LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for February 16, 2006Toward a free metaverseSecond Life is one of many multiplayer role-playing games springing up on the net. Unlike some others, Second Life gives its players a significant amount of freedom to create their virtual world; players also get ownership rights to their creations. The Second Life developers have made an effort to strengthen the ties between the virtual and real worlds; the idea of making a living in the Second Life "metaverse" is heavily promoted. Various "real life" personalities - Lawrence Lessig, for example - have made high-profile appearances there.Like many such services, Second Life has built itself an infrastructure heavily based on Linux and other free software tools. Also like many such services, Second Life has returned that favor by providing clients for proprietary operating systems, but not for Linux. Until recently, that is. There is now an alpha-test Linux client available for free download. It is still very much a proprietary client - no source, x86-only, etc. But it is a start, at least. Your editor would, of course, rather be reading memory management patches or following the interminable "bait Joerg Schilling" festival on linux-kernel. But journalistic ethics required that time be taken out from such rewarding activities to see how this new client works. LWN readers would expect no less. Alas, no joy was to be found in that direction. This client, it seems, requires a 3D-capable graphics card. It also requires that the proprietary driver be installed for said card. Your editor is willing to make many sacrifices for the cause, but jumping into the world of binary-only kernel modules was pushing things a little too far. So no Second Life; there was real work to get done anyway. An important thought came out of this exercise anyway. We, in the Linux community, will certainly want to be able to participate in this sort of virtual universe in the future. These worlds will only get more realistic, engaging, and compelling. They will host a growing number of real-world meetings and events. Even if we, personally, have no particular yearnings for a second life in the virtual world, we may well end up going there just for a chance to visit our children. So it is important that Linux users are not excluded from this sort of experience. Unfortunately, the lack of free drivers for contemporary video hardware threatens to exclude us from that experience. Even those of us who see no need for a 3D version of vi (emacs, of course, will have a full 3D Lisp mode) may have the occasional desire to dress up as some sort of furry animal and commune with the virtual world natives. Much of what will be interesting in the future of computing will involve increasingly realistic interfaces - and that will require good graphics support. If Linux does not provide that support, people will use something else. Assuming we will eventually get past that issue, there is another, more important question to be answered: why, exactly, should we build our virtual worlds on somebody else's substrate? Even if we "own" our creations, they run on somebody else's server (which they can unplug at any time), uses their currency (which they can degrade at any time), and is subject to their rules (which they can change at any time). A virtual world which is not free is, well, not free. Instead, the creation of a true "metaverse" should be a project which is a natural for the free software community. A decent set of open protocols and libraries should make it possible for interested people to set up their own neighborhoods on their own servers and tie them all together into a distributed - but integrated - whole. The net was built on free software, and it has served as a platform for no end of interesting developments. If we build our virtual worlds on free software as well, people will, beyond doubt, create environments beyond our wildest imagination. It is hard to see why we would want it any other way. There are some virtual world projects out there. MUPPETS is an academic project with an educational focus; its last release was last July. MUPPETS appears to be a Windows-only application, however. The Croquet project looks like it is oriented toward people who want to get some real work done, but it looks like it could be put to wider uses. The Open Source Metaverse Project is an attempt to make something very much like a free Second Life. This project appears to have stalled, however; there is still some life in its forums, but the last development release was in August, 2004. Solipsis is an attempt to create a true, distributed virtual world, but it is at a very early stage. Interverse has some nice screen shots, but the project appears to have come to a halt. Verse is a 3D-oriented network protocol associated with the Blender project; it looks like it could be a useful component. The Virtual Object System is a collection of projects around the 3D, virtual reality theme; it released version 0.23.0-pre1 in January. And so on. So there's a number of projects out there, but it is not clear that any of them have truly reached a critical mass. One would think that such an inherently fun project would attract more developers. Evidently free software developers have other itches to scratch. So we may find ourselves, in the future, building our virtual worlds on non-free platforms and hoping that the Second Life folks live up to their hints that they might open up their protocols - in 2010.
On the dual-license modelWhen people go looking for successful free software business models, the dual-license approach tends to turn up near the top of the list. With this model, a company releases a software component under a copyleft-style license so that all may make use of it. This company also offers the same software (or, perhaps, an enhanced version of it) under a paid, commercial license, allowing other companies to incorporate it into their products without the need to make their own code available. This model will clearly be most successful for software which works as a building block for larger systems. The dual-license model has been employed by companies like MySQL AB, Trolltech, FSMLabs, Sleepycat Software, and others.The dual-license model can look like the best of both worlds. The free software community gets high-quality, supported code - and often good documentation as well. Developers get paid for working on that code. The company which makes all this happen gets to stay in business. That company's customers get (1) the use of the code in their proprietary projects, and (2) an immediate indication of what it is costing them to keep their own code non-free. This model is not suitable for every project, and it is not without its disadvantages. One of the strongest of those, perhaps, is the disincentive it presents to potential contributors. A dual-license company can only accept contributions which it will be able to sell under its commercial license; in practice, that implies copyright assignments or some other form of explicit permission from each contributor. Some developers are happy to contribute code under such conditions - those contributions improve the free version of the package, and the developer still probably gets much more back than he or she ever could contribute. But others are less interested in contributing code which can be taken proprietary for somebody else's exclusive commercial benefit. Another potential snag in the dual-license model was highlighted this week when Oracle announced its acquisition of Sleepycat Software. Like Innosoft (acquired by Oracle last year), Sleepycat provides a transactional engine for MySQL's database offerings. MySQL gets that code under a dual-license arrangement which, in turn, allows MySQL to include it in its own dual-license products. The result is that Oracle now controls two important components shipped by MySQL. Sleepycat CEO Mike Olson says that neither the free software community nor Sleepycat's commercial customers should be concerned about this acquisition. But Mr. Olson spoke a little differently after the Innosoft acquisition:
Speaking at the Open Source Business Conference, SleepyCat CEO
Michael Olson said he believes Oracle's takeover of Innobase, the
Finnish developer of InnoDB, a discrete open source transactional
database technology that ships with MySQL, is an acknowledgment of
the growing importance of open source and of MySQL in
particular. "Any attempt to disrupt a competitor is an
acknowledgement that the competitor matters," Olson said. "And I
think that acquisition was in significant part an attempt to
disrupt MySQL's business."
(Thanks to Jim Thompson for the pointer to that article). It is worth noting that neither acquisition can do immediate harm to the free software community. The code which was released under a free license remains free and cannot be taken back. The worst-case scenario would appear to be that developers could be taken off the projects, slowing or stopping the development of that code. The situation might be a little more perilous for MySQL AB, however, and its customers as well. Oracle is now in a position to change the licensing terms for both database backends, or even to make them unavailable for dual-licensing altogether. And that points out an important aspect of the dual-licensing model: if you buy into the proprietary side of dual-licensed software, you are very much in the proprietary software world. And, at that point, you can be impacted by policy changes by your supplier - or by their suppliers as well. Buying proprietary access to dual-licensed software may still be the best path for many companies. It can enable the use of high-quality, community-reviewed software at a reasonable price. But dual-licensed software should not be seen as free software with some commercially inconvenient strings removed. It is proprietary software, with all the risks that come with the proprietary model.
Another analyst TCO reportYet another analyst report comparing the costs of running Linux and Windows networks has been released. The report was funded by a corporation with a clear interest in the outcome, but, of course, the authors claim to have done entirely independent work. It features data collected from a number of different companies (the way these companies were selected is not disclosed) and from "self-selected" respondents to a web survey. Information on the availability and cost of administrators was obtained from "a cursory survey of resumes" from online job boards. Surprisingly enough, the report is strongly favorable to the company which sponsored it.The Linux community, once again, has come together to debunk the findings in this survey. Well, actually, maybe not. This report was sponsored by Levanta and OSDL, and is unequivocally favorable to Linux.
Those who are interested in the details are encouraged to look at the press
release, the executive summary, or
the full,
21-page, pie-chart-stuff report [PDF]. In essence, however, it says
Much of what is found on these glossy pages corresponds to the experience of those of us who have managed large networks of systems. A Linux administrator really can manage more systems than a Windows administrator. But the sad fact, which not all in the community seem to want to recognize, is that this report is the same sort of subjective analyst recycle bin fodder that the proprietary software companies crank out. We should not invest it with a higher level of credibility than the other offerings in its genre. It is worth noting that this report appears to have had the desired initial effect. The technical press has dutifully carried the "Linux is cheaper" news. Presumably, the pointy-haired bosses who are held to be impressed by these reports will be suitably influenced. It seems that these analyst reports are simply part of how this game is played. People who are trying to get some real work done on a Linux platform need a stack of glossy paper to justify their decisions to certain levels of management. The other side is producing a long stream of these reports; if the Linux side has no reports of its own, it looks like it has no answer at all. So it may be a good thing that somebody is going to the effort of producing all this paper. But we shouldn't make the mistake of believing that reports like this one prove anything.
Security A look at nmap 4.0With its first major release in nearly 2 years, Nmap has made great strides in speed and usability. Nmap 4.00 was released on 31 January and has a very large list of features and upgrades since the 3.50 release in February 2004.Nmap is a "network mapper" that allows a network administrator or curious user to discover many things about a network or host. Nmap will do host discovery to determine which hosts are available and port scanning to determine open ports and what services are running behind those ports. It can also try to determine which operating system is running on a target machine by examining the contents of packets and responses using a technique known as TCP/IP stack fingerprinting. One of the main uses for Nmap is security auditing a network in order to detect and possibly disable any and all unnecessary services running on a host or network. The feature that users are most excited about, according to Fyodor, creator of Nmap, is status reporting which provides real-time information on how much progress Nmap has made and an estimated time of completion. One can get this report by pressing return while Nmap is running; other keys will increase or decrease the verbosity and debug levels or toggle packet tracing. This makes for a much nicer user experience: With Nmap 3.50, you would start a scan and Nmap would quietly chug away for a variable amount of time (from minutes to hours) before suddenly reporting results for a target host. ... Staring at a screen for 30 minutes waiting for Nmap to complete is frustrating, but when you know the time in advance you can simply go out for lunch. Speed and memory usage improvements in the port scanning engine were a big focus of the improvements made since 3.50. Several functions, such as reverse DNS lookup and UDP scans have been parallelized and Nmap now uses raw Ethernet packets to do ARP requests which speeds up host detection significantly. The speed improvements were not readily apparent in the relatively simple scans the author tried; they are largely geared for scanning many thousands of ports on large numbers of hosts. Documentation was another focus of the 4.00 effort and Fyodor has rewritten the man page, an install guide, and a version detection guide. He says: Open source software is frequently characterized as having poor documentation. I tried to fight that stereotype by putting a lot of work into Nmap 4.00 docs. Thanks to the DAG repository, upgrading to Nmap 4.00 was painless on the (now obsolete) Fedora Core 3 distribution. Running Nmap is fairly straightforward, but there are an enormous number of options and ways to specify targets. Wading through the very comprehensive man page is required to do anything very complicated, though Nmap often seems to suggest useful options when scans fail and this feature can be very helpful. Nmap 4.00 looks to be a very solid release of a tool that should be on every administrator's list of essential security tools.
New vulnerabilities adzapper: denial of service
elog: multiple vulnerabilities
gnutls: denial of service
heimdal: privilege escalation
kronolith: cross-site scripting
libpng: heap based buffer overflow
noweb: insecure temporary file
PostgreSQL: privilege escalation
sun-jdk: privilege escalation
Updated vulnerabilities ADOdb: PostgresSQL command injection
apache: cross-site scripting
auth_ldap: format string vulnerability
blender: integer overflow
bzip2: race condition and infinite loop
ktools: buffer overflow
cpio: arbitrary code execution
curl: buffer overflow
cyrus-imapd: buffer overflows
dia: missing input sanitizing
emacs21: format string vulnerability in "movemail"
enscript: arbitrary code execution
evolution: format string issues
fetchmail: multidrop bug
ffmpeg: buffer overflow
firefox: multiple vulnerabilities
Foomatic: Arbitrary command execution in foomatic-rip
gaim: buffer overflow
gdb: multiple vulnerabilities
gdk-pixbuf: multiple vulnerabilities
gedit: format string vulnerability
gettext: Insecure temporary file handling
grip: buffer overflow
groff: insecure temporary directory
gzip: arbitrary command execution
imagemagick: arbitrary command execution
imap: buffer overflow in c-client
ipsec-tools: denial of service
kdebase: local root vulnerability
kdelibs: heap overflow
kdelibs: kate backup file permission leak
kernel: multiple vulnerabilities
kernel: denial of service
kernel: multiple vulnerabilities
kernel: multiple vulnerabilities
kernel multiple vulnerabilities
xpdf heap based buffer overflow
LibAST: privilege escalation
libdbi-perl: insecure temporary file
libgadu: memory alignment bug
libgd2: buffer overflows in PNG handling
libmail-audit-perl: insecure temporary file creation
libpam-ldap: authentication bypass
libTIFF: buffer overflow
libungif: memory corruption
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
libXpm: new buffer overflows
lynx: arbitrary command execution
mailman: denial of service
mod_auth_pgsql: format string flaws
mod_python: remote access vulnerability
mozilla: multiple vulnerabilities
mysql: low-impact security fix
nbd: arbitrary code execution
ncpfs: multiple vulnerabilities
nfs-server: buffer overflow
nfs-utils: arbitrary code execution
ntp: uses wrong gid
openmotif: buffer overflows
OpenSSH: double shell expansion
otrs: multiple vulnerabilities
pcre3: arbitrary code execution
perl: setuid vulnerabilities
perl: integer overflow
PHP: safe_mode bypass
php: multiple vulnerabilities
phpbb2: multiple vulnerabilities
phpMyAdmin: multiple vulnerabilities
postgresql: database initialization errors
pound: HTTP Request Smuggling Attack
pstotext: remote execution of arbitrary code
Py2Play: remote execution of arbitrary Python code
scorched3d: multiple vulnerabilities
scponly: privilege escalation
spamassassin: denial of service
squid: authentication handling
struts: cross-site scripting vulnerability
sudo: vulnerability via scripts
sudo: missing input sanitizing
sudo: race condition
File overwrite vulnerability in tar and unzip
tcpdump: multiple DoS issues
tetex: integer overflows
texinfo: temporary file vulnerability
udev: insecure files in /dev/input
unzip: long file name buffer overflow
up-imapproxy: format string vulnerabilities
uw-imap: buffer overflow
vixie-cron: crontab allows any user to read another users crontabs
w3c-libwww: possible stack overflow
xine-lib: buffer overflows
xine-ui - insecure temporary file creation
xloadimage: buffer overflows
xorg-x11: heap overflow
xpdf: buffer overflow
xpdf: heap overflows
xpdf: denial of service
xpdf: integer overflows
zlib: buffer overflow
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch is 2.6.16-rc3, released on February 12. As would be expected for this phase of the development cycle, the additions are mostly fixes, but 2.6.16-rc3 also contains a patch to export the system's CPU topology in sysfs, parallel port support for SGI O2 systems, administrator-changeable permissions in configfs, an OCFS2 update, the unshare() system call, and various architecture updates. See the long-format changelog for the details.The mainline git repository, as of this writing, holds about 100 fixes merges after 2.6.16-rc3. The current -mm tree is 2.6.16-rc3-mm1. Recent changes to -mm include some memory management system call tweaks (see below), the EXPORT_SYMBOL_GPL_FUTURE() macro (see below), and various fixes. The current stable 2.6 release is 2.6.15.4, announced on February 10. This one contains a fair number of fixes for crashes and other undesirable behavior.
Kernel development news EXPORT_SYMBOL_GPL_FUTURE()The kernel has a couple of macros for making internal symbols available to loadable modules:
EXPORT_SYMBOL(symbol);
EXPORT_SYMBOL_GPL(symbol);
The second form is used for kernel symbols which are only available to modules with a GPL-compatible license. The idea behind GPL-only symbols is that they are so deeply internal to the kernel that any module using them can only be a derived product of the kernel. Either that, or it's a relatively new symbol whose creator simply wanted it to be GPL-only. Greg Kroah-Hartman has recently proposed a new variant:
EXPORT_SYMBOL_GPL_FUTURE(symbol)
Its purpose would be to mark symbols which will be changed to a GPL-only export at some point in the future. If such a symbol is used by a non-GPL module, the kernel will emit warnings to the effect that the module will break at a future time. With luck, the warnings will help authors of proprietary modules prepare for changes ahead of time. This patch raised a few eyebrows. When GPL-only exports were first added to the kernel, they went in with the understanding that only new symbols would be tagged GPL-only. The current module interface - while always subject to change - was not to have symbols withdrawn arbitrarily. So, if the export status of symbols should not change, what is the use of this patch? Greg has a couple of uses in mind:
It is not clear that there will be uses beyond these; resistance to a larger-scale restricting of exported symbols remains strong. So the weapon of choice for those who wish to make life difficult for proprietary modules is likely to remain the combination of API changes and restrictions on new symbols.
Tweaks to madvise() and posix_fadvise()A couple of Linux-specific additions to the memory-related system call API have recently found their way into the -mm tree. There is a bit of pressure to get them into 2.6.16, though that may be unlikely at this late date. This may be a good time to look at the proposed changes, however, along with the pressures which motivated them.
Prepare yourself, as your editor is about to inflict his primitive drawing
skills upon the world again. Consider a situation which, with some
But then the process decides to reproduce. The resulting call to fork() has
a number of consequences beyond the creation of a child process. That
call will attempt to avoid copying the parent process's
Life is not always so easy, however. If the parent process makes a change
to the page - writing some new data to be passed through to the driver, for
example - the hardware will trap the write attempt. The kernel will
respond by allocating a new page, copying the old page's contents there,
Or maybe not. The copy-on-write operation described above will break the parent process's connection with the old page. But there is no way to inform the driver of that change. The result will be the situation shown on the right: the driver retains a reference to the page which now belongs exclusively to the child process(es). The parent process and the driver will no longer be able to communicate with each other. Additionally, if the parent had used mlock() to lock the original page into memory, that lock, too, will remain with the original page. The page which the parent had thought was pinned into RAM will become pageable, with potentially bad effects on performance and security. One could try to address this problem by changing the copy-on-write logic to always maintain the connection between the parent process and its original pages. That would require the COW code to find any other processes with references to the page, however, and assign the copied page to them. That change would slow the code and invite interesting race conditions, however; remember that there could be a large number of other processes with references to the page. So the solution proposed by Michael Tsirkin takes a different approach. If a process has pages which it has locked into memory or set up to be shared with a device driver, chances are that it never wants its children to have access to that memory in the first place. So Michael's patch adds a couple of new flags to the madvise() system call. A process with special memory can call madvise() with the new MADV_DONTFORK flag; the kernel will respond by setting the VM_DONTCOPY flag in the associated virtual memory area structure; thereafter, any newly-created child process simply will not see that part of the address space. There is also a MADV_DOFORK flag which cancels the effect of MADV_DONTFORK. Meanwhile, another change found in current -mm came as a result of this complaint about the behavior of the msync() system call, which is used to flush modified parts of a memory-mapped file back to disk. In particular, the complainer, whose real name is unclear, just noticed that msync() changed its semantics between 2.4 and 2.6. In the 2.4 kernel, a call to msync(..., MS_ASYNC) would mark the indicated memory range as being dirty and begin the process of writing those pages to disk. In 2.6, instead, no I/O is started directly from msync(); instead, the pages will remain dirty in the page cache until the virtual memory subsystem gets around to flushing them out. The original complainer asked that the old behavior be restored, but that seems unlikely to happen. For most workloads, the best performance is achieved by letting the kernel decide just when to write each part of the file back to disk. But there was also some recognition that an option to start I/O immediately (without necessarily waiting for it) would be a useful thing in some situations. The answer, as implemented by Andrew Morton, leaves the msync() call alone, however; instead, Andrew has added a couple of new options to the posix_fadvise() system call:
In practice, these calls will often need to be made in combinations. An application which needs to assure itself that all modified pages are on disk must first perform a wait call (thus ensuring that all pages under I/O are written), a write call (to start I/O on remaining dirty pages), and a second wait call (to allow that I/O to complete). But any application wanting the 2.4 msync() behavior can get it with a single LINUX_FADV_ASYNC_WRITE call. Chances are good that both of these changes could land in the mainline in the 2.6.17 time frame.
Robust futexes - a new approachOne of the many features added during the 2.5 development series was the "futex" - a sort of fast, user-space mutual exclusion primitive. In the non-contended case, futexes can be obtained and released with no kernel involvement at all, making them quite fast. When contention does happen (one process tries to obtain a futex currently owned by another), the kernel is called in to queue any waiting processes and wake them up when the futex becomes available. When queueing is not needed, however, the kernel maintains no knowledge of the futex, keeping its overhead low.There is one problem with keeping the kernel out of the picture, however. If a process comes to an untimely end while holding a futex, there is no way to release that futex and let other processes know about the problem. The SYSV semaphore mechanism - a much more heavyweight facility - has an "undo" mechanism which can be called into play in this sort of situation, but there is no such provision for futexes. As a result, a few different "robust futex" patches have been put together over the past years; LWN looked at one of them in January, 2004. These patches have tended to greatly increase the cost of futexes, however, and none have been accepted into the mainline. Ingo Molnar, working with Thomas Gleixner and Ulrich Drepper, has tossed aside those years' worth of work and, in a couple of days, produced a new robust futex patch which, he hopes, will find its way into the mainline. The new patch has the advantage of being fast, but, as Ingo notes:
Be warned though - the patchset does things we normally dont do in
Linux, so some might find the approach disturbing. Parental advice
recommended ;-)
The fundamental problem to solve is that the kernel must, somehow, know about all futexes held by an exiting process in order to release them. A past solution has been the addition of a system call to notify the kernel of lock acquisitions and releases. That approach defeats one of the main features of futexes - their speed. It also adds a record-keeping and resource limiting problem to the kernel, and suffers from some problematic race conditions. So Ingo's patch takes a different approach. A list of held futexes is maintained for each thread, but that list lives in user space. All the thread has to do is to make a single call to a new system call:
long set_robust_list(struct robust_list_head *head, size_t size);
That call informs the kernel of the location of a linked list of held futexes in the calling process's address space; there is also a get_robust_list() call for retrieving that information. Typically, this call would be made by glibc, and never seen by the application. Glibc would also take on the task of maintaining the list of futexes. When a process dies, the kernel looks for a pointer to a user-space futex list. Should that pointer be found, the kernel will carefully walk through it, bearing in mind that, as a user-space data structure, it could be accidentally or maliciously corrupt. For each held futex, the kernel will release the lock and set it to a special value indicating that the previous holder made a less-than-graceful exit. It will then wake a waiting process, if one exists. That process will be able to see that it has obtained the lock under dubious circumstances (user-space functions like pthread_mutex_lock() are able to return that information) and take whatever action it deems to be necessary. The kernel will release a maximum of one million locks; that keeps the kernel from looping forever on a circular list. Given the practical difficulties of making a million-lock application work at all, that limit should not constrain anybody for quite some time. There is still a race condition here: if a process dies between the time it acquires a lock and when it updates the list, that lock might not be released by the kernel. Getting around that problem involves a bit of poor kernel hacker's journaling. The head of the held futex list contains a single-entry field which can be used to point to a lock which the application is about to acquire. The kernel will check that field on exit, and, if it points to a lock actually held by the application, that lock will be released with the others. So, if glibc sets that field before acquiring a lock (and clears it after the list is updated), all locks held by the application will be covered. The discussion on this patch was just beginning when this article was written. There is some concern about having the kernel walking through user-space data structures; the chances of trouble and security problems are certainly higher when that is going on. Other issues may yet come up as well. But, since this is clearly not a 2.6.16 feature in any case, there will be time to talk about them.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Architecture-specific
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Building a Custom Live CD with Linux-LiveA reader comment in last week's LWN, requesting a more detailed round-up of the available tools for building custom live CDs, inspired today's feature. Although there are more than a hundred bootable Linux, BSD and OpenSolaris-based distributions for seemingly every taste and purpose, it might still be useful, on occasion, to build one's own - customized to one's exact needs. The reasons are unimportant since they are likely to vary as much as the end result of any such undertaking. Instead, I'd like to concentrate on what the readers are probably most interested in - finding an answer about how much effort is required to build a custom Linux live CD and whether the end result is worth it.I have never built a live CD before. For my first attempt I decided to go with the Slackware-based Linux-Live script by Tomas Matejicek, the author of the SLAX live CD. The reason? I expected Linux-Live to be about the simplest way to build a Linux live CD. I don't have any facts to back up this statement, but the increasing abundance of Slackware-based live CD projects, most of which use Linux-Live to build their products, together with the uncomplicated nature of Slackware itself, gave me confidence before embarking on this project. Incidentally, Linux-Live is released under the GNU General Public License. Linux-Live is a script designed to build a bootable live CD from an existing Linux installation. A number of prerequisites must be fulfilled before the script can be executed; the most important among them is support for Unionfs and Squashfs modules in the Linux kernel. There are two ways to go about fulfilling this requirement: you can either download and compile two overlay filesystem modules, or download a pre-compiled kernel from the Linux-Live web site with all the necessary modules (as well as ALSA and proprietary MadWiFi drivers) already included. The latter option, however, will only work on a Slackware installation. The Unionfs and Squashfs requirements also mean that only kernel versions 2.6.9 or higher are supported. After going through the documentation included in Linux-Live, I set out to create my live CD. First, I installed a minimal Slackware 10.1 system, with only the packages in a/, ap/ and n/ selected for installation. This was to reduce the possibility of a failure and also to minimize any time-wasting in case something goes wrong. Since Slackware still defaults to the 2.4 kernel series, I also downloaded the binary kernel 2.6.13.2 from Linux-Live.org and installed it with pkginstall. It is not necessary to reboot into the new kernel; as long as it is installed on the system and the correct kernel version is specified in the 'config' file of the Linux-Live script, it can be used. Then I download the Linux-Live script, decompressed and untarred it in the /tmp directory, updated the 'config' file with the new kernel version, and executed the rumme.sh script. After about six minutes of hard work, a 160 MB livecd.iso file was generated. I burned it onto a CD-RW and rebooted the system. I held my breath, half-expecting the system to ignore the CD and just present me with the usual boot loader, but to my pleasant surprise, it was a SLAX logo that first appeared on the screen, indicating that the CD was indeed bootable. After I pressed 'Enter', the live CD went through the boot process - it took its time, I might add, since besides the normal boot procedure, the operating system also completed a hardware detection and configuration step. But eventually it stopped at a boot prompt, ready to accept a login by any of the user/password combination -- and with the same home directories -- as the Slackware system on the hard disk. Networking was also configured. Encouraged by this success, I decided to try something more ambitious. I rebooted into my Slackware 10.1 installation, then added all software from the x/ and kde/ and l/ directories, configured X.Org, modified the /etc/inittab file to boot into a graphical login prompt, and repeated the process of generating the live CD. This time, the routine took much longer, around 20 minutes, and the resulting ISO image was 496 MB in size. Again, I burned it to a CD-RW disk and rebooted the system. Then I watched, with a considerable amount of amazement, as the CD went through a normal boot process before confidently starting the KDM login manager. Success! I spent an afternoon re-creating Slackware live CDs in various configurations. While the process seemed to go smoothly most of the time, I noted a few mysterious "gotchas" on occasion. As an example, sometimes the original Slackware installation would no longer boot after running the ISO build script (the boot process would stop at Loading Linux...). There is also a documented problem with the fact that Slackware tries to test the status of the root partition by re-mounting it read-only, a test which fails on a live CD with Unionfs, resulting in a warning message and requiring user input. A minor, but annoying blemish. A few of my live CDs also failed to boot, for reasons unknown to me, with a "init Id 'x' respawning too fast" error. Probably the most serious issue with Linux-Live, however, is lack of documentation (apart from a few "readme" style files included with the script) explaining the process and providing hints for using the script on distributions other than Slackware. The project would also benefit from having a Wiki as well as user forums which adventurous live CD builders could use to search for answers and exchange experiences. All things considered, my first attempt at building a custom live CD was a success. As I suspected before I embarked on the project, Linux-Live is a very simple and fast method for creating a live CD from a Slackware installation. Due to lack of time to research topics on compiling Unionfs and Squashfs as kernel modules, I haven't tried it on any other distribution, but the project's web site does give an impression that the script is fairly universal. However, Linux-Live badly needs better documentation and user interactive areas for those times when things don't go as expected.
Distribution News Putting Ubuntu to the TestA new Ubuntu Testing project has been launched. "You planned to do a test installation of Ubuntu Dapper to catch a glimpse on how the development is going? You have an old box, you want to test Ubuntu on and want to help us with test results?" Several testing levels are available, from quick to advanced.
It's the Ubuntu HUG DAY!Squash a bug, get a hug. That's the idea behind Hug Day. The next Hug Day will be February 17, 2006. "Where to join the Hug Day? #ubuntu-bugs on freenode IRC. And you can go there every other day too!"
Meet the openSUSE project at FOSDEMIf you will be visiting FOSDEM look for the openSUSE project there. "The openSUSE team will be talking about a broad range of topics, from a general overview of the current status, future plans for the project, and the distribution SUSE Linux to technical tutorials and a first demonstration of the openSUSE build service. We're looking forward to seeing you all there and discussing the future of the project!"
SUSE Linux 10.1 UpdateThis update covers a delay in the SUSE Linux 10.1 schedule (beta 4 is now due on February 16), Novell's decision not to ship non-GPL kernel modules, kernel changes, a bug in the beta3 Fontconfig package, major changes in the package manager and Xgl in SUSE Linux 10.1.
Modular X.org / Xgl / Xegl on MandrivaHere's a note from Mandriva's new maintainer of X.org, Gustavo Pichorim Boiko, on what he is planning. On X.org: "I have already started packaging Xorg 7.0 but I don't have any set of packages useful at this moment." On Xgl and Xegl: "Mandriva is not going to officially adopt the Novell Xgl server (Xglx). Instead, we are trying to push the Xegl[2] development."Matthieu Duchemin has posted a how-to for running Xgl with compiz under Mandriva 2006.
Debian Project Leader Elections 2006Nominations are still open for Debian Project Leader. "Prospective leaders should be familiar with the constitution, but, just to review: there's a three week period when interested developers nominate themselves, followed by a three week period with no nominations [intended for campaigning], followed by three weeks for the election itself."
Preparation of the next stable Debian GNU/Linux update (II)Here's an update on the status of the next revision of the current stable Debian distribution (sarge).
Distribution Newsletters Debian Weekly NewsThe Debian Weekly News for February 14, 2006 is out. In this issue; Lars Wirzenius nominates himself for DPL, Message-ID lookup for list mails re-implemented, Debian's policy on trademarks, support for the wireless system in the iBook G4, and more.
Fedora Weekly News Issue 33This week the Fedora Weekly News looks at SCALE: Fedora Booth at Southern California Linux Expo, SCALE: Fedora Presentation at Southern California Linux Expo, FUDCon Boston 2006 Call for Papers, FedoraFAQ.org announces The Insider FAQ, Fedora Projects Weekly Report 2006-02-13, and several other topics.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for February 13, 2006 covers the release of eselect 1.0, a Polish Gentoo clone, and several other topics.
Ubuntu Desktop NewsThe second issue of the Ubuntu Desktop News is out. Topics covered include Avahi, changes in the Dapper desktop, ekiga, and an interview with "desktop hero" Daniel Holbach.
DistroWatch WeeklyThe DistroWatch Weekly for February 13, 2006 is out. "Xgl. The "word" has surely entered the consciousness of many Linux users who, thanks to Novell's enhancements dramatically unveiled last week, can look forward to an exciting new world on their Linux desktops later this year. Naturally, SUSE Linux is likely to be the first one to integrate the new features into their upcoming release, although expect some delays from the original schedule. In other news: Mandriva's CEO describes his working day, the developers of MEPIS consider switching their base to Ubuntu, Gentoo gets an updated Portage tool, and Slackware moves closer to version 11.0 with one massive update. The latest release of Mockup, a Debian-based distribution built with Qt 4, is the feature of our "first look" series."
Package updates Fedora updatesUpdates for Fedora Core 4: cpuspeed (updates), man (fix the makewhatis problem), xmltex (bug fixes), pam_krb5 (bug fixes), postgresql (update to PostgreSQL 8.0.7), selinux-policy-strict (allow zebra to connect to bgp), selinux-policy-targeted (allow zebra to connect to bgp).
Mandriva updatesMandriva Linux 2006.0 updates: ghostscript (bug fixes), postgresql (upgrade to PostgreSQL 8.0.7).
Slackware updatesThis has been a busy week in Slackware Linux, starting with this lengthy changelog entry for last Thursday, followed by some minor fixes on Friday, and some PHP updates after that.
Trustix updatesVarious bug fixes are available in cyrus-impad, imagemagick, iptables, kernel, l7-protocols, php, net-snmp, samba, squid, quagga and bind, iproute, iptables, kerberos5, kernel, mdadm, samba for TSL 3.0 & 2.2.
Newsletters and articles of interest Test drive: Kororaa (Linux.com)Linux.com installs Gentoo using Kororaa. "Kororaa is available in several flavors. You can choose between KDE and GNOME, and between x86 and AMD64 processor versions. The x86 version is optimized for Pentium III processors. To install Kororaa you need two CDs. You can download a universal install CD, and you have to select the package CD for your desktop environment of choice and your processor. I chose the x86 version for KDE and started the installation."
MEPIS may be going Ubuntu (NewsForge)The MEPIS distribution may switch from Debian to Ubuntu, according to NewsForge. "MEPIS, one of the more popular Debian-derived distributions, may be moving in a new direction soon. MEPIS founder Warren Woodford is considering building future MEPIS releases from Ubuntu sources rather than from Debian. SimplyMEPIS 3.4-3, which is scheduled for release today, has been quite a challenge to build, according to Woodford. "It's taking up all my time, fighting the Etch pool.... We've had a lot of trouble, because the Debian community has become so active, it's been difficult to get this out, so I'm looking at alternatives to getting out stable releases.""
ColdFusion 7.x Installation on Debian Sarge (3.1r1) LinuxHowtoForge covers the installation of ColdFusion 7.x on Debian Sarge (3.1r1). "Why This Tutorial? Because there is no documentation about ColdFusion installation on Debian on the internet. As you know Debian Linux is not supported officially by Adobe. But Debian is one of the mosts used and well known Linux distributions especially for server usage and I think there would be some other people who want to use Debian and ColdFusion together."
My desktop OS: Mandriva PowerPack 2006 (NewsForge)NewsForge presents a glimpse of Mandriva PowerPack 2006. "Linux on the desktop has certainly come a long way. The community tools available on any distribution are so powerful and great to use that the fact that they are free is a wonderful bonus. I work with enterprise applications designed with PHP and MySQL. I'm addicted to OpenOffice.org 2.0, KDE, and Firefox. I have fun with Nvu for HTML editing, amaroK for streaming radio and organizing my MP3 files, and the GIMP for high-end image editing."
Distribution reviews Review: SimplyMEPIS 3.4-3 (Linux.com)Linux.com has a review of SimplyMEPIS. "SimplyMEPIS is a KDE-based, Debian-derived distro that focuses on desktop use. The previous stable release came out in May of 2005, but the newest version of SimplyMEPIS is scheduled for release today, and it looks like a great release for anyone who's interested in desktop Linux."
First Look at VectorLinux SOHO 5.1.1 Deluxe (MadPenguin)Mad Penguin reviews VectorLinux SOHO 5.1.1 Deluxe. "[VectorLinux] is a derivative of Slackware Linux that has been optimized to run beautifully on any PC new or old, and with a most excellent compliment of included applications. All of this on two CDs. VectorLinux is, without a doubt, the single most impressive redistribution of Slackware available. Why? Because it retains Slackware's ease of use and overall feel, but adds a nice performance boost and extra applications to the package. In other words, VectorLinux has the Slackware mojo... and then some."
Review: PC-BSD brings BSD to the desktop (NewsForge)NewsForge reviews PC-BSD. "The PC-BSD team recently released its second release candidate for 1.0. With the final release rapidly approaching, we thought now would be a good time to take a look at what's coming in PC-BSD, a relatively new BSD distribution based on FreeBSD. It's specifically designed for desktop users, and offers a GUI installer that makes it simple for any user to install."
Free Mesh Networking with Metrix Pebble (O'ReillyNet)O'ReillyNet takes a look at Metrix Pebble. "Metrix Pebble is a variant of the popular Pebble Linux distribution supported by my wireless company, Metrix Communication. Although it is built on the framework laid down in the original Pebble, Metrix Pebble is very different from its aging progenitor in many important respects."
Page editor: Rebecca Sobol Development Cracking Passwords with John the RipperJohn the Ripper is a general purpose password cracking application:
John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
Compiling a working version of John was a simple matter of downloading the source code, reading the installation documentation, and running a make command with the specified computer architecture. The passwd file and shadow file, with the encrypted passwords, were combined into a working password file using the supplied unshadow command. John was then run with the unshadowed password file. Decryption is a compute-intensive operation, it would be advisable to run John on the fastest system you have access to, and import password files to that machine. I did a test run John on my new 3Ghz Athlon 64 Lini box, it quickly spit out the default password for the default gvuser account, then proceeded to crank heavily (near 100% cpu utilization) for a long time with no further output. John had amassed nearly an hour of CPU time by the time I finished this article. John should be considered an important utility for any systems administrator's collection of tools. It found a weak password on my system (since changed) and will be useful for testing other password files for weak points. Administrators with Internet-exposed or otherwise accessible machines would be advised to give this handy utility a spin.
System Applications Clusters and Grids Release 2.0.3 of Linux-HA is now availableRelease 2.0.3 of Linux-HA, a cluster management system, is out. "There are many fixes, and for the first time ever, a GUI! This new release also provides support for monitoring by Common Information Model (CIM) agents."
Database Software Firebird 2.00 Beta 2 releasedVersion 2.00 Beta 2 of the Firebird database has been announced. "Firebird 2 contains a large number of new features, including derived tables, support for Execute Block, increased table sizes, new improved index code (the 252-byte index length limit is no longer applicable), expression indices, numerous optimiser improvements, enhanced security features, support for on-line incremental backups, new international language support, along with numerous other improvements and bug fixes."
MySQL 5.1.6-alpha has been releasedVersion 5.1.6-alpha of the MySQL database is available. "This is a new alpha development release, adding new features and fixing recently discovered bugs."
PostgreSQL release 8.1.3 patches security issuePostgreSQL version 8.1.3 has been announced. "PostgreSQL minor version 8.1.3 has been released, containing a patch for a serious security issue present in the 8.1 branch. All users of 8.1 are urged to upgrade at the earliest opportunity. Minor versions 8.0.7, 7.4.12, and 7.3.14 are being released at the same time as well. These contain only minor bug fixes to the 8.0, 7.4 and 7.3 versions and can be upgraded on a more planned schedule, unless of course you are encountering one of the bugs described."
PostgreSQL Weekly NewsThe February 12, 2006 edition of the PostgreSQL Weekly News is online with new PostgreSQL articles and resources.
LDAP Software LAT 0.9 is outVersion 0.9 of LAT, the LDAP Administration Tool, has been announced, it features several new capabilities.
Libraries Oggz 0.9.4 ReleasedVersion 0.9.4 of Oggz, a C library for working with Ogg files and streams, is available with several new capabilities and bug fixes. "Oggz comprises liboggz and the command-line tools oggzinfo, oggzdump, oggzdiff, oggzmerge, oggzrip, oggz-scan and oggz-validate."
Mail Software Dada Mail 2.10.6 Released. (SourceForge)Dada Mail version 2.10.6 has been released. "Dada Mail is an intuitive, web-based e-mail list management system, which runs on any hosting account that can execute custom CGI scripts. Dada Mail is also a conceptual art project This version of Dada Mail includes many new features, including a screen caching scheme, to allow often-used and resource-intensive HTML web screens to be cached to be shown again, instead of relying on redundant processing of the same information."
Networking Tools OpenSSH 4.3p2 releasedVersion 4.3p2 of OpenSSH has been released. "This is a release of Portable OpenSSH only, to resolve some portability bugs. There are no new features, only fixes".
Security Sussen 0.14 releasedVersion 0.14 of Sussen, a tool for checking vulnerabilities and configuration issues on computer systems, has been announced. Changes include an improved OVAL interpreter, bug fixes and code cleanup.
Web Site Development mod_python 3.2.7 releasedVersion 3.2.7 of mod_python, the Apache Python language extension, is out. See the online documentation for information on this version.
TWiki 4.0 releasedVersion 4.0 of TWiki, a Perl-based wiki application, has been announced. "TWiki.org today announced version 4.0 of its popular enterprise collaboration platform TWiki. Code-named Dakar, the structured wiki features highly-requested features including a WYSIWYG (what-you-see-is-what-you-get) editor, an enhanced security model, and a REST (representational state transfer) interface, among others."
Debugging and Profiling mod_perl Applications (O'Reilly)Frank Wiles shows how to debug mod_perl applications on O'Reilly. "Because of the added complexity of being inside of the Apache web server, debugging mod_perl applications is often not as straightforward as it is with regular Perl programs or CGIs. Is the problem with your code, Apache, a CPAN module you are using, or within mod_perl itself? How do you tell? Sometimes traditional debugging techniques will not give you enough information to find your problem. Perhaps, instead, you're baffled as to why some code you just wrote is running so slow. You're probably asking yourself, "Isn't this mod_perl stuff supposed to improve my code's performance?" Don't worry, slow code happens even to the best of us. How do you profile your code to find the problem? This article shows how to use the available CPAN modules to debug and profile your mod_perl applications."
Desktop Applications Audio Applications CLAM 0.90 ReleasedVersion 0.90 of CLAM is out with numerous enhancements. "CLAM is a framework for research and application development in the Audio and Music Domain. It offers a conceptual model as well as tools for the analysis, synthesis and processing of audio signals."
JACK Rack 1.4.5rc1 releasedVersion 1.4.5rc1 of JACK Rack, a virtual patch panel for the JACK Audio Connection Kit, is out with several new features and bug fixes.
Desktop Environments Gnome 2.12.3 ReleasedVersion 2.12.3 of the GNOME desktop environment has been announced. "We are pleased to announce the release of Gnome 2.12.3, the final release in the 2.12 series of Gnome."
GARNOME 2.12.3 announcedVersion 2.12.3 of GARNOME, the bleeding edge GNOME distribution, has been announced. "Incorporating the GNOME 2.12.3 Desktop and Developer Platform (the final release in the 2.12 series), together with a host of third-party GNOME packages, Bindings and the Mono(tm) Platform -- this release irons out yet-more bugs, hopefully adds yet-more stability and ships with the latest and greatest stable releases."
gnome-icon-theme branched for GNOME 2.14Rodney Dawes has made a new branch of gnome-icon-theme for GNOME 2.14. "I have just branched gnome-icon-theme for gnome-2-14, from an earlier date in the 2.13 cycle, where the changes to follow the naming spec have not yet been implemented. A couple of fixes and a new icon used by the search functionality added to Nautilus in 2.14, are still in however."
Module decisions for GNOME 2.14The GNOME release team has announced its GNOME 2.14 module plans. Take a look for the status of gnome-power-manager, libnotify/notification-daemon, gnome-screensaver, and more.
Compiz Window Manager Released (GnomeDesktop)GnomeDesktop covers the release of Compiz. "Compiz, the OpenGL window/composite manager, has been released following David Reveman's talk at XDevconf yesterday. "Compiz is an OpenGL compositing manager that use GLX_EXT_texture_from_pixmap for binding redirected top-level windows to texture objects. It has a flexible plug-in system and it is designed to run well on most graphics hardware.""
GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
Technical Working Group Elected (KDE.News)The first Technical Working Group for KDE has been elected. "This initial Working Group is elected for a period of six months. After this period an evaluation of the Working Group will take place. If it proves successful, elections will take place once every year. The group will help the hundreds of KDE developers in reaching technical decisions. Read on to learn about the members of the first Technical Working Group." The members of the working group are David Faure, Dirk Müller, George Staikos, Gunnar Schmidt, Lubos Lunak, Stephan Kulow and Thiago Macieira.
Mandriva Donates Polish Translation of KDE Docs (KDE.News)KDE.News covers the contribution of Polish translations to KDE by Mandriva. "The Polish department of Mandriva has contributed over 100 files of documentation translations to the Polish localisation team. The commits (1, 2) are made up of over 8000 messages. This allows Polish people to get an even better experience when using KDE in their native language."
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Electronics XCircuit 3.6.4 releasedDevelopment version 3.6.4 of XCircuit, an electronic schematic drawing package, is out with several bug fixes.
Financial Applications GnuCash 1.9.0 releasedGnuCash 1.9.0 has been released. Do note that this is an unstable, development release; best not to apply it to your important financial decisions quite yet. But it's important because it's the long-awaited, first GTK2-based GnuCash release. Congratulations to the GnuCash developers for reaching this milestone, and let's hope that it stabilizes quickly.
Games ScummVM 0.8.2 released (SourceForge)Version 0.8.2 of ScummVM, a cross-platform interpreter for point-and-click adventure game engines, is available. "Due to a bug discovered in 0.8.1, which rendered Broken Sword 2 unplayable, we're forced to release ScummVM 0.8.2 "Broken Broken Sword 2". Also, we used this opportunity to fix the WinCE builds, as well as the MacOS X bundle."
GUI Packages wxWidgets 2.6.3 Release Candidate 1Release candidate 1 of wxWidgets 2.6.3, a cross-platform GUI package, is available. Changes include: "Support for Windows Mobile devices * enhanced GTK+ 2 support * XRC resource system compiled as standard * radical overhaul of the Mac OS X port * replacement build system, Bakefile * better integration with STL * a CppUnit-based test suite * sizer improvements * new Gnome printing features * ODBC enhancements such as BLOB support and Unicode support on Windows * wxTaskBarIcon support on Mac OS X and Linux as well as Windows * arbitrary shapes for top-level windows * flicker reduction on Windows * better theme support * alpha channels for images * Compilation of the wxMSW port on Unix using Winelib * plus many API enhancements and bug fixes to existing classes."
Interoperability Wine TrafficThe February 10, 2006 edition of Wine Traffic is online with coverage of the Wine project. Topics include: Wine 0.9.7 & CXO for Linspire, Eating Dogfood, MP3 Decoding, Demangling Symbols and Winelib & Easy Distribution.
Mail Clients MH-E 7.91 releasedStable version 7.91 of MH-E, an EMACS interface to the MH mail system, has been announced. The source notes contain the change information: "Version 7.91 is the second 8.0 beta release and fixes several bugs that were uncovered in wider testing."
Music Applications Fastbreeder, a genetic programming synthThe Fastbreeder audio synthesizer project is taking a new approach to generating sounds. "Fastbreeder is essentially a 4 button synth. The idea is to grow code by choosing from a range of automatically generated variations of functions, you don't have to know how they work, but each function creates a sound which can be selected by you. The following generation is then created containing mutants of your chosen sound. You can refine and develop the sound just by auditioning and choosing the best one each time."
Peer to Peer Azureus 2.4.0.0 released (SourceForge)Version 2.4.0.0 of Azureus, a cross-platform java BitTorrent client, has been announced. "This release has many new features and improvements including: Encrypted/Obfuscated data transfer, High speed LAN transfer and Improved download algorithm."
Science BioImageXD 0.9.0 releasedStable version 0.9.0 of BioImageXD is available. "BioImageXD - Free and open source software for analysis, processing and 3D rendering of multi dimensional microscopy images. It uses free software such as Python, wxPython, VTK, and is a free replacement for very expensive commercial 3D microscopy analysis and visualisation software BioImageXD is a collaborative open source free software project, designed and developed by microscopists, cell biologists and programmers from the Universities of Jyväskylä and Turku in Finland, and collaborators worldwide."
Web Browsers Ben Goodger Explains Higher Memory Usage in Firefox 1.5 (MozillaZine)MozillaZine points to a weblog entry by Firefox hacker Ben Goodger about memory usage in Firefox 1.5. "What I think many people are talking about however with Firefox 1.5 is not really a memory leak at all. It is in fact a feature. To improve performance when navigating (studies show that 39% of all page navigations are renavigations to pages visited < 10 pages ago, usually using the back button), Firefox 1.5 implements a Back-Forward cache that retains the rendered document for the last few session history entries. This can be a lot of data. It's a trade-off. What you get out of it is faster performance as you navigate the web."
Bloggers Comment on addons.mozilla.org Review Process (MozillaZine)MozillaZine considers ideas from Mozilla Bloggers about the review of browser extensions. "Several Mozilla Bloggers have recently expressed concerns about the review process for extensions at addons.mozilla.org. David Baron feels that crashes and memory leaks caused by extensions could change user perception of quality of Mozilla products as a whole. Unlike the Mozilla source code, extensions do not benefit from an extensive community review process."
Minutes of the Firefox Team Status Meeting (MozillaZine)The minutes from the February 7, 2006 Firefox Team Status Meeting have been announced. "Issues discussed include status updates on planned Firefox 2 features, schedule revisit calling for a 2 week slip, decision to use dev-apps-firefox as the newsgroup/mailing list for discussion of development issues and action items for the upcoming alpha1 release."
Minutes of the mozilla.org Staff Meeting (MozillaZine)The minutes from the February 6, 2006 mozilla.org staff meeting have been announced. "Issues discussed include Firefox 1.5.0.1 Feeback, Upcoming Releases, Firefox 2, Personnel and Marketing."
Miscellaneous Gourmet 0.10.0 released (SourceForge)Version 0.10.0 of Gourmet, a cross-platform recipe management application, has been announced. "Gourmet 0.10.0 involves a major rewrite of the database backend. Import is much faster now and we do much better with large databases. Update from old versions should be safe (we won't clobber the last database) but requires a bit of magic that isn't easy to package up nicely. So we're holding off on installers (.deb, .rpm, .exe) for the time being. "
Roundup Issue Tracker release 1.1.0Version 1.1.0 of Roundup, an Issue Tracker application, has been announced. Changes include new features and some bug fixes.
Languages and Tools Caml Caml Weekly NewsThe February 7-14, 2006 edition of the Caml Weekly News is out with new Caml language articles.
Java J2EE Without the Application Server (O'ReillyNet)Guy Pardon discusses the operation of J2EE code without a server in an O'Reilly article. "Thanks to modern notions like inversion-of-control (IoC) and aspect-oriented programming (AOP) represented in lightweight containers like the Spring framework, the programming model for J2EE can be made a lot simpler and more elegant. Nevertheless, even with these tools, the application server still remains an important source of complexity and cost. This article proposes a further simplification of J2EE, by showing a way to eliminate the overhead of the runtime platform: the application server. In particular, this article shows that many applications no longer need an application server to run."
PHP PHP Weekly Summary for February 13, 2006The PHP Weekly Summary for February 13, 2006 is out. Topics include: SOAP bug?, pecl/spread, Standalone module build, Unsigned integers, The taming of the shrew, OSCON 2006, API docs, JANI missing from core, Iterator API change and Magic cmd /s.
Python PyInstaller 1.1 releasedStable version 1.1 of PyInstaller has been released. "PyInstaller is a program that packages Python programs into stand-alone executables, under Windows, Linux and Irix. This is similar to the famous py2exe, but PyInstaller works with any version of Python since 1.5, it builds smaller executables thanks to transparent compression, it is multi-platform (so you can build one-file binaries also under Linux), and use the OS support to load the dynamic libraries, thus ensuring full compatibility." See the Change Log file for release details.
python-openid 1.0.4 announcedVersion 1.0.4 of python-openid, a Python language OpenID library, has been announced. This is a maintenance release, it features bug fixes and other improvements.
Urwid 0.9.0-pre1 curses-based UI library for PythonVersion 0.9.0-pre1 of Urwid, a curses-based UI library for Python, is out. "This is a development release intended only for those interested in working with the new Layout classes and those who want to help improve UTF-8 support."
Why Not Python?, Part 3 (Linux Journal)Linux Journal presents part 3 in a series on learning Python by Collin Park. The series covers the creation of a Sudoku puzzle game. "ow it's time for this new Python user to do the hard work--code the program to fill in the blanks of Sudoku puzzles."
Dr. Dobb's Python-URL!The February 13, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.
Building Decision Trees in Python (O'Reilly)Christopher Roach works with decision trees with Python in an O'Reilly article. "This article introduces a popular and easy-to-use datamining tool called a decision tree that should help you solve your marketing dilemma. Decision trees are a topic of artificial intelligence. More specifically, they belong to the subfield of machine learning. This is due to their ability to learn--through example--to classify individual records in a data set."
Ruby Ruby Weekly NewsThe February 12th, 2006 edition of the Ruby Weekly News looks at the latest discussions from the ruby-talk mailing list.
Tcl/Tk Dr. Dobb's Tcl-URL!The February 14, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.
XML Open source Eclipse/SWT XForms engine releasedNuxeo has released the code for an XForms engine for SWT and Eclipse. "This engine will be used in the Apogee project recently submitted as a proposal to the Eclipse Foundation. Apogee aims at building a framework to create ECM-oriented desktop applications, independent from vendor or technologies. This framework could be used to create applications that will be integrated with Documentum, Interwoven, Nuxeo CPS or any ECM platform."
GovTrack.us, Public Data, and the Semantic Web (O'Reilly)Joshua Tauberer uses XML to track US government legislation in an O'Reilly article. "No matter where you fall in debates over free software or DRM, there's one type of information that is unarguably meant to be free, and that's information about our government. The more knowledge citizens have about government the better. So how can we use XML and the Semantic Web to make it easier to get that knowledge, and to foster civic participation?"
Page editor: Forrest Cook Linux in the news Recommended Reading UK holds Microsoft security talks (BBC)Here's a BBC article describing British concerns about the (DRM-inspired) encryption features in the upcoming Windows release. "Windows Vista is due to be rolled out later this year. Cambridge academic Ross Anderson told MPs it would mean more computer files being encrypted. He urged the government to look at establishing 'back door' ways of getting around encryptions. The Home Office later told the BBC News website it is in talks with Microsoft." That's the sort of thing that could inspire interest in free software desktops.
Is ODF an Open Standard? ~ by David A. Wheeler (Groklaw)Groklaw has an article by David A. Wheeler on the openness of the open document format. "But is OpenDocument really an open standard, or not? For example, can anyone implement it? Was its development process completely controlled by a single party (which would not be open), or is there evidence that it's a consensus result by many? It's generally accepted that OpenDocument is an open standard, but recently I've been told that some people are claiming otherwise. So let's figure out what the criteria are for an open standard, and then see if OpenDocument meets those criteria."
Trade Shows and Conferences Report from the Open Document workshop at SCALE by Mathfox (Groklaw)Groklaw has a report from SCALE, the Southern California Linux Expo. "The first day of the Southern California Linux Expo was dedicated to the Open Document Format. All of the speakers at the workshop stressed the importance of an Open Standard to achieve vendor-independence and create conditions where innovation and competition can flourish. Peter Quinn, the former CIO of Massachusetts, opened the workshop with a summary of the events that surrounded the Massachusetts decision to standardize their document formats."
The SCO Problem Intel Calls SCO a Liar in Utah Court Filing (Groklaw)Groklaw covers the latest movement in the SCO case. "Well, *now* SCO's really gone and done it. They got used to IBM's restraint, I guess, and told a story to the Utah court, and now they are being called on it. First, we saw Oracle dispute SCO's story about the subpoenas in its motion to quash in California, and now Intel has filed in Utah a Nonparty Intel's Response to SCO's Motion For Leave to Take Certain Prospective Depositions, and they are hopping mad. Mad enough to tell Judges Kimball and Wells that what SCO said about Intel is "unfair and untrue": Although Intel takes no position on whether SCO's Discovery Extension Motion should be granted, Intel is compelled to respond to SCO's misrepresentations about Intel's conduct."
Companies Two ways Microsoft sabotages Linux desktop adoption (SearchOpenSource)SearchOpenSource explores Microsoft's strategies for undermining Linux adoption efforts. "Two themes dominate the stories I hear about the tribulations of using and adopting non-Microsoft business desktops: the difficulty in finding compatible hardware and the stranglehold Microsoft Word has on users. In the last week, IT pros have shared their experiences with these two adoption inhibitors. They're representative of other stories I've heard."
Gentoo Linux founder quits Microsoft (ZDNet)ZDNet reports that Gentoo founder Daniel Robbins has quit his job at Microsoft. "Robbins told ZDNet UK in an e-mail Monday that he decided to leave because he was not able to use all his technical skills in his role."
XenSource gets new CEO, direction (ZDNet)ZDNet reports on some changes at XenSource. "Although Xen's influence has been spreading, making a business out of the software is a different challenge. Although IBM, Hewlett-Packard and other industry allies are helping XenSource to improve the Xen foundation, they become potential competitors when it comes to selling management tools such as XenSource's XenOptimizer."
Linux Adoption Open-Source Users Break Free From Commercial Software (Fox News)Fox News looks at the adoption of Linux by non technical users. "Danny and Linda Lee, who are both in their mid-50s, know as much about computers as they do about gangsta rap. Yet Mr and Mrs Lee's computer at their home in Bedhampton, Hampshire, England, doesn't run Microsoft Windows. Nor is it a newbie-friendly Mac. "I gave my parents a machine running Linux, and they know no different," says their son Wayne." (Thanks to Peter Masiar.)
Linux at Work Outdoor WiFi router runs x86 Debian Linux (LinuxDevices)LinuxDevices has a brief look at the Meshnode router. "The Meshnode router includes two WiFi radios, and supports mesh configurations based on OLSR (optimized link state routing). Because it runs a normal Debian Linux distribution, the device might be a good platform for WiFi hackers and developers interested in running fairly full Linux environments." More information can be found on meshnode.org.
Legal Digital Copyright Issues in Academic Publishing (Groklaw)Groklaw presents an article by Roy Bixler entitled Digital Copyright Issues in Academic Publishing. "As technology affects publishers of all kinds, whether the medium is video, audio or print, it is interesting to see how the publishers adapt to the changing environment. The primary challenge lies with the ease of making digital copies of works and the implications that has for the application of copyright law. Laws like the Digital Millienium Copyright Act in the US, which enforce technical restrictions on making copies, are well-known and are primarily associated with the music and film industries. However, due to the market failure of e-books, technological change has not been as quick to affect the print medium."
The Agenda for the USPTO Meeting on Feb. 16 (Groklaw)Groklaw looks at the agenda for a for Public Meeting of the US Patent & Trademark Office and the Open Source Software Community. " The USPTO has posted the day's agenda for the February 16th meeting regarding the Open Source as Prior Art and Open Patent Review initiatives. It begins at 10 AM and runs until 2 PM. Directions. You can't just show up, though, and be sure of getting in. You must register by email to guarantee a seat. The Open Source as Prior Art segment begins at 10:15, so please don't be late. That is the one I am most interested in hearing about. One of the things listed for that segment is the following goal: "Identify interest and resources for ongoing effort." The Patent Review segment is at 11:15."
Interviews Kalzium Wins Award; Carsten Niehaus Interviewed (KDE.News)KDE.News looks at Kalzium, KDE's interactive periodic table, and points to a People Behind KDE interview with Carsten Niehaus. "I am the main author and maintainer of Kalzium, KDE's periodic table of the elements. I have also represented KDE at several exhibitions, for example last year I was at Systems, LinuxTag, Wikimania and LinuxInfoTag Dresden."
Resources Introduction to CalDAV (NewsForge)NewsForge takes a look at calendaring software. "A number of high-profile open source applications use CalDAV, chief among them the Mozilla Calendar project. Given its association with the Mozilla suite, it is likely the most widely deployed and tested CalDAV client. The Calendar extensions for Firefox and Thunderbird, the standalone Sunbird calendar app, and the in-progress Mozilla Lightning groupware client are cross-platform and all support CalDAV."
Network Monitoring with Ethereal (Linux Journal)Linux Journal looks at Ethereal for network analysis. "Besides basic monitoring, Ethereal offers a lot of analyzing options. In my example at the start of this article, I could have used a filter to pull out the expected traffic. For example, adding tcp.port != 80 to the filter window and clicking the Apply button would have excluded any port 80 (HTTP) traffic from the display." Originally published in Linux Gazette issue 98.
Health, nutrition, and diet apps for Linux (Linux.com)For those who say that Linux doesn't have good application support, Linux.com covers several diet and nutrition applications that run on Linux. "Fitday calculates your basic caloric needs from your weight and activity levels, and displays graphs to show your progress (or lack of progress). There's also a database of fitness activities from which to choose; enter your activity and the length of time you performed it, and Fitday calculates the calories burned. Now if I could only find a Linux program that cooks the food...." ...and cleans the kitchen.
CLI Magic: MultiTail follows files in style (Linux.com)Linux.com uses MultiTail to follow log files. "Troubleshooting often involves having to watch logfiles in real time. That means using tail or a similar utility to see new messages that are added to a logfile by Apache, MySQL, X.org, or whatever program you're trying to deal with at the time. While tail is usually readily available on *nix systems, I prefer to use MultiTail whenever possible. It has some features that you won't find in tail, such as filtering and a color display, and MultiTail allows you to follow the output from a command as easily as following a logfile."
Reviews Artech Offers Akshar Naveen On Linux (EFYTimes)The EFYTimes looks at the release of Akshar Naveen on Linux (ANL), a multilingual office suite (English, Hindi, Bangla, Gujarati and Punjabi) using the open document format. "Akshar Naveen on Linux comes loaded with features, such as independent office suite including text editor, spreadsheet, presentation, HTML editor, drawing and database. It is compliant with ODF and Unicode formats. ANL incorporates an enhanced dictionary, e-mail facility, different keyboard settings, a number converter, an inbuilt PDF converter and database support. It facilitates Indian language web publishing as well."
Test drive: Chandler PIM (NewsForge)NewsForge reviews the Chandler 0.6 release. "Manipulating calendar events in Chandler is exceptionally fluid. Events are represented as colored blocks that can be stretched, compressed, or dragged and dropped with the mouse, each change automatically updating the start and end times. You interact with calendar events as if they were tangible objects, which is a tremendous boon. This is the first calendar application to implement this behavior usably in Linux."
Powerful Remote X Displays with FreeNX (O'Reilly)Tom Adelstein looks at FreeNX on O'Reilly. "Imagine X server technology with compression so tight that GNOME and KDE sessions yield impressive response times when run over modems with SSH encryption. FreeNX is an addition to the remote desktop line with stunning performance. Thin clients use small amounts of bandwidth while handling audio and video, printing, and other heavy applications, and permit the use of session suspension instead of termination. As long as you wish to primarily use Linux, FreeNX provides real virtual KVM switches without hardware."
Coming next to the Mac: Linux and Windows? (PC World)PC World examines the issues of getting Linux to run on the new Macs. "Moshe Bar, a technology entrepreneur, said he has been able to run both FreeBSD Unix and Debian Linux on a new Mactel machine using virtualization software from XenSource, which he co-founded. But Apple's protectiveness of its hardware specs has so far prevented Bar from getting the graphics, sound or Wi-Fi to work."
Miscellaneous Free Software Foundation launches Gnash (NewsForge)NewsForge follows the progress of Gnash, an open-source player for Adobe Shockwave/Flash files. "Gnash currently works as a standalone application, implementing almost all of Flash 7. The project is developing a test suite to ascertain what remains to be done, and Savoye hopes the suite will prove valuable to other free Flash implementations as well. Adapting the standalone player into a Mozilla/Firefox plugin is more challenging, Savoye says. Although detailed resources are available for developers creating browser extensions, Savoye reports that there is little documentation for plugin creators."
OpenSolaris on XenTim Marsland introduces OpenSolaris on Xen in his weblog. "We wanted to start the conversation with working code. So we have a snapshot of our development tree for OpenSolaris on Xen, synced up with Nevada build 31. That code snapshot should be able to boot and run on all the hardware that build 31 can today, plus it can boot as a diskless unprivileged domain on Xen 3.0. While we were in our final approach to this release, we got live migration to work too, which is one of the key features we've been working on." (Thanks to Eric Boutilier)
Page editor: Forrest Cook Announcements Non-Commercial announcements EFF: Google Copies Your Hard Drive - Government Smiles in AnticipationThe Electronic Frontier Foundation has sent out a press release that recommends avoiding the latest version of Google Desktop. "San Francisco - Google today announced a new "feature" of its Google Desktop software that greatly increases the risk to consumer privacy. If a consumer chooses to use it, the new "Search Across Computers" feature will store copies of the user's Word documents, PDFs, spreadsheets and other text-based documents on Google's own servers, to enable searching from any one of the user's computers. EFF urges consumers not to use this feature, because it will make their personal data more vulnerable to subpoenas from the government and possibly private litigants, while providing a convenient one-stop-shop for hackers who've obtained a user's Google password."
EFF Challenges Clear Channel Recording PatentThe Electronic Frontier Foundation has announced a challenge to a Clear Channel Communications patent. "The Electronic Frontier Foundation (EFF) filed a challenge Monday to an illegitimate patent from Clear Channel Communications. The patent -- for a system and method of creating digital recordings of live performances -- locks musical acts into using Clear Channel technology and blocks innovations by others."
FSF: GPLv3 Update #2The Free Software Foundation has sent out an update on the GPLv3 process. High points include the availability of a video stream from the opening session of the GPLv3 conference (where Eben Moglen walked attendees through the new text) and a defense of the anti-DRM provisions.
FKF and FSFE teaming upThe FSFE and FRK have announced a partnership. The Free Knowledge Foundation / Fundación Conocimiento Libre (FKF) and Free Software Foundation Europe (FSFE) are proud to announce their new official associate status, working together for the promotion and protection of Free Software in Spain."
Another successful GPL enforcementThe gpl-violations.org project has sent out a press release on a successful effort to bring an Austrian company (which provides systems for the Austrian health system) into GPL compliance. "According to gpl-violations.org, SVC B.u.E. GmbH used GPL licensed software, including Linux, in the Software running on the "GINA" (Gesundsheits Informations Netzwerk Adapter). 'GINA' is installed at every doctor's clinic and acts as a gateway between the Health Information Network and the clinic."
KDE e.V. Quarterly Report Released (KDE.News)KDE.News mentions the release of the latest KDE e.V. quarterly report. "KDE e.V. has released its second quarterly report covering the activities of KDE's legal body for the last three months. This quarter saw the first meeting of the new KDE e.V. board and of course the creation of the Technical Working Group."
Commercial announcements ACCESS and PalmSource Announce the ACCESS Linux PlatformACCESS Co., Ltd., and its wholly owned subsidiary, PalmSource, Inc. have announced the latest evolution of Palm OS for Linux, the ACCESS Linux Platform, tailored for smartphones and mobile devices.
BEA donates code to open source Java communityBEA Systems, Inc. has announced that it will open source a significant portion of BEA Kodo, its persistence engine, under the name Open JPA. "Today's announcement will benefit all Java users, particularly those who prefer to develop using a blended model of commercial software and open source frameworks."
BitRock Releases LAMPStack 2.0BitRock has announced the release of a new version of LAMPStack. "BitRock LAMPStack 2.0 is an update to BitRock's integrated, easy to install LAMP distribution. The new, freely available LAMPStack includes Apache, PHP, MySQL, Python, phpmyadmin and supporting libraries."
E28 Limited to Add Boingo to Linux SmartphonesBoingo Wireless Inc. has announced that the Boingo's Wi-Fi toolkit will be used in E28 Limited smartphones. "E28 Limited, a pioneer in Linux-based smartphones, and Boingo Wireless Inc., a leading Wi-Fi service provider for business travelers, today announced plans to incorporate Boingo's Wi-Fi toolkit for handsets into E28's line of dual-mode smartphones. The dual-mode smartphones will include roaming authentication to Boingo's 25,000 Wi-Fi hot spots worldwide to enhance Internet access options and provide high-bandwidth, low-cost alternative networks for broadband applications such as VoIP and streaming media."
A new Linux/Windows TCO studyLevanta and OSDL have put out a press release announcing the results of a Linux v. Windows study. Surprisingly, this one comes out in favor of Linux. "'Get the Truth on Linux Management' concludes that in many cases, Linux is likely to be a significantly less expensive platform to acquire and manage than Windows. Respondents indicated that the average resource costs (salaries, training, and support) are no longer significantly higher than Windows and that the management of Linux is of minimal concern when considering the overall TCO." Those wanting to skip the release can go straight to the executive summary or the full report [PDF].
Linux Networx Announces Largest Supercomputing OrderLinux Networx has announced its largest supercomputer order. "Linux Networx, the Linux Supercomputing Company, announced today that the Department of Defense (DoD) High Performance Computing Modernization Program (HPCMP), has placed the largest single order for Linux Supercomputers in the company's history. The DoD purchased five supercomputers from Linux Networx including three Advanced Technology Clusters (ATC's) and one LS-1 for the Army Research Laboratory (ARL) Major Shared Resource Center (MSRC), and an additional LS-1 for Dugway Proving Ground."
LPI Certifications Exceed 30,000 WorldwideThe Linux Professional Institute has issued over 30,000 LPI Certifications. "This milestone clearly demonstrates the growing demand for a solid base of highly skilled and certified Linux professionals. It is also further evidence of the value of a vendor-neutral Linux certification to the enterprise environment where such a concrete demonstration of skills and knowledge is a necessity," said Jim Lacey, President and CEO of the Linux Professional Institute."
MySQL AB Secures $18.5 Million in Series C FundingMySQL AB has announced the receipt of new funding. " MySQL AB, developer of the world's most popular open source database, today announced the completion of an $18.5 million Series C round of financing led by Institutional Venture Partners (IVP), the Menlo Park, California-based venture capital firm. Corporate investors in the round were Intel Capital; Red Hat; SAP Ventures, a division of SAP AG; and Presidio STX, the U.S.-based venture investment subsidiary of Sumitomo Corporation. MySQL AB will use the proceeds to fund continued growth into the enterprise database market, including new product development as well as expansion of business development, sales and marketing activities."
Oracle buys Sleepycat SoftwareOracle has announced the acquisition of long-time open source database supplier Sleepycat Software. "Sleepycat Software's Berkeley DB is the most widely used open source database in the world with deployments estimated at more than 200 million. Berkeley DB is distributed under a dual license model, i.e. available under a public license and also available under a commercial license. Well-known open source projects such as the Linux and BSD UNIX operating systems, Apache web server, OpenLDAP directory, OpenOffice productivity software, and many others embed Berkeley DB technology." Terms not disclosed. Also not disclosed is whether there will be any changes in the Berkeley DB licensing terms.
rPath launches rBuilderrPath has announced the general availability of its flagship product, rBuilder. rBuilder is a platform for creating and maintaining Linux software appliances. "rBuilder transforms Linux from being just another port for application developers to being a strategic element of a subscription business model."
SGI and GTSI Form Government Channels AllianceSGI has announced an alliance with GTSI Corp. to grow Linux System Sales in the US government sector. "In a joint effort to grow revenues from the sale of 64-bit Linux(R) solutions to government agencies at all levels, Silicon Graphics (OTC: SGID) and GTSI Corp. (Nasdaq: GTSI) today announced an agreement establishing GTSI as a front line government channels supplier providing SGI(R) solutions to federal, state and local government customers."
STMicroelectronics Announces Wireless LAN Chip for Mobile PhonesSTMicroelectronics has announced a new 802.11g IC for use in cellular phones, Linux drivers are available. "Suitable for enterprise smart phones and consumer multimedia handsets, this complete WLAN solution provides high-speed power efficient IEEE802.11g performance without compromising battery life. The compact nature of the STLC4370 reference design has enabled its design into multiple form-factor mobile phones including candy bar, compact PDA, and innovative fold-open keyboard designs."
Sun Microsystems Opens Door for Open Sourcing SPARC TechnologySun Microsystems has announced that its OpenSPARC initiative has released the UltraSPARC Architecture 2005 and HyperVisor API specifications to help jumpstart the porting of Linux, BSD and other operating systems, middleware and applications to the UltraSPARC T1 processor.
Tecnick.com releases all products under an open-source licenseWeb Software distributor Tecnick.com is switching to an open-source distribution model. "After 5 years of commercial distribution, Tecnick.com has made all its products Open Source Software by adopting the licensing policy of the Free Software Foundation. The new business model is simple, the software is essentially free, customers pay only for enhancements, services and support."
TimeSys Introduces LinuxLink Subscription for MPC8548ETimeSys has announced the availability of a LinuxLink Subscription for the Freescale's MPC8548E Communications Processor. "LinuxLink by TimeSys(TM) is the first commercial offering to support the majority of embedded developers who build and assemble their own commercial-grade custom Linux platform by delivering on-demand access to continuously-updated processor-optimized Linux and components, a rich development environment and community support. This is a significant departure from commercial Linux vendors that dictate feature sets and release schedules, resulting in platforms that diverge significantly from the Open Source community."
New Books Penetration Tester's Open Source Toolkit--latest from SyngressSyngress has published the book Penetration Tester's Open Source Toolkit by Johnny Long.
Resources Delivering free software at 2Gbit/sMattias Wadenstein mentioned this overview on how to distribute large projects over the Internet. "This is a brief overview on how the Academic Computer Club at Umeå University managed to setup a system that could sustain 2Gbit/s of downloads to the general public for the latest Debian and Ubuntu releases."
The Globus Consortium JournalThe February 2006 edition of the The Globus Consortium Journal is out. This issue covers Grid and Enterprise Data Management.
Paper: Lessons from the Sony DRM episodeAlex Halderman and Edward Felten have published a retrospective on the SonyBMG rootkit episode [PDF]. "This paper is a case study of the design, implementation, and deployment of anti-copying technologies. We present a detailed technical analysis of the security and privacy implications of two systems, XCP and MediaMax, which were developed by separate companies (First4Internet and SunnComm, respectively) and shipped on millions of music compact discs by Sony-BMG, the world's second largest record company. We consider the design choices the companies faced, examine the choices they made, and weigh the consequences of those choices. The lessons that emerge are valuable not only for compact disc copy protection, but for copy protection systems in general."
Contests and Awards EFF: Nominate a Pioneer for EFF's Pioneer AwardsThe Electronic Frontier Foundation is calling for nominations for its 2006 Pioneer Awards. "Pioneer Awards nominations are open to individuals or organizations from any country. Nominations are reviewed by a panel of judges chosen for their knowledge of the technical, legal, and social issues associated with information technology."
Upcoming Events aKademy-es 2006 in Barcelona (KDE.News)KDE.News has announced the 2006 aKademy-es event. "aKademy-es 2006 is scheduled to be a small event for all KDE users and developers from Spain to attend talks, share experiences, etc. It will take place in Barcelona from Friday 3rd to Sunday 5th of March."
European Common Lisp Meeting 2006The European Common Lisp Meeting 2006 will be held in Hamburg, Germany on April 29-30 2006.
Freedom-to-Connect to Promote Internet Freedompulvermedia and Isen.com LLC has announced the Freedom-to-Connect summit. The event will be held in Washington, DC on April 3 and 4, 2006. "This two-day summit will bring business, policy and technology thought leaders to the nation's capital to share their perspectives, insights and wisdom, thus helping to build a better, more complete understanding of how policy and technology might evolve together to create and advance the future of communications and the Internet."
FUDCon Boston 2006 Call for PapersA call for papers has gone out for the Fedora FUDCon Boston 2006 The event takes place in Boston, MA on April 7 after the LinuxWorld Conference and Expo, submissions are due by February 23.
Registration Open for Gelato ICE ConferenceRegistration is open for the Gelato ICE: Itanium® Conference & Expo. The event will take place in San Jose, CA on April 23-26, 2006.
LUGOD InstallfestThe Linux Users Group of Davis, CA will hold a Linux installfest on February 18 from 10:00 AM until 6:00 PM.
Vote for the next location of the OpenOffice.org Conference (OOoCon)The OpenOffice.org Conference Team is looking for a location for the 2006 OOoCon. "Vienna, Austria and Lyon, France have been proposed as locations for the OpenOffice.org Conference 2006 (OOoCon 2006). We invite you to go to the following web page to submit a vote for your favourite location." Vote here.
Xara sponsors first Open Source Graphics conferenceXara is sponsoring the Libre Graphics Meeting, the event takes place in Lyon, France on March 17-19, 2006.
Events: February 16 - April 13, 2006
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Piechart]](/images/ns/levanta-report-piechart-sm.png)
![[Diagram]](/images/ns/kernel/mlock.png)
imagination, could be described by the diagram to the right. A process has
a particular memory page of interest, pointed to by a page table entry.
That process has arranged with a device driver to exchange data through
this page; as a result, the driver has a pointer to the associated
page structure, possibly obtained with get_user_pages().
At this stage, all is working well.
![[Diagram]](/images/ns/kernel/mlock2.png)
memory since, for much of the memory range, there is unlikely to ever be a
reason to do so. Instead, both parent and child will be set up with page table
entries pointing to the same physical page in memory, but that page will
now be write protected. As long as neither process attempts to write to
the page, the situation can remain as shown in the diagram to the left.
Both processes - and the driver - can share the same physical page. If
either process calls fork() again, the result will be a third
process also sharing that page, and so on. Often, no process will attempt
to write to the page for as long as it is in this shared state, and no copy
will ever have to be performed.
![[Diagram]](/images/ns/kernel/mlock3.png)
and pointing the parent process's page table entry to the new,
write-enabled page. At that point, the write attempt can go forward, and
everybody will be happy.
![[John the Ripper]](/images/ns/johntheripper.png)
Version 1.7 of John