LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for October 27, 2005Innovation in the web spaceIt has often been said that the free software world is great at copying the work of others, but does little innovation of its own. Your editor has spent a little time looking at a few projects which should put yet another set of nails into the coffin containing that bit of folk wisdom.The most hyped of these, by far, is the flock web browser. Flock is a derivative of Firefox being developed by a company headed by Bart Decrem, the person behind the ill-fated company Eazel. The company failed, but, in the process, it created the widely-used nautilus file manager. With Flock, Mr. Decrem hopes to recreate his free software success, but preferably without the accompanying corporate failure. Flock is an attempt to tie the browser deeply into the sorts of services many serious web users are using, including social bookmarking, blogging, and photo sharing. There is no hierarchical bookmark menu in Flock; instead, it provides "collections" of tagged "favorites." These collections can be managed on del.icio.us, so they are available from anywhere - and to anybody. Flock understands RSS feeds, and will automatically generate a page of aggregated feeds from all of the sites in a collection. No modern application can get away without search capabilities. Flock integrates search by indexing every page it visits; simply typing a string into the search bar up top yields a popup with a list of matching sites. This feature will never replace Internet search engines, but it can be useful for finding that site that you forgot to bookmark (or "add to favorites," as the case may be). Flock also maintains a list of the most frequently visited sites, which has the potential to be either useful, or embarrassing, or both. There is also a set of features oriented around blogging, including integration with several site packages. The "shelf" functions as a sort of short-term clipboard for things to be put into weblog entries. The current flock preview is very much a work in progress. It can be awkward to work with at times, and is visibly slow. There is clearly some interesting work being done here, however, and it will be interesting to see where it will go. It will also be interesting to see how the Flock developers make a successful company out of this product. The business plan as laid out by Mr. Decrem is not entirely clear:
Opera's CEO recently explained that his company was able to
release the browser for free thanks to an expanded search
sponsorship arrangement with Google. The Mozilla Foundation has
alluded to search related business arrangements and has created a
for-profit subsidiary. These success stories show that even simple
search "distribution" integration points in the browser can
provide a solid financial footing for browser providers, and do so
in a way that enhances the user experience (remember, the search
box was added to Firefox because users needed a faster way to
search online). In sum, we're quite comfortable that, if enough
users choose our browser, we can keep the lights on here at Flock
without violating user's privacy or compromising the user
experience.
The Flock FAQ notes that the developers reserve the right to incorporate proprietary code into the browser in the future. Flock also requires copyright assignments from contributors. Whether the company will be able to build a larger development community under those terms remains to be seen. Meanwhile, however, the current (free) code is an interesting contribution to the community. A very different sort of effort can be seen in Outfoxed, which is implemented as a Firefox extension. Outfoxed is an attempt to build a distributed reputation network. Users create "reports" on web sites noting attributes like "good" or "dangerous"; these reports can be exported using a variant of the RSS format. Users can also tell the Outfoxed extension whose evaluations they trust, essentially making a report on another person. Trust is transitive, so Outfoxed users will form a network extending beyond their immediate friends. When a search is performed, the results are annotated by the reports from trusted users seen by the browser. With a sufficiently large and active network, a user can get annotations on a large set of web sites - all generated by people who can make a reasonable claim to being trusted. In theory, much better search results will be generated from this scheme. Rather than trust the easily-abused pagerank scheme, it will be possible to zero in on the best sites, as determined by people whose judgment you respect. Unfortunately, the Outfoxed extension is currently only available for the Windows platform. Evidently the problems encountered in trying to build Outfoxed for Linux have been overcome, but, as of this writing, a Linux version of the extension is not available. So, your editor was unable to actually try Outfoxed or start publishing reports on the high quality to be found at LWN. What if you invented a hypertext network back in the 1960's, worked on it for decades, only to see an inferior alternative take over in the 1990's? Many people would have given up by now, but Ted Nelson, the force behind the Xanadu project, is a persistent man. Mr. Nelson clearly had a number of ground-breaking ideas very early on, but he never did manage to create an implementation of those ideas which was suitable for wider use. When the world-wide web came along - and simply worked - Xanadu was still vaporware. The project did eventually release some code in 1999, but the world did not show a whole lot of interest. Mr. Nelson has now returned with a renewed Xanadu effort. The web, he says, was a mistake. It is bound by old, paper-based ideas, is limited by its one-way links, and does not support extensive sharing of content. The better approach is something he calls transliterature, allowing literary works to be built from pieces found elsewhere on the net. Imagine a variant of Wikipedia, for example, with extensive quotes from original source materials, all of which are tied back directly to those materials. An initial implementation (the Transquoter) of this idea has been implemented and released as free software. It will require some refinement, however, before it threatens to push the web aside. The primitive state of the tools notwithstanding, the Xanadu project merits some attention. It is worth listening to the thoughts of somebody who saw the benefits of a world-wide hyperlinked network, where anybody could publish, more than thirty years before it became a reality. When he presents a vision of something which could be better, he might just have a point. What he clearly needs, however, is a small core of developers who can create the beginnings of the transliterature system and take it far enough that a larger community forms around it. Then, just maybe, the Xanadu project could achieve its vision, and the free software world could remake the net yet again.
The return of MinixBack in the early days, when an entirely free, Unix-like system was still a dream, a young student named Linus Torvalds got his hands on a system called Minix. This system had been put together by Andrew Tanenbaum as part of a book on operating systems design; it was intended mainly as a teaching aid. Linus, like many others, found that Minix was also fun to hack on. Also like others, he quickly discovered that the Minix license was not particularly friendly to third-party hacking. While the code was available, it was not possible to distribute enhancements, and there was no mechanism for accepting patches into the official version. So Linus went off and developed his own kernel, and Minix never did become much more than a teaching tool. Minix was put under the BSD license in 2000, but that was far too late. Had Minix carried a free license from the beginning, subsequent events may have taken an entirely different course.Minix has largely faded from view in recent years, but it is certainly not gone. Last June, Andrew Tanenbaum announced that a new version of Minix, to be called Minix 3, was in the works, along with an updated version of the book. Like its predecessors, Minix 3 will be aimed at education, but Mr. Tanenbaum is going for a wider market this time. In particular, Minix 3 is aimed at "real world" use in low-end systems and embedded systems. This release also targets "Companies who want a small (real-time) modular, open source operating system free of the GPL."
The result of this work is now available from minix3.org. Happily, this release has
Interestingly, the site offers no option to download the source code. As of this writing, the only way to get at the source appears to be to grab the live CD and boot it. For those who would like to browse, a good part of the source will be included as an appendix in the book, and has been posted in one very large page. Minix 3 is very much a microkernel system; the core kernel is said to be less than 4,000 lines of code. Everything else runs in user space. From the web site:
The parts that run in user mode are divided into small modules,
well insulated from one another. For example, each device driver
runs as a separate user-mode process so a bug in a driver (by far
the biggest source of bugs in any operating system), cannot bring
down the entire OS. In fact, most of the time when a driver crashes
it is automatically replaced without requiring any user
intervention, without requiring rebooting, and without affecting
running programs.
As others have pointed out, this claim reaches a bit far: no amount of isolation can protect the system against a driver which, for example, wedges the bus. If Minix 3 ever grows to the point that it supports DMA transfers, driver bugs will also be able to hose down any other part of the system. And, in any case, quietly restarting buggy drivers also may not be the best way to get those drivers fixed. There is plenty of room to criticize the Minix 3 approach, but there is not much use in that exercise. Minix 3 is free software. Anybody can play with it and see for themselves how well it works. Interested parties can improve it, and share their work with others. The Linux kernel has grown complicated, to the point that it can be hard for beginning hackers to approach. The much simpler nature of Minix 3 may well appeal to developers who find the Linux learning curve to be unpleasantly steep. So there may well be a wider role for this version of Minix. It is a welcome contribution to the free software community.
GNOME hits a decision pointThere is a vibrant debate underway within the GNOME project. Certainly, there is no shortage of issues that GNOME could be discussing, such as, say, how to shoehorn a panel applet into less than four or five megabytes of memory. The issue at hand is not quite so exciting, however; instead, the GNOMEs are voting on a referendum which would reduce the GNOME Foundation board of directors from eleven to seven seats.One might think that the size of the board does not matter that much, but a number of developers seem to have strong feelings about it. The arguments in favor of the change include the following:
On the other hand, those opposing a change in the size of the board argue that:
Voting is happening now, with the preliminary results scheduled to be announced on November 5. The highly scientific LWN "read the mailing lists" poll has concluded that the "no" votes are currently leading 55% to 45%, with a margin of error of about 30% or so. In many ways, free software projects continually break new ground on governance issues. A quick survey of high-profile projects shows a wide variety of governance structures, including dictators (usually but not always benevolent), oligarchies, corporate fiefdoms, extreme direct democracies, and more. GNOME has a sort of representative bureaucracy which is seen to be in need of some tweaking. The GNOME hackers will certainly continue to produce code regardless of the outcome of this particular referendum. But the overall effectiveness of the Foundation can have a long-term effect on how the project is perceived and which technical directions are taken. So it will be interesting to see how this project ultimately decides to govern itself.
Security Safe configuration of DNSA group called The Measurement Factory has put out a press release to call attention to a recent survey of DNS servers. It seems that, according to TMF, the majority of publicly-available nameservers are configured incorrectly, and are vulnerable to denial of service and pharming attacks. In most cases, fixing the problems is a relatively straightforward operation.Pharming refers to the use of cache poisoning attacks to hijack a domain name. If an attacker can convince your nameserver to return a bogus address for a known domain, your attempts to access a bank or other online financial-related site can be redirected to a malicious site. Many users have learned to enter domains for financial sites themselves, rather than, say, clicking on a random link which showed up in their mailbox. A pharming attack, however, can lead to the same result as a successful phish: account names, passwords, and credit card numbers can be captured. So what are all of those DNS administrators doing wrong? The biggest problem, according to TMF, is that publicly-available nameservers are configured to perform recursive lookups for anybody who asks. If an attacker can request an arbitrary, recursive lookup, that attacker can get the target nameserver to contact - and accept data from - a malicious server. The malicious server can pass back incorrect information, which the target server may then cache and return to users. The solution in this case is to limit recursive queries to internal hosts; with bind, the allow-recursion option can be used to this effect. The survey also notes that some 40% of sites on the net allow zone transfers to arbitrary sites. These transfers can disclose more information than one might like; they also represent a denial of service opportunity. Finally, the survey notes that a fair number of sites place their secondary servers on the same subnet as the primary, leading to obvious single point of failure issues. Security issues with DNS servers have been relatively rare in recent times. A nameserver is only as secure as its configuration, however. Auditing nameservers for these issues in the near future might not be a bad idea.
New vulnerabilities chkstat: information disclosure
enigmail: information disclosure
eric: missing input sanitizing
ethereal: multiple vulnerabilities
fetchmailconf: insecure file creation
libgda2: format string vulnerabilities
module-assistant: insecure temp file
pam: brute-force vulnerability
phpMyAdmin: local file inclusion and XSS
squid: denial of service
sudo: missing input sanitizing
Zope: file inclusion through RestructuredText
Updated vulnerabilities a2ps: input validation error
abiword: buffer overflow
apache information disclosure if modssl=yes
httpd: off-by-one overflow and cross-site scripting
awstats: command injection vulnerability
bzip2: race condition and infinite loop
common-lisp-controller: design error
cpio: directory traversal
curl/wget: NTLM username buffer overflow
cyrus-imapd: buffer overflows
dia: missing input sanitizing
elm: buffer overflow
emacs21: format string vulnerability in "movemail"
enscript: arbitrary code execution
evolution: format string issues
firefox: multiple vulnerabilities
Foomatic: Arbitrary command execution in foomatic-rip
gaim: buffer overflow
gdb: multiple vulnerabilities
gtk-pixbuf, gtk2: denial of service
gedit: format string vulnerability
gettext: Insecure temporary file handling
glibc: tempfile vulnerability in catchsegv script
graphviz: insecure temporary file
grip: buffer overflow
groff: insecure temporary directory
gzip: arbitrary command execution
htdig: cross site scripting
imap: buffer overflow in c-client
imlib2: buffer overflows
junkbuster: heap corruption and settings modification
kdebase: local root vulnerability
kdelibs: kate backup file permission leak
kernel: multiple vulnerabilities
koffice: KWord RTF import buffer overflow
krb5: double-free flaw
libconvert-uulib-perl: arbitrary code execution
libdbi-perl: insecure temporary file
libgadu: memory alignment bug
libgd2: buffer overflows in PNG handling
libnet-ssleay-perl: weakened cryptographic operations
libpam-ldap: authentication bypass
libTIFF: buffer overflow
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
libXpm: new buffer overflows
kernel: multiple vulnerabilities
lm-sensors: insecure temp files
lynx: stack overflow
mod-auth-shadow: authorization bypass
mod_python: remote access vulnerability
mozilla: buffer overflow
mysql: buffer overflow
mysql: low-impact security fix
ncpfs: multiple vulnerabilities
netpbm: buffer overflow in "pnmtopng"
nfs-utils: arbitrary code execution
ntp: uses wrong gid
openssh: GSSAPI credential disclosure
openssl: protocol rollback
OpenSSL: denial of service vulnerabilities
OpenWBEM: arbitrary code execution
pcre3: arbitrary code execution
perl: setuid vulnerabilities
perl: symlink vulnerability
Perl, Qt-UnixODBC, CMake: RUNPATH issues
php: open_basedir directive handling
phpMyAdmin: arbitrary code execution
phpsysinfo: cross-site-scripting
postgresql: database initialization errors
Pound: buffer overflow
pstotext: remote execution of arbitrary code
Py2Play: remote execution of arbitrary Python code
rp-pppoe, pppoe: missing privilege dropping
ruby: bypass object flags
smb4k: temporary file vulnerability
SPE: insecure file permissions
squid: DoS issues
squid: authentication handling
sudo: race condition
sysreport: insecure temporary file
File overwrite vulnerability in tar and unzip
tcpdump: multiple DoS issues
texinfo: temporary file vulnerability
ucd-snmp: denial of service
uim: privilege escalation
unzip: race condition
up-imapproxy: format string vulnerabilities
util-linux: unintentional grant of privileges by umount
uw-imap: buffer overflow
vixie-cron: crontab allows any user to read another users crontabs
w3c-libwww: possible stack overflow
XChat 2.0.x SOCKS5 Vulnerability
xine-lib: buffer overflows
xine-ui - insecure temporary file creation
xloadimage: buffer overflows
xorg-x11: heap overflow
xpdf: buffer overflow
xpdf: denial of service
zlib: buffer overflow
zlib: buffer overflow
Resources What Is Phishing (O'ReillyNet)The O'Reilly Network has put up a lengthy and academic article on phishing by Simson Garfinkel and Lorrie Faith Cranor. "When a user faces a phishing attack, the user's mental model about the interaction disagrees with the system model. For example, the user's intention may be 'go to eBay,' but the actual implementation of the hyperlink may be 'go to a server in South Korea.' It is this discrepancy that enables the attack, and it is this discrepancy that makes phishing attacks very hard to defend against."
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe 2.6.14 kernel still is not out yet as of this writing, though chances are good that it may have happened on the usual "right after LWN publishes" schedule. Linus did release 2.6.14-rc5 on October 19; it contained fixes for the show-stopper problems discussed here last week and a number of other fixes as well.The current -mm tree is 2.6.14-rc5-mm1. Recent changes to -mm include some USB power management improvements, a tracing mechanism for the block layer, some page table scalability work (see below), demand paging for hugetlb pages, the ktimer patch, and a read-copy-update torture testing module.
Kernel development news Quote of the week
Oh, and at least one major distro has been served with legal papers
due to them shipping closed source kernel drivers, and more are on
the way. That's the direction some developers are taking. Others,
myself included, [are] taking the technical way and just making it so
damn hard to write and ship a closed kernel module, that they will
just give up eventually. Combine that with the EXPORT_SYMBOL_GPL()
stuff in the kernel, and I give it about 1-2 more years before it's
just technically impossible to write such a module.
Page migrationNUMA systems have, by design, memory which is local to specific nodes (groups of processors). While all memory is accessible, local memory is faster to work with than remote memory. The kernel takes NUMA behavior into account by attempting to allocate local memory for processes, and by avoiding moving processes between nodes whenever possible. Sometimes processes must be moved, however, with the result that the local-allocation optimization can quickly become a pessimization instead. What would be nice, in such situations, would be the ability to move a process's memory when the process itself is shifted to a new node.Memory migration patches have been circulating for some time now. The latest version is this patch set posted by Christoph Lameter. This patch deliberately does not solve the entire problem, but it does try to establish enough infrastructure that a full migration solution can be evolved eventually. This patch does not automatically migrate memory for processes which have been moved; instead, it leaves the migration decision to user space. There is a new system call:
long migrate_pages(pid_t pid, unsigned long maxnode,
unsigned long *old_nodes,
unsigned long *new_nodes);
This call will attempt to move any pages belonging to the given process from old_nodes to new_nodes. There is also a new MPOL_MF_MOVE option to the set_mempolicy() system call which can be used to the same effect. Either way, user space can request that a given process vacate a set of nodes. This operation can be performed in response to an explicit move of the process itself (which might be done by a system scheduling daemon, for example), or in response to other events, such as the impending shutdown and removal of a node. The implementation is simple for now: the code iterates over the process's memory and attempts to force each page needing migration to be swapped. When the process faults the page back in, it should then be allocated on the process's current node. The force-out process actually takes a few passes over the list; initially it passes over locked pages and just concerns itself with pages which are easy to evict. In later passes, it will wait for locked pages and do the hard work of getting the final pages out of memory. Migrating pages by way of the swap device is not the most efficient way of moving them across a NUMA system. Later work on the patch will be aimed at adding direct node-to-node migration, and other features as well. In the mean time, however, the developers would like to see the current implementation merged in time for 2.6.15. Andrew Morton has expressed some reservations, however: he would like to see an explanation of how this code can be made to work with near complete reliability. There are a number of things which can prevent the migration of pages; these include pages locked in place by user space, page undergoing direct I/O, and more. Christoph responded that the patch will get there, eventually. Whether this claim is sufficiently convincing to get the migration patches into 2.6.15 remains to be seen.
Another approach to page table scalabilityScalability - making Linux perform on ever-larger systems - is a constant theme in kernel development. Some may feel that this work only benefits the very small percentage of users who have big-iron systems, but the fact remains that today's big iron is tomorrow's laptop. Remember that supporting 1GB of memory (and beyond) was once a big-iron issue.One scalability issue which has been receiving attention for a while is the single page table lock used to protect all operations on an address space's tables. Christoph Lameter's page fault scalability patches were covered here last year; that patch minimized the use of this lock, and introduced a number of atomic page table operations which could eliminate locking altogether in some situations. Those patches have never made it into the mainline, due to concerns over architecture support and general usefulness. The issue has not gone away, however. Hugh Dickins, who has been thrashing up the -mm tree with memory management patches for the last few weeks, has now posted a new approach to paging scalability. Rather than play tricks to minimize page table lock hold times, Hugh has taken the classic approach of going to finer-grained locking. So, with his patch, the address space page table lock no longer controls access to individual pages within the tables. Instead, each page gets its own lock. Pushing the lock down to individual page-table pages will eliminate much of the contention for the lock on large, multi-processor systems. It should work especially well for multi-threaded processes (which share the same address space) on those systems. Splitting the lock also enables the kernel to work at reclaiming pages in one part of an address space while pages are being faulted into another part. So, in some situations, this split should be a big performance win. There is, however, the little problem of where to store the lock. Putting it into the page tables themselves is not an option; the format of page tables tends to be driven by the underlying hardware architecture, and CPU designers do not usually make provisions for in-table locks. One could create an array of locks elsewhere in the system, but a large system can contain a great many page table pages. The space overhead of a large lock array could thus get painful. Using a smaller, hashed array, as is done in other parts of the kernel, is an option, but Hugh didn't go that way. Instead, he put the lock into the page structures representing the page table pages in the system memory map. Expanding that structure is not an option, but it seems that the private field of struct page is not currently used on page table pages. So, with a bit of preprocessor trickery, that field becomes a spinlock for page table pages. This finer-grained locking should be helpful on larger systems, but it is likely to just be more overhead on uniprocessor or small SMP systems. So it is only enabled on kernels configured for four CPUs or more. Depending on the results from wider testing, that threshold may be raised before the patch is proposed for merging into the mainline.
Coming soon: eCryptfseCryptfs developer Michael Halcrow recently announced that he will shortly be putting eCryptfs up for inclusion into the -mm tree. This filesystem aims to make "enterprise level" (it comes from IBM, after all) file encryption capabilities available in a secure and easy to use manner. Those who are interested in trying it out early can download it from SourceForge.The eCryptfs developers took the stacking approach, meaning that, rather than implement its own platter-level format, eCryptfs sits on top of another filesystem. It is, essentially, a sort of translation layer which makes encrypted file capabilities available. The system administrator can thus create encrypted filesystems on top of whatever filesystem is in use locally, or even over a network-mounted filesystem. The design of eCryptfs envisions providing a great deal of flexibility in the use of the filesystem. Rather than encrypt the filesystem as a whole, eCryptfs deals with each file individually. Different files can be encrypted in different ways. The use of this sort of mechanism implies that eCryptfs must maintain metadata on how each file is to be handled. This metadata is placed in the first block of the file itself, meaning that the file can be backed up, copied, and even moved to another system without losing the metadata needed to decrypt it in the future. Plans for eCryptfs include a wide range of features. There will be dynamic, public-key encryption with each user's GPG keyring. On systems equipped with "trusted platform" (TPM) modules, the TPM will be used for its encryption capabilities and the ability to lock files to a specific system. Key escrow systems can be worked in for companies which need that feature. For the upcoming 0.1 release, however, eCryptfs will only support a single passphrase mode. The rest can be added once the initial problems have been shaken out and some policy support work has been done. Many of the advanced features have been implemented, however, and can be tried out by sufficiently motivated testers. The developers are interested in feedback from people who can give eCryptfs a try or look over the source. Having seen the difficulties experienced by some filesystem implementers as they tried to get their work merged, the eCryptfs hackers would, doubtless, like to get any potential issues resolved sooner rather than later.
Some block layer patchesLest LWN readers think that all of the development activity is currently centered around memory management issues, it is worth pointing out that some significant patches to the block subsystem are circulating as well. Here is a quick summary.Linux I/O schedulers are charged with presenting I/O requests to block devices in an optimal order. There are currently four schedulers in the kernel, each with a different notion of "optimal." All of them, however, maintain a "dispatch queue," being the list of requests which have been selected for submission to the device. Each scheduler currently maintains its own dispatch queue. Tejun Heo has decided that the proliferation of dispatch queues is a wasteful duplication of code, so he has implemented a generic dispatch queue to bring things back together. The unification of the dispatch queues helps to ensure that all I/O schedulers implement queues with the same semantics. It also simplifies the schedulers by freeing them of the need to deal with non-filesystem requests. In general, the developers have been heard to say, recently, that the block subsystem is not really about block devices; it is, instead, a generic message queueing mechanism. The generic dispatch queue code helps to take things in that direction. Tejun Heo has also reimplemented the I/O barrier code. The result should be much improved barrier handling, but it also involves some API changes visible to block drivers. The new code recognizes that different devices will support barriers in different ways. There are three variables which are taken into account:
A block driver will tell the system about how its device operates with blk_queue_ordered(), which has a new prototype:
typedef void (prepare_flush_fn)(request_queue_t *q,
struct request *rq);
int blk_queue_ordered(request_queue_t *q, unsigned ordered,
prepare_flush_fn *prepare_flush_fn,
unsigned gfp_mask);
The ordered parameter describes how barriers to be implemented; it has values like QUEUE_ORDERED_DRAIN_FLUSH to indicate that barriers are implemented by stopping the queue, and that flushes are required both before and after the barrier; or QUEUE_ORDERED_TAG, which says that ordered tags handle everything. The prepare_flush_fn() will be called to do whatever is required to make a specific operation force a flush to physical media. See Tejun's documentation patch for more details. With the above information in hand, the block layer can handle the implementation of barrier requests. As long as the driver implements flushes when requested and recognizes I/O requests requiring the FUA mode (a helper function blk_fua_rq() is provided for this purpose), the rest is taken care of at the higher levels. The barrier patch also adds an uptodate parameter to end_that_request_last(). This API change, which will affect most block drivers, is necessary to enable drivers to signal errors for non-filesystem requests. The conversation on the lists suggests that both of the above patches are headed for the mainline sooner or later. Mike Christie's block layer multipath patch may take a little longer, however. The question of where multipath support should be implemented has often been discussed; more recently, the seeming consensus was that the device mapper layer was the right place. The result was that the device mapper multipath patches were merged early this year. So it is a bit surprising to see the issue come back now. Mike has a few reasons for wanting to implement multipath at the lower level. These include:
A number of code simplifications are also said to result from the new organization. The new multipath code is essentially a repackaging of the device mapper code, reworked to deal with the block layer from underneath. It not being proposed for merging at this time, or even for serious review. So far, there has been little discussion of this patch.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Architecture-specific
Security-related
Page editor: Jonathan Corbet Distributions New Releases Turbolinux Introduces FUJI Desktop Linux Operating SystemTurbolinux has announced the release of Turbolinux FUJI Desktop Version 11. "FUJI is the successor to Turbolinux 10 Desktop (10D), a core Turbolinux desktop product released in October 2003, which spent 52 weeks as a top category seller of Linux operating systems. Turbolinux is also the primary distributor of Linux desktop operating systems with a 90% market share, according to the BCN survey. Designed primarily for the Japanese Linux market, the new FUJI system augments the Windows compatibility features first introduced in 10D, and offers a desktop computing environment with optimized applications, as well as outstanding safety and stability."
FinnixFinnix is a LiveCD for system administrators. The project has been around for some time, with distribution originally based on Red Hat Linux. The project apparently went underground, the entry was removed from our list early in 2005. Now however, version 86.0 has been released. Finnix is a small Debian-based system with the latest technology for system administrators. The distribution stays small by not including any desktop software.
OpenVistA VivitA FOIA Gold 20050825 available (LinuxMedNews)LinuxMedNews introduces Release 20050825 of OpenVistA VivitA FOIA Gold, a remastered version of Damn Small Linux with VistA software.
Distribution News The Road to DapperMark Shuttleworth talks about (click below for full text) the upcoming Ubuntu release "Dapper Drake" and the UbuntuBelowZero conference which begins next week in Montreal. "As of today the archive for development of the next release of Ubuntu is open. Here are some pointers to information about the goals we have set for Dapper, the roadmap, the process we are following to identify and specify features, and the tools we will be using to coordinate and deliver The Drake."
Debian Bug Squashing Party next weekend, October 28 - 30There are still plenty of RC bugs in Etch, so another Bug Squashing Party is planned for this weekend.Coordination will happen over IRC channel #debian-bugs on irc.debian.org as usual.
Distribution Newsletters Debian Weekly NewsThe Debian Weekly News for October 25, 2005 is out. This edition covers the rising rate of package rejections, a Debian mini-conf in Osaka, Japan, progress on the Etch release, a graphical frontend for the debian-installer, port assignments during system boot, and several other topics.
Fedora Weekly NewsThis week the Fedora Weekly News covers Red Hat Magazine Issue #12, the largest deployment of Red Hat Enterprise Linux in India, FUDCon London 2005: Analysis, FUDCon Boston 2006?, CMC Program Relaunch: Fedora Ambassadors, downloading Fedora on Fedora Project Wiki, and several other topics.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for the week of October 24, 2005 covers a Gentoo LiveCD for SGI machines, Gentoo Linux/MIPS 2005.1 for Cobalt Qubes and RaQs, OpenOffice.org 2.0 in Portage, and several other topics.
DistroWatch Weekly, Issue 123The DistroWatch Weekly October 24, 2005 is out. "Several interesting new distribution releases appeared during the past week. LG3D LiveCD deserves a more detailed look due to its unusual desktop and amazing 3D visual effects, while the newly renamed RR4 Linux live DVD is probably the easiest way yet to install Gentoo Linux on a hard disk. Also in this issue: a brief history of Red Hat prompted by the resignation of the company's co-founder Bob Young, a comment about the unusual Internet security guidelines published by a local government in the state of New York, and a few signs that our readers do love and appreciate DistroWatch."
Package updates Fedora updatesFedora Core 4 updates: java-1.4.2-gcj-compat (add -fjni to gcc arg list), logwatch (update to 7.0), openoffice.org (2.0.0 for FC4), sudo (bug fixes), gawk (bug fixes), dhcdbd (fix bugs and rebuild), bind (bug fixes), mt-st (update to mt-st 0.9b).Fedora Core 3 updates: abiword (fix busted wordperfect import), gimp-help (version 2-0.9).
Mandriva Linux update to apcupsdMandriva has released updated apcupsd packages providing previously missing configuration files.
Trustix Secure Linux updatesTrustix Secure Linux has fixed various bugs in kernel, php, sed - freeradius, postgresql, procps and bridge-utils, courier-imap, ebtables, gawk, hotplug, kernel, net-snmp, sysreport, vim.
Newsletters and articles of interest What do to when apt-get fails (Linux.com)Linux.com looks at broken dependencies on Debian systems. "When you install an application package in a Debian-based system, sometimes prerequisite application packages are unavailable. These missing packages are known as broken dependencies. Left unresolved, they can cripple your system's ability to install new packages. They're a disaster that isn't supposed to happen in Debian, thanks to the Advanced Packaging Tool (APT) and the scripts contained in Debian packages. That makes broken dependencies all the more devastating when they happen. Some users have even been known to reinstall the whole operating system, despairing of otherwise having a functioning package management system. However, depending on how the broken dependencies arose, you have several options to try before you consider reinstalling."
ISP-Server Setup - Ubuntu 5.10 "Breezy Badger" (HowtoForge)HowtoForge walks through a server setup with Ubuntu 5.10. "This is a detailed description about the steps to be taken to setup a Ubuntu based server (Ubuntu 5.10 - Breezy Badger) that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3/POP3s/IMAP/IMAPs, Quota, Firewall, etc.)."
Distribution reviews An old hacker slaps up Slackware (Linux.com)Joe Barr reviews Slackware 10.2 on Linux.com. "Slackware is old-school Linux. Back in the day -- before Red Hat seized the throne -- Pat Volkerding's Linux distribution was the undisputed king of the hill. Many still use it today. By the time I started playing with Linux in 1995, or running my Web server with it in 1996, Slackware's slump in market share had already begun. I've tried a lot of different Linux distributions during the years since then, but until recently I had never tried Slackware. Here's what I've learned about Slackware while installing and using the recently released Slackware 10.2."
Dine in geek heaven with Dyne:bolicII (Computerworld)Computerworld looks at dyne:bolic, which recently released a third beta of the upcoming dyne:II. "Aimed at multimedia producers, artists, activists, and content creators, the Dyne:bolic multimedia platform on a bootable CD offers a vast range of software for multimedia production, streaming, 3-D modelling, photo editing, Web browsing and publishing, peer-to-peer file sharing, and networking."
Page editor: Rebecca Sobol Development Enter TurboGearsThe hottest new thing in Web development these days is TurboGears (TG), a "full-stack" Web development framework implemented in Python with model-view-controller as its key design principle. Development is proceeding rapidly: the first public release, 0.5, appeared on September 17, and the product has since gone through several iterations and now stands at version 0.8a4. It might seem an impossible pace, but TurboGears is not so much a new product as a new assembly of existing products. As the project Web site puts it:
TurboGears takes the best components available and combines them
into one easy-to-install, documented whole. TurboGears includes
parts that join the pieces together and make them work together
seamlessly, but doesn't obscure each included project.
The meaning of "full-stack" is somewhat in the eye of the beholder, of course. But by most standards, TG does a good job of providing for all tiers of a typical Web application. Its major components are:
Additional components provide support for unit testing, XML document navigation, form validation, and conversion between Python data structures and JavaScript Object Notation (JSON). Third-party extensions have started appearing, too, like the CatWalk model browser. At first glance, TG looks a lot like Ruby on Rails. Certainly, the projects are similar in their goals and high-level architectures. And it is fair to say that TG is largely inspired by Ruby on Rails--but there are differences. For example, TG comes with built-in support for JavaScript Object Notation (JSON); combined with asynchronous HTTP requests, this facilitates AJAX development--or perhaps we should say "AJAJ"--by substituting a simpler data format for XML. The templating systems are also significantly different: Kid templates consist of well-formed XML (often XHTML in practice) with Python embedded in attributes and element content, while Rails uses Embedded Ruby (ERuby), which uses non-XML tags to embed Ruby in (X)HTML or other text files. One of the most important differences, however, is in the ORM layer: the ActiveRecord package used in Rails provides an object layer over an existing database, whereas Python's SQLObject also allows the database to be generated based on Python objects. This is not to suggest that TG is superior in every respect. Rails has a "scaffolding" feature, which automatically generates CRUD (Create, Retrieve, Update, Delete) operations. There is also an ActionMailer package which provides e-mail services for applications. In other words, while TurboGears and Rails have many similarities, they are far from identical. Beyond the differences in features, there remains the highly subjective matter of language choice. Even if TG were simply a clone of Rails, surely it is a wonderful thing that developers can implement architectures in the language of their choice. Isn't that what open source is all about? And the community appears to have ample energy for creating and maintaining Web frameworks. To my mind, what really stands out about TG is the clear vision and the sense of competence that its developers are communicating. There are many technically sound and interesting Web tools available, but they often suffer from poor documentation and worse marketing. While its feature set is highly attractive in itself, it is the project's superior presentation that makes it likely to attract a broad following. Additional Resources
System Applications Database Software MySQL 5.0 releasedThe first MySQL 5.0 production release is out - click below for the full announcement. This major release adds a number of SQL features (views, stored procedures, triggers, etc.), some new storage engines, and more. The what's new page has more information.
MySQL 4.1.15 has been releasedVersion 4.1.15 of the MySQL database has been released. "This is a bugfix release for the current production version."
PostgreSQL 8.1 Beta 4 availableVersion 8.1 Beta 4 of the PostgreSQL database is available for testing.
PostgreSQL Weekly NewsThe October 23, 2005 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL database discussions and resources.
Libraries EasyBMP Version 0.70 Released with New License (SourceForge)Version 0.70 of EasyBMP has been announced. "EasyBMP is an easy cross-platform C++ library for reading and writing Windows bitmap (BMP) files. No installation, no need for external libraries, small in size, well-documented, and simple enough for the novice programmer to start in just minutes! EasyBMP particularly shines as an easy image input/output tool for scientists and other technically-minded people who may not be formally trained in programming". Changes include bug fixes, a change to the revised BSD license, and more.
Web Site Development PHPSurveyor 0.99 Released (SourceForge)Version 0.99 of PHPSurveyor, a set of PHP scripts for developing and publishing online multi-question surveys, has been announced. "PHPSurveyor 0.99 is the culmination of 12 months of development and bugfixing for PHPSurveyor since the "stable" release of 0.98. The package has undergone significant changes and enchancements, however - importantly - can still be installed over the top of most existing 0.98final installations and upgraded without losing data. This is labelled a "stable" release, indicating that the recent months have been dedicated to bugfixing rather than the development of new features."
Xaraya 1.0.0 RC4 Released (SourceForge)Version 1.0.0 RC4 of Xaraya has been released. "We are pleased to announce that our release candidate for the Xaraya 1.0.0 web application framework is now available. This release candidate addresses compatibility issues with php versions 4.4 and some 5.1 versions, as well as important bug fixes."
Assessing Web App Security with Mozilla (O'Reilly)Shreeraj Shah discusses the process of finding security vulnerabilities in web applications in an O'Reilly article. "The nature of web applications is very different from that of standard applications. Many times, these tools miss key vulnerabilities in the application. The best way to perform web application assessment is by using the unassailable combination of automated tools and human intellect. This article examines the LiveHTTPHeaders project, which fits seamlessly into Mozilla browser components to facilitate very effective web application assessment."
Web Services Constructing Web Services with the Globus Toolkit Version 4 (O'ReillyNet)Birali Hakizumwami works with the Globus Toolkit on O'Reilly. "Grid computing allows you to combine processing, storage, databases, and other resources across a network, hiding the details from callers. As Birali Hakizumwami shows, the Globus Toolkit makes this easier by exposing the grid as a normal web service."
Desktop Applications CAD Twenty-sixth release of PythonCAD availableRelease 26 of PythonCAD has been announced. "The twenty-sixth release includes a few interface enhancements. More of the menus can be activated from the keyboard, and stretch/move operations now accept entry box values when performing either task. A significant amount of work has been applied to the internal routines used for storing the entities in a drawing, the result of which required numerous changes throughout the code."
Calendar Software Nightly Builds of Lightning Now Available (MozillaZine)Nightly builds of Lightning, a calendaring application for Mozilla Thunderbird, are available for testing. Dan Mosedale's blog has more information on the software: "Thanks to the magic of Chase and Coop, there are now nightly builds of Lightning for all three platforms. Note that these are not quite ready for day-to-day use yet (there are still known dataloss bugs, UI issues, and crashers). However, if you'd like to play around, help us test, give UI suggestions, or have a taste for getting involved in the development, this is a great way to get started."
Data Visualization Veusz 0.8 releasedVersion 0.8 of Veusz (Velvet Ember Under Sky Zenith) has been announced. "Veusz is a scientific plotting package written in Python (currently 100% Python). It uses PyQt for display and user-interfaces, and numarray for handling the numeric data. Veusz is designed to produce publication-ready Postscript output."
Desktop Environments X11R6.9/X11R7 Release Candidate 1 ready for testingNew release candidates for the X11 window system have been announced. "We are pleased to announce the availability of the first full Release Candidate (RC1) for the upcoming X.Org Foundation release of X11R6.9 and X11R7. This release marks the completion of the development cycle for the modular source tree. We have tagged both the monolithic and modular trees and have prepared tarballs for you to test."
GNOME 2.13.1 ReleasedGNOME 2.13.1, the first development release on the way to 2.14, is out. See the TwoPointThirteen page for details on what's happening with 2.13.
GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Financial Applications GnuCash 1.8.12 releasedGnuCash 1.8.12 is out. This is, according to the developers, the last of the (GNOME1-based) 1.8 series; the first GnuCash 2 pre-release is expected sometime in December.
Instant Messaging Gaim development (GnomeDesktop)GnomeDesktop covers the latest developments on the Gaim instant messaging client. "A lot of you have noticed that while we typically release every three weeks, we haven't had a release in a while. We've shifted all our efforts to finishing Gaim 2.0.0. Gaim 2.0.0 has a ton of great features, fixes every problem you've ever had with Gaim, makes drastic changes to huge parts of Gaim---especially status, includes three new protocols, and does a bunch of other amazing stuff."
Mail Clients Sylpheed 2.1.4 (development) and 2.0.3 (stable) releasedDevelopment version 2.1.4 and stable version 2.0.3 of Sylpheed, an email client, has been released. See the news file for change information.
Medical Applications ClearHealth RC2 Released (LinuxMedNews)Release Candidate 2 of ClearHealth, an Open Source medical suite with practice management, patient care and billing capabilities, has been announced. "After a long testing and packaging cycle RC2 is finally available. This release is has numerous fixes, enhancements and entirerly new features."
OpenEMR adds UB-92 support (LinuxMedNews)A new release of OpenEMR has been announced. "OpenEMR uses FreeB for electronic billing and SQL-Ledger for practice accounting. Recently Rod Roark of Sunset Systems has added UB-92 support to OpenEMR. OpenEMR is a full featured electronic health record using the classic LAMP (Linux, Apache, MySQL, PHP) architecture."
Music Applications Jackbeat 0.5.4 announcedVersion 0.5.4 of Jackbeat, a Jack Audio Connection Kit compatible drum machine, is out with bug fixes and other improvements.
Office Applications Gnumeric 1.6 Released (GnomeDesktop)Stable version 1.6 of the Gnumeric spreadsheet has been announced. "Over the past year we have improved Gnumeric's charting, its accuracy, its xls file loading capabilities, and improved its rich text editing. Our Win32 build is now quite stable and very usable."
Office Suites OpenOffice.org 2.0 releasedThe OpenOffice.org 2.0 announcement has gone out. There is a lot of new stuff in this long-awaited release, including OpenDocument support, improved PDF exporting, a reworked interface, and some performance improvements. It can be grabbed from the download page. There is an ooo-build 2.0 release available as well. (Thanks to Frankie D).
Science Maxima 5.9.2 releasedVersion 5.9.2 of Maxima, a computer algebra system written in Common Lisp, is out. "It features case-sensitivity in the parser, improved documentation, improvements to some function packages, new add-on packages, an improved TeXmacs interface, new kinds of plots, and more."
Data Munging for Non-Programming Biologists (O'Reilly)Amir Karger and Eitan Rubin use Perl to manipulate biological data. "Have you ever renamed 768 files? Merged the content from 96 files into a spreadsheet? Filtered 100 lines out of a 20,000-line file? Have you ever done these things by hand? Disciples of laziness--one of the three Perl programmer's virtues--know that you should never repeat anything five times, let alone 768. It dismayed me to learn that biologists do this kind of thing all the time."
Video Applications avidemux 2.1 step 3 releasedVersion 2.1 step 3 of avidemux, a graphical tool for editing video files, is out with new features and bug fixes.
Web Browsers The future of Galeon (GnomeDesktop)FootNotes is carrying a report from the GNOME summit on the future of the Galeon browser. The Galeon developers have decided to join up with Epiphany, implementing Galeon's special features as Epiphany extensions. "This seems an optimal solution for everyone; it allows us, the galeon developers, to avoid duplicating work with epiphany team, it will allow users to leverage the best from both browsers and most importantly, it puts galeon on a much firmer footing for the future that is not so much at the mercy of our ability to find time to hack on it."
Minutes of the mozilla.org Staff Meeting of Monday 10th October 2005 (MozillaZine)MozillaZine has announced the availability of the minutes from the October 10, 2005 mozilla.org staff meeting. "Issues discussed include development, marketing, the Devmo launch, the Web 2.0 conference, the LinuxWorld London expo and personnel."
Miscellaneous Speedometer 2.0 releasedVersion 2.0 of Speedometer, a Python-based bandwidth and download monitor, is out with miscellaneous improvements.
Languages and Tools Java This week on harmony-devThe October 16-22, 2005 edition of This week on harmony-dev is out with coverage of the Harmony open-source Java project. "This week most of the discussion was about the boot jvm, but there were some other issues too. One of the shorter discussions was in the thread "ANN: gjdoc 0.7.6 released": David Gilbert asked what's left to to before 1.0.0, and Julian Scheid replied that it's mainly bug fixes for the first major release."
Python Urwid 0.8.9 releasedVersion 0.8.9 of Urwid, a curses-based UI library for Python, is out with several new features and some bug fixes.
Dr. Dobb's Python-URL!The October 26, 2005 edition of Dr. Dobb's Python-URL! is online with a new collection of Python language articles.
Ruby Ruby Weekly NewsThe October 16th, 2005 edition of the Ruby Weekly News looks at the latest discussions from the ruby-talk mailing list.
Ruby Weekly NewsThe October 23rd, 2005 edition of the Ruby Weekly News looks at the latest discussions from the ruby-talk mailing list.
Tcl/Tk Dr. Dobb's Tcl-URL!The October 24, 2005 edition of Dr. Dobb's Tcl-URL! is online with the latest Tcl/Tk news and resources.
XML Microformats and Web 2.0 (O'Reilly)Micah Dubinko explores microformats in an O'Reilly article. "Micah Dubinko's new column, XML Annoyances, begins this week with a look at the role of microformats, particularly with regard to Web 2.0 applications and services, as the core XML-specification era comes to a close."
Page editor: Forrest Cook Linux in the news Recommended Reading Sharing ideas and resource at create.freedesktop.org (NewsForge)Nathan Willis looks at advantages gained by sharing common resources among applications. "Part of what makes open source software thrive is code sharing and reuse. The Create initiative at freedesktop.org targets this issue by bringing together developers from Inkscape, Scribus, Krita, the Open Clip Art Library, and the GIMP, among others, along with interested individuals. Together they are collaborating on a set of specifications they believe will simplify work for developers and distributions, and usability for end users."
Technologies to Watch: A Look at Four That May Challenge Java's Development Dominance (O'ReillyNet)Bruce Tate predicts Java's future on O'Reilly. "Bruce Tate has an amazing track record when it comes to identifying successful technologies. He was one of the early developers that identified the emergence of the Spring framework; he predicted the demise of EJB 2 technologies a full year before the EJB 3 expert group abandoned the older approaches. In his new book Beyond Java, Bruce looks at languages and technologies that may challenge Java's dominance in some development niches. In this article, Bruce covers four important emerging technologies."
Trade Shows and Conferences Live from the 2005 Fall AMIA Conference in Washington, D.C. (LinuxMedNews)LinuxMedNews reports from the American Medical Informatics Association (AMIA) 2005 Fall conference. "The AMIA open-source working group meeting was well attended. Many initiatives were entertained such as holding a symposium for FOSS EMR software vendors, having a FOSS track at future AMIA conferences. Encouraging the assignment of copyright to the government at the end of federal software development contracts through the use of DFARS clauses."
EuroOSCON - Remembering the End User (O'ReillyNet)O'Reilly covers the start of the European Open Source Convention. "Daniel Steinberg reports on some of the sessions and keynotes that spanned the first two days of O'Reilly's first-ever European Open Source Convention, taking place in Amsterdam. In one way or another, these sessions--by Jeff Waugh, Alan Cox, and Simon Phipps--focused on the user."
EuroOSCON - Doctorow on Europe's Coming Broadcast Flag (O'ReillyNet)O'ReillyNet covers Cory Doctorow's closing keynote at EuroOSCON. "For Doctorow, open source is an important social phenomenon in the tradition of science, in which the culture encourages the sharing of knowledge and not the hoarding of knowledge. His keynote explored the problems with digital rights management (DRM) and how it fails on some of the important science tests."
Ballmer: Microsoft to go after Linux strongholds (ZDNet)ZDNet covers comments by Microsoft's Steve Ballmer at a recent Gartner Symposium. "I think we have four big opportunities to take business from Linux and we will. And again, why would we take it. Because people will take a look at the tools and the technologies we put in the marketplace and decide that they deliver better results at a lower cost. What's the first? High performance clustering. High performance clusters is a thing that has been a Linux stronghold. It's about 20 percent of all Linux systems. We're coming out with a compute cluster edition of Windows Server."
Companies A revolutionary realizes it's time to hang his hat on a bold, new venture (Globe & Mail)The Globe & Mail profiles Bob Young. "The decision by the former chief executive officer of Red Hat Inc. to walk away from the Raleigh, N.C.-based company was hardly a dilemma at all. Instead, he said it was simply a case of recognizing the different traits that define an executive and a serial entrepreneur." (Thanks to Philip Webb)
Are Microsoft's new licenses open source? (NewsForge)NewsForge examines Microsoft's new licenses and the company's interaction with the Open Source Initiative. "It would seem the adversarial days of OSI are over. In the same article, [Danese] Cooper writes that OSI 'received strong and consistent feedback' that focusing on Microsoft's past actions against open source was 'leading to the false impression that open source was all about muckraking instead of a viable, professional alternative to the traditional proprietary world of software.' To that end, the infamous Halloween Documents have been removed from the OSI Web site, and OSI members have even been meeting with Microsoft to talk about its Shared Source licenses."
Cold Realities For Novell (BusinessWeek)Business Week looks at Novell's future. "If Novell can't regain its footing, it could represent a major setback for Linux. The software has gained considerable traction in corporations, with nearly a 25% share of the server operating system market, according to market researcher IDC. Yet customers and the computer makers who back Linux want two strong Linux distributors. And right now Red Hat Inc. seems to be running away with the market."
Ricoh Supports KDE Printing Development (KDE.News)Ricoh USA is encouraging linux support for one of its color printers, according to KDE.News. "Printer manufacturer Ricoh USA, listening to the energetic advocating of their Linux engineer, has decided to provide Cristian Tibirna of the KDE printing development team with a professional RICOH CL4000DN colour laser printer. Thanks to this support the KDE printing development team will be able to do better tests of the new features in CUPS 1.2 and extend the degree of support in KDE Print for professional printing features which currently lack support by Free Software. Ricoh's Linux engineer and driver developer George Liu said "What we want to do is support Linux printing, and KDE Print is the most successful printing environment.""
Linux Adoption Initial Results of a Large-Scale Migration Project by Carlo Daffara (Groklaw)Groklaw has published a preliminary study by Carlo Daffara that looks at European migrations to OpenOffice.org and Linux. "They are measuring and facilitating migrations in a two-step strategy, initially to OpenOffice.org and later to GNU/Linux on the desktops. They already have thousands of desktops migrated, with thousands more planned. The data on switching to OpenOffice.org is very encouraging. What have they found so far? What makes the transition work well? Are there steps one can take to improve user acceptance and ease transitional issues? He told me some of what they found, and I asked him if he'd be willing to elaborate on the findings for Groklaw, and he graciously agreed."
Linux wins approval from the taxman (ZDNet UK)ZDNet UK looks at possible Linux adoption by New Zealand's Inland Revenue. "The New Zealand Inland Revenue is following in the footsteps of government agencies around the world, including in Germany and South Korea, which are rolling out open source software. Government agencies and schools in Peru are also being encouraged to consider open source software. Under government legislation signed last week by Alejando Toledo, President of Peru, public institutions will now have to choose between proprietary and open source software."
Why customers are flocking to Linux (AME Info)This article in AME Info, by an IBM VP, shows how the company is trying to sell Linux in the Middle East. "Hot disputes aside, when a technology goes from a student project in 1991 to being part of Charles Schwab's solution to reduce processing times by 90 percent in 2004, something is working. It might be time to look beyond the numbers to the advantages Linux provides its practitioners to understand Linux growth. The advantages of Linux are: Flexibility, Security, Reliability, Total value and Future value; let us examine these in turn."
Linux at Work Linux powers robotic cow-milking machine (LinuxDevices.com)LinuxDevices takes a look at a Linux-powered robotic cow-milking system. "A 122-year-old dairy equipment company has used embedded Linux in a robotic cow-milking system (the system is robotic, not the cows). The Voluntary Milking System (VMS) allows cows to decide when to be milked, and gives dairy farmers a more independent lifestyle, free from regular milkings, the company says."
Legal Monday's Big Meeting (Groklaw)Groklaw reports on next week's hearing to review the open document plan adopted by Massachusetts. "Like you thought Microsoft's money wasn't any good any more? Kidding. Sorta But you had to know they'd try something. It looks to me like we'd all better use their software so no one gets hurt. Any government that decides to use OpenDocument Format will be sat on. At least that is how it appears to me."
Software Patents are Like Smoking (Groklaw)MySQL AB head Marten Mickos preaches to the choir in this Groklaw article on software patents. "Many companies apply for software patents for defensive reasons, thinking that if someone challenges them with a patent, they can retaliate with their own patent portfolio. But today the software industry is seeing a new breed of companies - so called patent trolls that have no other business than acquiring patents and then extracting royalties from other businesses. No patent portfolio will help against a troll, because they have no production or sales of their own that you could threaten."
Small company makes big claims on XML patents (ZDNet)ZDNet reports that a small company called Scientigo is claiming to have patented XML. "Scientigo intends to 'monetize' this intellectual property, Scientigo CEO Doyal Bryant said this week.... 'We're not interested in having us against the world. We're just looking for ways to leverage an asset; we have pretty concrete proof that makes us feel comfortable saying it is an asset,' Bryant said." The patents in question are 5,842,213 and 6,393,426.
Interviews OpenBSD 3.8: Hackers of the Lost RAID (O'ReillyNet)O'ReillyNet interviews the OpenBSD team following the release of OpenBSD 3.8. "It's release time again for OpenBSD! The upcoming 3.8 will include some wonderful features for network gurus (trunking, tracking wireless roaming users, interface groups, a new ipsec configuration tool, and failover of ipsec links), a great rework of malloc() that will provide further security protections by default, and the first version of bioctl--a universal RAID management interface."
IBM WebSphere Application Server Community Edition, Apache Geronimo, and Gluecode (developerWorks)developerWorks interviews Scott Cosby, Gluecode Transition Executive at IBM and Paul Buck, Director of Gluecode Development at IBM. "Since the acquisition of Gluecode Software in May 2005, IBM has made several code contributions and devoted technical resources to help the Apache Geronimo community reach its goal of Java 2 Platform, Enterprise Edition (J2EE) certification, a milestone that was reached in October 2005. Now, IBM is executing on the next phase of its open source application server goal, introducing IBM WebSphere Application Server Community Edition, an application server built on Apache Geronimo technology. WAS CE unveils a new business model, providing free code for use in development, testing, and deployment."
Resources The CUPS Printing System (Linux Journal)Alan Ward has written an introductory article on CUPS in a Linux Journal article. "CUPS is what its name says: a common UNIX printing system. It is aimed at providing a common printing interface across a local network, masking differences among the printing systems on each computer. I am not sure that such a system is needed in a pure Linux environment, where the standard Berkely LPD provides this functionality, but CUPS does provide interactivity with SMB and Windows printers. CUPS also allows dynamic printer detection and grouping."
Reviews PostgreSQL bootcamp at the Big Nerd Ranch (NewsForge)Juan Pablo Claude attends a PostgreSQL bootcamp and writes about it on NewsForge. "Though the living is easy at Banning Mills, the course itself is intense. The day starts at 8:30 with breakfast, and classes beginning at 9:00 sharp. The morning is spent with lessons and exercises at your computer (Mac, Linux, or your own machine if you prefer). Lunch is at noon. After lunch you typically have one more lesson and exercise, then take a brisk walk around the woods to wake up. Then the class continues until dinner at around 6:30. After dinner you are free to retire to your room if you wish, but many of us chose to return to the computer lab, where our instructor was available for questions and general chatting until quite late."
At the Sounding Edge: Music Notation Software For Linux (Linux Journal)Dave Phillips looks at music notation software in the Linux Journal. "Recently the MusicXML format has been promoted as a universal music notation file format. MusicXML has much to recommend it. It is an open and humanly readable format based on the popular XML mark-up language; it is free of cumbersome patent and royalty issues; and it already is supported in dozens of commercial and free music notation programs. If you need to move your music notation between applications or platforms, consider saving it in the MusicXML format."
Miscellaneous Nessus fork emerges (NewsForge)NewsForge reports on the emergence of a Nessus fork, GNessUs. "Tim Brown, a penetration tester for Portcullis Computer Security Limited in the UK and founder of GNessUs, said the idea to fork the project came out of conversations with colleagues in the security industry in England. Brown said that the company's move to drop the GPL for Nessus 3 was no great surprise after Tenable split the plugin streams for the software and ignored concerns by Brown and others that vulnerabilities would be missed because people refused to check the streams for either fiscal or ethical reasons. "My fork is dedicated to that community," Brown said."
'Firefox One' Launch to Celebrate 100 Million Downloads (MozillaZine)MozillaZine covers the latest Firefox publicity stunt. "polvi wrote in to tell us that a weather balloon satellite will be launched to celebrate 100 million downloads of Mozilla Firefox. The Oregon NASA Space Grant Consortium balloon satellite, dubbed Firefox One, is expected to reach a height of 100,000 feet (about 30 kilometres or 19 miles) when it's launched from the Memorial Union Quad at the Oregon State University campus in Corvallis, Oregon (north-western United States) at noon on Saturday. It will carry a payload of a large Firefox banner, a Firefox CD-ROM and a camera to "take photos of Firefox at the edge of space"."
'Firefox One' Balloon Satellite Launch a Success (MozillaZine)MozillaZine covers the successful launch of the 'Firefox One' Balloon. "The balloon carried a Firefox banner up to 100,000 feet before exploding and parachuting back to earth. This was our successful attempt at topping the 50 million download stunt."" Photos of the event are now available.
Page editor: Forrest Cook Announcements Non-Commercial announcements Bounty Source Project ManagementThe Bounty Source project management system has been launched. "Bounty Source is a new project management system for open source software that, through its task tracker, allows monetary bounties to be attached to specific bugs or feature requests. Anybody can submit a solution for a given task and, if the solution is approved by the project, collect the bounties (Bounty Source acts as the escrow to ensure that the funds are available)."
Commercial announcements Apache Geronimo Reaches J2EE 1.4 Certification MilestoneThe Apache Software Foundation has announced the release of Apache Geronimo 1.0-M5, the first fully certified release of the Apache Geronimo project's J2EE 1.4 application server. "Apache Geronimo v1.0-M5 contains a number of enhancements, including the integration of Apache Tomcat, a developer preview of the upcoming management console, and a multitude of configuration and usability improvements."
Announcing CrossOver Office Version 5.0CodeWeavers has announced version 5 of CrossOver Office, a system that allows legacy Windows applications to be run under Linux. "We have added initial support for Microsoft Office 2003, added a powerful new feature we call 'bottles', which lets you manage your Windows applications more easily than ever before, and dramatically improved the installation and execution process of nearly every Windows program."
Command Prompt launches enhances Managed ServicesCommand Prompt has announced a new support offering. "Command Prompt, the PostgreSQL Company since 1997, announced today the immediate availability of Managed PostgreSQL Services as an option to Command Prompt's standard annual support and remote management services plans."
ESP Print Pro 4.5.6 releasedVersion 4.5.6 of ESP Print Pro, a commercial cross-platform printing solution, has been announced. "ESP Print Pro 4.5.6 fixes a performance problem with large numbers of implicit classes, adds drivers for several new HP DesignJet and LaserJet printers, and adds official support for the popular Ubuntu Linux distribution."
Open-Xchange Announces New Open Source Project for GNOME Evolution ConnectorOpen-Xchange Inc. has announced an open source project to link its Open-Xchange Server with GNOME Evolution. "With the launch of its new open source project, code-named Intelligent Design, Open-Xchange is inviting developers to join in an effort to expand client support for and build a connector to GNOME Evolution. All contributions will be licensed under the General Public License (GPL) and be available for free on Open-Xchange.org, the company's open source web site."
OSV and Phase N Launch OpenOpenOffice (O3)Open Source Victoria and Phase N have formed an alliance to bring the Open Document Format to Microsoft Office. ""The amazing thing about the O3 concept is how simple it is," said key O3 developer Adam Kennedy. "Just take the Word-to-ODF filters from the OpenOffice.org suite, and put them into Office in reverse. Microsoft has made it trivial to write plugins for Office using .NET, and the OpenOffice.org team has put a huge effort into their document conversion filters. So all that's left is to connect the two together via some simple SOAP calls using C# and Perl, and then make sure it is easy for people to install into Office.""
Sleepycat Launches New Consulting Packages for Berkeley DBSleepycat Software has announced some new consulting services. "Sleepycat Software, makers of Berkeley DB, the world's most widely deployed open source developer database, today announced the general availability of four new packaged consulting services to help developers of business-critical applications get the maximum benefit from their use of Berkeley DB."
VMware Announces a Free PlayerVMware, Inc. has announced the availability of VMware Player: "a free new product that enables anyone to easily run, share or evaluate software in a virtual machine on a Windows or Linux PC".
New Books No Starch Press releases "Just Say No To Microsoft"No Starch Press has published the book Just Say No To Microsoft by Tony Bove.
Producing Open Source Software - O'Reilly's Latest ReleaseO'Reilly has published the book Producing Open Source Software by Karl Fogel. "Most free software projects fail. We don't hear much about the failures because the successful projects attract so much attention, and there are so many free or open source projects in total that even though only a small percentage succeeds, the result is still a lot of visible projects."
Master Your Palm Handheld--O'Reilly's Latest ReleaseO'Reilly has published the book Palm and Treo Hacks by Scott MacHaffie.
Tips and Tools For Taming the Wild Wild Web--O'Reilly's Latest ReleaseO'Reilly has published the book Tips & Tools For Taming the Wild Wild Web by Paul Bausch.
New PHP Phrasebook and Linux Firewalls BooksSams Publishing has published the PHP Phrasebook and Linux Firewalls, Third Edition.
Prentice Hall Launches Open Source Software Development SeriesPrentice Hall has announced the launch of its Prentice Hall Open Source Software Development Series. "Prentice Hall, the leading publisher of high-quality books for technology users, announces the official launch of the Prentice Hall Open Source Software Development Series-- with the publication of two new books for Linux programmers and administrators-- which promise to deliver "Real world code from real world applications" in each Series book."
Upcoming Events Speakers announced for FOSS.INFOSS.IN, formerly known as Linux-Bangalore, has announced a list of speakers. Just a few of those speakers include Jonathan Corbet, Andrew Cowie, Harald Welte, Volker Grassmuck, Brian Behlendorf, Rasmus Lerdorf and Alan Cox. FOSS.IN/2005 starts November 29.
OSDC 2005 RegistrationRegistration is open for OSDC 2005. The event will take place on December 5-7, 2005 at Monash University in Melbourne, Australia.
Ubuntu Love Day at UBZA Ubuntu Love Day! event will be held in Montreal, Canada on Sunday, October 30th. "Our upcoming developer summit will be keenly focused on our plans for Ubuntu 6.04 (Dapper Drake), and mostly of interest to existing Ubuntu developers... So we've dedicated an entire day to users and hopeful contributors with lots of great presentations from Ubuntu developers, and workshops to help you get involved! Whether you'd like to join the developer team or figure out how to contribute in another way, UBUNTU LOVE DAY is for you!"
Events: October 27 - December 22, 2005
Page editor: Forrest Cook Letters to the editor Letter to the editor
This letter is really addressed to you, the editors, as well as to
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Minix logo]](/images/logos/minix3-logo.gif){kind=logo}
![[TurboGears]](/images/ns/turbogears.png)