LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for October 20, 2005Ubuntu and Debian look forwardThe Ubuntu 5.10 release is out, and the initial reviews are good. The Ubuntu team, however, is not taking time out to drink beer and relax before pondering its next release. Well, OK, maybe they are taking a little time. But, when the hangovers wear off, they are still putting some thought into their next release, which will break some new ground. Meanwhile, the Debian Project is looking forward to its next release as well. In both cases, the planning process gives us a hint of what to expect from these distributions in the near future.Ubuntu's approach has been to crank out a distribution every six months, integrating a great deal of bleeding-edge software each time. This process has been through three cycles now, with obvious success. The next release (6.04, or "Dapper Drake") will be different, however: Ubuntu has stated that 6.04 will be supported for three years on desktops, and five years on server systems. That is quite a promise for such a young company to make, but, if Ubuntu can live up to it, the popularity of this distribution could grow. Thus far, five-year support has come with a hefty price tag; the prospect of free updates from Ubuntu for that long could make a number of companies wonder just what they are paying for. The fact that Ubuntu's security response time tends to be excellent can only help in that regard. All this depends on Ubuntu being able to make a credible promise of long-term support. This week, Ubuntu's Jeff Waugh took some steps in that direction with these thoughts on the Dapper release process. If this proposal becomes policy, Dapper will, indeed, be a different sort of release. The core of the proposed Dapper process is this: the upstream version freeze which was imposed for the 5.10 release will remain in place. Essentially, the distribution will be frozen for the next six months, with the bulk of development effort going into ensuring that it is the most stable, supportable release possible. Another way of looking at it is that all of those users happily downloading the Breezy release now get to be the beta testers for 6.04. This is a major change for Ubuntu, but, as Jeff put it:
We can't just follow the same release process and expect to be able
to ship a long term supportable system. 6.04 will be different, so
we need to think about it differently.
Of course, too much stability would be contrary to the Ubuntu spirit, so the developers are leaving themselves a bit of room to toss in some newer packages. So 6.04 will have a few, small upgrades, including:
The list of exceptions is expected to be discussed at the upcoming UbuntuBelowZero gathering. The picture coming into focus now suggests that 6.04 will include some major upgrades, but much of the infrastructural code, especially that used on server systems, will remain at the version shipped with 5.10. The Debian Project got its Sarge release out the door last June. By normal Debian timelines, it is thus quite early to be thinking about pulling things together for another release. Instead, Debian developers should be busily testing the patience of sid users by filling it with unstable, incompatible, major package updates. Well, the developers have indeed been on top of that task, but release manager Steve Langasek is trying to ruin the fun with this plan for the next Debian release, called "etch." That release will be put together by Steve, along with new co-release manager Andreas Barth. They have a timeline, which involves a toolchain freeze at the end of next July, a general freeze in October 2006, and the etch release is planned, with great precision, for December 4, 2006. July seems like a distant prospect, but Steve notes that this deadline does not leave a whole lot of time for big changes:
What's not spelled out in the above timeline is that this basically
leaves people until around the end of the year to to implement any
dastardly plans they have that require sweeping changes to the
archive, followed by another half a year of comparatively minor
changes (you know, the kind that *don't* render half the libraries
RC-buggy in a single upload...)
If this timeline holds, we should see the shape of the etch release by the beginning of next year. Looking at the current plan, it seems that etch will have made the switch to gcc 4.0 and (finally) X.org. Another long-delayed advance will be support for the amd64 architecture as an official Debian port. Then there is the crucial business of purging the distribution of non-free documentation, and non-free firmware as well. Tasks on the wishlist include full SELinux support, a default UTF-8 locale, multiarch support, and more. The following eleven months of stabilization seem glacial by Ubuntu standards, but it is an optimistic timeline for Debian. One interesting change that the project is considering is to continue to allow non-maintainer updates to all packages throughout the etch cycle. Debian developers have historically been the lords of their particular bits of package turf, so non-maintainer updates have always been a sensitive issue. The release managers believe, however, that non-maintainer updates speed the release process - and make Debian a better distribution as well. Both distributions have a lot to gain if they can make their plans stick. Ubuntu will have produced a stable distribution which it can credibly promise to support for five years, all while keeping its six-month release cycle. Debian, meanwhile, will be able to get a stable distribution out in a timely manner without compromising its high quality standards. In both cases, the end result can only be good for Linux users. [Update: Ubuntu patron Mark Shuttleworth has posted his position on freezing for 6.04; he is inclined to be more permissive - for a while at least - on what gets into that release.]
Europatents to return in 2006?One problem with governments is that, unsurprisingly, powerful interests try to direct governmental power toward their own ends. Those who would fight power grabs quickly learn a hard lesson: those pushing for more power usually need only win once, while those who oppose them must win over and over again. This dynamic can be seen, for example, in the current broadcast flag debate in the U.S. This flag has already been defeated once, but nobody doubts that it will return, perhaps repeatedly.In Europe, the debate on software patents is likely to go the same way. Those who have a substantial amount to gain if software patents are adopted throughout the EU are unlikely to simply give up just because they lost the battle last July. So software patents in Europe will almost certainly be back. Now it is starting to look like the vehicle for the next attempt to impose software patents might be a process called the "Community Lisbon Programme." This program is part of an effort to improve the health of European economies by making the EU as a whole more efficient and competitive. It is a large undertaking touching on many areas, including regulation, internal markets, environmental issues, global trade agreements and more. Deep within a recently-released document [PDF] on the implementation of the program is a section on intellectual property rights ("IPR"). It reads, in part:
Companies and their clients need IPR which stimulates innovation,
provides a stable context in which to make investment decisions,
and encourages the development of efficient new business
models. The debate engendered by the proposed directive on the
patentability of computer-implemented inventions has demonstrated
that framing IPR rules which balance the needs of all stakeholders
is by no means easy. The Commission will therefore launch a
dialogue with industry and other interested parties in 2006 to
determine what more might usefully be done to provide European
industry with a sound IPR framework.
It is not hard to imagine that the result of this process could be a renewed directive establishing software patents in Europe. This time, however, it could be buried within a much larger chunk of EU-level industrial policy legislation, and, thus, harder to defeat. Clearly, the free software community needs to be among the "other interested parties" participating in this process. We have many thoughts on what makes up a "sound IPR framework," and they should be heard early on. In the later stages of this program, when it truly comes into public view, it will be too late to effect changes on issues like patents.
Bob Young leaves Red HatBack in 1993, Bob Young created a company called "ACC Corporation," which, among other things, dealt in early Linux distributions. In 1995, ACC acquired Marc Ewing's Red Hat Linux distribution; the combined company was then named Red Hat software. Over the coming years, Red Hat would transform the Linux business environment, become the first Linux-related company to obtain big-name venture capital, and the first to go public. Regardless of how one feels about the company or its distribution, it is hard to deny that Red Hat has had a big influence on the Linux community as a whole.On October 18, Red Hat announced that Bob Young had resigned from the company's board of directors, with the intent of spending more time on his other endeavor: Lulu.com. Bob's role in the company had been shrinking for years; he had not been involved in day-to-day management for some time. Still, when one thinks of the names involved with the early Red Hat (Marc Ewing, Donnie Barnes, Michael Johnson, Eric Troan, ...), it becomes clear that they have all moved on. Bob was the last of the crowd which helped to set new standards for Linux distributions and showed that it was possible to build a business around Linux. Bob's vision was not always perfect - remember that Red Hat went public with a business plan stating that its Internet portal was the key to its future profitability. Still, he clearly got some things right. Seeking an example of how he saw things in the early days, your editor spent some time digging through his mailbox. What turned up was this message on how Red Hat chose Linux over BSD, sent to the free software business mailing list back in 1998. It makes an interesting read:
When we launched Red Hat Software, Inc, we planned to sell an
operating system. It doesn't take a rocket scientist to recognize
that being in the OS business meant that we were competing with
Microsoft.
While our ambitions at the outset were quite limited, we can drink as much beer as anyone, and on those occasions when our natural intelligence was at its most limited, we'd speculate on what Microsoft's reaction would be when we became a real threat. They concluded that a GPL-licensed system would not be as vulnerable to the famous "embrace and extend" strategy as a system covered by the BSD license. Were it not for the licensing issue (and a couple of others, mentioned in the message) and adequate supplies of beer, Bob and Marc might just have gone into business with "Red Hat BSD." Bob has been well rewarded for his role in the creation of Red Hat - he still owns about 5% of the company, according to the proxy information sent out for last August's board election. Still, it is worth a moment to say "thanks, Bob." Linux would certainly have succeeded without Red Hat, but it would have been a different, and possibly slower, path to success.
Security A survey of recent kernel vulnerabilitiesThere has been a fairly long list of kernel vulnerabilities over the last few months, but few of them have received much serious attention (outside of the security groups at numerous distributors, who have been duly issuing patches as the issues come up). Here's a selection of recent problems.
That is a long list of vulnerabilities. The fact that almost all of them are "only" denial of service problems, and that only one of those is truly remotely exploitable, is of limited consolation. One may well wonder why the kernel is the source of so many security holes, far more than any other package on the system. The complexity of the kernel and the environment in which it runs, the fact that many often-harmless bugs (such as memory leaks) turn into security issues for the kernel, and the high level of auditing which is done on kernel code are all part of the answer to that question. Unfortunately, the flow of security issues in the kernel is unlikely to stop anytime soon.
EFF decodes color printer watermarksIt has been known for some time that high-resolution color printers added codes to their output which would enable that output to be traced. The EFF has now found and decoded those marks for a number of popular printers. It turns out that the scheme used is fairly simple - an unencrypted code which includes the printing time and the serial number of the printer. See the EFF's printer list to see if your printer encodes this information, and this page to learn how to find and decode the markings.The moral of the story is clear: if we do not control our devices, they will not work in our interests. There are plenty of good reasons for wanting to be able to print anonymously, and there is no doubt that this sort of watermarking can be used for the suppression of dissent and the shutting down of whistle-blowers. Thanks to the EFF, we can at least see this particular bit of technological ratware. But, as the EFF says: "Even worse, it shows how the government and private industry make backroom deals to weaken our privacy by compromising everyday equipment like printers. The logical next question is: what other deals have been or are being made to ensure that our technology rats on us?"
Brief items CERT advisory: Snort Back Orifice buffer overflowIf you are running the Snort intrusion detection system along with the "Back Orifice" preprocessor, you want to read the attached advisory (click below). Back Orifice suffers from a buffer overflow which can be exploited by any remote attacker who can get a UDP packet onto your network. The hole can be closed by upgrading to snort 2.4.3, or by disabling Back Orifice.
New vulnerabilities curl/wget: NTLM username buffer overflow
lynx: stack overflow
netpbm: buffer overflow in "pnmtopng"
OpenWBEM: arbitrary code execution
Perl, Qt-UnixODBC, CMake: RUNPATH issues
php: open_basedir directive handling
phpMyAdmin: arbitrary code execution
w3c-libwww: possible stack overflow
Updated vulnerabilities a2ps: input validation error
abiword: buffer overflow
apache information disclosure if modssl=yes
httpd: off-by-one overflow and cross-site scripting
awstats: command injection vulnerability
bzip2: race condition and infinite loop
cfengine: insecure temporary files
common-lisp-controller: design error
cpio: directory traversal
cyrus-imapd: buffer overflows
dia: missing input sanitizing
elm: buffer overflow
emacs21: format string vulnerability in "movemail"
enscript: arbitrary code execution
evolution: format string issues
firefox: multiple vulnerabilities
Foomatic: Arbitrary command execution in foomatic-rip
gaim: buffer overflow
gdb: multiple vulnerabilities
gtk-pixbuf, gtk2: denial of service
gedit: format string vulnerability
gettext: Insecure temporary file handling
glibc: tempfile vulnerability in catchsegv script
graphviz: insecure temporary file
grip: buffer overflow
groff: insecure temporary directory
gzip: arbitrary command execution
htdig: cross site scripting
Hylafax: insecure temporary file creation in xferfaxstats
imap: buffer overflow in c-client
imlib2: buffer overflows
junkbuster: heap corruption and settings modification
kdebase: local root vulnerability
kdelibs: kate backup file permission leak
kernel: multiple vulnerabilities
koffice: KWord RTF import buffer overflow
krb5: double-free flaw
libconvert-uulib-perl: arbitrary code execution
libdbi-perl: insecure temporary file
libgadu: memory alignment bug
libgd2: buffer overflows in PNG handling
libnet-ssleay-perl: weakened cryptographic operations
libpam-ldap: authentication bypass
libTIFF: buffer overflow
libuser: denial of service
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
libXpm: new buffer overflows
kernel: multiple vulnerabilities
lm-sensors: insecure temp files
Mailutils: format string vulnerability in imap4d
mod-auth-shadow: authorization bypass
mod_python: remote access vulnerability
mozilla: buffer overflow
mysql: buffer overflow
mysql: low-impact security fix
ncpfs: multiple vulnerabilities
nfs-utils: arbitrary code execution
ntp: uses wrong gid
openssh: GSSAPI credential disclosure
openssl: protocol rollback
OpenSSL: denial of service vulnerabilities
pam_ldap: plain text authentication leak
pcre3: arbitrary code execution
perl: setuid vulnerabilities
perl: symlink vulnerability
phpsysinfo: cross-site-scripting
postgresql: database initialization errors
Pound: buffer overflow
pstotext: remote execution of arbitrary code
Py2Play: remote execution of arbitrary Python code
rp-pppoe, pppoe: missing privilege dropping
ruby: bypass object flags
smb4k: temporary file vulnerability
SPE: insecure file permissions
squid: DoS issues
squid: authentication handling
squirrelmail: cross-site scripting
sudo: race condition
sysreport: insecure temporary file
File overwrite vulnerability in tar and unzip
tcpdump: multiple DoS issues
texinfo: temporary file vulnerability
ucd-snmp: denial of service
uim: privilege escalation
unzip: race condition
up-imapproxy: format string vulnerabilities
util-linux: unintentional grant of privileges by umount
uw-imap: buffer overflow
vixie-cron: crontab allows any user to read another users crontabs
XChat 2.0.x SOCKS5 Vulnerability
xine-lib: arbitrary code execution
xine-lib: buffer overflows
xine-ui - insecure temporary file creation
xloadimage: buffer overflows
xorg-x11: heap overflow
xpdf: buffer overflow
xpdf: denial of service
zlib: buffer overflow
zlib: buffer overflow
Resources Metasploit Framework v2.5Version v2.5 of the Metasploit Framework is out. This release now has three user interfaces, 105 exploits, and 75 different payloads; click below for the full release announcement.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch remains 2.6.14-rc4. The final 2.6.14 kernel was supposed to be out by now, but, as of this writing, it has not been released. Once the swiotlb problem (see below) has been worked out, 2.6.14 should follow shortly.The current -mm tree is 2.6.14-rc4-mm1. Recent changes to -mm include a fair number of VM scalability patches, the nested class devices patch set (see below), a big x86-64 update, the removal of the PageReserved() flag, the swap prefetching patches, some kernel keyring enhancements, the error detection and correction patch set, a RAID update, and lots of fixes.
Kernel development news Quote of the week
I'm with Roman on this one - the old "show me the code" trick which
people use to quash other people's objections is rather poor form -
we should simply address the objections as raised.
-- Andrew Morton
Some new VM documentationFor those wanting to know more about how the 2.6 virtual memory subsystem works: Rik van Riel has put together a detailed article on how page fault handling is handled on the i386 architecture. This document is apparently the first of many, all of which should show up on the Linux MM Internals page.
What's holding up 2.6.14: two difficult bugsLinus was set on releasing the 2.6.14 kernel on October 17, when a little issue came up. Serge Belyshev discovered that it is easy to cause the system to stop opening files for user-space applications. He posted a program which, in essence, does the following:
while (1) {
int fd = open("/dev/null", O_RDONLY);
close(fd);
}
After some 50,000 iterations, the open fails with a "too many open files in system" message. This behavior can be problematic in more realistic situations; it evidently can cause highly-parallel kernel builds to fail, and it also exposes the system to local denial of service attacks. So it is worth tracking down. The kernel places a limit on the number of files which are allowed to be open simultaneously. That limit is not normally expected to include files which have been closed, however. The problem, as it turns out, is a virtual filesystem scalability patch which was merged in September. That patch eliminates some locking around file structures in the kernel, and, to that end, defers certain tasks (such as file cleanup) to the read-copy-update mechanism. For this particular case, file structures corresponding to closed files are building up in the RCU callback list, and RCU is not getting around to freeing them in time. Initially, it was thought that the culprit was another patch which put a limit on the processing of the RCU callback lists. Those lists can get quite long, and lengthy callback processing was causing latency problems elsewhere in the kernel. So a "batch size" of ten was imposed; after ten callbacks have been processed, the RCU subsystem defers the rest until later. It seemed that this limit was causing the freeing of file structures to languish. Raising the batch limit to 10,000 seemed to improve the situation, so Linus merged a patch to that effect. But, in fact, the higher batch limit did not solve the problem for real. RCU callbacks cannot be called immediately after being queued. They must, instead, wait until every processor on the system has scheduled at least once. This "quiescence" requirement is the kernel's way of ensuring that no references to the freed structure remain; it's a key part of how RCU works. If a process chews through file structures quickly enough, they will accumulate while the kernel waits for the grace period to run out, and no changes to the batch limits will help. The only way to be able to process those callbacks - and free the associated structures - is to force every processor to schedule. A couple of patches have been posted in an attempt to deal with this problem. One of them simply changes the way file structures are accounted for - they are removed from the count of open files when the RCU callback is queued, rather than when it is executed. This patch stops programs from running into the maximum open file limit, but does nothing to stop the growth of the RCU callback queues. So the patch which got merged, instead, is this one from Eric Dumazet, which keeps track of the length of the callback list. Should the list get to be too long (where "too long" is wired at 10,000 entries), a reschedule is forced so that the callbacks can be processed. This patch appears to have dealt with the problem well enough to allow 2.6.14 to come out, though more refinement may be required afterward. Unfortunately for those who are waiting for 2.6.14, another problem turned up. Some 64-bit architectures which lack I/O memory management units must be very careful in setting up DMA areas. A number of devices can only reliably deal with 32-bit DMA addresses, so DMA areas must be allocated in the lower part of memory. To that end, the x86-64 and ia64 architectures use a mechanism called the "software I/O translation buffer", or swiotlb. It is simply a large chunk of low memory, allocated at boot time, which is used as a bounce buffer for DMA operations involving 64-bit-challenged devices. It was noted that the 2.6.14-rc4 kernel can allocate the swiotlb area in high memory, which defeats the entire purpose. This revelation led to a long discussion of how swiotlb memory should be allocated. It turns out that there is no easy way of finding the low memory on the system. Once upon a time, that memory would belong to CPU 0, but on some contemporary NUMA systems, the low memory might be elsewhere. So the real solution appears to iterate through all CPUs on the system, try to allocate from each of them, and test to see if the resulting memory is within the DMAable range. If not, the memory is freed and the next processor is tried. A couple of patches implementing this approach are circulating; none has been merged as of this writing.
Nested class devices and the future of the device modelTwo weeks ago, this page looked at nested classes in sysfs as a way of representing the input subsystem device hierarchy to user space. This week, Greg Kroah-Hartman posted a set of patches with the latest version of class_device nesting; the selling feature this time around was that the patches "actually work." With this patch set, it is possible to create a hierarchy under /sys/class which represents the known input devices on the system and their relationship to the actual system hardware. Greg also notes that this patch set makes possible the long-anticipated move of /sys/block into the class hierarchy.So all would seem to be well in sysfs land. But Greg finished his announcement with the following:
Oh, one final thing. I really don't think that input should be a
class. It looks like a "bus" and acts like a "bus" (you have
different devices that have different drivers bind to them, and you
want to load those drivers with the hotplug mechanism.)
This note opened the floodgates to a wider discussion; it seems that a number of people are not entirely happy with the /sys/class hierarchy. Udev hacker Kay Sievers complained:
The nesting classes implement a fraction of a device hierarchy in
/sys/class. It moves arbitrary relation information into the class
directory, where nothing else than device classification belongs.
What is the rationale behind sticking device trees into class?
What seems to have happened here is that a number of devices, mostly of the virtual variety, have found their home in the class hierarchy rather than with the other devices. As a result, the class tree has grown more complicated, and it has moved away from its original purpose, which was to be a way of grouping devices which share the same interface and function. So Kay (among others) has proposed that much of what is currently in the class tree be moved over to /sys/devices with the rest of the device information. The idea is that user space does not really care about the distinction between "real" and "virtual" devices, and the kernel interface should not either. Greg, who holds a big vote on device model issues, has responded thusly:
Ok, I've spent a while thinking about this proposal and originally
I thought it was the same thing we had heard years ago. But I was
wrong, moving the class stuff into the device tree is the right
thing to do, as long as we keep them as new "things" in the tree...
So it would seem that big changes are in store for the Linux device model. This code has grown and evolved considerably since its introduction in 2.5; it may be time for a big rework. Actually changing things without causing major pain for users could be a bit of a challenge, however. It will have to be approached carefully. The plan under consideration for now is to simply try to solve the input subsystem problem for 2.6.15. That most likely involves the nested class_device patches, perhaps with some changes to avoid breaking things in user space (and udev in particular). Things look more ambitious in the longer term:
Then, we move the class stuff into real devices. There was always
a lot of duplication with the class and device code, and this shows
that there is a commonality there. At the same time, I'll work on
making the attribute stuff easier and possibly merge the kobject
and device structures together a bit (possibly I said, I don't know
quite how much yet...)
The end result is that there is likely to be some significant churn in the device model code in the coming months. There will almost certainly be consequences for the driver API, and for user space as well. If it all works out, however, we should end up with a device model which is easier to understand and work with in both kernel and user space.
On the merging of ktimersLWN looked at the ktimers patch about one month ago. Work continues on the new kernel timer mechanism; the latest version of the patch includes a new "clockevents" abstraction intended to make high-resolution timer support easier to implement in an architecture-independent way. The patch appears to be coming together well, and there has been little in the way of criticism....with the exception of one observer, who has kept up a steady stream of complaints about the new mechanism. His objections include the name (he would rather see "process timers" than "ktimers"), the use of high-resolution time within the kernel, and various "unnecessary complexities." The discussion has been mostly unfruitful, to the point that the normally even-keeled Ingo Molnar tried to end it with a shut up and show me the code challenge. That led Andrew Morton to state that "show me the code" is no longer an acceptable arguing point for kernel discussions, and that the objections should be addressed regardless. Getting a handle on the objections has proved hard; it is not clear that the person in question (Roman Zippel) truly understands the patches. One bit of the discussion is worth a look, however. It has been repeatedly pointed out that the existing kernel timer mechanism is optimized for timeouts which rarely actually expire, while ktimers are expected to expire. Roman claimed:
Whether the timer event is delivered or not is completely
unimportant, as at some point the event has to be removed anyway,
so that optimizing a timer for (non)delivery is complete nonsense.
This claim led to a required-reading response from Ingo on the history of the kernel timer mechanism and why optimizing for delivery (or the lack thereof) is not nonsense. That particular branch of the discussion, at least, should not need to go much further. Andrew Morton has, in the past, stated that he would be highly reluctant to merge new code over the objections of a developer. The need to address all objections can be highly frustrating to kernel hackers, especially when new complaints seem to keep turning up as the old ones are resolved. The result of this process, when it works well, can be a stronger kernel. But it can also be the delaying of useful code which few people have problems with. It is starting to look like that may be the outcome in the ktimers case; the code will almost certainly be merged in the end, perhaps with almost no changes resulting from the current discussion.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials A Quick Look at SUSE Linux 10.0I have to admit that I have never been a big fan of SUSE Linux. With the boxed sets not available in my part of the world, coupled with prohibitive international shipping costs in online stores, the only option for obtaining SUSE Linux, until recently, was to wait patiently for the distribution's RPM package tree to appear on its servers and perform a remote FTP install. This usually happened 2 - 3 months after the official product release, by which time other distributions might have released newer versions with more up-to-date packages and perhaps more exciting features.After SUSE was acquired by Novell, things began to change. Version 9.1 was the first SUSE Linux release that was made available in the form of a downloadable single-CD ISO image - an equivalent of SUSE's "Personal" edition. Novell became even more generous with the next two releases as both versions 9.2 and 9.3 appeared on its servers as five CD images and one DVD image, which effectively represented SUSE's Professional edition without the commercial applications and support. Finally, in August 2005, Novell opened SUSE Linux to public participation in its beta testing program and the ISO images of SUSE Linux 10.0 were released for free download as soon as the boxed products were ready to ship. For many Linux hobbyists and enthusiasts, participating in a distribution's beta program, reporting bugs, and exchanging information with the developers on a mailing list is one of the key reasons for choosing a distribution. Excited by the prospect of joining the testing process, I rushed to download the first beta of SUSE 10.0 as soon as it was announced, updating it after each new beta and release candidate. The newly created openSUSE mailing lists quickly gained a large number of subscribers as other SUSE enthusiasts discovered the joy of helping a project to fix the bugs and produce the best possible release. Overnight, SUSE Linux became an open project where the developers and testers were having "a lot of fun" building a great distribution. Finally, the long awaited October 6th arrived and SUSE Linux 10.0 final was released to public mirrors. The resulting rush utterly surprised the SUSE release team which, until then, had little experience with making large files available for public download. The main SUSE server, which also hosted BitTorrent files, was virtually inaccessible for several days, preventing legitimate mirrors from synchronizing with the main server in order to take some of the load away. There was also some confusion over all the different editions of SUSE Linux 10.0. Although both the "OSS" and "GM" (GoldMaster) editions are free to download, the "OSS" edition contains Free Software only, while the "GM" edition includes some freely distributable but proprietary applications, such as Acrobat Reader or RealPlayer. Furthermore, the retail edition ships with additional commercial applications, as well as a printed manual and installation support. A 1 GB "LiveDVD" edition, also available for free download, is meant for those who wish to evaluate the product or test hardware compatibility. The "OSS" edition (distributed as five CD images) supports x86, x86_64 and PowerPC architectures, while the "GM" edition (distributed as five CD images or one DVD image) only supports the x86 and x86_64 processors. SUSE Linux 10.0 is not a revolutionary release. Instead, it seems like a transitional product from a closed-door SUSE to an open project similar to Fedora Core. As such, the initial release was probably a testing ground for all the new bug reporting and information exchange infrastructure. That said, SUSE 10.0 does ship the latest versions of most applications; in fact, the GNOME 2.12 packages were included in SUSE just one day before the final release candidate went public - this might give us an indication of how cutting edge SUSE 10.0 really is. Several new applications, such as the amaroK media player, Krita vector drawing program, Mozilla Sunbird calendar application, and Novell iFolder file synchronization tool were also added. The new SUSE now ships with AppArmor Lite (included as a YaST module) - an answer to Red Hat's SELinux functionality and a piece of technology Novell acquired earlier this year from Immunix. Early reviews of SUSE 10.0 indicate general satisfaction with the product. The installer is slightly simplified to hide some of the "expert" options while the latest version of the KDE desktop looks better than ever. Some issues remain, however. Multimedia playback of many popular audio and video formats is not included, so further downloads and tweaking are required to set these up. Some users have also complained about the lack of integration of PDF and other plugins into Firefox. The distribution also contains newer versions of the Beagle desktop search engine and Xen virtualization technology, but because they are not considered mature enough, they are not part of the default install. Wireless networking also remains a problem area for many users. And the ever-present complaint about the sluggishness of YaST is still valid - although well-designed and very useful, especially for Linux newcomers, the time it takes to complete certain tasks can test your patience, even on a reasonably powerful computer. With SUSE 10.0 behind us, openSUSE's true direction should manifest itself more clearly in the next release - version 10.1, scheduled for early March 2006. It will go through the full cycle of four alpha (the second of which is expected this week, complete with the latest beta of KDE 3.5) and four beta releases, before one last release candidate. This is where the openSUSE project is likely to start fulfilling its promise to build a product that can be deployed and enjoyed by any computer user, not just the venerable "Linux enthusiast". From this perspective, SUSE 10.0 represents little more than an open continuum of SUSE's 9.x releases. The upcoming SUSE 10.1, however, might be an altogether different product.
New Releases Mandriva Linux 2006 releasedMandriva has announced the release of Mandriva Linux 2006. "Mandriva 2006 is the only Linux distribution to provide the official support for Intel Centrino mobile technology and to offer a complete integration of Skype, the popular free voice calling over Internet software. Other key features include desktop search, interactive firewall and auto-install server functionality."
Ubuntu 5.10 releasedThe Ubuntu 5.10 "Breezy Badger" release is out. The announcement has download information and a list of new features; these include a thin client mode, integration with Launchpad.net, and all the latest new software. Kubuntu 5.10, the KDE-based version of the distribution, is also available as is the classroom version, Edubuntu 5.10.
Ubuntu 5.10 Server releasedYet another variant of Ubuntu 5.10 has been released. The new server edition features a different kernel, a different package mix, no desktop environment, and "safe and text-oriented boot mode for better clarity and infinite justice on boot." Click below for the full announcement.
Announcing The Ubuntu Ports ArchiveThe Ubuntu Porting Team has announced the release of Breezy Badger for three new architectures, IA64, HPPA (1.1 and later) and SPARC (UltraSPARC only). "The Porting Team was born about a year ago, and it's made up only by volunteers, motivated by love for Ubuntu and uncommon hardware. Hence the criteria for ports architectures is more about what those individuals decide than any rational decision making process. None of these new architectures are officially supported by the Ubuntu team. If we can get a large enough user base, we may be able to change that."
New Source Mage Stable ISO is official!Source Mage has announced the release of the 0.9.5 stable ISO image.There's not much to say that hasn't already been said. I've personally installed 3 or 4 systems that are getting good use on this ISO. But if you've missed out on the other emails, 0.9.5 features: * A new completely revamped installer * significatnly newer versions of spells * Was generated using a repeatable system (this is a big feat) * Is extremely cool!
OpenPKG 2.5 releasedOpenPKG 2.5 is out; the biggest change this time around appears to be the transition to gcc 4.0. Click below for the full release announcement.
Distribution News Version tracking in the Debian BTSIf you are closing bugs in the Debian BTS, there are three simple rules that you can follow to make sure that the BTS always has correct information about what version of your package fixes a bug (especially a security hole). Click below for details.
Distribution Newsletters Debian Weekly NewsThe Debian Weekly News for October 18, 2005 is out. In this edition, a review of Elive 0.3, the m68k port and etch, Debian installer beta preparation, the GNOME 1 transition, installing Debian Sarge, list message ID lookup, Debian OpenSolaris, and more.
Fedora Weekly News Issue 18The Fedora Weekly News has articles on FUDCon3 Presentations, How to check Hotmail with KMail, How to setup disk software mirroring, Linux (Fedora) stars in MS movie?, Fedora CD Labels, How much space?, and other topics.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for the week of October 17, 2005 covers the release of a new USE flag editor, the introduction of subforums, and several other topics.
DistroWatch Weekly, Issue 122DistroWatch Weekly for October 17, 2005 is out. "The timely release of Ubuntu Linux 5.10 and its sister distributions last Thursday was the event of the week - this issue naturally starts with a closer look at "Breezy Badger". We'll also investigate wireless network configuration on SUSE Linux 10.0, feature the unusual, Slackware-inspired Kate OS distribution, and ask why the otherwise Linux-friendly Google has expended so little effort to make Google Earth available on our preferred operating system."
Package updates Fedora updatesFedora Core 4 updates: lftp (upgrade to upstream version 3.2.1), wget (update to 1.10.2), selinux-policy-targeted (fixes for bluetooth and hal), selinux-policy-strict (fixes for bluetooth and hal), dhcp (bug fixes).
Mandriva MDKA-2005:043Mandriva has updated shorewall packages for Multi Network Firewall 2.0.
Newsletters and articles of interest Linspire Pitches to Vertical Education Market (eWeek)eWeek looks into Linspire's licensing program for schools. ""We put our students in a room with Linspire, just to see how they would adapt after using Microsoft Windows," said Scott Back, Technology Coordinator for Shelby Eastern Schools, outside Indianapolis, Ind. "Guess what? They figured it out right away without any training or special help.""
Ubuntu Linux Arrives (Red Herring)Red Herring covers the release of Ubuntu's Breezy Badger. "The new release, Ubuntu 5.10, also features Edubuntu, a specialized version of Ubuntu developed for and in collaboration with educators. Edubuntu is designed for deployment in classrooms. Edubuntu is currently being used at Yorktown High School in Arlington, Virginia, where it has been championed by Jeff Elkner, a computer science teacher at the school. Mr. Elkner is one of the developers of Edubuntu."
Distribution reviews The Ubuntu Juggernaut: Resistence Is Futile.... (DistroWatch)Robert Storey has written a review of Ubuntu, on DistroWatch. "I must confess that I was caught off guard by the overnight success of Ubuntu, and thus neglected to review it (or even download it) when it first arrived on the servers. However, it's just as well that I didn't bother, because for the past year, not a week has gone by without somebody writing an Ubuntu review and posting it to one (or all) of the popular geek web sites. Indeed, it's become something of a joke that the only things you can't avoid in life are death, taxes and Ubuntu reviews."
Mandriva 2006 Final Look (TuxMachines)TuxMachines.org reviews Mandriva Linux 2006. "All in all, as I've followed the development of Mandriva 2006, one thing has become clear. Mandriva is ever improving and it is reflected in this new more polished stable operating system. Featured here is only a taste. Throughout the entire development cycle I experienced very few applications crashes and never a major X server crash or system lock up. The compromises between bleeding-edge and stable applications has paid off tremendously for Mandriva."
Page editor: Rebecca Sobol Development JPPF, the Java Parallel Processing FrameworkThe Java Parallel Processing Framework (JPPF) is a cross-platform GPL-licensed tool set for controlling the execution of CPU-intensive tasks across multiple execution nodes. JPPF is intended to be used in the scientific data processing field.
Java Parallel Processing Framework is a set of tools and APIs to facilitate the parallelization of CPU intensive applications, and distribute their execution over a network of heterogenous nodes.
It is intended to run in clusters and grids.
A brief feature list of JPPF includes:
The initial JPPF beta release, version 0.6.0, has been announced. "This release is the first beta version of the Java Parallel Processing Framework. From now on, all the work will be dedicated to testing, bug fixing, and documentation fixing, until it is deemed "stable". There will be intermediate beta, then release candidate, release, so don't lose hope." The release features a complete user guide, a new matrix multiplication example, bug fixes and documentation improvements. JPPF is available for download here. Dependencies include version 5 of the Java 2, Standard Edition (J2SE) and Apache Ant 1.6.2 or newer. See the readme document for installation details.
System Applications Database Software PostgreSQL Weekly NewsThe October 16, 2005 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL database articles.
phpPgAdmin 3.5.6 ReleasedVersion 3.5.6 of phpPgAdmin, a web-based administration tool for PostgreSQL, has been announced. "This release fixes the serious problems that phpPgAdmin had under PHP 4.4.0 with strict references."
ZODB 3.2.10 final releasedVersion 3.2.10 final of ZODB, the Zope Object Database, is out. "ZODB 3.2.10 contains a few bugfixes relative to 3.2.9, all in obscure error cases. The most serious is a workaround for what appears to be a rare race bug in Microsoft's implementation of socket binding on Windows platforms."
ZODB 3.4.2 final releasedVersion 3.4.2 final of ZODB, the Zope Object Database, is out. "ZODB 3.4.2 mostly contains obscure error-case bugfixes relative to 3.4.1. One important fix: most applications that do subtransaction commits do so to reduce RAM consumed by the ZODB memory ("pickle") cache. When subtransactions were reimplemented on top of savepoints, this cache reduction no longer occurred. That was an oversight, and is repaired in 3.4.2."
Interoperability Samba 3.0.20b is AvailableVersion 3.0.20b of Samba has been released. "This is the latest stable release of Samba. This is the version that production Samba servers should be running for all current bug-fixes."
Samba 3.0.21pre1 Available for DownloadVersion 3.0.21 pre 1 of Samba has been released. It includes several bug fixes and some improved compatibility features.
Mail Software DSPAM 3.6.0 releasedStable version 3.6.0 of DSPAM, a scalable, open-source statistical anti-spam filter, is out. See the release notes for change information.
Telecom The open-ezx project launchesHarald Welte and others have been busily hacking on the Motorola A780, a Linux-powered cell phone. They have now launched the OpenEZX project as the focal point for the effort to create a 100% free software stack for phones based on the Motorola EZX platform. If this project succeeds, it will lead to a new level of open communications platforms.
Web Site Development Apache HTTP Server 1.3.34 ReleasedVersion 1.3.34 of the Apache web server is out. "This version of Apache is principally a bug and security fix release."
Apache 2.0.55 releasedApache 2.0.55 is out; click below for the full announcement. This is a bugfix release, and, in particular, it contains fixes for several security problems. If you're running your own build of Apache, you probably want this release.
Campsite 2.3.2 ReleasedVersion 2.3.2 of Campsite, an open-source multilingual content management system (CMS), is out. "Version 2.3.2 is a maintenance release."
Lightweight Web Serving with thttpdJulio M. Merino Vidal introduces thttpd on O'Reilly. "The Apache HTTP Server is the most popular web server due to its functionality, stability, and maturity. However, this does not make it suitable for all uses: slow machines and embedded systems may have serious problems running it because of its size. Here is where lightweight HTTP servers come into play, as their low-memory footprints deliver decent results without having to swap data back to disk."
What Is Web Analytics (O'Reilly)Eric T. Peterson introduces Web Analytics on O'Reilly. "In general terms, web analytics is the process of collecting data about the activities of people accessing your website (visitors)--how they found you, when they visited, what pages they looked at, what they bought or downloaded, and so on--and mining that data for information that can be used to improve said website."
Zope 2.8.2 releasedVersion 2.8.2 of the Zope web development platform has been released. Several new features have been added.
Miscellaneous PyKeylogger 0.6.5 released. (SourceForge)Version 0.6.5 of PyKeylogger, a keyboard logging application, is out. "This is a bugfix release. Fixed the first-ever reported bug (1323518), logging to onefile. If you report more bugs, more bugs will get fixed."
Desktop Applications Audio Applications Ardour 1.0: neverThe Ardour project, which is producing a multi-track audio editor, has had a pending 1.0 release for a number of months. The project status indicates a slight change in direction: "We have decided to skip version 1.0 and go straight to 2.0 with a basic port to GTK2. Work is already under way, progress is good."
gnormalize 0.4.5 releasedVersion 0.4.5 of gnormalize, an audio format converter which can adjust the volume level, is out. This release adds: "The ability to select more than one album or artist by pressing control key and mouse button."
Desktop Environments Dropline GNOME 2.12.1 ISO Available (GnomeDesktop)An ISO image of Dropline GNOME 2.12.1 is available. "This release is an incremental improvement with many bugfixes and refinements over 2.12.0."
GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE 3.5 Beta 2 releasedThe KDE Project has announced the release of KDE 3.5 Beta 2. (Found on KDE.News)
KDE 3.4.3 Released (KDE.News)Version 3.4.3 of KDE has been announced. "This release includes many bugfixes and increased translation coverage compared to previous versions. The 3.4.3 info page has the links to download the source and packages are available for Arch Linux, Kubuntu, Slackware and SuSE. Konstruct is the easy way to build from source." See the full announcement for details.
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Electronics Icarus Verilog Snapshot 20051012Snapshot 20051012 of Icarus Verilog, an electronic simulation language compiler, has been announced. "This snapshot includes noticible improvements in bug count and run time. Also, I've been using the devel trunk in my day job work for a while now, so I would say that it is now an improvement over the stable 0.8 releases."
Logisim 2.0 Beta 23 repairs bugs (SourceForge)Version 2.0 Beta 23 of Logism is out with bug fixes. "Logisim, an extensive Java-based educational tool for graphical design and simulation of digital logic circuits, has been updated to a new version, 2.0 Beta 23. The new version repairs a significant bug with configuring the behavior of a small number of built-in components (Constant, Clock), and it repairs a minor problem with some images in the beginner's tutorial."
Simted 0.0.4 beta releasedVersion 0.0.4 beta of Simted, a cross-platform engine for modeling electronics with nonlinear ordinary differential equations, is out. Changes include an improved API, better stability, more examples, and new documentation.
SvxLink version 051009 released (SourceForge)Version 051009 of SvxLink has been announced. "SvxLink is a repeater controller and a general voice services system with features such as EchoLink and voice mail. For this release a nasty networking bug has been fixed and a voice mail system has been added."
Fonts and Images Open Clip Art Library 0.18 AnnouncedRelease 0.18 of the Open Clip Art Library, a collection of images, is out. "For the month of September, the Open Clip Art Library sought imagery related to pets including images of different breeds appropriate for use by animal shelters. For the upcoming 0.19 release, due November 1, 2005, the theme is Halloween."
Games Bygfoot Football Manager 1.9.2 available (SourceForge)Release 1.9.2 of Bygfoot Football Manager has been announced, changes include bug fixes and some new features. "Bygfoot is a small and simple graphical football (a.k.a. soccer) manager game featuring many international leagues & cups. You manage a team from one such league: you form the team, buy & sell players, get promoted or relegated and of course try to be successful."
Ember 0.3.3 ReleasedVersion 0.3.3 of Ember has been released by the WorldForge game project. "Ember is a fully functional 3d client for the WorldForge project. It takes advantage of the latest graphic cards to present a beautiful, fully interactive world. An easy to use GUI allows the player to interact with both the world and other players with ease. This release adds support for the latest Atlas, Eris and Ogre libraries, which brings much increased stability and performance. The GUI and input system has also been further refined, as well as the options available to the user in the ember.conf file."
MetalMech 0.2.4 released (SourceForge)Version 0.2.4 of MetalMech is out with new XML locking code and bug fixes. "Metal Mech is a Web-based mass multiplayer game of battle between robots and space exploration. It is a game of strategy, economics, role-playing, and combat. Each player can handle their own war robot and battle against other players to be the Emperor of the Universe. Players battle against each other for resources, energy, money, buildings, and more."
Interoperability Wine TrafficThe October 14, 2005 edition of Wine Traffic is online. Topics include: LWN Article, Direct3D 7, version 2, Still Image Architecture, Winelib & Native Apps, and Fixing Bugs.
Mail Clients MH-E 7.85 releasedVersion 7.85 of MH-E, the Emacs interface to the MH mail system, has been announced. "Version 7.85 heralds a migration of the CVS repository from SourceForge to Savannah only for those files that were already part of Emacs. As a result, two incompatibilities were introduced with this release: the location of MH-E in the load-path has changed, and mh-e-autoloads.el was renamed to mh-autoloads.el."
Music Applications DSSI 0.9.1 releasedVersion 0.9.1 of DSSI, an audio plugin API for software instruments and effects, is out. "This release does _not_ contain any changes to the DSSI API itself, which has been stable now since the 0.4 release fifteen months ago (with minor additions at 0.9). Instead, it contains numerous clarifications to the specification and documentation, and the included reference host and example programs have become significantly more robust."
Office Suites Writing a Program to Control OpenOffice.org, Part 2 (Linux Journal)Linux Journal is running part two of a series on controlling OpenOffice.org. "Last time we learned the vocabulary and the concepts. Now we're ready to look at the code that will let us interact with OOo Calc."
Web Browsers XForms 1.0 Second Preview Available for Firefox 1.5 Beta 2 (MozillaZine)Preview release 2 of XForms 1.0 for Firefox has been announced. "Aaron Reed writes: "The Mozilla project today released a second preview of its XForms extension, available as a .xpi and ready to be used to extend the recently released Beta 2 version of Firefox 1.5. XForms 1.0 is a W3C recommendation that allows web page authors to take advantage of structured data and client-side validation when designing forms. XForms is designed to be embedded in XML documents, such as XHTML 1.0. Mozilla XForms support has been developed over the last year by IBM, Novell, and independent contributors.""
Word Processors AbiWord 2.4.1 released. (GnomeDesktop)Version 2.4.1 of AbiWord has been announced. "The AbiWord team is happy to announce AbiWord v2.4.1. Since the 2.4.0 release we have received a lot of great feedback from our users, which led to a number of useful bugreports as well. This is the first bugfixing releasing in the new stable 2.4 series to address some of those bugreports."
Languages and Tools Caml Caml Weekly NewsThe October 18, 2005 edition of the Caml Weekly News is online with the latest Caml language articles.
Haskell Haskell Weekly NewsThe October 18, 2005 edition of the Haskell Weekly News is online with the latest Haskell news. Topics covered this week include several new releases, the future Haskell standard, Zlib bindings, and a proposal for class aliases.
Java Sun releases Jini starter kitSun Microsystems, Inc. has announced the availability of the Jini Technology Starter Kit v2.1, available under the Apache 2.0 license. "The Jini Technology Starter Kit enables developers to leverage advanced Java dynamic networking technology, making it easier for developers to build competitive applications in technology growth markets such as edge networking, grid computing, e-business, and enterprise integration."
Diagnostic Tests with Ant (O'ReillyNet)Koen Vervloesem uses Ant for running diagnostics. "Determining what's gone wrong with your software--source or binary--in a remote location is no simple task. Before taking a call and walking the user through error-prone troubleshooting, why not collect information about the user's system and the application files?"
What Is Spring, Part 2 (O'Reilly)Justin Gehtland and Bruce Tate continue their O'Reilly introductory series on Spring with part two. "In part one of this two-part series dubbed "What Is Spring" (and excerpted from Chapter 1 of Spring: A Developer's Notebook), authors Bruce Tate and Justin Gehtland showed you how to automate a simple application and enable it for Spring. Today, the authors will cover how to use Spring to help you develop a simple, clean, web-based user interface (excerpted from Chapter 2, "Building a User Interface")."
Perl This Week on perl5-portersThe October 3-9, 2005 edition of This Week on perl5-porters is available with a number of new Perl articles.
PHP Zend launches PHP Collaboration ProjectZend Technologies, Inc. has announced the launch of the "PHP Collaboration Project," an initiative designed to push PHP-based web applications forward. The project's first two initiatives are "a Web application framework which will standardize the way PHP applications are built," and the incorporation of PHP support into Eclipse.
Python Dr. Dobb's Python-URL!The October 17, 2005 edition of Dr. Dobb's Python-URL! is online with the latest new Python articles.
DrPython 161 releasedVersion 161 of DrPython, an editing environment for Python, has been announced. "The buggy debugger was removed for now. Focus is now set in each tab when switching documents. The focus is set to the current document when a program ends. Code for the Save A Copy function was added. SourceBrowser auto-refresh is now saved again. The location of the mode dialog bitmaps was changed."
TestOOB 0.7 releasedVersion 0.7 of TestOOB has been released, it features major feature enhancements. "TestOOB (Python Testing Out Of (The) Box) is an advanced unit testing framework for Python. It integrates effortlessly with existing PyUnit (module "unittest") test suites."
Ruby What Is Ruby on Rails (O'ReillyNet)O'ReillyNet takes a look at Ruby on Rails. "It has been just over a year since the public debut of Ruby on Rails on July 25, 2004. In this short time, Rails has progressed from an already impressive version 0.5 to an awe-inspiring, soon-to-be-released version 1.0 that managed to retain its ease of use and high productivity while adding a mind-boggling array of new features. This article introduces the components of the upcoming Ruby on Rails 1.0 and shows you what the fuss is all about."
Ruby on Rails gains new ModelSecurity featureBruce Perens has announced the ModelSecurity project. "I've developed /ModelSecurity/, a new Ruby on Rails facility that helps developers implement a security /defense in depth/ by implementing access control within the data model."
Tcl/Tk Dr. Dobb's Tcl-URL!The October 19, 2005 edition of Dr. Dobb's Tcl-URL! is online with the latest Tcl/Tk articles and resources.
Debuggers DWARF 3 Public ReviewVersion 3 of Dwarf, a debugger, is up for public review. "Version 3 of the DWARF standard builds on the previous version and includes support for C++ namespaces. It extends previous support for C, Java, Ada, Fortran and Cobol. There is improved support for optimized code, which has often been difficult to debug. Improvements have also been made to make it easier to eliminate duplicate debugging information."
Page editor: Forrest Cook Linux in the news Recommended Reading Open formats make history - and maintain it (Times)The Times is running a column by Gervase Markham on the importance of open formats. "Paradigm shifts are often preceded by tiny, almost unnoticeable shivers. So you could be forgiven for missing the news that late last month, the government of the Commonwealth of Massachusetts (for historical reasons it does not call itself a state) decided that all the documents its employees create have to be in a data format called OpenDocument. What makes this more than an obscure bit of United States government administrivia? Well, it could be the trigger for a revolution that will increase consumer choice and ensure the survival of documents that could be of historical importance in the future."
Does Open-Source Software Make The FCC Irrelevant? (Forbes)Forbes looks at Eben Moglen and his efforts to open up the radio spectrum. "Should the FCC try to crack down, the hackers have a powerful weapon: The First Amendment. An offshoot of the Free Software Foundation called GNU Radio is developing a new generation of radios and TV receivers that use software for just about everything except the antenna and the power source. The FCC can prohibit manufacturers from selling radios that transmit on illegal frequencies, but it would have trouble shutting down a Web site distributing software that does the same thing."
Free Standards Group launches Linux Standard Base Desktop Project (NewsForge)NewsForge covers the formation of the Free Standards Group LSB Desktop Project. "Jim Zemlin, executive director of the FSG, said that the Desktop specification would be an "incremental component on top of the LSB Core." The LSB Core specification covers standard system libraries, the Filesystem Hierarchy Standard (FHS), the executable format, standard commands and utilities, and other components that would be found in a standard Linux system."
Trade Shows and Conferences Cruising the Kernel with Andrew, Ted and the Gang, Part I (Linux Journal)Doc Searls goes cruising on the latest Geek Cruise. "You can think of Geek Cruises as conferences at a hotel with a hull. You'd be right, mostly. In fact, they're more like intensive lectures in a subject, given by Masters at a small Caribbean or Alaskan or Mediterranean or Hawaiian university that features bars, night clubs, pools, music, a casino and unlimited quantities of food."
Companies HP Inks Subscription Agreements with Novell, Red Hat (eWeek)Hewlett-Packard has signed new subscription agreements with Novell and Red Hat, according to this article on eWeek. ""In a nutshell, what this does is take internal Linux usage at HP up a notch. While there are currently more than 15,000 Linux-based systems in use within the company, these are umbrella license agreements for the whole company and allow us to build and deploy internal Linux systems and solutions more easily and more rapidly," Efrain Rovira, HP's worldwide director of Linux marketing in Houston, told eWEEK on Wednesday."
AMD to jointly sell cheap personal computers in India (Yahoo.com)Yahoo.com reports that AMD and HCL Infosystems plan to sell a personal computer for less than 10,000 rupees (220 dollars), in India. "The computer, which uses the open-source Linux operating system, includes a 1.6 GHz processor, a 15-inch monitor and 40 gigabytes of hard drive space. "Why is it that every Indian doesn't have a PC on their list of things to get this Diwali but the cellphone is there?" said Ajay M. Marathe, president of the Indian arm of AMD. Diwali, the Indian festival of lights, is traditionally the biggest shopping season in the country." (Thanks to Philip Webb)
Linux Adoption Race to Linux winners announced (NewsForge)NewsForge covers the winners in the Race to Linux. "Actually, there were three separate races -- one for each of three different applications. The target applications were Microsoft's Issue Tracker Kit, Time Tracker Starter Kit, and Reports Starter Kit. No doubt Microsoft is thrilled about its starter kits being used to demonstrate methods of running .Net applications on Linux. Chris Maunder, founder of The Code Project, said that they chose the Microsoft starter kits because "we wanted applications that weren't too difficult, that were simple, that were well-written, popular applications, in the hope that people would be familiar with them in the first place.""
India's Canara Bank to Deploy Red Hat Enterprise Linux (IT News)IT News reports that Canara Bank has selected Red Hat Enterprise Linux as its platform of choice to automate more than 1,000 branches across India. "Red Hat Enterprise Linux will be deployed on more than 1,000 servers and 10,000 desktops at Canara Bank to provide a robust, secure and scalable solution for powering the bank's business critical IT infrastructure. Under the first phase of deployment, Red Hat Enterprise Linux has been rolled out at approximately 500 branches in three months. Close to 500 Red Hat Enterprise Linux servers and 5000 Red Hat Desktops have been deployed in this phase. The bank is said to be actively pursuing deployment in additional branches as well to meet its target of 100% automation in its banking services environment." (Thanks to Biju Chacko)
Interviews Nokia Engineers on KHTML, Collaboration and aKademy (KDE.News)KDE.News has an interview with David Carson and Deepika Chauhan from Nokia. "What was your experience of aKademy? We had a great time at aKademy, and we got much more out of it than we ever anticipated. We came to aKademy since we wanted to thank the KDE community for the great components created by them that form the basis of the future Series 60 browser, meet some of the contributors in person, and share with the community our experiences of building a browser around WebCore/KHTML and JavascriptCore/KJS. The conference gave us a better understanding of the working model of KDE. We hope that we can work together with KDE on the mobile browser. We have observed a lot of excitement among developers in contributing to the mobile applications and we hope the community can bring their innovations to the mobile platform."
Resources Editing audio in Linux (ars technica)ars technica looks at a few popular Linux audio editing packages. "Given Linux's strengths, weaknesses, history, and ideology, it's interesting to see where Free/Libre and Open Source Software (FOSS) competes well with proprietary software, where it falls behind, and where it provides novel innovation. The FOSS pro-level Digital Audio Workstation (DAW), Ardour, competes with industry-standard apps like ProTools, Logic, Nuendo, and Digital Performer. Audacity, on the other hand, is a more casual FOSS audio editor, but infuses the task with some distinctly geeky scripting facilities. SND, "modeled loosely after Emacs and an old, sorely-missed PDP-10 sound editor named Dpysnd," is a distinctly Linux audio app, complete with an ass-ugly interface, a mountainous learning curve, and the ability to wash your dishes if you know how to ask." (Thanks to Andy Kauffman.)
The Daemon, the GNU and the Penguin, Ch. 19 - Dr. Peter Salus (Groklaw)Groklaw has posted the next installment of The Daemon, the GNU and the Penguin, subtitled "Tanenbaum and Torvalds". "Linus posted his queries, his information and his work on comp.os.minix beginning in mid-1991. But on 29 January 1992, Andy Tanenbaum posted a note with the line: "Subject: LINUX is obsolete""
MyOSS Magazine Edition 6Edition 6 of MyOSS Magazine is out with coverage of open-source efforts involving Malaysia. Topics include: Linux Live CDs - Part 2, Libraries in GNU/Linux & Other Flavours and Podcasting in GNU/Linux.
Reviews App of the Month: KDissert (KDE.News)KDE.News has chosen KDissert, KDE's mindmapping tool, as the application of the month and has an interview with Thomas Nagy, lead developer of the project.
How to keep instant messaging off the record (NewsForge)Mayank Sharma looks at the Off-the-Record plugin for Gaim in a NewsForge article. "Sometimes encryption isn't enough to keep your conversations private. With standard encryption, it's theoretically possible for someone to steal your secret encryption keys and decipher the conversation. For conversations that need to be kept confidential, the Off-the-Record (OTR) plugin for Gaim saves the day. It leaves no trace of a conversation ever having taken place."
Neuros solicits feedback on Linux-based PMP/R design (LinuxDevices)According to LinuxDevices.com, Neuros is looking for input on the development of its next, Linux-based media player. "Neuros is currently designing a successor to the 442 portable media player, and has published the specifications for a development board that it calls the 'first prototype.' Neuros invites hackers, open source software authors, and interested readers to review and weigh in on the design, which is expected to be finalized in about a week."
Dumber people can run Linux (Inquirer)Here's an Ubuntu review (the version is not specified) in the Inquirer. "Here's the other thing: it worked. It said, 'Choose a user name and a password.' It logged me in. And there was an entire computer, ready to go. It connected to the Internet. Firefox went places. Email downloaded. OpenOffice...officed. I mean, call that open source? Where's the anguish and pain? Where's the six weeks of downloading drivers and learning how to compile source code? A shocking lapse of standards, I call it."
Miscellaneous New national center to assist governments with open source applications (NewsForge)NewsForge covers the launch of the National Center for Open Source Policy and Research (NCOSPR). "The mission of the NCOSPR will be to guide government agencies through the array of open source software available, as well as to develop specific solutions for individual agencies with its resource center. The center is also behind Government Forge, a portal to host and maintain open source software relevant to government agencies and other public entities."
Rx for Linux: Part 1 - Measurements and Markets (ZDNet)ZDNet's Paul Murphy is at it again: this column asserts that Linux has lost its momentum. But he has a recipe for getting it back... "So what's the the most important lesson we can learn from Microsoft? that nothing sells like success. Start counting installs and making those numbers widely available, and pretty soon what's recently become largely a stealth phenomenon could start to snowball again." Who knew it was so simple?
Page editor: Forrest Cook Announcements Non-Commercial announcements EFF: Adult Website Lawsuit Threatens Google Image SearchThe Electronic Frontier Foundation has sent out a Media Release regarding a new threat to the Google Image Search. "The Electronic Frontier Foundation (EFF) filed a brief Wednesday in support of Google Image Search, arguing that a federal district court should reject a request for a preliminary injunction that could shut the service down. In its lawsuit, adult entertainment website Perfect 10 claims that Google violates its copyrights by making and delivering thumbnail images of its photos as Internet search results."
EFF: European Report Threatens Consumers' RightsThe Electronic Frontier Foundation has sent out a press release concerning the European Commission's stance on digital rights management. "The Electronic Frontier Foundation (EFF) has criticized a European Commission group for assuming that digital rights management (DRM) is the only way to foster development of the home audiovisual market. In comments filed last week, EFF European Affairs Coordinator Cory Doctorow took the Networked Audiovisual Systems and Home Platforms (NAVSHP) group to task for its report on developing a harmonized system of DRM requirements. Doctorow urged NAVSHP to explore approaches grounded in empirical research, not industry mythology."
Open Source EHR Katrina Relief Network (LinuxMedNews)LinuxMedNews has announced the creation of the Open Source EHR Katrina Relief Network. "After the podcast call to action Jordan Glogau and Fred Trotter have decided to announce the Open Source EHR Katrina Relief Network. The idea is to use groups of open source volunteers to get clinics and hopsitals in Katrina effected areas up and running using open source medical software."
Real Networks-Microsoft: "FSFE is not and never will be for sale"The Free Software Foundation Europe is encouraging the European Commission to continue putting pressure on Microsoft. ""Given that people were stunned by the apparently large antitrust fine of 500 Million EUR, it is interesting to see how Microsoft has now spent six to seven times that amount on the case just to make sure they won't have to compete in an open market.""
FSFE on the new "shared source" licensesThe Free Software Foundation Europe has sent out a pronouncement on the new "shared source" licenses announced by Microsoft. "According to FSFEs first glance, the 'Microsoft Permissive License' (Ms-PL) and 'Microsoft Community License' (Ms-CL) both appear to satisfy the four freedoms that define Free Software. In particular: The Ms-CL also appears to implement a variation of the Copyleft idea, which was first implemented by the GNU General Public License (GPL)."
1000 Applications at GnomeFiles.org (GnomeDesktop)GnomeDesktop celebrates the 1000th application to be added to GnomeFiles.org. "GnomeFiles.org (GTK+ software repository) is celebrating 1000 applications added to its database. Since GnomeFiles' launch 1.5 years ago the site grew enormously and it now serves more than 22,000 web pages per day on average and it includes a recently improved cHTML version for mobile browsers (mostly optimized for PDAs and smartphones, less-featured phones should be using its WAP version)."
Happy Birthday OpenOffice.org!OpenOffice.org is celebrating its fifth year of existence. "On this day, five years ago, the fledgling OpenOffice.org community provided the first public access to the source code donated from StarOffice by Sun Microsystems. The OpenOffice.org community had recently been formed, and declared it's intent "to create, as a community, the leading international office suite that will run on all major platforms and provide access to all functionality and data"."A simultaneous release of OpenOffice.org 2.0 was also scheduled, but it has been delayed in order to fix some critical bugs, according to ZDNet.
SELinux Symposium Delegate ProgramHP and Red Hat have announced the sponsorships of several delegates for the upcoming SELinux Symposium. "This is modeled somewhat on the Sun Regional Developer Program for LCA. In this case, delegates are nominated by the community and will be selected for the program based on their achievements in SELinux. This is for developers, documentors, people who help on mailing lists, people organize user groups, students doing interesting research etc."
Vote Against Software PatentsNoSoftwarePatents.com has announced another way to fight software patents in Europe and beyond. Florian Mueller, founder of the NoSoftwarePatents campaign, is running for "European of the Year". "This is a campaign for a cause, not for a person. A respected jury has nominated Florian Mueller as a figurehead of our movement, and he has made it clear that we will all be winners if he becomes elected. By voting for Florian in a public Internet poll, you and your friends - no matter where in the world you live - can send out a strong signal that politicians must act against software patents." (Thanks to John Rigg)
Commercial announcements atsec and IBM to Make Red Hat Linux a Government Certified Trusted Operating Systematsec information security corporation is working with IBM to perform a Common Criteria evaluation of Red Hat Enterprise Linux v.5 on a broad range of IBM eServer systems. "Upon completion of the evaluation, Red Hat Enterprise Linux will have achieved a level of security previously reached by only a handful of trusted operating systems, providing security capabilities for commercial operating systems. The certification of Red Hat Linux will offer the government and businesses an unprecedented choice for security applications."
Coraid Unveils World's First Unlimited Capacity Linux NAS ServerCoraid, Inc. has launched a Linux-based network attached storage (NAS) server appliance together with a highly targeted Linux NAS distribution that integrates with the company's EtherDrive Storage to create a low cost network attached file server with unlimited storage capacity. A single Coraid CLN/20 Linux NAS server can literally have thousands of disks connected via Ethernet, and exported with NFS.
InterMapper 4.4 is availableDartware has announced the release of InterMapper 4.4, a network monitoring application. A number of new hardware probes are included.
ITTIA embeds Linux and db.* in Oshkosh TrucksITTIA has announced the use of their embedded database systems by Oshkosh trucks. "Users of Oshkosh trucks require systems that work quickly and reliably, and Oshkosh expects the same from the software that helps keep their vehicles on top. The company spent significant time and resources to valuate various embedded databases before they selected an ITTIA database solution. The superior performance of db.*, coupled with ITTIA's technical support and training made db.* a great choice from a technical perspective. The open-source nature and low cost of db.* made the decision obvious from a business perspective."
Linspire announces discount program for schoolsLinspire, Inc. has announced an educational discount program. "In a nationwide effort to help provide students with affordable computers, Linspire, Inc. today launched a new, low-cost licensing program for schools who wish to install a Linux desktop operating system as an alternative to the more expensive Microsoft Windows operating system. Through the program, educators will be able to sign up for single copies or per-unit volume license packs of Linspire at special educator rates."
OSDL's Mobile Linux InitiativeOSDL has sent out a press release for it's Mobile Linux Initiative, which is aimed at promoting the use of Linux in mobile phones. "MLI participants will work on operating system technical challenges, foster development of applications for Linux-based mobile devices, deliver requirements definition documents and use cases, and host complementary open source projects that support the initiative. MontaVista Software, Motorola, PalmSource, Trolltech, and Wind River are among the first members to participate in MLI."
PalmSource Joins OSDLOpen Source Development Labs (OSDL) has announced its latest member, PalmSource, Inc. "PalmSource announced last year that it would build its new applications framework on and port its Palm OS platform to run on Linux. As a member of OSDL and an MLI participant, PalmSource will work with other Lab members and the development community to advance the use of Linux in mobile devices."
Belgian Research Agencies Purchase SGI SupercomputerSilicon Graphics has announced the purchase of a new supercomputer by three Belgian research agencies. "Three Belgian research agencies, allied under the name "Space Pole," purchased a 56-processor SGI(R) Altix(R) 3700 supercomputer with 112GB of globally shared memory and integrated with a 4TB SGI(R) InfiniteStorage TP900 solution. The Space Pole will run Novell's SuSE Linux Enterprise Server, Ver. 9 on the new Altix system."
Solsoft Unveils Firewall Management Tool for netfilterSolsoft Inc. has announced its Solsoft NetfilterOne, a graphical interface that will automate the design, deployment and documentation of security rules and policies as they pertain to a networked netfilter firewall.
SugarCRM Receives $18.77 Million in Series C FundingSugarCRM Inc. has announced the receipt of $18.77 million in Series C funding. "The size of the round reflects SugarCRM's status as the most successful open source enterprise application in the industry. The company's Sugar Open Source Edition has been downloaded more than 350,000 times since its introduction in July 2004, while Professional and Enterprise editions with advanced features and technical support have attracted over 300 commercial customers."
New Books Prentice Hall Publishes: "Core Web Application Development with PHP and MySQL"Prentice Hall has published the book Core Web Application Development with PHP and MySQL by Marc Wandschneider.
Internet Forensics - O'Reilly's Latest ReleaseO'Reilly has published the book Internet Forensics by Robert Jones.
Prentice Hall Publishes Self-Service LinuxPrentice Hall has published the book Self-Service Linux: Mastering the Art of Problem Determination by Mark Wilding and Dan Behman.
Resources InterBase and Firebird Developer Magazine issue 2The second issue of the InterBase and Firebird Developer Magazine is available for download.
Automated Backups With rdiff-backup (HowtoForge)HowtoForge presents a tutorial by Falko Timme on using rdiff-backup. "This tutorial describes how to do automated server backups with the tool rdiff-backup. rdiff-backup lets you make backups over a network using SSH so that the data transfer is encrypted. The use of SSH makes rdiff-backup very secure because noone can read the data that is being transferred. rdiff-backup makes incremental backups, thus saving bandwidth."
Contests and Awards New Free Software Award for Projects of Social BenefitThe Free Software Foundation (FSF) has announced the creation of the "Free Software Award for Projects of Social Benefit", and a call for nominations. "This award is presented to the project or team responsible for applying free software, or the ideas of the free software movement, in a project that intentionally and significantly benefits society in other aspects of life."
The 2005 Golden Penguin Greater China Open Source Software Competition A Resounding SuccessSun Wah Linux Limited (Hong Kong) has announced the successful completion of the 2005 Golden Penguin Greater China Open Source Software Competition. "This is the largest OSS competition jointly organized by Mainland China, Hong Kong SAR, Taiwan and the Macau SAR. It aims at promoting the research and strategic development of new software, and encouraging the development and establishment of Open Source Software (OSS) in the Greater China Region."
SugarCRM announces developer contest (NewsForge)NewsForge reports that SugarCRM will hold the SugarCRM 2005 Developer Contest to mark the 100th extension on the SugarForge.org project site. "The company is offering awards for three categories. SugarCRM plans to give away $500 for the best theme template, $1,000 for the best business and productivity module, and $1,000 for the most innovative module. The entries must be installable using SugarCRM's new Module Loader, and must be received by October 31. Winners will be announced on November 14, and developers may enter as many modules or templates as they want."
Education and Certification Free embedded Linux training: one year afterFree Electrons has sent out a press release with a one-year report on its Embedded Linux Training course. "After the first release of the free materials of its Embedded Linux Training in October 2004, Free Electrons (http://free-electrons.com) released a summary of the numerous improvements brought to this training in 1 year: http://free-electrons.com/news/news.2005-10-15. A few highlights: 13 lectures or presentations (1000 pages, doubled in 1 year), 11 practical labs, a dedicated live distribution for embedded system and kernel developers, translations to several languages."
LPI offers free certification testing at LinuxWorld FrankfurtThe Linux Professional Institute will be holding free certification tests at the LinuxWorld Conference & Expo in Frankfurt, Germany on November 15 and 16, 2005.
Red Hat Announces First Performance-Based Security CertificationRed Hat has launched the new Red Hat Certified Security Specialist (RHCSS) certification program. "Adding to its award-winning Red Hat Certified Engineer (RHCE) program, and Red Hat Certified Architect (RHCA) program, Red Hat Certified Security Specialist (RHCSS) is the first performance based certification focused on security competency for enterprise Linux servers."
Upcoming Events KDE at German Events, October 2005 (KDE.News)KDE.News has announced a number of upcoming German KDE events. "October in Germany is filled with a lot of local Free Software events and KDE is present at them. Join us first at Berlinux 2005 on Fri October 21 and Sat 22. Then we are off to Dresden for Linux-Info-Tag Dresden 2005 on Sat October 29. Read on for how we'll be helping the users to explore the full range of wonders in KDE."
LCA 2006 OpenOffice.org Miniconf CFPA Call For Participation has gone out for the LCA 2006 OpenOffice.org Miniconf. The event will take place on January 23 and 24, 2006 in Dunedin, New Zealand. Proposals are due by November 4.
PHP Quebec Conference 2006 Call for SpeakersA Call for Speakers has gone out for the PHP Quebec Conference 2006. The event will take place in Montreal, Quebec, Canada on March 29-31, 2006. Submissions are due by November 4.
PyCon 2006 Call for ProposalsA Call for Proposals has gone out for PyCon 2006. The event will be held in Addison, Texas on February 24-26, 2006. Submissions are due by October 31.
Events: October 20 - December 15, 2005
Audio and Video programs Beta Broadcast 004: Web 2.0 Day One (O'ReillyNet)O'Reilly has announced a new edition of its online audio magazine. "This week, O'Reilly's audio magazine program Distributing the Future features day one from the Web 2.0 conference. John Battelle and Tim O'Reilly set the stage for this year's conference, Barry Diller talks about Ask Jeeves and Google, Bran Ferren explains why human interface is holding us back, and Philip Rosedale welcomes you to a Second Life."
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||