LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for January 26, 2006The Grumpy Editor plays with RockboxLast May, your editor lamented that, while his new digital audio player had a number of nice features, it also had a long list of glitches which, due to the proprietary nature of its firmware, could not be fixed. At that time, a Rockbox port for this device (an iRiver H340) was still a distant prospect. Since then, the situation has changed somewhat. In particular, on November 24, 2005, Rockbox hacker Linus Nielsen Feltzing announced his ability to play music on the H300 series. This nice little player had, at last, been cracked open and put to work running free software.Your editor took his time before giving Rockbox a try. There is something intimidating about rewriting the firmware of one's expensive electronic toy with untried new code covered in "this is experimental, only to be used by professionals and idiots" warnings. Maybe it has to do with the prospect of turning said toy into an inert paperweight and having to explain to the spouse that it will be necessary to buy yet another gadget, urgently, to replace it. But, eventually, after a suitable amount of loin girding, your editor launched into the process of generating a new firmware blob and loading it into the player. Happily, said player did not explode. The Rockbox iRiver port works by applying a patch to the standard iRiver firmware. That patch adds a special bootloader, and a few other Rockbox-specific things. Unlike the native system, most of Rockbox lives outside of the firmware; it is, instead, loaded from the internal disk. Among other things, this organization makes it easy to upgrade the Rockbox code without going through the sweaty-palms firmware flashing experience every time. The bootloader normally just grabs the Rockbox kernel from the disk and runs it. Quite a bit of effort has been put into making the bootloader robust, however. If the on-disk software cannot be found, it simply boots into the iRiver firmware. There is a power-on key sequence which can be used to get the iRiver code. The bootloader is also programmed to drop into the USB mode if the disk's filesystem is corrupted, giving the user a chance to fix things - though, since the H3xx bootloader's USB mode does not work properly yet, that feature is not as reassuring as one would hope. One might well wonder: why bother changing operating software and risking turning the player into a brick when it worked reasonably nicely before? Here are a few of the things that Rockbox brings:
The list could go on for a while, but one should not forget the nicest part of all: Rockbox is free software. Your editor did not feel particularly oppressed by the proprietary iRiver firmware, but switching to a free system still brought a sense of relief. So many things were clearly designed with the users in mind, and one knows that the rough edges (of which there are still many) can be fixed. With Rockbox, this gadget has become a living thing, rather than a set-in-stone consumer product. Rockbox would be worth running for its free nature alone, even if it weren't better in so many other regards. There is some bad news: the iRiver H3xx players are no longer being made, and iRiver's replacements are rather more closed devices. There is no Rockbox port envisioned for current iRiver players, so people are now wandering around on online auction sites in search of the few H3xx players which are still available. The good news is that Rockbox is being ported to a number of other platforms, notably the current set of iPod players. The iPod port page states: "Rockbox boots and appears to be stable on the iPod Color/Photo, the Nano and the Video. Plugins and codecs work, but there is no audio output yet." So, other than one little problem, everything looks great. As Rockbox becomes more portable, its user base is growing. Rockbox seems to have recently crossed one of those invisible lines where it becomes essentially unstoppable. There will likely come a time when some manufacturers of digital audio and video players - especially those who don't make iPods - will have to seriously consider shipping Rockbox on their gadgets. After all, why should they spend time and money creating their own software, when Rockbox is both free and better? Free software, it seems, has a good chance of taking over another category of systems. [For those H3xx owners who find standard Rockbox to be insufficiently bleeding-edge: the Rockbox H300 Optimized release is a fork with improved color support, more plugins, remote control support, a lyrics viewer, and more.]
Suits and Patents: A Report from the GPLv3 Launch ConferenceAs you approached MIT room 10-250 on Monday, January 16th, you could see the rise in prominence of the GNU General Public License simply by the presence of the "suits". Oh, some had certainly "dressed down" with the black T-shirt/turtleneck and jacket motif instead of a tie, but they were very clearly of the corporate world and a quick glance at name tags proved that: Intel, IBM, HP, Novell were all there of course, but also companies such as Hasbro and many others.To be sure, the free and open source community was well represented: Bruce Perens, Andrew Tridgell, Chris DiBona, Seth Schoen, and many other free/open source stalwarts. But you would expect them to be here, while the corporate presence was definitely a sign of the times. Indeed, as I sat waiting for the presentation to start, two corporate folks were walking up the stairs behind me and one said to the other "Oh, yeah, we are all here to watch the ground shake." The ground may not have shaken immediately, but the session began around 10am with Richard Stallman welcoming the crowd of 200+ attendees and providing a broad introduction to the GPLv3. He spoke on the overall goal of increasing the compatibility of the GPL with other appropriate licenses (such as the MIT X11 and BSD licenses) and then discussed the threats of digital restrictions management (DRM) and how it can never be compatible with the goals of free software. At the end, he introduced Eben Moglen, who proceeded to take the crowd through about an hour-and-a-half of line-by-line analysis of this first draft of GPLv3. In all my years working with free and open source software, I'd actually never heard Eben Moglen speak and it turned out to be quite an enjoyable time. With occasional wit and humor, he guided us through the new clauses and the rationale behind the changes. As others have already provided some analysis and the FSF's GPLv3 rationale document gives their view on the changes, I'll not repeat much of that. His main thrust, though, was that the changes were about the increased compatibility of which RMS spoke, as well as clarifying a number of areas in which GLPv2 was unclear or vague. There was also a good amount of effort put into trying to make the GPL more "global" in the sense that it would better comply with copyright laws of more countries. One example is the new use of the term "propagate" in Section 0 as "distribute" turned out to have some formal connotations in some countries. Moglen spent a good bit of time on the minimal "patent retaliation" clause now found in Section 2 and the reasons (explained in the rationale document) why the FSF did not go further. There was also an involved discussion of the ability to add additional permissions and requirements and how those flow on to recipients during the propagation/distribution process. Predictably, he spent a significant amount of time on Section 7, "License Compatibility", discussing what the different clauses mean with regard to the other free and open source licenses. One of the discussions I found most interesting concerned the changes to section 8 ("Termination") specifically around the "60 day" clause. GPLv2 provided for the "automatic termination" of the license if you violated it and the license also essentially required someone in violation to contact all copyright holders to obtain forgiveness for having violated the license. As the FSF was very often the one acting to aggregate the claims and help entities come into compliance, they did see the pain this requirement caused when the process of contacting all copyright holders became long and protracted. In their view, this new arrangement provides a stronger incentive for entities in violation to come into compliance quickly as it gives them some assurance that if they do comply, they will not have the threat of GPL-infringement lawsuits looming over them once the first 60 days have gone by. Another interesting addition was section 18 that speaks of the program not being tested for use in "safety critical systems". He said that at the time the GPL was first being applied, no one was thinking that free software might be used to run nuclear power plants or other systems that might have critical implications if there was a failure. This phrase was added to explicitly state that programs were not tested for these environments. However, he also said that he fully expects some companies to offer warranties (for a fee) to provide coverage for using such programs in those environments. Throughout the talk he threw in entertaining quips such as "Most of us would see the copyright law of 1897 as being better than that of 2004", "Protecting freedom is hard work!" and "That's our legal theory and we're sticking to it." He also received a great deal of laughter when he relayed that the warranty sections (now 16 and 17) were not changed at all - except that he moved them from being all in uppercase. He said that he had yet to find a lawyer who could explain why they were all putting warranty provisions in all caps and that it seemed to be something people were just doing because everyone else was. So he decided for the sake of readability to make the change. Moglen concluded his presentation with a moving comment on the "spirit" of the license and the overall need to preserve "the spirit of tinkering, of hacking, of making an unexpected invention out of the materials lying around". He spoke of this revision process as trying to keep the GPL safe, make it bigger and add more people to the discussion - and with that he invited people to become part of the process. He turned the floor back to RMS who said a very few final words and then opened it up for questions. Predictably, the questions came quite quickly and were mostly about... patents. Two clauses received the most questions. The first was the "patent retaliation" clause in Section 2 and the second was the part of Section 11 which says that, if you distribute a work "knowingly relying on a patent license, you must act to shield downstream users against the possible patent infringement claims from which your license protects you." The response on this latter part from Eben Moglen was that they are not looking to require companies to search all their patents to ensure they are not infringing before distributing work, but more to prevent people from distributing work that they know requires a patent license which they may already have, but which the people who receive their work will not. He went on to say that this clause really only applies to a very small number of people and companies and that he looked forward to working with them to make sure this clause works well. Beyond the patent questions, there were questions about the 60-day notice, the DRM provision and some general questions about the process of moving from GPLv2 to GPLv3. Overall it was a very useful, interesting and intense morning session. My one critique of the FSF conference would be what happened next. As we broke for lunch, a subset of the participants (including many of the corporate folks and high-profile members of the free/open source community) apparently went off to separate "discussion groups" to which they were specifically invited. That left the rest of us (myself included) returning from lunch around 1:30pm to face a "Q&A session" with FSF Executive Director Peter Brown, FSF web/wiki coordinator John Sullivan and a young FSF staffer/volunteer who did not identify himself. After a brief statement around the process that would be starting how to comment online, the floor was opened for questions... many of which could simply not be answered. I don't really fault the three of them. They tried as best they could to answer some of the questions, but they were definitely out of their element. The questioners wanted to ask specific points about the license and clearly needed RMS and Eben Moglen to be there. After a bit, Peter Brown tried to direct the questions away from the license draft and toward the process, asking for other questions to be held until Eben Moglen could return around 3 or 3:30pm. The frustration was visible in a number of the folks there. I do understand that the FSF was trying to make use of the fact that it had all of these various folks in one physical location and certainly a room of 200 people is not a great way to get a large quantity of feedback. Small groups work far better for that type of thing. I also know that numerous media personnel were there and that RMS and Eben Moglen needed to spend some time with those folks. Still, given that the published agenda said that the afternoon session was for "Q&A" with no mention that RMS and Moglen would not be there, it was a bit frustrating to learn that it was not the type of Q&A that most attendees wanted. Having said all that, there were some very good questions raised during this afternoon session. Patents were raised again several times, but a question was also asked about the definition of "Complete Corresponding Source Code" in Section 1 where it includes "any encryption or authorization codes necessary to install and/or execute the source code". The specific concern was about whether code could be encrypted with GnuPG for sending, but I failed to understand the issue as to my mind you would be encrypting it with the recipient's key, so they would already have it. Far more of a concern for a few questioners, though, was the requirement in Section 6b that you will make available your source code on a "durable physical medium customarily used for software interchange." The concern was that solo developers might have to get into the business of stamping out CDs to distribute source code. It was pointed out by someone there that, per Section 6d, one easier way to comply was simply to offer a download. Still the concern persisted. Interestingly, Eben Moglen stated in his earlier presentation that this phrasing had been inserted primarily so that an entity could not "give you the source code" by giving you a printout, which he indicated was a possible way to comply in GPLv2. Now, you must be able to receive the source code in a fashion where you can use it electronically. All in all, and even with my critique, it was well worth spending the day at MIT and I certainly think the FSF is to be commended for starting this revision process in such an open manner. While I was unable to attend the second day of the conference, I am sure that it was quite involved, as this is, for all of us, only the start of a conversation that will last most of a year. The GPL is incredibly important in this day and age and all of us should definitely monitor this first revision in 15 years, and get involved as much as we are able. The suits will be there - will you?
Ugly legislation in the U.S.While the European software patent debate starts to warm up yet again, legislators on the other side of the Atlantic (where software patents are nothing new) are working at restricting freedom in different ways. In particular, this week saw the return of the broadcast flag, in the form of the digital content protection act of 2006 [PDF]. The purpose of this law is stated as:
To authorize the Federal Communications Commission to limit the
unauthorized copying and indiscriminate redistribution of digital
audio and video broadcast content over digital networks.
Remember that, in the last episode in the broadcast flag epic, a federal court had concluded that the FCC, created to regulate access to the airwaves, had no authority to control the behavior of receivers. So the current proposal aims to "fix" that problem by making the FCC's authority explicit. Under this law, the FCC would be empowered to regulate digital TV receivers, and its previous broadcast flag rulemaking would be explicitly ratified. A separate section gives the FCC authority to regulate "digital audio receiving devices" as well. Just in case the FCC might change its mind, the bill also contains language requiring that broadcast flags in particular be used "to protect digital audio content." This technology must also:
(b) permit customary historic use of broadcast content by consumers
to the extent such use is consistent with applicable law;
As others have pointed out, this is an interesting bit of language. Broadcast flag technology is not required to respect fair use or to protect any other rights "consumers" have under copyright law. Instead, it must protect "customary historic use." Given the fuss the entertainment industry has been raising for so many years, it is tempting to say that "customary historic use" includes widespread recording, copying, and redistribution of content. But that is not what the forces behind this bill have in mind, of course. What they do have in mind is a world where nothing new can be done. If it's not "customary historic use," it can be prohibited. Not that long ago, recording television programs to watch them at a more convenient time was not customary - nobody had VCRs yet. It would not be surprising to see an argument that putting music on a digital audio player is not "customary historic use." Certainly putting one's music onto the hard drive of one's Linux system in order to create podcasts or other interesting derived works is not "customary historic use." The broadcast flag already rules out the use of Linux systems to do anything with digital content; free software, being free, cannot meet the "robustness requirements" specified in the broadcast flag regulations. But, even if that hurdle could be overcome, the "customary historic use" provision will make it impossible to do anything new and interesting, on Linux or on any other system. It is an attempt to freeze time and give the industry a veto power over any new ideas that come along. Also to be found in this bill is a requirement for "secure moving technology," defined as:
(b) "Secure Moving Technology" is a technology that permits content
covered by the Broadcast Flag to be transferred from a broadcast
receiver to another device for rendering in accordance with
customary historic use of broadcast content by consumers to the
extent such use is consistent with applicable law and that prevents
redistribution of copyrighted content over digital networks.
In other words, the FCC's new authority would go beyond receivers to any other device to which an receiver might be connected. The FCC will be authorized - and expected - to require DRM for any device which might touch digital content. And such DRM need only allow "customary historic use." The EFF is encouraging letters to Congress in opposition to this bill. An older proposal, meanwhile, is the "analog hole" bill [PDF]. This law would require video devices with analog outputs to incorporate the CGMS-A DRM and VEIL watermarking schemes. With the combination of the two technologies, the industry hopes to prevent "consumers" (that's us) from doing anything interesting with any analog signals we might be able to coax out of our shiny new, DRM-equipped entertainment boxes. Ed Felten recently decided to look at VEIL to get a sense for what is truly being mandated. As it turns out, he was not able to. In order to have a look at the VEIL specifications, he would be required to sign a non-disclosure agreement, and pay $10,000 as well. And that only for the decoding side of the specification. So the "analog hole" law mandates the use of secret technology; there will be no opportunity to debate the merits (or lack thereof) of this technology during the lawmaking process. All this leads Mr. Felten to wonder: do the members of Congress behind this bill (or even their staff members) have any idea what they are legislating? It is bad enough that this law would make it impossible, for example, to put together a MythTV box. But the imposition of secret technologies is undemocratic at best. In this case, too, members of Congress would benefit from well-written input from the people they are said to represent.
Security Anonym.OS: providing internet anonymityInternet anonymity has started to become a mainstream issue, even covered by the New York Times (registration required) and a newly released project is specifically geared towards providing users with a safer, more anonymous, internet experience. Anonym.OS is an OpenBSD-based live CD that attempts to provide the average user with the same levels of privacy that are available to more technically savvy users.Anonym.OS uses a variety of techniques to provide security and anonymity, starting with changing the TCP parameters to give the impression that it is running Windows XP in order to blend in. It provides very strong firewall protections, disallowing any inbound traffic and only allowing encrypted and/or anonymized traffic outbound. Tor (aka The Onion Router) provides the underlying infrastructure for anonymity by routing TCP packets through random nodes in the Tor network, with separate encryption for each hop in the route. This routing makes it difficult to determine where a particular Tor client is connecting to (or from), though large adversaries who can monitor large sections of the net can still use statistical correlations of the packet timings to determine source and destination as described in the Tor FAQ. Another component of Anonym.OS is Privoxy, which is a web proxy that provides a variety of privacy features such as cookie management, 'web bug' disabling, and bypassing various click-tracking scripts. Privoxy also provides DNS lookup anonymity to mask which domains a user is looking up. After booting and configuring a root password, network parameters and the like, Anonym.OS presents a standard looking desktop with Firefox, Thunderbird and Gaim as icons. These applications will use Tor and have been configured to promote privacy, particularly in Firefox, by alerting about cookies and not saving passwords or form data. The user experience is fairly slow, largely because of Tor, but loading programs from the CD also seems to take quite a while. Anonymity is not free nor particularly fast. Web pages take roughly 5-10 times as long to load and ssh sessions remind one of the glory days of 110 baud acoustic coupler modems. Tor is a work in progress and will likely get faster and find ways to make interactive (ssh) performance better but taking multiple hops through the network is always going to have a cost. There are two Linux based projects with similar goals, and which also use Tor: Phantomix based on KNOPPIX, and ELE based on Damn Small Linux. Because of its vaunted "security by default", OpenBSD advocates would probably scoff at using Linux for a system of this sort, but the same software and techniques used by Anonym.OS are available for Linux. Anonym.OS is clearly a boon for people with a strong need for anonymity on the internet and who either do not have the technical ability to set this up for themselves or who may use computers that are not under their control. Anonymous bloggers, folks who are worried that their government might get access to web logs from their favorite search engine, whistleblowers and others who might aggravate large, deep-pocketed organizations could certainly find a use for Anonym.OS. One does need a strong reason to do so, however, as using it can be very slow and painful.
New vulnerabilities crawl: insecure program execution
flyspray: missing input sanitizing
imagemagick: arbitrary command execution
kdelibs: heap overflow
kernel multiple vulnerabilities
OpenSSH: double shell expansion
tetex: integer overflows
trac: missing input sanitizing
Updated vulnerabilities albatross: design error
antiword: insecure temporary file
apache: cross-site scripting
auth_ldap: format string vulnerability
blender: integer overflow
bzip2: race condition and infinite loop
ktools: buffer overflow
ClamAV: arbitrary code execution
cpio: arbitrary code execution
curl: buffer overflow
cyrus-imapd: buffer overflows
dia: missing input sanitizing
emacs21: format string vulnerability in "movemail"
enscript: arbitrary code execution
evolution: format string issues
fetchmail: multidrop bug
ffmpeg: buffer overflow
firefox: multiple vulnerabilities
Foomatic: Arbitrary command execution in foomatic-rip
FUSE: mtab corruption through fusermount
gaim: buffer overflow
gdb: multiple vulnerabilities
gdk-pixbuf: multiple vulnerabilities
gedit: format string vulnerability
gettext: Insecure temporary file handling
grip: buffer overflow
groff: insecure temporary directory
gzip: arbitrary command execution
imap: buffer overflow in c-client
ipsec-tools: denial of service
kdebase: local root vulnerability
kdelibs: kate backup file permission leak
kernel: multiple vulnerabilities
kernel: multiple vulnerabilities
kernel: multiple vulnerabilities
Kolab Server: broken email-signatures or attachments
libconvert-uulib-perl: arbitrary code execution
libdbi-perl: insecure temporary file
libgadu: memory alignment bug
libgd2: buffer overflows in PNG handling
libnet-ssleay-perl: weakened cryptographic operations
libpam-ldap: authentication bypass
libTIFF: buffer overflow
libungif: memory corruption
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
libXpm: new buffer overflows
lynx: arbitrary command execution
mailman: denial of service
mantis: multiple vulnerabilities
mod_auth_pgsql: format string flaws
mod_python: remote access vulnerability
mysql: low-impact security fix
nbd: arbitrary code execution
ncpfs: multiple vulnerabilities
nfs-utils: arbitrary code execution
novell-nrm: heap memory corruption
ntp: uses wrong gid
openmotif: buffer overflows
openssh: GSSAPI credential disclosure
otrs: multiple vulnerabilities
pcre3: arbitrary code execution
perl: setuid vulnerabilities
perl: symlink vulnerability
perl: integer overflow
phpbb2: multiple vulnerabilities
phpMyAdmin: multiple vulnerabilities
postgresql: database initialization errors
pound: HTTP Request Smuggling Attack
pstotext: remote execution of arbitrary code
Py2Play: remote execution of arbitrary Python code
scorched3d: multiple vulnerabilities
scponly: privilege escalation
spamassassin: denial of service
squid: authentication handling
struts: cross-site scripting vulnerability
sudo: vulnerability via scripts
sudo: missing input sanitizing
sudo: race condition
sun-jdk: applet privilege escalation
File overwrite vulnerability in tar and unzip
tcpdump: multiple DoS issues
texinfo: temporary file vulnerability
tuxpaint: insecure temporary file
ucd-snmp: denial of service
udev: insecure files in /dev/input
up-imapproxy: format string vulnerabilities
uw-imap: buffer overflow
vixie-cron: crontab allows any user to read another users crontabs
w3c-libwww: possible stack overflow
wine: Windows WMF vulnerability
xine-lib: buffer overflows
xine-ui - insecure temporary file creation
xloadimage: buffer overflows
xorg-x11: heap overflow
xpdf: buffer overflow
xpdf: heap overflows
xpdf: denial of service
xpdf: integer overflows
zlib: buffer overflow
Resources Getting Started with Multi-Category Security (MCS)James Morris has put up a look at multi-category security from an administrator's point of view. "In a corporate environment, categories could be used to identify documents confidential to specific departments, or being covered under certain NDAs. So, when jose prepares a report on payroll statistics for the month, he can label it as 'Payroll', which will not be accessible by lara, who only has access to the 'Finance' category."
Privacy for People Who Don't Show Their Navels (NY Times)The New York Times (registration required) has published an article about privacy technologies, with a special mention of Tor. "'I get the feeling it's going up,' said Roger Dingledine, Tor's project leader. 'But one of the features I've been adding recently,' he said, enhances anonymity protection by making it harder to count downloads of the software. Still, the number of servers forming layers in the Tor network has risen to 300 from 50 in the last year, Mr. Dingledine added."
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch remains 2.6.16-rc1. A handful of fixes has appeared in the mainline git repository, including a few new features (see below).The current -mm release is 2.6.16-rc1-mm3. Recent changes to -mm include more semaphore-to-mutex conversions, two-column stack backtraces on i386 (to make oops traces fit on one screen), various memory management tweaks, the SMP alternatives patch, and lots of fixes.
Kernel development news Quotes of the week
The Linux kernel is under the GPL version 2. Not anything else. Some
individual files are licenceable under v3, but not the kernel in general.
And quite frankly, I don't see that changing. I think it's insane to
require people to make their private signing keys available, for example.
I wouldn't do it. So I don't think the GPL v3 conversion is going to
happen for the kernel, since I personally don't want to convert any of my
code.
I am against personal attacks and this is the first time where it
tooks more than a day before LKML people started with personal
attacks against me. So in principle this is some sort of progress
compared to former times.
The 2.6.16 straggler listThe release of 2.6.16-rc1 was supposed to signal the closing of the window for new features. For the most part, things have happened that way. A few additional features did find their way in after 2.6.16-rc1 came out, though. Here is a quick list.
At this point, the 2.6.16 merge window can truly be considered closed; the feature set for this release is probably complete.
Review: Understanding Linux Network InternalsThe net/ directory tree in the Linux kernel source is an intimidating place. We all use the kernel's networking features, but even experienced kernel hackers often hesitate to wander into the code which implements those features. To many, the networking stack is a black box, maintained by a distinct set of developers who keep many of their secrets to themselves. There is little documentation on how Linux networking is implemented, adding to the challenge of understanding how it all works.
Let's get one pet peeve out of the way immediately: any kernel book should disclose, on the cover, which version of the kernel is covered. As LWN readers know well, things change quickly in the kernel. A book which covers one version will likely be obsolete in many places a few versions later. If a kernel book does not include version information, there is no way to know which reality it matches or whether it will be even remotely relevant to current kernels. In the case of this book, there is no word anywhere regarding which version is covered. It is clearly a 2.6 book, but that is all we know. Your editor has come to the conclusion from his reading that the book was a long time in the writing (not surprising: the subject matter is complex, and the book is over 1,000 pages long), and that, if an effort was made to make it consistently current for a specific kernel version, that effort was incomplete. The section on interrupts, for example, presents the old prototype for interrupt handlers last seen in the 2.5.68 kernel. Other parts are much more current. The book is a bit of a patchwork in that regard. And in other regards as well. Some parts of the book seem to want to be a programming manual - to the point that the slab cache functions (kmem_cache_create() and friends) are presented on page 4. Page 13 talks about the likely() and unlikely() constructs. Yet, in other areas, detail is much more scarce, and there is no complete discussion of how to write code for the kernel. And (another pet peeve of your editor's) the issues of concurrency and race conditions are passed over almost completely. Similarly, the section on network device drivers offers a great deal of information on device registration, queueing discipline bits, notifiers, power management, ethtool, dealing with the PCI bus, module initialization, and more. There is even a section on how bottom halves worked in the 2.2 kernel. But there is almost no information on how to write transmit and receive functions. At one point the author writes "This chapter does not strive to be a guide on how to write NIC device drivers." No problem, there are (ahem) other books which cover that ground. But then why bother with things like PCI device registration? This book does contain a great deal of information. It may pass over driver transmit and receive functions, but it does cover packet transmission and reception in the higher levels of the networking stack in some detail - and that is just what one would want. There is a long section on IPv4 and ICMP, and quite a bit of information on the complicated "neighbor" code (the ARP protocol and such). The last major section is on routing. Stuffed into the middle is a 110-page section on the bridging subsystem. Networking is a large area, and a large part of the kernel, so it is hard to cover everything even in a 1000-page book. So some important things were left out of Understanding Linux Network Internals. These include TCP, IPv6, IPsec, netfilter, traffic control, and several other topics. And that leads to your editor's last, and perhaps biggest complaint. The inconsistent focus and somewhat irregular choice of topics seen at the lower levels is also present in the large scale. Your editor would have happily traded the four chapters on bridging for a solid overview of how the TCP protocol works in Linux, and your editor suspects that he is not alone. Netfilter and traffic control, perhaps, merit a book of their own, but maybe some of the other chapters could have been tightened up enough to make room for an introduction to IPv6 or IPsec. So it is hard to recommend this book in an unreserved fashion. That said, there is a great deal of useful information to be found in Understanding Linux Network Internals, and your editor is glad to have it on his bookshelf. It has already come in useful a couple of times while trying to figure out how parts of networking-related patches work. So this book is a welcome addition to the body of kernel-related documentation, even if it is not everything one might wish it would be.
MD / DMThe Linux software RAID code (often called "MD" for "multi-device") is a longstanding feature of the kernel. RAID users appreciate its robustness, configurability, and the fact that it performs well; better performance than that achieved with hardware RAID controllers is not unheard of. In recent years, little has been heard about the MD code, however. Its feature set has changed slowly, and developments with the device mapper code have taken a higher profile. That, perhaps, is as it should be; a storage subsystem which attracts attention is rarely a good thing.That said, MD hacker Neil Brown has been busy. His latest patch set implements RAID5 reshaping: the ability to add devices to a RAID5 array without going through a backup and restore cycle - or even shutting the array down. This is a nontrivial task; adding a drive to a RAID5 array requires redistributing data and parity blocks across the entire array. With this version of the patch, Linux MD can not only perform this task, but it can do it while still handling normal I/O to the array. The new patch also checkpoints the process, so that it can be restarted if interrupted in the middle; this corrects a minor defect in the previous version, wherein interrupting the reshaping task would cause all data in the array to be lost. Neil notes that things could still go wrong:
There is still a small window ( < 1 second) at the start of the
reshape during which a crash will cause unrecoverable corruption.
My plan is to resolve this in mdadm rather than md. The critical
data will be copied into the new drive(s) prior to commencing the
reshape. If there is a crash the kernel will refuse the reassemble
the array. mdadm will be able to re-assemble it by first restoring
the critical data and then letting the remainder of the reshape run
it's course.
Neil has various other enhancements in mind, including the ability to upgrade a RAID5 array to RAID6 (which increases fault tolerance by adding another set of parity blocks). Quite a bit, clearly, is happening in the MD world. All this activity drew queries from a couple of observers who had, it seems, assumed that the addition of the device mapper to the kernel meant that the MD code would eventually whither away. The device mapper can handle some of the lower RAID levels (mirroring and striping) now, and there is work in progress to add RAID5 support. Since the device mapper is a general framework for mixing and matching drives, it makes sense to some that the RAID functionality should move there too. Unsurprisingly, Neil disagrees. His suggestion is that "anything with redundancy," including RAID5 and RAID6, is best handled in the MD code. The device mapper, instead, is good for fancier arrangements like multipath, encryption, volume management, snapshots, etc. Certainly, those who are placing trust in RAID for redundancy should be comforted by the rather longer track record built up by the MD code. MD is also said to be faster than the device mapper at this time. As others have pointed out, however, there is a cost to carrying multiple RAID implementations in the kernel. Each must be maintained, and each will have its own unique bugs to contribute to the whole. So, as the device mapper develops higher-level RAID capabilities, it would be nice if some of the core code could be shared between MD and DM. Making that happen, however, will require developer effort - and it's not clear that any hackers are interested in doing that work at this time.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Janitorial
Memory management
Architecture-specific
Page editor: Jonathan Corbet Distributions News and Editorials Slowing down Fedora CoreA discussion has been going on in the fedora-devel list, starting with this post from Gilboa Davara, requesting that Fedora Core 4 (FC4) remain supported, by the Fedora Project, until FC6 is released.Last week FC3 went into maintenance mode with the Fedora Legacy Project, just as FC5 Test2 was released, as has been the typical schedule so far. The final FC5 release is scheduled for mid-March, about two months away. According to this proposal, beginning with FC4, the Fedora Project would be responsible for supporting two releases while finalizing a third release. This would delay a transfer to Fedora Legacy for a few months and a few more bug fixes. Most of all, this proposal is an expression of concern about the Fedora Legacy Project's ability to support old releases. It is true that a Fedora release does not receive the same level of support once it is transferred to Fedora Legacy. When the Fedora Project supports a release, they provide security updates, bug fixes, and occasionally upgrades and enhancements for various packages. These package updates can be seen in each weekly Distribution page, in the Package updates section. The Fedora Legacy Project provides security updates only. So the level of support from Fedora Legacy is a bit less than that from the Fedora Project, but if it is only for a few months how much does that really matter? As long as your stable system can remain secure until you are ready for an upgrade, a few bug fixes aren't going to matter much. The volunteers building security updates for Fedora Legacy are competent and first and foremost they are building updates for themselves. They have a vested interest in making sure these updates work. Others should be able to benefit from their work, but those who want more from Fedora Legacy are encouraged to participate. Fedora Legacy is a community project, so those who want more from the project should be prepared to help accomplish their own goals. It is also true that Fedora Legacy had a hard time getting up to speed. Early releases came into the Legacy project with large numbers of outstanding security problems. Both Fedora and Fedora Legacy have had some severe growing pains, and they are not finished ironing out the process. This transition was smoother than the last; FC3 has very few outstanding security issues. We should expect that as FC4 moves into its Legacy status, the process will be even smoother, especially if more people get involved and help out. Some users expressed distaste with the word "legacy". The dictionary definition:
1. Money or property bequeathed to another by will.
2. Something handed down from an ancestor or a predecessor or from the past seems to capture the meaning of Fedora Legacy quite well, but for those who have worked on "legacy systems" this distaste is understandable. Many suggestions were given for changing the name of Fedora Legacy to something more palatable. Some of the suggestions were not bad, but ultimately people should ask themselves if they would rather have Fedora Legacy volunteers keep busy by updating the documentation, website, mailing list, and so on, to reflect a name change; or would their time be better spent maintaining the project's five currently supported releases (Red Hat Linux 7.3, Red Hat Linux 9, FC1, FC2 and FC3)? I would chose the later. A more serious concern is that the process of moving to Fedora Legacy is difficult, or at least less than obvious. To begin with, users need to be aware that the status of their system has changed and that is time for them to make a decision of some kind. Should they decide not to upgrade, the move to Fedora Legacy requires that they change some configuration files to look at different repositories. There is nothing automatic about the process. A conscious decision must be made to either upgrade to the next Fedora release, or get support from Fedora Legacy. Users who wait for the little update icon to appear may unintentionally leave their systems at risk. The Fedora Legacy Project is not insensitive to these concerns. Jesse Keating has proposed some changes for Fedora Legacy that will make an easier transition for users who want to continue running older releases. Fedora Legacy has come a long way since FC2 came into its care. It can be, and should be, even better by the time FC6 test2 is released and FC4 moves into its purview. Fedora Core was envisioned as a fast moving distribution. Already it has slowed down, from six months between releases to nine+ months between FC4 and FC5. For those who like a slower pace, there are plenty of slower paced distributions available and for diehard Fedora fans, there is the Fedora Legacy Project. For those people who argue that they should be able to skip a release and go from a supported FC4 to a supported FC6, ask yourselves this: would you really switch to FC6 on the day it's released? More likely you'd be asking for another month, and then another month after that. Meanwhile many Fedora users are happy with the current pace and would prefer that Fedora engineers spend the time between FC6 test2 and FC6 polishing FC6, not squashing old FC4 bugs. Warren Togami expressed it quite well:
I strongly believe that an important goal of Fedora is rapid forward
progress in Open Source Software. That is where the Red Hat engineers
should be focusing their time and energy.
Fedora is supposed to be a community project, and Legacy is where fate of an older distribution is put within the hands of the community. If there is sufficient interest in maintaining a distro, then Legacy will keep it alive. If a given distro falls into disrepair, then the decision will eventually be made to retire it in order to better allocate resources on distributions that the users care more about. Fedora Core should remain fast-paced. When Fedora engineers are concentrating on finalizing a release they should not be burdened with maintaining two other releases. Fedora Legacy is working and it can and will get better, especially if more people volunteer their time to help. If Fedora is too fast paced for you, and you can't or won't help the Legacy project achieve your goals, find another distribution that moves at a slower pace. I have little list that might be helpful in that regard.
New Releases SUSE Linux 10.1 Beta1 ReleasedThe latest openSUSE release, SUSE Linux 10.1 beta 1 "Agama Lizard" is ready for testing. Click below for a list of known issues. "Created within the openSUSE project, SUSE Linux 10.1 is designed for individuals looking to work with latest open source technologies -- a stabilized Linux operating system, solutions for desktop productivity, application development, web hosting, security and more completely integrated to make the world's most usable Linux. SUSE Linux 10.1 supports the Intel and AMD x86 and x86-64 platforms as well as the PowerPC platform."
Edubuntu flight 3 CDEdubuntu joins Ubuntu and Kubuntu with a Flight 3 CD. This is a milestone release in the Dapper development cycle, suitable for testing.
Distribution News Mentors for the Ubuntu-Women teamThe Ubuntu-Women team is looking for mentors. "As a mentor you will be the role model who will be interacting with the new entrant/s along technical lines like bug triaging, writing patches, coding or packaging and testing, depending on their area of interest and yours."
Upstream Version Freeze for UbuntuThe Upstream Version Freeze for Ubuntu 6.04 (Dapper) is currently in effect. The first phase of this progressive freeze means that no new upstream versions of packages should be uploaded without prior approval, and automatic package syncs from Debian will be disabled.
New Distributions NetBSD live CDThere is a new NetBSD based live CD available. NeWBIE stands for (Ne)tBSD (W)are (B)urned (I)n (E)conomy. This distribution caters to the desktop-user (i.e. with applications for web browsing, chat, multimedia, document editing, etc) but will also serve as a core for creating a NetBSD-based live CD for network security auditing.
Distribution Newsletters Debian Weekly NewsThe Debian Weekly News for January 24, 2006 covers a call for help with bug triage from Debian GNOME users, installing Debian sarge on a logical volume (LV) that resides on a number of disks merged together with RAID, the Kaffe compiler transition, web forums for Debian?, the draft GPLv3, and several other topics.
Fedora Weekly News Issue 30The Fedora Weekly News for January 23, 2006 is out. This week's articles include Announcing Fedora Core 5 Test 2, Fedora Core 3 Transferred to Fedora Legacy, FUDCon Delhi 2006 in India, Meeting Minutes for Fedora Ambassadors, Review: Looking Forward: Fedora Core 5, and more.
DistroWatch Weekly, Issue 135The DistroWatch Weekly for January 23, 2006 is out. "The developers of Fedora, SUSE and Ubuntu have moved one step closer to reach their goals during the past week when new test builds were announced by the three projects. SUSE's development process will now accelerate dramatically, while Red Hat has hinted on returning to a 6-month release cycle after Fedora 5. Also in this issue: the parent company of Turbolinux under investigation, features of SecureAPT, PCLinuxOS unveils a new web site, and AGNULA loses funding. Finally, we interview Alan Baghumian, the developer of Parsix GNU/Linux and one of the most enthusiastic and energetic Linux supporters in the Middle East."
Package updates Fedora updatesFedora Core 4 updates: autofs (include the latest stable patches), cdicconf (added gtk+-devel to BuildRequires), hal (fix some unicode issues), flex (apply a bugfix-fixing patch), logwatch (bug fixes), umb-scheme (bug fixes), texinfo (rebuilt for FC4), hal (copy filenames with utf-8 chars to FAT formatted floppy disks), dhcp (bug fixes), system-config-soundcard (backported fixes from devel branch).
Mandriva updatesMandriva has updated hwdb-clients for versions 10.1, 10.2, Corporate 3.0. This webmin update fixes a MySQL init script issue in version 2006.0.
Trustix updateTrustix Secure Linux has updated postgresql to a new upstream version for TSL versions 2.2 and 3.0.
Newsletters and articles of interest Choosing a desktop Linux distro (DesktopLinux)With so many Linux distributions out there, picking the one for you can be tough. DesktopLinux attempts to narrow the choices based on some common criteria. "I think the best Linux desktop is the one that's best for a particular person based on their needs and level of Linux expertise. So, the next time someone asks you that question, I suggest you reply with a couple of questions of your own. For example, you could ask, "Do you want to replace Windows? For home? For work? Are you interested in Linux because you want to get some new life out of an old system? Do you just want to mess around with Linux?""
Distribution reviews Review: Atomix Linux 3.2 (Linux.com)Linux.com has a review of Atomix Linux. "One of Atomix's strengths is its multimedia support. MPlayer (and a package of additional skins) is available for displaying content in DivX format, and Atomix includes Xine for playing DVDs. If you decided during installation to install the video players package, you will get libdvdcss, so you will be able to watch commercial DVDs by default."
Page editor: Rebecca Sobol Development The GNOME NetworkManager AppletEvery once in a while, your author stumbles across a really useful piece of software. It all started when I decided to do some experimentation with 802.11g wireless networking. I procured a Linksys WRT54G-v4 router, borrowed a Windows XP box to get the router going, connected it to my LAN and was "on the air". This router happens to allow uploading of open-source firmware, I plan on experimenting with that after I become comfortable with the technology in its native state.![[NetworkManager]](/images/ns/networkmanager.png)
The other end of my limited wireless network involves a desktop PC with a D-Link Air Plus Xtreme G DWL-G520 wireless card and a Hawking Technology directional antenna with 7db of gain. The antenna is an optional accessory that is useful for extending the range of the wireless connection. The desktop machine also has a wired 100-T ethernet card. The remote machine is running the Ubuntu "Breezy Badger" (5.10) distribution and the GNOME desktop. Ubuntu is fairly new to me, and I decided to see how far one could get with the GUI-based networking tools. I was able to simply plug in the D-Link card to the machine and boot, the card was auto-detected. In a similar experiment with a Fedora Core 4 system, the card was not detected. The GNOME network configuration tool is fairly straightforward, just click on the desired wireless interface and tweak the properties. It is sufficient for connecting the machine to a single wireless network, but becomes painful when experimenting with connections to multiple networks. Switching to a different network involves several minutes of waiting, and the signal strength information is missing. I want to be able to rotate my directional antenna in order to get the best signal on distant networks. The wireless-tools package contains the command line utility iwlist, which dumps out a bunch of information for each network that is in reception range. This can be useful for finding basic signal strengths, and seeing which channels are in use in your area. I configured my Linksys box to work on an unused channel. Enter NetworkManager. The Ubuntu package description for NetworkManager says:
NetworkManager attempts to keep an active network connection available at all
times. It is intended only for the desktop use-case, and is not intended for
usage on servers. The point of NetworkManager is to make networking
configuration and setup as painless and automatic as possible. If using DHCP,
NetworkManager is _intended_ to replace default routes, obtain IP addresses
from a DHCP server, and change nameservers whenever it sees fit.
To connect to a wireless network, just left-click the mouse on the network manager applet, and pick a network from the available list. Right clicking the applet brings up a list of configuration options. My neighborhood has an ever-changing number of wireless networks, most of them are configured with keys, a few of them are wide open. Keyed networks require you to enter the appropriate pass phrase.
After the network has been selected, the NetworkManager applet
lights up one, then two virtual LEDs to signal the steps in the
connection process. A progress bar and a fun spinning
comet are also displayed in the applet while connecting.
Once you successfully connect to a network, the applet icon will change
into a set of four signal strength bars, these change up and down
with the signal strength. Placing the mouse over the applet also
displays a numerical signal strength value, I leave my mouse in
this position and slowly rotate the antenna for best results.
NetworkManager has the ability to detect and auto-switch to a wired ethernet. This makes it especially useful for laptop users who frequently move between home, work and the internet cafe. Areas for improvementWhile very useful, NetworkManager is also fairly experimental software. The documentation is currently very sparse. It took a significant amount of digging to figure out how to get the nm-applet to show up on the desktop. (Hint: System->Preferences->Sessions->Startup Programs->Add).The signal strength display can be used for optimizing the antenna direction, but it is just slow enough to make this process painful. The update time is in the order of several seconds. This may be a limitation of the hardware. It would be nice if the channel number was displayed in the list of networks. Playing with the GNOME network configuration tool while NetworkManager was running caused my machine to hang, this isn't too surprising considering the various processes that are contending for the same resources, but it is nonetheless a "bad behavior". NetworkManager scores highly as a functional tool for automating the process of switching between wired and wireless networks, your editor plans on keeping this application around. Addendum: RedHat Magazine published a very informative article in January of 2005 entitled Introducing NetworkManager.
System Applications Database Software moodss 21.0 releasedVersion 21.0 of moodss, a graphical monitoring application, has been announced, it adds new database monitoring capabilities. "By finding the best of powerful statistical models, using sophisticated methods such as ARIMA (AutoRegressive Integrated Moving Average) and artificial neural networks, *moodss* 21.0 can now predict the future behavior of data cells, from their history recorded in a SQL database. The new predictor tool, obviously ideal for capacity planning, will also allow, in upcoming releases, a system administrator to receive emails such as "on server foo.bar.com, the disk sdb is likely to become full in 3 weeks"."
PostgreSQL Weekly NewsThe January 22, 2006 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL database news and resources.
Interoperability Samba 4.0.0TP1 Available for DownloadVersion 4.0.0TP1 of Samba has been announced. "Samba 4 is the ambitious next version of the Samba suite that is being developed in parallel to the stable 3.0 series. The main emphasis in this branch is support for the Active Directory logon protocols used by Windows 2000 and above. Samba 4 is currently not yet in a state where it is usable in production environments."
Security nepenthes 0.1.6 released (SourceForge)Version 0.1.6 of Nepenthes has been announced. "Nepenthes is a low interaction honeypot designed to catch and store worms. The new version 0.1.6 offers some *major* improvements in recognizing shellcodes and compiling the code on different plattforms and operating systems."
Web Site Development Gallery 1.5.2 Release (SourceForge)Version 1.5.2 of Gallery, a web-based photo gallery application, is available. "This release fixes a possible XSS security problem, fixes bugs (including those found in all of the preview releases), and introduces several cool new features: image maps and downloading albums as zip files."
Silva 1.5 beta 1 releasedVersion 1.5 beta 1 of Silva, a web content management system, has been released. "Silva 1.5 is the first Silva release that really starts using Zope 3 technology in the core, and is the first step in a longer evolution. It does not have a lot of externally visible feature changes, but focuses on making Silva work with Zope 2.8 and Five 1.2."
Desktop Applications Data Visualization Titus' PyX Tutorial for Gnuplot UsersTitus Winters has written a tutorial on the use of PyX, the Python graphics package. "At some point, it is bound to happen. Gnuplot is wonderful, but there comes a time where it just doesn't quite have the power that you need it to have. Perhaps you want to radically alter the way the axes are drawn. Perhaps you just want to do something simple like change the color of a plot line, but not the pattern. Maybe you really need some hefty math symbols displayed on the graph. At some point you'll hit the wall beyond which Gnuplot quickly stops being the right answer. What works better in these situations?"
Desktop Environments Gnome 2.13.5 ReleasedGnome 2.13.5 has been released. "This is the last release in the 2.13 development series and represents a release that is now API/ABI and feature frozen."
GARNOME 2.13.5 Released (GnomeDesktop)Version 2.13.5 of GARNOME, the bleeding edge GNOME platform, has been announced. "This release includes all of GNOME 2.13.5 plus a whole bunch of updates that were released after the GNOME freeze date, plus a lot of tweaked build-magic. It is for anyone who wants to get his hands dirty on the development branch."
GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Desktop Publishing Scribus 1.3.2 Announced (KDE.News)KDE.News covers the release of version 1.3.2 of Scribus, an open source page layout program. "With this release we are excited to announce the first beta of Scribus on the Windows platform. With the gracious support of Trolltech AS, developer of the Qt C++ application framework, we are able to release Scribus on Windows with Qt 3. It also includes fixes for over 290 requests and bugs."
Electronics New gnucap development snapshotVersion 0.34 of Gnucap, the Gnu Circuit Analysis Package, has been announced. "This one adds a first cut at the MOSFET level 8 and 49 model. It accepts all of the parameters. A few parts of it need work ..."
Kicad 2006-01-19 releasedVersion 2006-01-19 of Kicad, a printed circuit CAD application, is out with a bug fix.
Qucs 0.0.8 announcedVersion 0.0.8 of Qucs, a circuit simulator, has been announced. "The new release comes with a translation into Turkish, two new diagrams - truth table and timing diagram. Non-Qucs files can be added to a project, matching circuits can be created and there is a dialog for changing the properties of several components at once. The filter synthesis tool supports some more filter types, many new models have been added to the component libraries and the DC bias can be annotated in the schematic. Also digital gates, correlated noise sources, an ideal coupler and mutual inductors are now supported."
Financial Applications The GNOME Invest AppletRaphaël Slinckx has announced his new Invest Applet for GNOME. "Stock trading is fun.. well, when you make money of course. There are days when you wish you didnt buy that crappy stock, today its intel. They released apparently bad numbers yesterday and took the plunge: This leads me to the introduction of Invest, a replacement/companion for gtik, the stock ticker currently in gnome applets. It allows one to create a portfolio, and track its progress in terms of gain/losses. It also features a yahoo graph viewer, with the options found on their website, very nerdy !"
SQL-Ledger 2.6.6 releasedVersion 2.6.6 of SQL-Ledger, a double entry accounting system, is out with bug fixes and some new capabilities. See the What's New document for change information.
Games Cyphesis 0.5.6 ReleasedVersion 0.5.6 of Cyphesis has been announced by the WorldForge game project. "Cyphesis is a small to medium scale server for WorldForge games, with builtin AI. This version includes the demo game Mason which is currently in development."
Interoperability Wine 0.9.6 releasedVersion 0.9.6 of Wine is available. Changes include: A bunch of OLE fixes and improvements, DirectSound improvements, including full duplex support, Fix for the Windows metafile vulnerability, Many static control improvements, Some fixes for copy protection support and Lots of bug fixes.
Music Applications hexter DSSI plugin 0.5.9Version 0.5.9 of the hexter DSSI plugin, a Yamaha DX7 synthesizer modeling DSSI plugin, is out with new MIDI control capabilities and bug fixes.
WhySynth DSSI plugin 20060122 releaseRelease 20060122 of WhySynth DSSI plugin, a software music synthesizer, is out with a new oscillator mode, a new filter mode, a dual delay effect, and more.
Peer to Peer phpMyBitTorrent 0.7.3 Unstable Released (SourceForge)Unstable version 0.7.3 of phpMyBitTorrent, a BitTorrent tracker with enhanced features, is out. "This new version is "just" a CVS Checkout made today. It has some interesting new features, like an implementation of the Award Winning FCKeditor, Project of the Month December 2005 on SourceForge.net. It will allow you to write Torrent Description in full XHTML and change that default Welcome Message with everything you want, even a Flash Movie!"
RSS Software lylina version 1.10 (SourceForge)Version 1.10 of lylina, an rss/atom aggregator, has been announced. "Among the many changes, highlights include: advanced CSS skinning support including support for small screen devices via a mobile stylesheet, social networking integration, the re-introduction of the classic lilina-style sources box, and internationalization with German language support. To complement to new features, v1.10 also offers cures for a few major bugs, including the errors in HTTPClient.php."
Video Applications First Beta Release of Ekiga 2.00 (GnomeDesktop)GnomeDesktop looks at Ekiga 2.00, the successor to the GnomeMeeting video conferencing application. "After more than one year of active development, GnomeMeeting has reborn on the form of Ekiga. Ekiga is a SIP and H.323 application, supporting audio and video, and is the successor of GnomeMeeting." New features include better audio quality, echo cancellation, easier NAT transversal, an improved user interface, and better Video4Linux2 support.
Web Browsers Minutes of the mozilla.org Staff Meeting (MozillaZine)The minutes from the January 9, 2006 mozilla.org staff meeting have been announced. "Issues discussed include Firefox 1.5.0.1 release schedule, Thunderbird 1.5 release and Marketing."
Miscellaneous Blender 2.41 releasedVersion 2.41 of the Blender animation package has been announced. "With less than one month of development time, this has been a short and sweet release cycle. The focus of this release is the Game Engine which has added a number of nice new features such as GLSL shaders, the capability of using multiple materials and uv maps; multiple viewports; as well as a number of important fixes such as the return of the armature system." (Thanks to Tom Musgrove.) We took a look at Blender 2.40 a few weeks ago.
Languages and Tools Caml Caml Weekly NewsThe January 17-24, 2006 edition of the Caml Weekly News is online with new Caml articles. Topics include: GODI news, Constraints in module types, C interface style question, C-Interface: CAMLreturn and failwith, toplevel with pre-installed printers, Again C-Interface: caml_alloc_custom, Camlmix 1.3: OCaml-stuffed templates and Announcing OMake 0.9.6.8.
Java GNU Classpath 0.20 releasedVersion 0.20 of GNU Classpath, the essential libraries for Java, is out. Changes include: "New StAX pull parser and SAX-over-StAX driver. Full XMLEncoder implementation. The packages javax.sound.sampled, javax.print.attribute and javax.print.event have been implemented. Lots of new datatransfer, print, swing and swing.text work. Performance improvements in the painting/layout mechanism. Additional 1.5 support, including (separate) generic branch release. SecurityManager cleanups and start of review of all Permission checks. Buildable on cygwin. Fully buildable as "in-workspace" library-plus-vm inside (native) Eclipse. Real world Free Swing and CORBA example added."
Retrotranslator 0.9.7 released (SourceForge)Version 0.9.7 of Retrotranslator has been released with new features. "Retrotranslator is a Java bytecode transformer that translates Java classes compiled with JDK 5.0 into classes that can be run on JVM 1.4."
Perl Analyzing HTML with Perl (O'Reilly)Kendrew Lau uses Perl for HTML analysis in an O'Reilly article. "Routine work is all around us every day, no matter if you like it or not. For a teacher on computing subjects, grading assignments can be such work. Certain computing assignments aim at practicing operating skills rather than creativity, especially in elementary courses. Grading this kind of assignment is time-consuming and repetitive, if not tedious."
Using More Perl in PostgreSQL (O'Reilly)Andrew Dunstan continues his O'Reilly series on Using Perl in PostgreSQL with part two. "The first article in this series examined the use of PL/Perl to create triggers. The trigger inserted a row into a database table for audit purposes using a new PL/Perl method called spi_exec_query(). This article looks in more detail at uses of that function and its new cousin, as well as other features for handling bulk data and composite types."
PHP Alfresco PHP Library 1.1 Available (SourceForge)Version 1.1 of the Alfresco PHP Library has been announced. "We are proud to announce that V1.1 of the PHP Library to Alfresco is now available. This is a service-based interface to the Alfresco repository that allows PHP applications to access Alfresco content services."
Python python-dev SummaryThe December 16-31, 2005 edition of the python-dev Summary is online with coverage of the python-dev mailing list.
Dr. Dobb's Python-URL!The January 23, 2006 edition of Dr. Dobb's Python-URL! is out with a new collection of Python article links.
Ruby Ruby Weekly NewsThe January 22nd, 2006 edition of the Ruby Weekly News looks at the latest discussions from the ruby-talk mailing list.
Page editor: Forrest Cook Linux in the news Recommended Reading Tarmle: The Bad Guys WinHere's a speculative story describing our DRMed future. "You don't really own your home computer, or even the data you keep on it. Oh, you paid for it, just like you paid for the fibre-optic Internet connection that it can't function without, but now it squats under your TV using your electricity and does more work for the content industry than for you. The nightly security patches it downloads for itself don't secure your computer against attackers, they secure the system and software against you." (Seen on BoingBoing).
The Linux pod people pocket $1500 (PCWorld)PCWorld has this report about an Australian couple who create podcasts. "Not often thought of as radio stars, Linux developers are now able to steal the limelight thanks to Dapto couple James and Karin Purser who produce the Linux Australia Update and the LUG Roundup podcasts from their lounge room. Linux Australia has this week donated $1500 to the Purser's to help them upgrade their equipment."
Companies Covalent to support Apache Geronimo (ZDNet)ZDNet reports that Covalent has added support for Apache Geronimo. "The company decided to extend support to Apache Geronimo because of signs of demand from its corporate customers, which number about 400, Covalent CEO Mark Brewer said. "Companies have been looking for ways to move off their closed-source application servers for some time. We've seen a huge number of people go off (BEA Systems') Weblogic or (IBM's) WebSphere and go to Tomcat," he said."
MS Offers to License Some Code for a Fee in Lieu of Documentation (Groklaw)Here's Groklaw's take on Microsoft's offer to license some of its Windows source. "It will be interesting to see if the EU Commission accepts the offer. All I can think of is whether there will be SCO-like infringement lawsuits down the road against folks who looked at the code and then write code Microsoft might claim they copied from their licensed code. Please, someone else cover those lawsuits, if they happen."
Motorola Buys Maker of Linux-Based Set-Top Boxes (Linux Insider)Linux Insider covers the acquisition of the Swedish IPTV company Kreatel by Motorola. "Motorola will purchase open-source technology vendor Kreatel Communications, which provides a combination of set-top boxes, software and professional services aimed at offering stable and future-proof solutions for television services, namely, IPTV. Terms of the deal have not been disclosed. Kreatel's Linux-based solution extends into the application and middleware Latest News about middleware layers, meaning the technology provides Motorola with flexibility to use it with a broad set of middleware solutions."
Motorola acquires Linux-based IPTV STB vendor (LinuxDevices)LinuxDevices reports that Motorola has agreed to acquire Kreatel Communications, a Swedish provider of Linux-based IPTV STBs (Internet protocol TV set-top boxes). "Motorola says demand for IPTV STBs is growing, and calls Kreatel's flexible STB platform a "natural complement" to its digital video solution. Motorola sells CPE (customer premises equipment) and infrastructure products for cable, xDSL, and FTTP (fiber-to-the-premise) networking environments, it says."
Legal Industry Readies For Round Two Of EU Patent Directive (IPW)Intellectual Property Watch reports from a "Progress and Freedom Foundation" meeting where a renewed push for software patents in Europe was discussed. "'It's starting again,' said Guenther Schmalz, director of IP for Europe for software maker SAP. 'And I hope this time we will be better prepared.' Schmalz, who lobbied on the directive last year, said industry 'started very late' last time and will not let it happen again. He told Intellectual Property Watch that industry representatives developed informal networks last summer which are being revived." (Thanks to Florian Mueller).
Industry joins in for new fight about software patents (Heise Online)Heise Online provides some background on the latest push for software patents in the EU. "Meir Pugatch from the University of Haifa now gave the industry lobbyists reason to hope that their new attempt to exceed patent application rules might have more chances to succeed. The activists of the opposition, who argue for limitations in intellectual property rights, would only live for a tangible campaign, their movement would come undone afterwards. Contrary, large companies had long-lasting strategies and would see temporarily failures only as a minor step backwards in a long fight." (Thanks to Dirk Hillbrecht)
Interviews Jeremy Allison on Samba 4 (Linux Format)Linux Format has an interview with the Samba project's Jeremy Allison. "LF: For how long has development on Samba 4 been going on now? JA: I think it started about a year ago, maybe longer. And it's big, it's biting off a lot of stuff. Right now the Kerberos Domain Controller and the LDAP server are less well developed than other areas, and that's where a lot of the work is going on with now..."
Interview: Dru Lavigne, BSD Certification Group (NewsForge)NewsForge talks with Dru Lavigne about the BSD Certification Group. "The BSD Certification Group (BSDCG) is a non-profit organization established to create and maintain a global certification standard for system administration on BSD-based operating systems. After a year of work, the group behind the BSD Certification project plans to complete the process for the first certification (BSD Associate) in the first half of this year, with the first exam to be available by the second quarter."
Defender of the GPL (ZDNet)ZDNet interviews FSF attorney Eben Moglen. "Q: For openers, could you describe for us the magnitude of the changes in the GPL version 3 draft. Is this a revolutionary overhaul of the license or is this a course correction? Moglen: I would say that it is an evolution of the license, not a course correction. I believe there is no fundamental change to the course the license is on. This is an evolution representing catching up to 15 years of history because GPL version 2 lasted so long. Those 15 years of history saw a transformation of technology, a transformation of the social uses and environment of free software, and a transformation of the legal environment."
Peter Quinn's First Interview (Groklaw)Groklaw talks with Peter Quinn, former CIO of the Commonwealth of Massachusetts. "Quinn: I believe that the ODF decision will stand. I believe MS will continue to do anything and everything it can to stop it. And I know my seat wasn't even empty and they (MS) took another shot at the title, to no avail. This horse is out of the barn and I see no way for it to go back in. Remember, all we are asking for was and is for Microsoft to commit to open and the standards process; so everyone looks really bad if the plug gets pulled at this juncture."
Resources An Introduction to DHCP (Linux Journal)Linux Journal introduces DHCP in an article by Dean Wilson. "DHCP stands for dynamic host configuration protocol. What it does is dynamically assign network settings from a server. In other words, instead of having to configure the parameters related to how your computer communicates with a network, it happens automatically."
CLI Magic: OpenSSH + Bash (Linux.com)This CLI Magic article looks at OpenSSH and bash. "As a system administrator, I have used OpenSSH's piping abilities more times than I can remember. The typical ssh call gets me access to systems for administration with a proven identity, but ssh is capable of so much more. In combination with bash's subshell invocation, OpenSSH can distribute the heavy work, reduce trace interference on a system under test, and make other "impossible" tasks possible."
Synchronizing your Palm PDA with Linux (Linux.com)Linux.com explores several popular Linux applications that communicate with a PDA. "Ready to synchronize your Palm OS-based PDA with your Linux desktop? Here's a trio of GUI-based options and a command-line tool for you to try."
My sysadmin toolbox (Linux.com)Javier de Miguel Rodríguez shares a list of his favorite tools, including netcat, IPTraf, mutt, ClamAV, nmap, LFTP, file, perl, subversion and tcpdump. "I work as a senior sysadmin for the University of Seville in Spain, where we use a myriad of operating systems. Here are the top 10 utilities I use in my daily basic admin activities."
Add an extra layer of security with systrace (Linux.com)Linux.com covers the systrace utility. "You can use Systrace to restrict a daemon's access to the system by defining which files it can access and how (such as read-only), and which port it can bind to. Also, if a daemon doesn't support privilege separation, you can avoid running it as root the whole time and keeping setuid and setgid binaries on the system. It's obvious how this can enhance the security of an untrusted daemon, or at least minimize the damage on a system if someone manages to exploit it."
Reviews Creating and managing filesystems with Expert Partitioner (NewsForge)NewsForge looks at the application Expert Partitioner in a book excerpt article. "The first, and perhaps only, time you have to create a new file system on your Linux computer is when you first install the operating system. If you add a second hard drive, or have set up a series of mount points that you decide to adjust in one way or another, you can use SUSE's YaST Expert Partitioner tool to handle this task for you."
GStreamer framework eases development of media applications (NewsForge)NewsForge looks at GStreamer. "The more than five-year-old gStreamer project is a library of plugins for a variety of audio and video formats, devices, and hardware. The library allows multimedia software developers to work on applications by creating "media pipelines" that connect files and resources to the hardware required to play them, said GStreamer developer Andy Wingo."
Synfig 2D vector animation program opens source (NewsForge)NewsForge takes a look at Synfig, a 2D animation tool. "In addition to basic motion, Synfig integrates some video-processing tools useful to the animator, including filter and transformation layers. Filter layers allow effects like shading, focusing and blurring, and color correction, so that the animator can add camera effects to the finished animation without redrawing the scene elements. Transformation layers enable distortion effects for reflections, rippling water, and other events. Synfig uses OpenEXR to store all projects in high dynamic-range format, and it can output to any resolution."
Miscellaneous Government agency dragging its heels on OpenSSL validation (NewsForge)NewsForge covers an agency created by the US and Canadian governments to validate security software. The agency has spent about two years reviewing the OpenSSL project. "According to CMVP director Randy Easter, a typical testing cycle runs from several weeks to a few months, and the goal for NIST is to process reports generated by the labs after testing within six to nine weeks. Once processed, NIST either sends additional questions back to the testing lab or moves forward with granting validation. The process typically takes less than a year. Because testing on OpenSSL has now taken more than twice that long, some have begun questioning the review process and whether the open source toolkit is getting a fair shake by the agency."
OpenSSL receives FIPS certification (NewsForge)NewsForge reports that OpenSSL has received certification. "According to Chris Brych, FIPS-140 program manager at DOMUS, the OpenSSL validation posed new challenges in checking it for conformance to requirements because the testing process was not as simple as running the software. Since the source code is freely available, the validation was a proof-of-concept in the event that users decide to compile the toolkit themselves rather than opting for a precompiled version."
Page editor: Forrest Cook Announcements Non-Commercial announcements A new FUD angle: securities lawsWasabi Systems has sent out a press release regarding the GPL and U.S. security laws. "Many companies using Linux for embedded applications may be unwittingly violating the Linux license and even breaking federal securities laws, according to a white paper released today by Wasabi Systems, a leading embedded operating systems provider. The white paper, When GPL Violations are Sarbanes-Oxley Violations, is the first in a series of legal studies analyzing the common misperceptions and risks associated with Linux and its license, the GNU General Public License (GPL)." (Thanks to Brock Frazier.)
SourceForge.net announces Subversion SupportSourceForge.net has added support for the Subversion Software Configuration Management system. ""Like every facet of SourceForge.net's evolution, the beta-launch of Subversion has been in response to the demands of our community," says Jay Seirmarco, SourceForge.net's General Manager. "SourceForge.net's deployment of the system validates its usability; our community knows that if SourceForge.net offers Subversion, it is scalable and stable.""
Commercial announcements American Arium Announces Linux Shared Libraries Debug FeatureAmerican Arium has announced the release of the latest version of its flagship debugger, SourcePoint 6.2.1 for ARM-architecture processors. SourcePoint 6.2.1 features Linux shared libraries debug support for ARM7, ARM9, ARM11, Intel XScale, and TI OMAP cores. The debugger interfaces with Arium's LC-500 JTAG debugger and SC-1000A, GT-1000, and GT-1000D trace port analyzers.
Ampro announces 1U embedded computersAmpro Computers, Inc. has announced the reintroduction of their ReadySystem(TM) family of embedded computers. "Featuring desktop-style Fedora Core 3 Linux pre-installed on the hard drive, the ReadySystem 1U uses an industry standard 1U height [180mm (w) x 44mm (h) x 203mm (d)]. The ReadySystem 1U features Ampro ReadyBoard(TM) SBCs with Intel(R) processors from 400 MHz Celeron(R) to 1.4 GHz Pentium(R) M, bringing high computing performance with low power consumption and all electronics in a compact housing for stand-alone applications."
MySQL AB fourth quarter resultsMySQL AB has announced its 2005 fourth quarter financial results. "MySQL AB, developer of the world's most popular open source database, today announced its second straight quarter of financial profitability and another record year of enterprise sales wins and technical achievement. "Our fourth quarter shipment of MySQL 5.0 allowed us to close the strongest month, quarter and year in our ten-year history," said Marten Mickos, CEO of MySQL AB. "With 4 million downloads since it launched in October, MySQL 5.0 is proving its relevance to open source developers and corporate enterprises alike. In 2006, we look forward to another great year of growth for the MySQL ecosystem of community users, industry partners and commercial customers.""
rPath enables Linux software appliances for ISVsrPath, provider of a platform for creating and maintaining Linux software appliances, has announced that the company has closed a $6.4 million round of venture financing. The Series A round was led by North Bridge Venture Partners and General Catalyst Partners out of Boston, Massachusetts.
SWiK, the Online Community for Open Source Projects, Shows Significant Traffic GainsSourceLabs has announced that SWiK continues to experience strong momentum. "SourceLabs provides SWiK as a service to promote the use and adoption of Open Source software. A unique attribute of SWiK is its wiki functionality, which allows anyone to edit or re-structure information or add comments. It also offers RSS syndication and tagging tools to create an intuitive and useful online community to help users find, discover and exchange information about Open Source projects."
New Books Google Advertising Tools - O'Reilly's Latest ReleaseO'Reilly has published the book Google Advertising Tools by Harold Davis.
Prentice Hall Publishes Linux Patch ManagementPrentice Hall has published the book Linux Patch Management by Michael Jang.
Contests and Awards PyWeek - Python Game Programming ChallengeThe PyWeek challenge has been announced. The goal is to quickly develop Python-based games during the week of March 26 - April 2, 2006.
Tridge wins the 2005 Free Software AwardThe Free Software Foundation has announced that Andrew Tridgell is the winner of the 2005 Free Software Award. The announcement credits his work as the originator of the Samba project, the developer of rsync, and the guy who got BitKeeper withdrawn, paving the way for a free replacement.
Upcoming Events CodeCon 2006 program announcedCodeCon 2006 will take place on February 10-12, 2006 in San Francisco, CA. "CodeCon is the premier showcase of innovative software projects. It is a workshop for developers of real-world applications with working code and active development projects. All presentations will given by one of the lead developers, and accompanied by a functional demo."
Debian Day, Mexico CFPA call for papers has gone out for Debian Day at the 2006 Debian Developers Conference. Debian Day takes place on May 13, 2006 in Oaxtepec, Mexico, the conference runs from May 14-22. Papers are due by February 22.
GNOME Women Bug Day! (GnomeDesktop)GnomeDesktop has announced the next GNOME Bug Day event, sponsored by the GNOME Women group. The event takes place online on January 28.
Upcoming GNOME EventsA series of GNOME events have been announced, including GNOME.conf.au in Dunedin, New Zealand (ongoing), FOSDEM in Brussels, Belgium, and LinuxWorldExpo in San Francisco, CA.
European Common Lisp Meeting 2006The European Common Lisp Meeting will take place in Hamburg, Germany on April 29-30, 2006.
Penguin Day (LinuxMedNews)LinuxMedNews has an announcement for the 2006 Penguin Day conference. The event will be held in Seattle, WA on March 25, 2006. "Penguin Day Seattle will bring together non-profit technology staff and open source software (OSS) developers for a day of learning and conversation. We'll demystify open source for nonprofits, frankly address the challenges of developing open source tools for non profits, and celebrate strengths and successes of open source in the nonprofit sector."
SambaXP 2006 call for papersA call for papers has gone out for SambaXP 2006. The event takes place in Göttingen, Germany on April 24-26, 2006, papers are due by February 28.
SCALE: Peter Quinn To Be Keynote Speaker (Groklaw)Groklaw notes that Peter Quinn, former CIO of Massachusetts, will present the keynote at the Southern California Linux Expo. "The Southern California Linux Expo 2006 is holding a conference, with a lead-in workshop, on ODF and document accessibility standards in state and local government. February 11-12. The ODF workshop is on the 10th. The conference is on February 11-12. It has just been confirmed that Peter Quinn will be a keynote speaker for the ODF workshop." A SCALE press release has more information on the presentation.
Opening Keynote Speaker Announced for SELinux SymposiumThe opening keynote speaker for the second Security-Enhanced Linux Symposium and Developer Summit has been announced. "Steve Walker, president of Steve Walker & Associates and managing partner of Walker Ventures, will be the opening keynote speaker for the second annual Security-Enhanced Linux (SELinux) Symposium scheduled for February 27-March 3, 2006 in Baltimore, Maryland."
UKUUG Spring Conference 2006Registration is open for the UKUUG Spring Conference 2006. The event will be held in Durham, England on March 21-23, 2006.
Events: January 26 - March 23, 2006
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Brickmania]](/images/ns/brickmania.jpg)
![[Cover]](/images/ns/kernel/ulni_cover.jpg)
Your editor had been told that O'Reilly had a book on the networking stack
- a sort of companion to Understanding The Linux Kernel - in the
works. But it was still a nice surprise to see the end result - a book by Christian Benvenuti
entitled Understanding Linux Network Internals - show up on the
doorstep. A couple of weeks later, after having read much of the book,
your editor is ready to share some comments. The short version would be: this
book is a welcome addition to the (short) list of books about the kernel.
It is not as good a book as it could have been, however, and leaves some
significant gaps.
![[local nets]](/images/ns/localnets.png)
In other words, NetworkManager provides a higher level system on top
of the existing network utilities. It also provides a useful
desktop applet for displaying connection information and switching
between networks.
![[NetworkManager Connecting]](/images/ns/netmgrconn.png){kind=small}
Networks with weak signal strengths will not connect, and both virtual
LEDs will not light up. Eventually, the connection attempt will time
out and the applet will display a not-connected icon.
Unlike the GNOME network configuration tool, NetworkManager allows
you to quickly abort a connection that is not succeeding, and switch
to another one.
![[NetworkManager Meter]](/images/ns/netmgrmeter.png){kind=small}