum limit). More distant pages are faulted in to the inactive list, meaning that they are more likely to be evicted again in the near future. Your editor applied the patch to a vanilla 2.6.12 kernel and ran some highly scientific tests: a highly parallel kernel make while simultaneously running a large "grep -r to read large amounts of file data into the page cache. The patched kernel adds a file (/proc/refaults) which summarizes the results from the nonresident page cache; after this experiment it looked like this:
Refault distance Hits
0 - 4096 138
4096 - 8192 108
8192 - 12288 93
12288 - 16384 88
16384 - 20480 86
20480 - 24576 84
24576 - 28672 59
28672 - 32768 48
32768 - 36864 53
36864 - 40960 46
40960 - 45056 43
45056 - 49152 46
49152 - 53248 39
53248 - 57344 39
57344 - 61440 39
New/Beyond 61440 11227
This histogram shows that the vast majority of pages brought into the system had never been seen before; they would be mainly the result of the large grep. A much smaller number of pages - a few hundred - had very small distances. If the patch is working right, those pages (being, one hopes, important things like the C compiler) would be fast-tracked into the active list while the large number of unknown pages would be hustled back out of main memory relatively quickly. As it turns out, the patch doesn't work right quite yet. Much of the structure is in place, but the desired results are not yet being seen. These details will presumably be worked out before too long. Only at that point will it be possible to benchmark the new paging code and decide whether it truly performs better or not. One never knows ahead of time with virtual memory code; the proof, as they say, is in the paging. [Thanks to Rik van Riel for his review of a previous draft of this article.]
Who needs /dev/kmem?Steven Rostedt recently ran into a little problem. He was trying to read the value of a kernel variable using /dev/kmem, but his attempts returned an I/O error. The resulting inquiry has led to people asking whether /dev/kmem should exist at all.Unix-like systems have, since nearly the beginning, offered a couple of character device files called /dev/mem and /dev/kmem. /dev/mem is a straightforward window into main memory; a suitably privileged application can access any physical page in the system by opening /dev/mem and seeking to its physical address. This special file can also be used to map parts of the physical address space directly into a process's virtual space, though this only works for addresses which do not correspond to RAM (the X server uses it, for example, to access the video adapter's memory and control registers). /dev/kmem is supposed to be different in that its window is from the kernel's point of view. A valid offset in /dev/kmem would be a kernel virtual address - these addresses look much like physical addresses, but they are not. On commonly-configured i386 systems, for example, the base of the kernel's virtual address space is at 0xc0000000. The code which implements mmap() for /dev/kmem looks like this in 2.6.12:
if (!pfn_valid(vma->vm_pgoff)) return -EIO; val = (u64)vma->vm_pgoff << PAGE_SHIFT; vma->vm_pgoff = __pa(val) >> PAGE_SHIFT; return mmap_mem(file, vma); The idea is to turn the kernel virtual address into a physical address (using __pa()), then use the regular /dev/mem mapping function. The problem, of course, is that the pfn_valid() test is performed before the given page frame number has been moved into the physical space; thus, any attempt to map an address in the kernel's virtual space will return -EIO - except on some systems with large amounts of physical memory, and, even then, the result will not be what the programmer was after. This mistake would almost certainly be a security hole, except that only root can access /dev/kmem in the first place. Linus has merged a simple fix for 2.6.13. It does not even try to solve the whole problem, in that it still fails to properly check the full address range requested by the application. But the real question that has come out of this episode is: is there any reason to keep /dev/kmem around? The fact that it has been broken for some time suggests that there are not a whole lot of users out there. It has been suggested that root kits are the largest user community for this kind of access, but there are no forward compatibility guarantees for root kit authors. The Fedora kernel, as it turns out, has not supported /dev/kmem for a long time. Removing a feature like that is not in the cards for 2.6.13. But, unless some sort of important user shows up, chances are that /dev/kmem will not survive into 2.6.14. Anybody who would be inconvenienced by that change should speak up soon.
Cleaning up some page flagsstruct page is at the core of the memory management subsystem; one of these structures exists for every physical page of memory on the system (and for a few places which are not memory). Since a typical system will contain large numbers of page structures, there is a great deal of pressure to keep that structure small. But there are a lot of things that the kernel needs to know about pages. The result is that struct page contains a densely-packed flags field, and that the developers continually worry about running out of space for flags - even though a fair number of them are currently unused. Some of these flags also carry a fair amount of historical baggage which would be nice to clean up.Consider, for example, a flag called PG_checked. Its definition in include/linux/page-flags.h (2.6.13-rc6) reads as follows:
#define PG_checked 8 /* kill me in 2.5.<early>. */
Somebody clearly missed a deadline. In fact, there is a certain amount of confusion over just what this flag does. A bit of research revealed that it is used in several filesystems, and that it is unlikely to go away anytime soon. ext3 uses this flag to mark pages to be written to disk at a future time. AFS uses it to indicate valid directory pages. Reiserfs uses this flag for journaling purposes. And the (out-of-tree) cachefs implementation uses it to mark pages currently being written to local backing store. So this flag clearly is not going away anytime soon, much less by 2.5.early. In an effort to clarify the situation, Daniel Phillips has posted a patch which renames the flag as follows:
#define PG_fs_misc 8 /* don't let me spread */
There is some disagreement over naming, but the core of the patch is uncontroversial. This flag will officially be dedicated to filesystem use. Another flag with significant history is PG_reserved. In this case, too, the meaning of the flag has been somewhat obscured over time, though it can be summarized as "this page is special and the VM subsystem should leave it alone." It marks parts of the physical address space which have page structures, but which are not real memory - the legacy ISA hole in the i386 space, for example. The memory dedicated to the kernel text is also marked reserved. The kernel function which maps physical address spaces into a process's virtual space (remap_pfn_range()) will refuse to remap unreserved memory, leading to a long history of device drivers setting that flag to remap internal buffers. The consensus seems to be that the "reserved" flag can go. So Nick Piggin has been working on a patch which takes it out - mostly. In many cases, code which was testing that flag was really trying to decide if it was looking at a valid RAM page; there are other, better ways of making that test. In other cases, the higher-level VMA structure (which has its own VM_RESERVED flag) contains all of the needed information. In the remap_pfn_range() case, the test is simply removed, allowing all memory to be remapped. This change will modify the behavior of /dev/mem, which, previously, could not be used to mmap() regular RAM. All that is left, after Nick's patch, is a set of tests in the software suspend code. Once that has been taken care of, PG_reserved can go.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Janitorial
Memory management
Networking
Architecture-specific
Security-related
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials A look at the Linux Terminal Server ProjectSince the Linux Terminal Server Project (LTSP) came away with the Best of Show award at LinuxWorld Conference & Expo (LWCE) last week, we thought this would be a good time to take a look at the project and its status. Jim McQuillan of LTSP talked to us about the project and gave some insight into where it's going. What is LTSP? Basically, it's a package for Linux that allows low-powered thin clients to run off of a Linux server.According to McQuillan, the project was launched in August of 1999. LTSP originated out of a project that began in 1996, to provide a solution for Binson's Hospital Supplies (BHS) that would allow access to an AS/400 for legacy applications and Unix for new applications from a single computer or terminal on each desktop. After several false starts with dumb terminals and Windows PCs, diskless Linux workstations proved to be the best solution for BHS. Basically, LTSP is a distribution of Linux that sits on the server and is loaded by a thin client over a network using Etherboot or the Preboot Execution Environment (PXE). It sends a TFTP request for the kernel, and once the kernel is in memory, the client does an NFS mount of the filesystem on the LTSP server and a "pivot root" so that the NFS filesystem becomes the root filesystem. Then the LTSP client launches an X server to get a login back to the LTSP server. McQuillan noted that "we didn't invent this technology, it's been around for years. We just glued it together" and made it easier for people to use. There are some vital differences between LTSP and traditional "dumb terminals" that only display applications. With dumb terminals, all processing takes place on the server. LTSP, on the other hand, makes it possible to run some applications on the server and some applications locally, so that users can run applications that might not work well running over the network or that would place a heavy load on the server. McQuillan cited Firefox as an application that would be good to run locally, or VoIP applications, which the LTSP team demonstrated at LWCE. LTSP also makes it possible to reuse older hardware that might not be suitable for running current versions of Linux or Windows. McQuillan said that LTSP would run fine on "anything with a PCI bus and 16 MB of RAM." It also allows organizations to reduce support costs by centralizing applications and by using thin clients without hard disks -- thereby eliminating "moving parts" that fail often, and by centralizing storage. There are a few applications that aren't suitable for LTSP. For example, McQuillan was quick to say that LTSP wasn't really appropriate for gaming. "Trying to run Quake across the network is not a pleasant experience." Other rich multimedia, such as video editing, is pretty much out as well. Also, McQuillan said that if Linux itself didn't fit well for a specific use, then LTSP was pretty much out there as well. McQuillan said that the project does scale pretty well. The largest deployment he's worked on, the BHS deployment, runs 140 LTSP clients off of one server. He said he's also heard of setups consisting of 400 clients on a quad Opteron server. There are some limitations for the project. McQuillan told LWN that device support is "not as robust as we'd like," but that the project is working on making things work little better. "We want you to be able to plug in a USB device and instantly, a device icon appears on the desktop...that's where we have to be." The project is also working to make it easier to lock down the desktops so that administrators can more easily control what applications users have access to. He noted that GNOME and KDE may not be a good fit for larger environments with 50 to 100 users, because they're "fairly heavy." In those environments, McQuillan said that IceWM and XFce were good choices for lightweight window managers. Another hurdle for LTSP is the fact that it doesn't always fit well into a distribution. Right now, LTSP provides all the "bits" that make up the thin client distribution -- glibc, the kernel, etc. However, they're working on "Project MueKow" (pronounced "moo-cow"), which will use distribution packages as much as possible rather than providing all of the bits directly. The name is a play on Microsoft's "Longhorn." This will be showing up first in the next Ubuntu release, Breezy Badger. McQuillan said that four developers, two from LTSP and two from the K12LTSP project, went to Sydney in April to "help figure out how to integrate LTSP into Ubuntu." However, he also noted that he's eager to work with all of the distributions, not just Ubuntu. While attending LWCE, this writer had a chance to spend some time talking to some of the other LTSP team members and looking at the technology. When using a LTSP client, there really isn't a great deal of difference between using a workstation with a local Linux installation and using LTSP. Overall, LTSP looks like a great solution for organizations that want to save money on PCs and support costs. We're looking forward to seeing it included in Ubuntu and other distributions, which will no doubt help spread LTSP even further.
New Releases BLAG30001 ReleasedBLAG Linux and GNU has released BLAG30001 (lederhosen). BLAG30001 is based on Fedora Core 3 plus updates, and additional applications from Dag, Freshrpms, NewRPMS, and includes custom packages. "BLAG30001 is the first update to the BLAG30k series. Updates include a new kernel, gaim, gimp, openssl, perl, php, spamassassin, thunderbird, cups, cpp, httpd (apache), openssh, vim, wireless-tools, yum, zlib, bittorrent, graveman, kismet, amule, mplayer, xine, firefox, mozilla, tor and parted. New packages are gtk-gnutella & nicotine. Overall, 139 packages were updated on the CD (16% of the total)."
Distribution News Distro Development TalkDistro Development Talk is a new forum for the discussion of Linux distribution development issues. The goal is to have a site that describes solutions to common distribution problems and share information between distributions. Click below for the full announcement.
Debian 12 Years Old (DebianPlanet)DebianPlanet notes that the Debian Project turned twelve years old this week and it is available on twelve different architectures.To celebrate DebianPlanet has started a retrospective of some of the important and interesting things that have happened in the Debian community in the last year.
The Debian Project receives fundingThe Debian project has announced that it will received funding from the LinuxFund. The Linux-oriented credit card organization will be disbursing $6,000 in total, $500 per month for one year.
First Annual Bangalore Debian Developer ConferenceThe Indian Institute of Information Technology, Bangalore is organizing a one day Debian Conference on 20th August, 2005. The conference is mainly to create a platform for Debian Developers in India and create an environment for more contributions to Debian Project from India.
Debian GNU/Linux announcementsThe Debian project adds security support for stable amd64. "This port is not yet part of the Debian archive, but it will be included in unstable/testing soon and users already benefit from security updates distributed via security.debian.org."This is a call for sponsors to donate locations, work and money for debian developer gatherings. Debian developers have found that small gatherings are highly effective for problem solving, especially those that require group discussion and focused cooperation. "Debian should have many such gatherings whenever they are needed. In order to have more of them help from sponsors would be welcome. Gatherings in planning that i know of are debian-qa, debian-java, debian-installer and debian-edu." Here's an announcement clarifying the policy for the expulsion of Debian Developers.
The return of archive.debian.org (DebianPlanet)DebianPlanet reports that archive.debian.org is back online, thanks to Phil Hands.
Unofficial Fedora FAQ UpdateThe Unofficial Fedora FAQ has been updated. There are many minor updates plus a method of installing FC4 using floppies, and several new translations.
Distribution Newsletters Debian Weekly NewsThe Debian Weekly News for August 16, 2005 is out. Topics this week include Debian's twelfth birthday on August 16, the Bangalore Debian Developer Conference, the policy for removing packages from testing, a renaming of kernel source packages, bug handling, security support for AMD64, the policy for the expulsion of Debian developers, LinuxFund funding, the Debian women subproject, sponsors needed for developer meetings, and more.
Fedora Weekly NewsThe Fedora Weekly News #8 looks at the Fedora Project booth at LinuxWorld San Franicsco, Auditd Initscript Reports Errors, Mozilla Foundation Forms New Organization, Mozilla 1.7.11 Released, mplayerplug-in 3.05 Released, Test de Fedora Core 4 and more.Fedora Weekly News #9 is also available. This issue covers the availability of Fedora Core 4 with Global File System, Fedora in LinuxWorld San Francisco 2005, LinuxWorld Expo Blogs and Stories, the launch of Fedora Foundation delayed, Fedoraproject.org needs to be revamped, and several other topics.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for the week of August 15, 2005 is out. This edition covers the release of Gentoo Linux 2005.1, the first US Gentoo developer conference webcast from San Francisco, and more.
DistroWatch Weekly, Issue 113The DistroWatch Weekly for August 15, 2005 is out. "We shall start with a quick look at the first alpha release of the Gentoo Installer project - the first Gentoo live CD which boots into a full GNOME desktop and which can be installed to a hard disk with -- believe it or not -- a mouse! Then we'll talk briefly about the first beta release of SUSE Linux 10.0 and introduce two web sites specialising in bringing you news and information about the many live CD projects available today. Our featured distributions of the week is BLAG Linux And GNU, a single CD Fedora-based distribution with a home entertainment bias."
Package updates Fedora updatesFedora Core 4 updates: system-config-bind (bug fixes), system-config-netboot (bug fixes), lam (bug fix), evolution-data-server (fix crash in the LDAP backend), audit (fix several problems), mc (update to 4.6.1), kdepim (fix kmail bug).Fedora Core 3 updates: system-config-bind (bug fixes), system-config-netboot (bug fixes), lam (bug fix), mc (update to 4.6.1), system-config-netboot (bug fixes), koffice (update to 1.4.1), and a KDE update to 3.4.2 including kdeaddons, kdeadmin, kdeartwork, kdebindings, kdebase, kdeedu, kdegames, kdegraphics, kde-il8n, kdelibs, kdemultimedia, kdenetwork, kdepim, kdesdk, kdetoys, kdeutils, kdevelop, kdewebdev, arts, arts.
Mandriva Linux updatesMandriva Linux has an rpmdrake update for 10.0, 10.1, Corporate 3.0 and Corporate Server 2.1. "Due to the changeover of the Mandriva domain names and the unavailability of the old Mandrake Linux domains, rpmdrake needed an update in order to update the mirrors list file."This ghostscript update fixes Ghostscript 8.15 on 64bit platforms, which can crash and dump core processing on carefully crafted .pdf files.
Trustix TSL-2005-0041Trustix has fixed bugs in several packages, including apache, cgilib, curl, kernel, libart, mod_auth_mysql, mod_auth_pgsql, mod_authz_ldap, open, php, rrdtool, vlock and webalizer, for TSL 2.2 & 3.0.
Distribution reviews Austrumi 0.9.7 Released (TuxMachines.org)TuxMachines reviews Austrumi 0.9.7. "In case you didn't know, Austrumi is a business card size (50MB) bootable Live CD Linux distribution based on 'Slackware GNU Linux' using'Blin' initialisation scripts. I looked at version 0.9.5 back in May and found it to be a great little mini distro. At that time it had wonderful fonts and amazing speed to add enjoyment to using the many apps included in that teny tiny 48mb. Version 0.9.7 was released a coupla days ago and I wanted to see what was new."
Review: Xandros Desktop 3.0 Business Edition (NewsForge)NewsForge features a review of Xandros Desktop 3.0 Business Edition by Jem Matzan. "Last summer I reviewed Xandros Business Edition 2.5 and found that it generally wasn't ready to compete with existing, established corporate desktops. It suffered from an old kernel, malfunctioning sound drivers, a high pricetag, the inability to perform unattended or remote installations, and a bug in the desktop environment that annoyed me. In the current version, Xandros has remedied all of these negative points."
Page editor: Rebecca Sobol Development The autopackage binary packaging frameworkThe autopackage project is building a cross-distribution software packaging system. The software is being built by this group of programmers. The autopackage FAQ explains some of the project goals:
For users: it makes software installation on Linux easier. If a project provides an autopackage, you know it can work on your distribution. You know it'll integrate nicely with your desktop and you know it'll be up to date, because it's provided by the software developers themselves. You don't have to choose which distro you run based on how many packages are available.
Autopackage aims to improve on some of the weaknesses of packaging
systems such as RedHat's RPM, the
RPM Package Manager:
"What RPM is not good at is non-core packages, ie programs available from the net, from commercial vendors, magazine coverdisks and so on. This is the area that autopackage tackles."
The use of autopackage involves the package command line utility, or GTK2 and Qt versions of the Manger application. The GUI interface is designed to resemble the Windows InstallShield application. One-click package installation that is similar to Linspire's commercial CNR (click and run) package system makes installations simple. The user interface vision document explains some of the interface guidelines. The how to use document presents a quick tour of the system, and the autopackage screen shots show the software in action. The autopackage system uses executable package files with the .package suffix, the package format has been designed with multiple distribution support as a primary feature. Automatic dependency resolution is being addressed by the use of Luau, the Lib Update/AutoUpdate Suite. Issues that need addressing with autopackage include dealing with the upgrading of applications installed by other package management systems, securely managing the signing of packages in a decentralized package distribution environment, lack of a common desktop Linux platform definition, and support for platforms other than X86 and X86-64. The success of the project may largely depend on its adoption by independent software applications designers. If a critical mass of applications is reached, end users will have sufficient motive to install the software, and the distribution vendors will have motivation to include the system in their base systems. Applications developers wishing to create .package files should review the Packager QuickStart document. A limited number of packages are currently listed on the autopackage downloads page. Autopackage fills a software distribution niche between distribution-specific packaged software and source code that requires building by the end user. This seems like an area that is fertile for development, developers of lesser-known software applications would likely see their code more widely used if they provided .package files. Version 1.0.6 of autopackage was announced this week, it includes bug fixes and other improvements.
System Applications Database Software PostgreSQL Weekly NewsThe August 14, 2005 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL database developments.
ZODB 3.4.1 final releasedFinal version 3.4.1 of ZODB, the Zope Object Database, is out. "There have been many bugfixes in various areas since ZODB 3.4. In addition, optional ZEO client cache tracing was badly broken with the introduction of multiversion concurrency control (MVCC) in ZODB 3.3, and ZODB 3.4.1 is the first attempt to repair that."
Libraries Cairo release 0.9.2 now availableVersion 0.9.2 of the Cairo vector graphics library is out. "This is a development release leading up to cairo 1.0."
Printing ESP Ghostscript 8.15rc4 announcedVersion 8.15 rc4 of ESP Ghostscript has been announced. "ESP Ghostscript 8.15rc4 is the fourth release candidate based on GPL Ghostscript 8.15 and includes an enhanced configure script, the CUPS raster driver, many GPL drivers, support for dynamically loaded drivers (currently implemented for the X11 driver), and several GPL Ghostscript bug fixes. The new release also fixes all of the reported STRs from ESP Ghostscript 7.07.x."
Web Site Development Gallery Preview Release (SourceForge)Preview Release 1.5.1-RC2 of Gallery, a web-based photo album, is available. "Gallery v1.5.1-RC2 is now available for download. This release is primarily a bugfix release but includes several new features that should make this worth the upgrade."
Quixote 2.1 released and updates of other packages.Version 2.1 of the Quixote web development platform is out. "The CHANGES file in the distribution describes the changes, which mostly concern refinements to the simple_server and in unicode handling."
Desktop Applications Audio Applications Patchage 0.2.1 releasedVersion 0.2.1 of Patchage, a modular patch bay for Jack (audio) and Alsa (Midi), is out. "This released fixes numerous bugs, adds a few GUI enhancements, and has preliminary (untested) LASH support."
Business Applications Cream CRM 2.0 Released (SourceForge)Version 2.0 of Cream, a customer relationship management system, is available with lots of new features. "Campware is pleased to announce Cream 2.0 "Sofija", the long awaited upgrade of its free and open-source customer relationship management (CRM) system designed specifically to meet the needs of media organizations."
Data Visualization PyX 0.8.1 releasedVersion 0.8.1 of PyX, a Python graphics package featuring PostScript output, has been released. "This release fixes some bugs in the path module and the output of decorated paths. The fallback for kpathsea was considerably improved in speed (it was unintensionally slowed down in 0.8). The inclusion of the bounding box information in PS and PDF files is now optional. It is suppressed by default when a paperformat is specified. A new path example completes the release."
Desktop Environments GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE 4: Understanding the Buzz (KDE.News)KDE.News mentions a new document that explains new KDE 4 features. "With all the excitement surrounding KDE 4 development at the moment people are starting to ask why they have not seen any updates on what KDE 4 will look like. KDE 4 - Understanding the Buzz answers these increasingly common questions by explaining the current status of KDE 4 development and why the exciting work so far is only visible to developers."
JLP's KDE 3.5 Previews (Part 2) (KDE.News)KDE.News has announced the availability of part two of a KDE 3.5 preview by Jure Repinc. "It looks like the first part of my KDE 3.5 previews was extremely popular. Much more than I could ever anticipated. I even got Slashdotted. Anyway, here is the second part of the look into the KDE's near future. Enjoy the tour!"
KDE Software AnnouncementsThe following new KDE software has been announced this week:
This Month in SVN (KDE.News)KDE.News has announced the August edition of This Month in SVN. "This issue packs in twice as much content as the previous one, with new features covered in Konqueror, Kicker, KDesktop, amaroK, Konversation and more: "This month has seen some drastic changes in SVN, with KDE4 development moved to trunk and KDE 3.5 gearing up for a stable release sometime after this year's KDE conference.""
Electronics XCircuit 3.3.31 releasedVersion 3.3.31 of XCircuit, an electronic schematic drawing package, is out with several bug fixes.
Financial Applications SQL-Ledger version 2.4.15 releasedVersion 2.4.15 of SQL-Ledger, a web-based double entry accounting system is out with bug fixes and new features. See the What's New document for details.
Games Crossfire 1.8.0 Released (SourceForge)Version 1.8.0 of Crossfire, a cooperative multi-player graphical RPG and adventure game, has been announced. "Crossfire 1.8.0 has been released and includes numerous bug fixes and stability enhancements along with many minor changes and improvements. Also added were new features such as the start of quest tracking system, better support of readable objects, addition of party/group based spells, improved smooth (graphic) sending code for client, and map region support. New maps have been added, as well as various fixes."
GNS game portal server/client v0.1 (beta) released (SourceForge)Release 0.1 beta of GNS game portal is out with server and client implementations. "GNS, or Game Name Search, is a game portal server/client package. Game developers may integrate the GNS client into their video games, and host an online GNS server to allow clients to find each other over the Internet. GNS servers also provide chat room functionality and content hosting."
Pygame 1.7.1 releasedVersion 1.7.1 of Pygame, a collection of Python-based games, is out with bug fixes. See the What's New document for details.
Interoperability Wine Weekly NewsThe August 12, 2005 edition of the Wine Weekly News is available. Topics include: CodeWeavers Roadmap, Summer of Code Projects, WGA on Slashdot, Ejecting CD's, Registering DLL's, and ALSA Hardware Acceleration Fix.
Office Applications Gnumeric 1.5.3 Released (GnomeDesktop)Version 1.5.3 of the Gnumeric spreadsheet has been announced. Changes include Win32 font improvements, graph improvements, conditional formatting work, bug fixes and more.
Office Suites OpenOffice.org build 1.9.123 is outBuild 1.9.123 of OpenOffice.org is out with build improvements, bug fixes, and more.
Web Browsers 1.8 Branch Created, Trunk Opens for 1.9 Development (MozillaZine)MozillaZine covers the latest Mozilla development branches. "The Gecko 1.8 branch was created on Friday and the trunk is now open for 1.9 development. Mozilla Firefox 1.5, Mozilla Thunderbird 1.5 and Camino 1.0 will all be released from the 1.8 branch over the coming months. Checkins to the branch will be restricted, with developers required to obtain the approval of the new branch-drivers group before landing."
Independent Status Reports (MozillaZine)MozillaZine has announced the August 12, 2005 edition of the Mozilla Independent Status Reports. "The latest set of independent status reports includes updates from DevBoi, Page Update Checker, InFormEnter, Searchsidebar, Inforss, PasswordMaker, XPathHelper, TamperData, Enigmail, firefoxinhindi, vi, cruxade, thailocalization, Frutiala, Mozilla Archive Format, Download Statusbar, MultExI and Tinderstatus."
Languages and Tools Caml Caml Weekly NewsThe August 16, 2005 edition of the Caml Weekly News is online with new Caml language articles and resources.
Haskell Haskell Weekly NewsThe August 16, 2005 edition of the Haskell Weekly News is online with the latest Haskell news. A number of new Haskell software releases are featured in this week's issue.
Java This week on harmony-devThe August 7-13, 2005 edition of This week on harmony-dev is online with coverage of the developments to the Harmony open-source Java platform.
Joda-Time 1.1 released (SourceForge)Version 1.1 of Joda-Time, a Java library for handling date and time in the ISO8601 standard, is available. "This release fixes some minor bugs in v1.0 and adds various useful new methods on existings classes."
launch4j 2.0.RC3 released (SourceForge)Version 2.0.RC3 of Launch4j has been announced. "Launch4j is a cross-platform tool for wrapping Java applications distributed as jars in lightweight Windows native executables." This release fixes a number of bugs.
Lisp CL-WIKI 0.0.3 releasedEarly release number 0.0.3 of CL-WIKI, a Wiki engine for Common Lisp, has been announced.
GCL 2.6.7 releasedVersion 2.6.7 of GNU Common Lisp (GCL) is out. "This version, the latest in the `stable' series, is mostly a bug fix release with modifications intended for interoperation with the computer algebra system Axiom."
Verrazano announcedThe Verrazano project has been announced. "Rayiner Hashem has made public his Google Summer of Code project Verrazano, which is a C++ bindings generator for Common Lisp. The system "[...] is designed to have robust support for C and C++ header files [...] and to be easily retargettable to a number of different foreign function interfaces"."
Perl This Week in Perl 6 (O'Reilly)The August 2-9 edition of O'Reilly's This Week in Perl 6 is out with the week's Perl 6 development news.
Python Python 2.4.2 and 2.5 Release Plans (O'Reilly)Anthony Baxter has posted the release plans for Python 2.4.2 and 2.5 on O'Reilly. "So I'm currently planning for a 2.4.2 sometime around mid September. I figure we cut a release candidate either on the 7th or 14th, and a final a week later. In addition, I'd like to suggest we think about a first alpha of 2.5 sometime during March 2006, with a final release sometime around May-June. This would mean (assuming people are happy with this) we need to make a list of what's still outstanding for 2.5."
Dr. Dobb's Python-URL!The August 12, 2005 edition of Dr. Dobb's Python-URL! is online with the latest Python language releases and discussions.
Ruby Ruby Weekly NewsThe August 14th, 2005 edition of the Ruby Weekly News summarizes the latest discussions on the ruby-talk mailing list.
XML Warrior Platform 0.93.2 (SourceForge)Version 0.93.2 of Warrior Platform has been announced. "XAMJ is an XML UI language tightly integrated with Java. This release adds a Warrior Platform API, which allows Warrior to be called as an XML UI Framework without the need to install it as a browser/platform. It also includes a workaround for a bug that affects JREs prior to 1.5.0_01 (NullPointerException on URL.openConnection.) Finally, it fixes a bug that prevented XAMJ document archives from loading resources."
Page editor: Forrest Cook Linux in the news Recommended Reading OSDL patent commons gets chilly reception from the 'outspoken' (ZDNet)David Berlind looks at OSDL's patent commons in this ZDNet Blog. "Likewise, when OSDL jumped on board this week with its patent commons announcement, some of the more outspoken proponents of open source questioned the extent to which such a move really moves the ball forward. Two of those individuals -- attorney Larry Rosen who literally wrote the book on open source licensing and Bruce Perens who earlier this summer joined SourceLabs as vice president of developer Relations and Policy -- were talking virtually the same language when I interviewed them separately. Preaching to the same choir, both men questioned the need to donate patents to such a commons in the first place."
Lloyd's may offer open-source indemnity (News.com)News.com reports that Lloyd's of London may soon underwrite open-source software against claims of intellectual property infringement. "John St. Clair, the chief operating officer of insurance firm Open Source Risk Management(OSRM), said on Friday that OSRM is working with "a number of" Lloyd's syndicates, which will start offering open-source insurance "within the next few months.""
Trade Shows and Conferences HP exec decries proliferation of open source license types (InfoWorld)InfoWorld covers a LinuxWorld keynote from HP executive Martin Fink. "In a somewhat tongue-and-cheek request, Fink called on IBM to deprecate its IBM Public License in favor of the GPL. In return, he pledged to give an HP laptop loaded with Linux to IBM executives, including IBM Vice President Irving Wladawsky-Berger." (Thanks to Max Hyre)
LinuxWorld San Francisco 2005Groklaw has a report from Douglas Burns, who spent last week at LinuxWorld.NewsForge has wrap up article with pictures. Astaro Corporation has announced that the Astaro Security Gateway 420 appliance was awarded a Product Excellence Award in the category of "Best Security Solution".
OSCON Was Cool! (Linux Journal)Linux Journal has another look at this year's OSCON, by Russell J.T. Dyer. "What seems to make OSCON interesting, cool and fun is the collection of people attending and perhaps the location. As I mentioned in an earlier article on the Red Hat Summit, technology conventions now seem to be the dominion of big corporations. I don't mind companies being involved, I simply prefer community driven and aligned ones, such as like O'Reilly and MySQL. O'Reilly organizes OSCON and a few other conferences."
Linux Adoption Massive Linux handout set for French schools (News.com)News.com reports on a plan to spread open source to secondary school students in the French region of Auvergne. "The project, which has been funded by the local government, will distribute 64,000 packs of CDs to students, according to Linux Arverne, a Linux user group involved in the initiative. The project aims to get students and their families more interested in free and open-source software."
Legal Patent Infringement Lawsuits That Involve FOSS (Groklaw)Groklaw looks into a patent infringement lawsuit filed by J2 and Catch Curve, Inc. against Mijanda. The dispute concerns FAX software. "Mijanda offers a fax to email gateway hosting service on Asterisk, a GPL licensed general purpose IP-PBX available under GNU/Linux. I believe one of the other companies involved is using Hylafax, which is another much older free software solution specific to faxing. The short list of free software packages that are potentially effected includes mgetty+sendfax, some of the fax stuff found in GNOME (and maybe KDE), hylafax, Bayonne, and Asterisk."
Open-source allies go on patent offensive (News.com)News.com covers moves by Red Hat and OSDL to build open-source patent repositories. "Red Hat will finance outside programmers' efforts to obtain patents that may be used freely by open-source developers, the top Linux seller said Tuesday at the LinuxWorld Conference and Expo here. At the same time, the Open Source Developer Labs launched a patent commons project, which will provide a central list of patents that have been donated to the collaborative programming community."
Oops. That DVD should have caused the toilet to flush. (ZDNet)ZDNet blogger David Berlind has found another silly patent: "InterVideo, located in Fremont, Calif., is asking the court to enjoin Dell from manufacturing, selling or importing products that infringe patents tied to its Linux-based InstantOn technology. The software allows a DVD to automatically start playing a movie when a user inserts a disc into a computer running an InterVideo program." The actual patent is relatively simple to read.
Interviews Scyld Software's Becker on Linux, clustering, grid (LinuxWorld.au)China Martens talks with Donald Becker. "Becker is the founder and chief scientist of Linux clustering vendor Scyld Software, a subsidiary of Linux workstation and server vendor Penguin Computing. Privately held Penguin acquired Scyld in June 2003. Becker founded Scyld (pronounced "scaled" or "skilled') back in 1998, building on work he did while at NASA (the U.S. National Aeronautics and Space Administration) where he started the Beowulf Parallel Workstation high performance clustering computing project. NASA was interested in his project for helping in the modeling of climate data. IDG News Service caught up with Becker as he took a quick break from demonstrating Scyld clustering software at [LinuxWorld]."
Interview with Chris Hessing, Lead Developer of xsupplicant (Linux Journal)Matthew Gast talks with Chris Hessing about wireless security protocols, their implementation and their future. "CH: I feel like the security available right now is pretty good, assuming you're running WPA2 with AES. There are some weaknesses in various EAP flavors that need to be addressed, but that's well underway for the most part. What I'd like to do--and I don't know whether we can--is to get a universal EAP type. Something that allows you to use passwords, allows the storage of passwords in secure form and doesn't lock you in to any particular authentication server."
LinuxWorld: Versora on migrating to Linux (Open Resource)Open Resource interviews Jon Walker, CTO of Versora. "Q:What does an organization do with Windows-only apps when migrating to Linux? A:They have four choices, really. One is to port the applications, if they have access to the source code. Two is to re-write the application, which most organizations don't have the time luxury to do. A third is to discontinue the use of the application. And the fourth is to run a thin client, Win4Lin or emulator (in this case, if the applicaiton in question is on the codewaever list, you're in luck)."
Resources The Daemon, the GNU and the Penguin - Chapter 17 (Groklaw)Groklaw has published chapter 17 of the online book The Daemon, the GNU and the Penguin by Dr. Peter H. Salus. This chapter is titled "Excursus: The GPL and Other Licenses."
OOo Off the Wall: Recovering Hidden Treasures (Linux Journal)Linux Journal finds ways to customize OOo 2.0. "It's a little-known secret, but what you see in the interface of version 2.0 of OpenOffice.org isn't what you have to settle for. Hidden throughout version 2.0 are dozens of pieces of functionality, each available in a few seconds by customizing the menus, toolbars or keyboard shortcuts of OpenOffice.org applications. Some of these hidden treasures are small tools useful only to users with certain work habits. However, perhaps the most useful customizations are older versions of tools that have been redesigned in version 2.0. In several cases, these older versions are designed better than their replacements. And, if nothing else, they often are more familiar."
Reviews Book Review: Linux Desktop Garage (xyz computing)xyz computing reviews Linux Desktop Garage. "Susan Matteson's Linux Desktop Garage (LDG) is a light read, aimed at the complete Linux novice. Matteson's goal is to explain to readers the absolute basics of Linux on the desktop, without getting bogged down into anything too complex or overly detailed. The author's casual style tries to keep things fun and interesting, as opposed to textbook reading, which a book about Linux can easily turn into. She is clearly trying to make the transistion to Linux less daunting than it otherwise would be, which is not a bad thing. The book comes with a a Gnoppix LiveCD.
Sun's Linux killer shows promise (Register)The Register has posted a lengthy review of Solaris 10, with many comparisons with Linux. "To attract the user base and developer interest that will really propel Solaris 10 forward, Sun would do well to think about it as a PC as well as a workstation. Generating enthusiasm and attracting a broad base of developers does involve giving people some fun in return, after all. Making SuSE Pro a fun distro and an excellent PC doesn't make it any less of a workstation, server platform, or development environment, a fact apparently lost on Red Hat."
Miscellaneous US Copyright Office Requests Comments on IE-Only Service (Groklaw)Groklaw covers a proposal from the US Copyright Office. "There is a new wrinkle to the US copyright law. Hollywood usually gets whatever it wants, as you know, from Congress, but in this case, it only got most of what it wants. But the part that will interest you is this: they are asking if those making use of a new pre-registration system they are setting up will be inconvenienced if they make it usable only by Windows Internet Explorer for the time being." Comments on this proposal are due no later than August 22, 2005.
Scottish police pick Windows in software line-up (InfoWorld)InfoWorld reports that the Central Scotland Police is dumping StarOffice and returning to Microsoft Office. "In the past, when the agency deployed a new police application on StarOffice and Linux, the application had to be customized to work with the open-source software, [IT head David] Stirling said. It was also more difficult to configure the open-source software so that police officers could access their files from any police station, he said. Perhaps most of all, the agency needed its systems to work smoothly with those at other agencies and criminal justice departments. Scotland's other seven police jurisdictions use Microsoft for their desktops and applications layer, he said. 'Even though we're one of eight police forces, we make up only 5 percent of the police officers. It's hard to have 5 percent driving the rest of the force,' he said."
Linux entrepreneur tries again (News.com)News.com takes a look at what Larry Augustin, former CEO of VA Linux, is doing these days. "Augustin is now CEO of Medsphere, a company that sells software designed to let hospitals manage patient records, pharmacy orders, medical procedures, billing and other responsibilities. That may sound like a dramatic departure from his last executive post, but the open-source philosophy is a unifying thread."
Page editor: Forrest Cook Announcements Non-Commercial announcements Brazil's Ubuntu-powered digital training busHere's a Ubuntu forum posting regarding the Brazilian "digital inclusion bus." This bus contains twelve workstations (and one server) running Ubuntu Linux; it is used to provide training sessions on Internet use and OpenOffice. There's some nice pictures included.
Commercial announcements New web database applications builder for LinuxAwaresoft has released Aware IM - software for business professionals and developers who want to create web database applications without programming. Works with MySQL, Derby and other databases.
Cluster Builder 1.1 releasedLinuxHPC.org and Cluster Resources, Inc. have announced the release of Cluster Builder 1.1. "An expanded version of Cluster Builder was released today, extending the site's scope beyond basic cluster components to include grid middleware and industry specific applications. Cluster Builder*a Web site highlighting high performance computing (HPC) software and hardware*helps administrators, evaluators and users discover available clustering options and solutions."
NERSC Launches Linux Networx SupercomputerLinux Networx has announced the deployment of a 722 processor cluster system at the DOE/Lawrence Berkeley National Laboratory National Energy Research Scientific Computing Center (NERSC). "Named "Jacquard," the Linux Networx system will provide computational resources to scientists from DOE national laboratories, universities and other research institutions to support a wide range of scientific disciplines including climate modeling, fusion energy, nanotechnology, combustion, astrophysics and life sciences."
Maguma Workbench Version 2.6 AvailableVersion 2.6 of Magma Workbench is available. "Maguma announces the release of Maguma Workbench 2.6.0, the IDE for PHP and Python, which brings with it a greatly simplified licensing system, that will get users up and running very quickly without hassle. This update addresses a few issues that cropped up in version 2.5 and is a free upgrade from version 2.5".
Novell and CS2C to Deliver Linux Offerings in ChinaNovell, Inc. has announced an agreement with the China Standard Software Company (CS2C) to deliver Linux server and desktop offerings to the Chinese market. "The announcement builds on the strategic partnership launched in April 2005, and will enable the further adoption of Linux in China."
DbWrench Database Design 1.2.1 ReleasedPostgreSQL has announced version 1.2.1 of DbWrench Database Design. "DbWrench is a multi vendor, cross platform database design and round-trip engineering software. It's features include: a syntax highlighting SQL query editor, support for many of today's most popular databases, a graphic entity relation diagram (ERD) designer, ability to forward and reverse engineer databases. DbWrench is written in pure java allowing it function on numerous operating system platforms."
SugarCRM Expands CRM Portfolio with Sugar Enterprise EditionSugarCRM Inc. has announced the Sugar Enterprise Edition of its SugarCRM Customer Relationship Management system. "Key features include Oracle(TM) 9i support, an Offline Client, advanced reporting, and the Module Loader for plug-and-play installation of third-party extensions."
Resources TuxMobil Linux Laptop Survey Exceeded 4,000 ReportsTuxMobil has announced the receipt of over 4000 reports on Linux laptop installations. "Contributors from all over the world are providing tips and tricks to get Linux and other UniX flavors running on almost any laptop model starting from ELKS Linux on laptops with 286 CPU to 64bit distributions on machines equipped with AMD64. Linux is well suited for todays laptops and notebooks. Only a few hardware parts don't work well because the manufacturers don't care to provide necessary details. Parts which often don't work well are Suspend-to-RAM, internal card readers and internal modems."
Contests and Awards Appro XtremeBlade wins LinuxWorld Product AwardsAppro has announced the winning of a LinuxWorld Product Best Clustering Solution Award for its XtremeBlade Cluster Solution.
Clarkson University wins Linux Tech Competition AwardsTwo students from Clarkson University have won first and second place in a Linux technology competition. "The winning project of DeShane and Jablonski targets the need for a collection of tools to manage large structured sets of persistently accessed data, offering users speed and ease of use when accessing the information. To achieve their goal, the team implemented a system that allowed them to search a large amount of data, and then make each subsequent search faster and easier to perform based on the results of previous queries."
Kontact Logo Competition Gets Serious (KDE.News)KDE.News covers the addition of a new prize to the Kontact logo design competition. "Kontact started a competition for a new logo earlier this month; where the winning logo will become the official logo at the next release. Now we found a sponsor to back the competition to give a Wacom tablet to the artist that created the winning logo."
KDE and Qt Projects Take Top Honors In TuxMobil GNU/Linux Award 2005 (KDE.News)Several KDE-related projects have won awards in the TuxMobil GNU/Linux Award 2005. "Two of the five awarded projects have ties to KDE: KDE-Pim/Pi (Pi-Sync) and KWlanInfo, while another two use the Qt toolkit for their graphical interfaces. Congratulations to all those involved in the winning projects!"
Event Reports GNUmed conference report (LinuxMedNews)LinuxMedNews has announced the posting of a report on the 2nd GNUmed conference. "Yesterday the 2nd GNUmed conference in Germany took place. The current state of affairs was discussed. The immediate next steps were defined."
2005 O'Reilly Open Source Convention Wrap UpO'Reilly presents a wrap-up of the 2005 O'Reilly Open Source Convention. "Parties, receptions, birds of a feather sessions, and tours punctuated this year's OSCON. During the Tuesday Evening Extravaganza, OSCON traditions continued with the "State of the Onion" address given by Perl legend Larry Wall. The Yahoo!-O'Reilly Buzz Market Report was given by David Pennock and Rael Dornfest. Paul Graham, author of "Hackers & Painters," spoke on "What Business Can Learn From Open Source." Perennial OSCON crowd-pleaser Damian Conway brought down the house with his "Fun With Dead Languages" presentation."
Upcoming Events Freedel 2005 - New Delhi, IndiaFreedel 2005 will take place in New Delhi, India on September 17 and 18, 2005.
Ohio Linux Fest - October 1, 2005The Ohio Linux Fest takes place on October 1, 2005 in Columbus, Ohio. "The Ohio LinuxFest is a free annual conference and event for the Linux and Open Source Software community. Hosting authoritative speakers, the Ohio LinuxFest welcomes Linux and OSS professionals, enthusiasts, and anyone who wants to take part in the event."
OSDC 2005 Call For PapersA call for papers has gone out for the 2005 Open Source Developers' Conference. The event takes place in Melbourne, Australia on December 5-7, 2005. Proposals are due by August 19.
2006 O'Reilly Emerging Technology Conference CFPA Call for Participation has been posted for the 2006 O'Reilly Emerging Technology Conference. "The 2006 O'Reilly Emerging Technology Conference will happen March 6-9 at the Manchester Grand Hyatt in San Diego, California. Proposals are due no later than September 19, 2005."
linux.conf.au 2006 - Call For MiniconfsA call For miniconfs has gone out for the linux.conf.au 2006 event. "The 2006 conference is being held in Dunedin, New Zealand, at The University of Otago". Proposals are due by August 24.
LinuxWorld and NetworkWorld Canada 2006The LinuxWorld and NetworkWorld Canada 2006 Conference & Expo will take place on April 24-26, 2006 in Toronto, Canada.
Events: August 18 - October 13, 2005
Web sites Appeal Website Launched (KDE.News)KDE.News has announced the launch of the Appeal project web site. "Appeal is a living experiment in progressive development and organizational concepts as applied to the KDE project (http://www.kde.org). Within the Appeal environment the practices of art, usability and software development are brought together during the earliest phases of development and supported through ongoing communication and periodic in-person meetings. Appeal serves as an incubator for emerging technologies that reflect this philosophy of work."
GPLmedicine.org (LinuxMedNews)LinuxMedNews has an announcement for the new GPLMedicine.org site. "I am happy to announce GPLMedicine.org I will be using this site to publish articles, letters and other information advocating the use of the GPL license in medicine. The first thing I am publishing there is the site credo, which argues that only the Gnu Public License should be used in medical software."
WorldVistA.org: New Look, Backend (LinuxMedNews)LinuxMedNews reports on changes to the WorldVistA web site. "The WorldVistA website is sporting a new look and software backend based on plone. Looks like they are gearing up for the long-haul and upcoming VistA vendor training."
Audio and Video programs New lugradio episode out (GnomeDesktop)A new episode of LUGRadio has been announced. "Of special interest for GNOME people is an interview with Joe Shaw about Beagle, the desktop search tool. The show is available from the lugradio website and also features discussion about the glory of podcasting, interview on openSuse and a musical extravagance from drummer Jono Bacon and Adam Sweet on the bass guitar."
Page editor: Forrest Cook Letters to the editor Trademarks and F/OSS
It is time for the community who use and depend on Free/Open Source
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[access diagram]](/images/ns/kernel/clock-pro-accesses.png)
schemes, which prioritize the most recently accessed pages even if those
particular pages are almost never used by the application. Consider, as an
example, the diagram to the right showing access patterns for two pages.
At the time t1 marked by the red line, an LRU algorithm would
prefer page 2 over page 1, even though the latter is more likely
to be used again in the near future.
![[autopackage]](/images/ns/autopackage.png)
For developers: it's software that lets you create binary packages for Linux that will install on any distribution, can automatically resolve dependencies and can be installed using multiple front ends, for instance from the command line or from a graphical interface. It lets you get your software to your users quicker, easier and more reliably. It immediately increases your user base by allowing people with no native package to run your software within seconds.