LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for March 2, 2006A grumpy editor's bayesian followup
SpamAssassinOne commenter complained last week about your editor having run SpamAssassin with the network tests enabled. The original reasoning had been that SpamAssassin, by its nature, comes with a large set of rules, and, for the purpose of the review, selectively disabling some of them was not appropriate. Still, the network tests do have a couple of important effects on the end result. As will be seen below, they make the filter much more effective; in your editor's experience, the source blacklists earn most of the credit there. But they also slow things down. Your editor re-ran the test with network tests disabled, with the following results:
(Last week's results have been included for comparison). The "default" results are actually a mistake on your editor's part, but, since they illustrate an interesting point, they have been included in the above table. When SpamAssassin runs its bayesian filter on a message, it encodes the results as if a specific rule had fired. If the filter is absolutely convinced that the message is good, the score is adjusted by the value attached to the BAYES_00 rule. For obviously spam messages, BAYES_99 comes into play; there are several levels between the two as well. SpamAssassin, out of the box, assigns 3.5 points to BAYES_99. Since five points are required, by default, to condemn a message, the bayesian filter can never do that on its own. Any message, to be considered spam, must trigger some tests outside of the bayesian filter. The "default" results, above, came about because your editor got a little over-zealous when clearing out the bayesian and whitelist databases for a new round of tests; so they use the default scoring for BAYES_99. The "tweaked" results, instead, have the score for that rule raised to 5.0 points, allowing the bayesian filter to condemn mail on its own. The difference in the results can be clearly seen from the table: spam filtering performance is vastly improved, with no false positives. With the default configuration, local-only SpamAssassin had the second-worst false negative rate of all the filters tested. Your editor is at a loss to understand why SpamAssassin comes configured to allow the bayesian filter to be bypassed so easily. Back to the original point of running this test: putting SpamAssassin into the "local tests only" mode clearly worsens performance significantly, while also improving run time.
PopfileA number of people were dismayed at the omission of popfile, a proxy-based filter coded in Perl. Popfile is intended to sit between the mail client and the POP or IMAP server; it filters mail before presenting it to the user. It includes a built-in web server which provides filtering statistics and allows the user to perform training. Perhaps the most interesting feature in Popfile, however, is its approach to filtering. While the other filters reviewed are very much oriented around filtering spam, Popfile tries to be more general. So, instead of filtering into just two categories (plus the "unsure" result provided by a number of filters), popfile can handle an arbitrary number of categories. So it not only picks out the spam, but it can sort the rest of a mail stream based on whatever criteria the user might set. This approach makes Popfile a potentially more useful tool, but it has implications on its spam filtering performance, as will be seen from the testing results. Your editor tested Popfile 0.22.4, using its standalone "pipe" and "insert" tools.
On one hand, Popfile was the most effective at removing spam of any of the filters reviewed; its false negative rate is almost zero. On the other hand, the false positive rate was high - unacceptably so. Popfile normally uses a "train on errors" approach; your editor ran a second test where the filter was trained on every message just to see if that would help with the false positive rate. Instead, that rate got worse, and the filter slowed down to a glacial pace. Clearly Popfile and comprehensive training were not meant to go together. Your editor has a hypothesis explaining the behavior seen here. Bayesian filters which concern themselves only with spam have a built-in bias: false positives are bad and must be avoided. Popfile, instead, has no notion of a "false positive"; it only has various "buckets" into which mail can be sorted. The tool does not understand that some types of errors are worse than others. So, while most filters will err on the side of false negatives, Popfile just goes for whatever seems right. As a result, it catches more spam - and more of everything else. From this experience, your editor has concluded that spam filtering should be done independently from any other sort of mail sorting. If bayesian filters are to be used for sorting of legitimate mail, it might be best to use two separate filters in series.
SpamOracleSpamOracle is a straightforward Graham-style bayesian filter. It happens to be written in Caml, leading your editor to go looking for compilers; Fedora Extras came through nicely on that front. Initial training is easy and fast, and SpamOracle works well with procmail. As a filter, however, it is not one of the more effective ones. Your editor ran two tests on SpamOracle v1.4, using train-on-errors and comprehensive training strategies.
As can be seen here, SpamOracle is fast, and it manages to avoid false positives altogether. Its filtering rate is poor, however, to the point that your editor would not want to have to depend on it to hold the spam stream at bay. Comprehensive training slowed the process down significantly, but did not improve the results in any appreciable way.
ThunderbirdThere were some requests that Thunderbird be included in this evaluation. The problem is that Thunderbird's filter is buried deep within a monolithic graphical application, making it difficult to test in any sort of automated manner. Your editor, being the lazy person that he is, has no inclination to click through 15,000 messages to evaluate how well Thunderbird has classified them. As it happens, your editor uses Thunderbird for a low-bandwidth mail account which receives a mere 100 spams per day or so. The Thunderbird interface is certainly convenient; there is a nice "junk" button for training the filter (though the way it toggles to "not junk" can be confusing). Thunderbird can be configured to automatically sideline spam into a folder, and to age messages out of that folder after a given time. False positives are rare, in your editor's experience, but the false negative rate is relatively high. It is also impossible, as far as your editor can tell, to get any information on the filter and how it makes its decisions.
ConclusionHere is the updated table, with the new and old results:
There is little in the new results to change the conclusions arrived at last week. The filters which stand out are SpamAssassin (in some modes at least), and DSPAM. Most of the others demonstrated overly high error rates, either with false negatives (annoying) or false positives (unacceptable). Stay tuned, however; there is clearly a great deal of work being done in this area.
Linux fragmenting at last?Back in January, Novell announced that it was releasing the "AppArmor" security framework under the GPL. AppArmor had been developed by Immunix, and acquired by Novell last year. Novell makes a number of claims about AppArmor, but the one at the top of the list appears to be relative simplicity: AppArmor is said to be easier to understand, configure, and maintain than SELinux.Dan Walsh, a Red Hat developer working on SELinux, has criticized this move:
Couldn't Novell have spent their money on making SELinux easier to
use? No, [Novell] chooses to split the user and developer community. I
am not sure what their goals are, but I feel this hurts Linux and
the open source movement.
For years, critics have claimed that Linux would fragment much like Unix did, and that would be the downfall of the system. So far, Linux has steadfastly refused to fragment in this manner. But now we have a Linux developer saying that the same thing is happening. Red Hat and Novell also appear to be taking different approaches to 3D-enhanced window systems. Novell is pushing Xgl, Red Hat has AIGLX, and Linux users are left wondering when and how all that activity will yield better graphics support for them. At this level, too, it looks like Linux might finally be heading for a breakup. Or is it? Perhaps we are simply seeing the development community at work. With regard to SELinux, it is important to note that there is no real consensus, yet, on how the security problem should be solved. SELinux is a powerful system, beyond doubt; it allows the capabilities of users and programs to be specified in great detail. But SELinux is also highly complex, to the point that a large percentage of system administrators find themselves unable to cope with it. The fedora-devel list just had a discussion on how to get administrators to keep SELinux enabled on their systems. One participant, who teaches administration courses, noted:
By no means is this limited to home users. I would say that the
*vast* majority of corporate admins just turn off SELinux. The story
behind how & why they learned to do that to begin with only vary in
details. It's almost always, "I had problems installing X or doing
Y and I found a document on the Internet that said that SELinux was
in the way and didn't work right anyway and was too complicated and
didn't do me any good and that I couldn't learn enough about it to
even understand what was happening, let alone deal with it, in less
than a month and ... well, so I just turn off SELinux and then I
don't have to deal with it."
The point here is not to criticize SELinux; that has been adequately done elsewhere. Instead, the real point is there is not, at this time, any sort of broad consensus that SELinux is the right tool for everybody's security problems. It may turn out that the best solution is to put more effort into making SELinux easier to deal with, but it seems premature to claim that SELinux will be the answer to security problems on Linux. It makes sense, in other words, to spend some time considering other approaches - especially those which are already implemented and relatively stable. If SELinux is truly a superior solution, that will eventually become clear and users will vote with their keyboards. But to claim, at this point, that SELinux is the only solution and that looking at alternatives hurts the community would be a mistake. This community thrives on choices, and, to an extent, it thrives on competition between related projects. Since the alternatives are all free software, users are able to choose what works for them, and the best ideas (and code) can move from one project to another. The process would be helped, however, if Novell would pull together the AppArmor source and submit it properly for review and eventual merging into the mainline kernel. The story with Xgl and AIGLX is the same. There is no real consensus, yet, on how 3D graphics will be best supported in the X window system. So two groups have put together two different implementations, each with its advantages. It is easy to present this story as a classic developer flamewar, but that does not seem to match the reality of the situation. A look at the X.org mailing list, for example, shows Xgl developer David Reveman agreeing to adopt some interfaces put forward by the AIGLX group. Over the long term, the development community will almost certainly coalesce around the approach which seems to work best, but, for now, it is too early to say which one (if either) will be most successful. If there is a problem here at all, it is that the distributors are being quick to make products out of technology which may not be entirely ready for prime time. Red Hat has operated this way for a very long time; anybody who remembers being pushed into, for example, the ELF or glibc2 transitions by Red Hat Linux upgrades knows that some of that code was a little rough around the edges then. But, by pushing that code out to the users, Red Hat almost certainly accelerated the stabilization process. What we are seeing now is that Novell wants to get into the same game and put more leading technology into the traditionally conservative (by comparison) SUSE distribution. When things work well, Novell will be able to claim leading-edge features and the code will get wider testing, sooner. There is nothing that requires Novell, as it moves SUSE Linux toward the leading edge, to follow Red Hat's decisions on which approaches to adopt. The risk is that each distributor's user base will find itself locked in to a different set of still-green technologies, making it harder for the development community to settle on a single choice. In the cases of security policies and 3D acceleration, however, the potential for lock-in seems low; most users will not care about which approach they use, as long as the system works well. So, most likely, those critics who have predicted the death by fragmentation of Linux will have to wait a while longer yet.
Testing the bleeding edgeThere is nothing like the joy of running a development distribution. Nowhere else can one find the same combination of huge updates (it's amazing how often the X bitmap fonts seem to change), unstable software, broken dependencies, and, for extra spice, the occasional blown-away configuration file. Whether it's called sid, Dapper, Rawhide, Cooker, or something else, a development distribution is a sure way to learn - usually at inopportune times - about what is happening at the leading edge of the development community.Development distributions are also a good way to keep track of what developers and packagers are doing. A development distribution is alive, forever changing, forever interesting. It is a constant reminder that Linux and free software are a process, not a product. When compared to the vitality of a development distribution, stable releases seem flat and boring. These distributions exist for a reason: having more people testing the system will help the creation of more stable releases. So developers want to have outsiders running the development version. But those developers might, perhaps, prefer to do without users who don't know what they are getting into. Consider, for example, this note sent to the fedora-testers list:
I think somewhere along the way netizens appear to think that
Rawhide is stable (or at least for public consumption). I'd think
we need to discuss how we can provide more constructive information
for developers and send a clear message to non-testers that Rawhide
(a.k.a FC5 ) is not for general use.
Another participant responded with this suggestion:
I can scream that the development tree will eat your children and
destroy not only your data but your neighbor's data until I'm blue
in the face... but for people who don't want to hear the
warning.. they will choose not to hear the warning... and the only
way for them to learn is to actually have rawhide eat their
data. So i say.. every week there should be a deliberate package
update in the development tree which destroys data. Thrown into the
package pool at random, with an appropriate changelog entry so
those of us who read the daily rawhide reports will know exactly
which package to exclude.
One can safely assume that this idea was offered in a tongue in cheek mode. But the discussion as a whole does raise a question: who should be running development distributions, and for what purposes? Development releases routinely come with warnings about their explosive nature and admonitions not to use them for any serious purpose. But the fact is that the only way to find the problems with these distributions is to use them for serious purposes. There is little to be learned by putting the distribution on a test box, noting that the installer works, and admiring the pretty desktop graphics. It's only through serious use that one discovers, say, that the web server does not handle load as well as before, that the compiler produces bogus code in certain situations, that emacs feels pretty today, or that the Wesnoth sound effects have stopped working. These are all things which are best discovered before the release is shipped; having to put together Wesnoth patches in a hurry to satisfy a service contract to a large corporation is just a real pain. So it is important to have "real users" working with development distributions; those are the users who will come up with many of the important bug reports. Discouraging them can be a counterproductive thing to do. On the other hand, these users do need to know what they are getting into. A development distribution will bite back, sooner or later, and it's important to be able to put the pieces back together when that happens. Testers who are not prepared when disaster strikes will not, in the long run, be helpful to the development process. This aspect of the free software development process is not often talked about. But, without widespread testing in real-world environments, software will not stabilize as well as it should. Proprietary companies run closed beta programs to obtain this testing; the free software world, for the most part, has moved away from that mode in favor of open development repositories. Open development systems are a good thing, they allow a wide variety of participants to try out the software. But these development releases are not for everybody; finding the right way to communicate that fact may be an ongoing challenge.
Security Some mailer difficultiesThunderbird users generally take some comfort from the fact that their mail client can be configured to refuse to load external images which might be called for in HTML mail. The loading of such images is, at a minimum, a privacy problem - it lets somebody know that a given message has been read. Remote images can be used to note the times that messages are read, or to judge the effectiveness of spam delivery. So turning off this "feature" makes a lot of sense.Unfortunately, it turns out that Thunderbird 1.5 does not block all external loads, even when image loading is turned off. In particular, it seems that <iframe> tags can be used to force remote loads to happen. Thunderbird can also be made to request style sheets from remote sites. Either of those operations will, once again, disclose that the message was read, along with the usual ancillary information such as the user's IP address. It has been pointed out that at least one company is exploiting this Thunderbird "feature" already. The message describing the exploit also has a temporary workaround for those who don't want to wait for an official fix; it works by setting restrictive limits on the allowed HTML tags - which seems like a good idea in any case. Alan Cox, meanwhile, has found a problem with evolution. If it receives a sufficiently large message with enough links in it, it will grow to vast size and think for a long time. On a large enough system, with enough time, it will succeed in rendering the message; on smaller systems, it will run out of memory and crash. And, if that weren't enough:
Worse, and the reason this becomes more than irritating is that evolution
tries to be smart when it is killed or dies. On restarting it will go to
great trouble to attempt to restart in the same position it died or was shut
down - which triggers the DoS again each time evolution is opened.
Alan reported the problem in January, and has been dismayed to see that no fixes or advisories have been issued so far. So he has disclosed the vulnerability, presumably with the idea of inspiring some effort to get it fixed. We'll see if it works.
New vulnerabilities postgresql: improper validation with Asserts enabled
squirrelmail: multiple vulnerabilities
xpdf: potential vulnerabilities
Updated vulnerabilities ADOdb: PostgresSQL command injection
apache: cross-site scripting
auth_ldap: format string vulnerability
blender: integer overflow
bluez-hcidump: buffer overflow
BomberClone: remote execution of arbitrary code
bzip2: race condition and infinite loop
CASA: buffer overflow
ktools: buffer overflow
cpio: arbitrary code execution
curl: buffer overflow
cyrus-imapd: buffer overflows
dia: missing input sanitizing
emacs21: format string vulnerability in "movemail"
enscript: arbitrary code execution
evolution: format string issues
fetchmail: multidrop bug
ffmpeg: buffer overflow
Foomatic: Arbitrary command execution in foomatic-rip
gaim: buffer overflow
gdb: multiple vulnerabilities
gdk-pixbuf: multiple vulnerabilities
gedit: format string vulnerability
gettext: Insecure temporary file handling
gnupg: false positive signature verification
gnutls: denial of service
grip: buffer overflow
gzip: arbitrary command execution
heimdal: remote denial of service
heimdal: privilege escalation
imagemagick: arbitrary command execution
imap: buffer overflow in c-client
ipsec-tools: denial of service
kdebase: local root vulnerability
kdelibs: heap overflow
kdelibs: kate backup file permission leak
kernel: multiple vulnerabilities
kernel: multiple vulnerabilities
kernel: multiple vulnerabilities
kernel multiple vulnerabilities
xpdf heap based buffer overflow
libdbi-perl: insecure temporary file
libgadu: memory alignment bug
libgd2: buffer overflows in PNG handling
libmail-audit-perl: insecure temporary file creation
libpam-ldap: authentication bypass
libpng: heap based buffer overflow
libungif: memory corruption
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
libXpm: new buffer overflows
lynx: arbitrary command execution
mailman: denial of service
metamail: buffer overflow
mod_auth_pgsql: format string flaws
mod_python: remote access vulnerability
mozilla: multiple vulnerabilities
mysql: low-impact security fix
nbd: arbitrary code execution
ncpfs: multiple vulnerabilities
nfs-utils: arbitrary code execution
noweb: insecure temporary file
ntp: uses wrong gid
openmotif: buffer overflows
OpenSSH: double shell expansion
pcre3: arbitrary code execution
perl: setuid vulnerabilities
perl: integer overflow
PHP: safe_mode bypass
php: multiple vulnerabilities
phpbb2: multiple vulnerabilities
phpMyAdmin: multiple vulnerabilities
postgresql: database initialization errors
pound: HTTP Request Smuggling Attack
pstotext: remote execution of arbitrary code
Py2Play: remote execution of arbitrary Python code
scorched3d: multiple vulnerabilities
spamassassin: denial of service
squid: authentication handling
struts: cross-site scripting vulnerability
sudo: vulnerability via scripts
sudo: race condition
tar: buffer overflow
File overwrite vulnerability in tar and unzip
tcpdump: multiple DoS issues
tetex: integer overflows
texinfo: temporary file vulnerability
tin: buffer overflow
tutos: SQL injection and cross-site scripting
udev: insecure files in /dev/input
unzip: long file name buffer overflow
up-imapproxy: format string vulnerabilities
uw-imap: buffer overflow
vixie-cron: crontab allows any user to read another users crontabs
w3c-libwww: possible stack overflow
xine-lib: buffer overflows
xine-ui - insecure temporary file creation
xloadimage: buffer overflows
xorg-x11: heap overflow
xpdf: buffer overflow
xpdf: heap overflows
xpdf: denial of service
xpdf: integer overflows
zlib: buffer overflow
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch is 2.6.16-rc5, released on February 26. Says Linus: "There's not much to say about this: people have been pretty good, and it's just a random collection of fixes in various random areas." Details can be found in the long-format changelog.The mainline git repository contains, as of this writing, several dozen fixes merged since -rc5 was released. The current -mm tree is 2.6.15-rc5-mm1. Recent changes to -mm include a relayfs API change, a new set of notifier patches, a big rework of the /proc code, and the return of the swap prefetching patch.
Kernel development news Quote of the week
It's not funny anymore. The current rate at which new GPL violations get reported and/or discovered, especially from the appliance/embedded market is really alarming.
-- Harald Welte
For example, I haven't yet seen a single linux-based NAS product that was even remotely license compliant when first analyzing it. And I'm not only talking about the SoHo NAS boxes with one or two hard disk drives, but even about enterprise storage systems.
A bowtie on the OSDL boardLast month, Greg Kroah-Hartman announced that OSDL had accepted a set of recommendations aimed at improving its relations with the kernel development community. One of those recommendations was naming a kernel developer to the OSDL board of directors. OSDL has now followed through by announcing (click below for the press release) that SCSI subsystem maintainer James Bottomley will be joining the board.
ABI stability documentationLast week's Kernel Page looked at the stability of the user-space interface, especially regarding areas like sysfs, which are not always regarded as being part of the kernel ABI. This week, Greg Kroah-Hartman has made an attempt to make the issue more evident through a set of ABI stability documents. Included in his patch is a proposal for a different way of looking at ABI stability issues.Linus has, in the recent past, taken a hard line on changes interfaces to user-space:
If you cannot maintain a stable kernel interface, then you damn
well should not send your patches in for inclusion in the standard
kernel. Keep your own "HAL-unstable" kernel and ask people to test
it there.
It really is that easy. Once a system call or other kernel interface goes into the standard kernel, it stays that way. It doesn't get switched around to break user space. Greg, has, instead, taken the approach that not all kernel interfaces should be seen as stable from the outset. So he has proposed five different classifications for ABI stability:
Linus doesn't like the unstable and private classifications, calling them "excuses for bad habits." But it is true that inclusion in the mainline can stress an interface in surprising ways, leading to a need for changes. Interface design is hard, even if you don't have to get everything right the first time. So it may make some sense to allow unstable interfaces into the kernel for a short while - as long as they are clearly documented as such. Thus far, there has been no way to warn developers that a certain interface, perhaps, shouldn't be relied upon quite yet. The notion of private interfaces looks harder to justify. There has been some talk of shipping user-space libraries for private interfaces with the kernel, just to help ensure that the whole package provides a stable application interface for any release. That seems like a fairly unlikely change, however, at least for big interfaces like ALSA. Changes will likely be made (this scheme might be classified "unstable" at this point), but it seems probable that it will, in some form, be adopted. That can only be a good thing for people interested in a stable user-space interface; once the expectations have been reasonably well documented, it will be easier to live up to them.
Some patches of interestThere's a few patches in circulation which merit a quick look.What if you could improve kernel performance by 10% without writing any code? Arjan van de Ven has posted a patch which, he says, does just that - at least, for some specific benchmarks. This patch uses an obscure gcc option which causes the compiler to put every function into its own ELF section. Then, the linker is instructed to arrange those functions into a specific order in the final executable. A typical, current x86-64 kernel (the architecture Arjan has been working with) fills on the order of 4MB of memory. The kernel uses large pages to hold its text, but a kernel of that size will still require at least two translation buffer (TLB) entries to cover its entire code body. But some kernel functions are used more heavily than others; much of the code in the kernel - error handling, for example - never gets run at all if you are lucky. So, if all of the regularly-used functions are moved to the beginning of the kernel image, the kernel should be able to operate with a single TLB entry for its text - most of the time. TLB entries are important: if an address is found in the TLB, the processor can avoid looking it up in the page tables, speeding access significantly. They are also scarce. So allowing the kernel to operate within a single TLB entry makes a big difference. There are some details to work out yet. Optimizing TLB use will require that the kernel be loaded at a TLB-aligned address, which is not currently done on many architectures. There is another part of Arjan's patch which, using another gcc option, can move blocks marked with unlikely() into a separate section. Since this option can expand the code, require long-distance jumps within functions, and make stack backtraces hard to read, it is not yet clear whether it makes sense or not. Then, there is the issue of ordering the functions properly. That task will require looking at a lot of kernel profiles to be sure that some workloads won't be optimized at the expense of others. But, once these issues are taken care of, a reorganized and faster kernel will likely result. On another front: it is generally easy to see, on a Linux system, what resources a given process is using. What's harder to find out is what the process is not using because the resources are not available. As a way of giving more visibility to that side of the equation, Shailabh Nagar has been working on a set of task delay accounting patches. This facility is intended for use with large-scale load management applications, but the information may be useful in other contexts as well. This patch adds a new structure (struct task_delay_info) which is attached to the task structure. It contains a lock, a couple of timestamp variables, and sets of delay counters. Whenever a process goes into a delayed state (meaning, currently, waiting on a run queue, performing synchronous block I/O, or waiting for a page fault), the time is noted. At the end of the delay, when the process can run again, the system notes how much time has passed and updates a counter in the task_delay_info structure. Thus, over time, one can get a picture of how much time the process has spent waiting for things when it would have rather been executing. Perhaps the most complicated part of the patch set is the netlink interface used to report delay statistics back to user space. This interface has been carefully written to be as generic as possible on the theory that it may eventually be used for other sorts of process-related reporting as well. There has been a request that some of this information, at least, also be made available through /proc, so that it could be easily displayed by tools like top. Finally, those who worked with kernel modules in 2.4 and prior kernels will remember the MODULE_PARM() macro, used to define load-time parameters. This macro has been deprecated since 2004, but there are still a few hundred uses of MODULE_PARM() spread across several dozen files in the 2.6.16-rc kernels. These old uses came to attention recently when gcc started optimizing them out. Given the choice between making the old macro work with current gcc and simply getting rid of it, Rusty Russell chose to get rid of it. This patch has not yet been merged anywhere, but it seems uncontroversial. If there are any out-of-tree modules still using MODULE_PARM(), updating them soon might be a good idea.
The ipw3945 projectWhile there are a number of hopeful developments around the support of wireless network cards in Linux, that support remains one of the larger roadblocks for many users. It is thus always a welcome thing when a major manufacturer announces Linux support - and the beginnings of a working driver - for their products. So when Intel recently announced a project to support its 3945ABG wireless adapters, there was a certain amount of celebration. There was also come criticism, however, which highlights an ongoing issue with wireless support under Linux.The ipw3945 project currently has a developer release of the driver, with a stable version expected within a few weeks. This release supports all of the basic features one would expect, with some additional features (quality of service, for example) "not officially supported." It should, in other words, be enough to allow use of the device. It would seem that there is little to complain about here. But there is this little paragraph from the announcement:
In order to meet the requirements of all geographies into which our
adapters ship (over 100 countries) we have placed the regulatory
enforcement logic into a user space daemon that we provide as a
binary under the same license agreement as the microcode. We
provide that binary pre-compiled as both a 32-bit and 64-bit
application. The daemon utilizes a sysfs interface exposed by the
driver in order to communicate with the hardware and configure the
required regulatory parameters.
The requirement for a binary-only blob brought out some concerns from developers who think that the regulatory-agency requirement has been overblown, and that it is not actually necessary to lock down the code in this way. Others disagree, noting that regulations in many parts of the world are quite strict with regard to allowing any user modification of hardware which can transmit. It is probably true that, in order to be able to offer this product in many parts of the world, Intel must lock down much of this logic in binary-only code. Given that, however, Intel has chosen an interesting way to go about it. The closed code is not part of the driver itself; it is a daemon which runs entirely in user space. The driver itself is fully free software. So there is no non-free code going into the kernel, which is surely a step in the right direction. The regulatory daemon controls the hardware by way of a special file exported through sysfs. The driver then interprets those commands - which enable or disable specific channels, set maximum power values, and so on - and programs the hardware accordingly. A quick look at the (15,000-line) driver source is sufficient to find the code which actually controls the transmitter's parameters. So, in other words, this arrangement has not actually locked down much of anything. The daemon comes with the usual "thou shalt not reverse engineer" provisions, but there are people in parts of the world who can safely ignore that requirement. It would seem that little work beyond running the daemon under strace would be required. It might also be possible to write a replacement just by studying the driver code, without looking at the Intel-supplied daemon at all. One way or another, it seems likely that a free replacement for the regulatory daemon will come along, sooner or (not much) later.
Patches and updates Kernel trees
Build system
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Architecture-specific
Security-related
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Solaris Express - A reviewSolaris Express is the latest version of SunOS, which draws its roots from BSD 4.1. In fact Solaris Express is actually "SunOS release 5.11 version snv_27." Over the years Sun Microsystems has put in a great deal of work building on the original Unix code base by introducing more features as well as improving the overall security of the operating system. Until a few years back, Solaris enjoyed a major share of the commercial Unix market with many enterprises opting to run it on their servers. But the popularity of GNU/Linux gradually started eating up the market share of most Unix flavors, including Solaris. Last year, with an eye on regaining the lost ground, Sun finally opened up the code of Solaris and released it as OpenSolaris under Sun's Common Development and Distribution License (CDDL). Solaris Express is the developmental version of Solaris built using the OpenSolaris code and has a release cycle of 6 months. The most recent version is 1/06; it is made available for free download but Sun provides technical support for an annual subscription fee of $99 which allows one to use it in a commercial setup. Solaris Express is released for both Intel and Sparc platforms. Installation detailsI have been using Sun Solaris for the past year but it was only recently that I decided to download and try out the latest developmental version. I downloaded all five CD images from their website with an aim of installing the OS on my PC. Out of the five CDs, the first one is the installation CD, the 2nd, 3rd and 4th contain the software and the last CD contains the multi-language pack. You can install Solaris using either the GUI installer or the text installer. The computer on which I was installing Solaris was a Pentium IV 2.0 GHz, 256 MB DDR RAM PC. For using the GUI installer though, the minimum requirement is 350 MB RAM. I suspect this high memory usage could be because the GUI installer has been created using the Java language. Keeping these constraints in mind, I opted for the text installation method. The first job of the installer is to collect system information, such as the choice of language, whether to use services like LDAP, NIS, or Kerberos authentication, the date and time settings, networking, root password and so on. After this, you are provided with two choices of installation. Them being :
I chose the standard installation and, after the obligatory license agreement, I was provided the option of installing additional software. In fact, you can opt to install the full Solaris 10 documentation, a set of early access software, the Java Enterprise System and publicly available tools and utilities which will complement the Solaris environment. I was also given the choice of installing all the software or a subset of it targeted at different user groups like developers, end-users or a bare bones networking core installation tailored for gateways. Solaris Express insists on being installed on a primary partition and it takes up space of around 4.4 GB to install the entire distribution including the OEM support. But, as noted above, the user is given the choice of installing just a subset of the packages, in which case the space utilized will be less. I already had a primary partition lying vacant and so I did not have to go through the hassle of repartitioning my hard disk. That said, the fdisk utility which the installer provides to partition one's hard disk is quite easy to use. Once the partitioning has been completed, the copying of system files takes place and then the system is rebooted. Solaris Express automatically detected the Windows XP OS on my machine and accordingly configured and installed the GRUB boot loader. It failed to recognize the Linux and FreeBSD systems installed in other partitions on my hard disk though. Solaris Express is foremost an operating system designed to be used as a server system. Sun has, however, tried to make it more user friendly on the desktop by bundling the Java Desktop System, which is based on GNOME but with a layer of Java underneath. The Java Desktop System is really slick and is a pleasure to use. It contains almost all the GUI tools and software that come with GNOME 2.6 as well as a few others like Star Office 7 and system configuration tools like the Java Desktop System Configuration Manager, which provides user settings as well as the ability to lock down user desktop systems. I really liked the Sun Control Station which is a GUI tool for such jobs as software updating, resolving dependencies and monitoring the health of the system just to name a few. Unique strengths of Solaris Some of the advantages of Solaris Express over its predecessors (Solaris 9 and down) are as follows:
If those are the strengths of Solaris, then it has its own set of drawbacks too. I found the memory requirements for using the graphical installer of Solaris Express quite high when compared with those of Red Hat or SuSE. The hardware compatibility is some thing which needs to be improved and, even though it detected most of the devices on my Intel machine, its hardware support is nowhere near that supported by Linux. No doubt, Solaris has a lot of strengths as a server system, but it needs to improve on the variety of hardware support and bring down the minimum memory requirements for using the graphical installer
New Releases Gentoo Linux 2006.0The first Gentoo Linux in the 2006 series has been released. "Major highlights in the release include KDE 3.4.3, GNOME 2.12.2, XFCE 4.2.2, GCC 3.4.4 and a 2.6.15 kernel. This is also the first release with the Gentoo Linux Installer officially debuting on the x86 LiveCD, which will fully replace the Universal and PackageCD set. The LiveCD also features a fully-fledged Gnome environment. Later releases will include KDE support as well as a new LiveDVD." Plus improvements across many architectures including PPC64, PPC, EM64T, Alpha and SPARC.
Mandriva Linux One 2006A beta version of Mandriva Linux One 2006.0 is available. This is a live CD with a complete Mandriva Linux system that can be installed to hard drive or run from the CD. Update: a new beta was released March 1.
Updated Kubuntu 5.10 LiveCd 5.10-060216A Kubuntu 5.10 LiveCD with the latest KDE is available.
NexentaOS (elatte) Alpha 3 releasedNexentaOS, a GNU/Solaris distribution, has released a third alpha release. This release includes OpenOffice 2.0, and lots more.
SUSE Linux 10.1 Beta5 is readySUSE Linux 10.1 Codename "Agama Lizard" Beta5 is out. "Beta5 is still for the adventurous experts and not for anybody without a good Linux experience."
Distribution News Debian Project Leader Election 2006The nomination period is at an end, with seven candidates standing forth to be counted. Jeroen van Wolffelaar, Ari Pollak, Steve McIntyre, Anthony Towns, Andreas Schuldei, Jonathan Walther and Bill Allombert will be campaigning for the position of Debian Project Leader.
Mandriva 2006 to offer built-in online music service feature through MindawnMandriva and The Kompany have announced a partnership to include Mindawn, an open platform for digital content, with Mandriva Linux 2006.
Ubuntu-Women mailing listThe creation of the Ubuntu-Women mailing list has been announced (click below). "This list is meant for all Ubuntu users, volunteers, developers and for those who wish to involve more women in the Ubuntu community."
Ubuntu-be, the Belgian Ubuntu CommunityBelgian Ubuntu users have announced the creation of Ubuntu-be, a community devoted to spreading Ubuntu in and around Belgium.
FUDCon Delhi 2006FUDCon Delhi 2006 was held February 9, 2006. The website now has the presentations, reports and pictures available.
Distribution Newsletters Debian Weekly NewsThe Debian Weekly News for February 22, 2006 covers the Martus project, Etch beta1 has broken installation media, a device driver test page, the Debian Live Initiative, team maintenance for Debian packages, and more.
Debian Weekly NewsThe Debian Weekly News for February 28, 2006 is out, with a look at the GFDL Position Statement call for votes, DPL nominations, the mirror split implementation, the inclusion of AMD64 architecture, weekly polls and social pressure, non-maintainer upload policy, and several other topics.
Fedora Weekly News Issue 35This week the Fedora Weekly News has articles on Announcing Fedora Core 5 Test 3, Attention: Proprietary video driver users, FUDCon Delhi 2006 Report, FOSDEM 2006 Report, Nrpms.net ReadMe, Review: Fedora Core 5 Benchmarks, Red Hat offers Linux eye candy alternative, and more.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for February 27, 2006 covers the release of Gentoo Linux 2006.0, a FOSDEM report, the 3rd European Gentoo Developer Meeting, request for help on Bugday, Gentoo on display in Chemnitz again, and several other topics.
DistroWatch Weekly, Issue 140The DistroWatch Weekly for February 27, 2006 is out. "Written entirely by Robert Storey, this week's issue looks ahead at the upcoming 64-bit Mini-ITX processors, passes on a link to a freely downloadable copy of The Complete FreeBSD, and investigates "bcrypt" and "dm-crypt", the much-loved encryption utilities for the paranoid. In the first looks section, Robert investigates the newest OpenBSD-based live CDs - OliveBSD."
Package updates Fedora updatesUpdates for Fedora Core 4: gnbd-kernel (updated GFS & Cluster Suite packages for kernel-2.6.15-1.1831_FC4), cman-kernel (updated GFS & Cluster Suite packages for kernel-2.6.15-1.1831_FC4), dlm-kernel (updated GFS & Cluster Suite packages for kernel-2.6.15-1.1831_FC4), GFS-kernel (updated GFS & Cluster Suite packages for kernel-2.6.15-1.1831_FC4), module-init-tools (minor fixes), udev (bug fixes), gnupg (fix a keyring read error), gawk (bug fix), util-linux (bug fix).
Slackware updatesThis week's Slackware changelog (click below) shows additional official patches to bash, updates to util-linux, linux-faqs, linux-howtos and samba. During the xfsprogs update acl, attr and xfsdump were split out and upgraded separately. Also bind has been modified to use rndc.
Trustix updatesTrustix Secure Linux has fixed various bugs in bind, iptables, kernel, logrotate, mc, opencdk, openssh, smartmontools and the kernel.
Newsletters and articles of interest Linux distros for older hardware (Linux.com)Joe 'Zonker' Brockmeier tests several Linux distributions on an old, under-powered Pentium II PC. "It's worth mentioning that Linux is also a great option for putting old non-x86 hardware to use. I have a few old Sun UltraSPARC 10 machines with 256MB of RAM that run Debian Linux just fine. I also have an old, green iMac that runs Debian and other PowerPC distros well enough -- but Windows isn't an option for those machines at all. If you want to make the best of old hardware, processor speed is much less important than RAM for Linux. If you can't afford a new machine, but can afford to max out your RAM, you'll see much better performance. I wouldn't recommend running a Linux desktop with less than 64MB of RAM, and 128MB is enough for most applications."
Distribution reviews More Power to Gentoo Linux (internetnews.com)Internetnews.com takes a quick look at Gentoo 2006.0. "IBM spokesperson John E. Charlson confirmed that IBM provided the Gentoo.org team with a POWER5 Open Power 720, which is hosted by the Oregon State University Open Source Lab, osuosl.org. Charlson noted that IBM has also worked with Gentoo to provide discounts to a couple key PPC maintainers on 970-based (64-bit) Apple Quads. Charlson also explained how IBM sees Gentoo is optimized for POWER5. According to Charlson, Gentoo creates "stages" that are downloaded as source by the user to be run on a particular architecture. These stages are then compiled on the users box."
64 Studio: Building a native 64-bit creative distribution (Free Software Magazine)Free Software Magazine covers the 64 Studio distribution, which includes many audio applications. "Most of the packages in 64 Studio come from the unofficial Pure 64 port of Debian testing, with some from Ubuntu, some from DeMuDi and some custom built. A more obvious choice might be Red Hat, given that many of the high end (which is to say expensive) proprietary tools used in Hollywood studios and elsewhere are sold as binary-only Red Hat packages. However, the split between Red Hat Enterprise and Fedora Core presents serious problems for any derived distribution. You could rebuild Red Hat Enterprise from source as long as you removed all Red Hat trademarks, but that's a lot of extra work -- and you'd have to follow Red Hat's agenda for its distribution, which you couldn't have any input to."
My desktop OS: SUSE 10.0 (NewsForge)NewsForge hears from a SUSE fan. "I'm a student, and I use my computer mainly for word processing, surfing the Internet, listening to music, and watching videos. I am also a musician, and have set up a small home studio around my computer. For years I used Windows, but I wasn't happy with the software or Microsoft's marketing strategies. After moving to SUSE 10.0, I am quite satisfied."
Page editor: Rebecca Sobol Development Introducing DVD-R ToolsThe DVD-R Tools project has been formed by Bernhard Rosenkraenzer to fill a void in the Linux DVD authoring landscape:
dvdrtools is a fork of cdrtools, with the primary goals of remaining 100% Free Software (dvdrtools is a fork of the last version of cdrtools without any "you are not allowed to modify this section" comments), and adding support for DVD-R/DVD-RW drives and media.
![[DVD-R Tools]](/images/ns/dvd-rtools.png)
For a bit of history on issues surrounding the cdrecord code, see, for example, some comments about that code's author (Jörg Schilling) by Danny O'Brien in his To Evil! column, and a comment from Linus Torvalds regarding cdrecord and SCSI device numbering issues. In a classic open-source software move, the solution for dealing with personality issues involving the author of some extremely useful code was to fork the project and move on. Version 0.3.1 of DVD-R Tools and the associated dvdrecord utility was announced on February 25, the description further clarifies the goals of the project:
It is a fork of cdrtools that
(as the name indicates) adds support for writing to DVD-R and DVD-RW disks
using purely Free Software, that tries to do things the Linux way ("dvdrecord
dev=/dev/cdrom whatever.iso") without suggesting to use 2.4 kernels or even
other operating systems, uses a standard make system, is maintained in a
public svn repository, and does away with a lot of the libc
functionality-clones found in cdrtools.
The NEWS file from the software distribution details the progress that has been made since the project's inception. The code is available for download here. The DVD-R Tools project aims to clean up the cdrecord code, remove support for obsolete compilers, remove duplication of code and in general, produce a more typical open-source software collection. Instead of the typical "standing on the shoulders of giants" concept, this code fork adds ".. in order to to grab the bottom rung of a new ladder".
System Applications Clusters and Grids Linux Cluster Manager 2.21-1 Released (SourceForge)Version 2.21-1 of Linux Cluster Manager is out with a number of new features. "LCM is a graphical tool for monitoring and managing multiple Linux systems from a central location. Features include real time monitoring and status information, remote command execution, and a range of imaging features."
Database Software PostgreSQL Weekly NewsThe February 26, 2006 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL database articles and resources.
Interoperability Samba 3.0.21c availableVersion 3.0.21c of Samba has been released. "This is the latest stable release of Samba. This is the version that production Samba servers should be running for all current bug-fixes."
LDAP Software LAT 1.0 releasedVersion 1.0 of LAT, the LDAP Administration Tool, has been released. This is a stable release, an unstable development branch has been created.
Libraries CILib 0.5.3 Released (SourceForge)Version 0.5.3 of CILib is available. "CILib is a framework for developing Computational Intelligence software in swarm intelligence, evolutionary computing, neural networks, artificial immune systems, fuzzy logic and robotics. This version includes dataset support for all problems, if required, as well as the new skeleton framework for niching algorithms. The packages within the source tree have been refactored and renamed to conform to specifications. Many bug fixes and feature additions have been completed."
Networking Tools Help Network Clients Help ThemselvesM. Tim Jones discusses SLP on IBM developerWorks. "The Service Location Protocol (SLP) is an Internet Standard RFC and software framework that allows networking applications to discover and configure network services. You can use SLP to develop zero-configuration applications and simplify administration of networked devices. This article introduces SLP and its architecture, and then demonstrates the protocol's use with an open source implementation."
Web Site Development axoloTLS 0.93 releasedVersion 0.93 of axoloTLS has been announced. "axoloTLS is an embedded SSL library that comes with a small HTTPS server. The web server is around 50-60kB in size and comes complete with CGI capabilities."
Five 1.2.1 and 1.3.2 releasedTwo bug fix versions of Five have been announced. "Five is a Zope 2 product that allows you to integrate Zope 3 technologies into Zope 2, today. Among others, it allows you to use Zope 3 interfaces, ZCML-based configuration, adapters, browser pages (including skins, layers, and resources), automated add and edit forms based on schemas, object events, as well as Zope 3-style i18n message catalogs."
mod_python 3.2.8 releasedVersion 3.2.8 of mod_python, the Apache Python language extension, is out with a security fix. See the online documentation for information on this version.
Desktop Applications Audio Applications The grad_Boxster Mic-In-Room SimulatorThe grad_Boxster microphone simulation project has been announced. "Announcing grad_Boxster for creating impulse response functions (IR's) for rectangular parallelepipeds --- for example concert halls modelled as giant boxes --- but using the *gradient* of the solution field projected on a direction specified by the user, similar to the operation of a pressure-gradient microphone --- in a room."
Jokosher adds Cairo-based waveformsJokosher is a relatively new multi-track audio editor. "Jokosher is a multi-track non-linear audio editor with a prime focus on usability. It is developed in Python and is Open Source." The latest additions to the project include Cairo-based waveforms which brings smooth visualizations of audio data.
Snd-ls V0.9.5.4 and Das_Watchdog V0.2.1 announcedA dual announcement for Snd-ls V0.9.5.4 and Das_Watchdog V0.2.1 has been made. Snd-ls is a distribution of the sound editor Snd and Das_Watchdog is a watchdog for the linux operating system.
Desktop Environments GARNOME 2.12.3.1 announcedVersion 2.12.3.1 of GARNOME, the bleeding edge GNOME distribution, is out: "It includes updates and fixes after the GNOME 2.12.3 freeze, together with a host of third-party GNOME packages, Bindings and the Mono(tm) Platform -- this release irons out yet-more bugs, hopefully adds yet-more stability and ships with the latest and greatest stable releases."
GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Software AnnouncementsThe following new KDE software has been announced this week:
KDE partners with Catalan Government (KDE.News)KDE.News covers a collaboration between the KDE Catalan l10n team and the Catalan Government. "It was announced on Tuesday that the KDE Catalan l10n team will work together with TERMCAT (Catalan link), the organisation that standarises new words, usually technology related, in the Catalan language."
Q and A About The KDE Usability Project (KDE.News)Celeste Lyn Paul answers some common questions about the KDE Usability Project on KDE.News. "The KDE Usability Project reports I posted last week received a lot of feedback. There were several motivations for posting the reports, and I think it was a success. They are a useful reference for developers and other usability specialists as well as provides a public appearance for what the project does. Some of the feedback included questions about the project and reports. So, as webmaster of usability.kde.org and a project representative, let me answer some of these questions for you."
GUI Packages pyFltk 1.1 announcedVersion 1.1, the initial release of pyFltk, has been announced. "This is to announce the first official release of pyFltk-1.1, the Python bindings for the cross platform GUI toolkit fltk-1.1 This release candidate has been tested with fltk-1.1.7 and requires Python2.4. pyFltk is a lighweight, easy-to-use GUI toolkit for Python. It can be used where simplicity, speed, small footprint, and ease-of-use are important."
Interoperability Wine Weekly NewsletterThe February 26, 2006 edition of the Wine Weekly Newsletter is out with the latest coverage of the Wine project.
Office Suites OpenOffice.org build oob680.1.0 announcedBuild oob680.1.0 of OpenOffice.org has been announced. It adds some new features, bug fixes, and build improvements.
OpenOffice.org NewsletterThe February, 2006 edition of the OpenOffice.org Newsletter is online with the latest OpenOffice.org office suite developments.
RSS Software ROME in a Day: Parse and Publish Feeds in JavaMark Woodman explores ROME in an O'Reilly XML.com article. "Knowing that RSS and Atom feeds are "just" XML, you might think that parsing and creating syndicated feeds in Java should be a snap. Pick any one type of RSS, and you might be right. Unfortunately, there are at least ten flavors of RSS and Atom out there: RSS 0.90, RSS 0.91 Netscape, RSS 0.91 Userland, RSS 0.92, RSS 0.93, RSS 0.94, RSS 1.0, RSS 2.0, Atom 0.3, and the newest addition to the bunch, Atom 1.0. Then there are all the namespace modules, like Dublin Core, Media, and so on. It's all messy enough to make a grown programmer cry. Wipe those tears, Java developers, and say hello to ROME."
Web Browsers Minutes of the Firefox Team Status Meeting (MozillaZine)The minutes from the February 21, 2006 Firefox Team Status Meeting have been announced. "Issues discussed include Alpha 1 status, blockers, release requirements and status updates on Firefox 2 features."
Minutes of the Firefox Team Status Meeting (MozillaZine)The minutes from the February 28, 2006 Firefox team meeting have been announced. "Issues discussed include Alpha 1 status, blockers and status updates on Firefox 2 features."
Languages and Tools C GCC 4.1.0 has been releasedVersion 4.1.0 of GCC, the GNU Compiler Collection, has been released. A recent GCC 4.1 Status Report has some preliminary information on the release, the GCC 4.1 Changes, New Features, and Fixes document has more information on the series.
Caml Caml Weekly NewsThe February 21-28, 2006 edition of the Caml Weekly News is out with new Caml language articles.
Java Asynchronous Messaging Made Easy With Spring JMS (O'ReillyNet)Srini Penchikala writes about SpringJMS on O'Reilly. "Java Messaging Service (JMS) requires a lot of work to set up sessions and manage messages, work that can distract you from your application-specific logic. The Spring framework's SpringJMS offers a simpler solution that keeps the JMS administration out of your face. Srini Penchikala takes a look."
Lisp SBCL 0.9.10 releasedVersion 0.9.10 of Steel Bank Common Lisp has been announced. "This version makes it possible to deliver standalone executables on some of the supported platforms, provides a new garbage collector, provides a larger dynamic heap size under Linux/PowerPC, and fixes some bugs."
Perl Advanced Subroutine Techniques (O'Reilly)Rob Kinyon discusses advanced Perl subroutine techniques on O'Reilly. "In "Making Sense of Subroutines," I wrote about what subroutines are and why you want to use them. This article expands on that topic, discussing some of the more common techniques for subroutines to make them even more useful. Several of these techniques are advanced, but you can use each one by itself without understanding the others. Furthermore, not every technique is useful in every situation. As with all techniques, consider these as tools in your toolbox, not things you have to do every time you open your editor."
PHP PHP OpenID 0.9.2 ReleasedVersion 0.9.2 of the PHP OpenID library has been announced. "JanRain, Inc. is proud to announce the release of our OpenID library for PHP! This release includes improved documentation, bugfixes, a reorganized package structure, improved example code, and many other improvements."
Python Dr. Dobb's Python-URL!The February 27, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.
Tcl/Tk Dr. Dobb's Tcl-URL!The February 27, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.
Build Tools Prebuild 1.3.0 announcedVersion 1.3.0 of Prebuild is out with support for several new targets and some bug fixes. "Prebuild is an XML-driven pre-build tool allowing developers to easily generate project or make files for major IDE's and .NET development tools including: Visual Studio 2005, Visual Studio 2003, Visual Studio 2002, SharpDevelop, MonoDevelop, and NAnt."
IDEs Integrating Ant with Eclipse, Part 2 (O'ReillyNet)O'Reilly is running part two of a series on Integrating Ant with Eclipse. "It's one thing to be able to run Ant builds from within Eclipse, but the integration of the top Java build tool and IDE goes deeper than this. In this excerpt from Ant: The Definitive Guide, 2nd Edition, Steve Holzner shows how to customize your Ant/Eclipse integration."
Page editor: Forrest Cook Linux in the news Recommended Reading Free software? You can't just give it away (Times)The Times Online has an article by Gervase Markham of the Mozilla Foundation, who recently had an interesting discussion with a British government official. "'I can't believe that your company would allow people to make money from something that you allow people to have free access to. Is this really the case?' she asked. 'If Mozilla permit the sale of copied versions of its software, it makes it virtually impossible for us, from a practical point of view, to enforce UK anti-piracy legislation, as it is difficult for us to give general advice to businesses over what is/is not permitted.'"
What Corporate Projects Should Learn from Open Source (O'ReillyNet)O'ReillyNet looks into project management. "[It] is rare to find a corporate environment where the project team has anything approaching the level of planning, documentation, or review found in successful open source projects. For some reason, as soon as a budget and a deadline are involved, all of the lessons we've learned over the years and applied successfully to open source projects seem to fly out the window."
A survey of free font licenses (NewsForge)Bruce Byfield presents a survey of free font licenses. "Suddenly, it's free font license time. The Bitstream Vera license, the starting point for most free font licenses, is several years old. In late January, SIL International's Non-Roman Script Initiative announced the SIL Open Font license. A new draft of the STIX License is due in March, with fonts scheduled to be released in beta in April and in final form in June. Each of these licenses has been developed in consultation with the free and open source software (FOSS) communities and strives to balance the philosophy of the communities with the concerns of font designers."
Trade Shows and Conferences KDE at FOSDEM 2006 (KDE.News)KDE.News takes a look at the Free and Open Source Software Developers' European Meeting (FOSDEM), with a focus on KDE developers. "Last weekend, the Free and Open Source Software Developers' European Meeting took place in Brussels. KDE was present there with a lot of developers, a devroom and several interesting talks. Among the speakers were Jonathan Riddell from the Kubuntu Distribution, Sebastian Kügler from the KDE's Marketing Working Group, Bart Coppens from the Krita development team and Raphael Langerhorst & Sander Koning from the KOffice teams."
PyCon Day 2 coverageTed Leung covers day 2 of the PyCon Python conference in his blog. "As far as the new features of Python 2.5, Guido said that 2.5 will have the most new stuff in it since 2.2. There's a fair amount of stuff related to expanding the usefulness of generators for coroutines and for managing various kinds of resources."
SCALE4x, Los Angeles 2006: Attack of the Corporate Coders? (FedoraNews)Oisin Feeley covers the SCALE4x conference on FedoraNews. "But there was a dearth of strong voices advocating the importance of Freedom and Openness. A prevalent (although minority) voice was one of expedience and collusion with one of the main causes of the retarding of software development: proprietary hardware and software. This was expressed both by the first keynote speaker who confessed honestly that she didn't know the difference between free beer and free speech, and by Novell's beautiful demonstration of Xgl which is currently limited to proprietary nVidia hardware."
The SCO Problem IBM vs. SCO: Now It's IBM's Turn (eWeek)eWeek notes that IBM has filed a number of discovery motions in the SCO case. "For years, it's all been about what The SCO Group could discover about IBM, Linux and Unix. The shoe's on the other foot now, as the U.S. District Court in Utah has revealed that IBM has launched discovery motions against Microsoft, Sun Microsystems, Hewlett-Packard and BayStar Capital. In general, IBM is looking for detailed information about each company's recent dealings with SCO. This includes their financial relationships, and any access or use of Unix source code by their programmers."Also, Groklaw examines a subpoena from IBM to Houlihan Valuation Advisers, a company that performed a secret evaluation of Caldera in 2001. "It's looking very bad for SCO."
SCO's Motion to Depose Denied (Groklaw)Groklaw has coverage of a bad day in court for SCO. "Judge Wells asks 'How can you interpret my order in any other way than how it was phrased?'" In the end, SCO's attempts to depose various third parties were rejected, and one of the many "motions to compel" was denied for now.
Companies Software, as a service, on a client (ZDNet)ZDNet looks at the novel way in which rPath makes money from open-source software. "Want to rent out a Linux application that can run on an ordinary Windows box with VMWare? Keith Boswell has a deal for you. Boswell is vp-marketing with rPath, a company that has turned $6.4 million in venture capital into rBuilder, which does what I just described. Let's let Boswell explain it himself. "rBuilder takes a look at the application, combines the files it needs with our version of Linux and turns it into an application image. Its an enabling platform." The kernel comes from the company's own rPath Linux."
HP picks Red Hat for AdvancedTCA Blade Server (IT Manager's Journal)IT Manager's Journal covers an announcement from HP. "Hewlett-Packard has announced that it will certify Red Hat Enterprise Linux (RHEL) 4 as the preferred operating system for its new AdvancedTCA Blade Server, which the company debuted last week at the 3GSM World Congress. The new blade server is HP's most recent addition to its Advanced Open Telecom Platform (AOTP) blueprint, a line based on the Advanced Telecom Computing Architecture (ATCA) industry standard created by the PCI Industrial Manufacturer's Group (PICMG). The AOTP is HP's suite of hardware, carrier-grade Linux, and software that supports the ATCA standard."
Legal Patent terrorists ruin an industry (ZDNet)Ed Burnette covers the rejection of a wireless email patent in the Blackberry case in a ZDNet editorial. "Look at all the harm patents have done to our industry. Look at GIF. JPG. ZIP. FAT32. Linux. MPEG-4. Developing a video compression format is like walking through a minefield. Patent holders fight over future hi-def DVD royalties, resulting in years of delay and increased cost to the consumer. And so forth. Holding companies with no products are the worst as they extort money from real developers just doing their job. And now, we have the so called "defensive patents"."
Interviews Breaking down barriers to Linux desktop adoption (SearchOpenSource)SearchOpenSource.com interviews Jono Bacon about Linux desktop adoption. "People reject Linux desktops for illogical reasons, says IT consultant and developer Jono Bacon. For example, they fault Linux OpenOffice desktops for not having all the features in Microsoft Windows Office, even though few actually use all of the Microsoft stuff. So, in essence, they're saying they want desktops cluttered with unnecessary features."
People Behind KDE: Boudewijn RemptThe "People behind KDE" series interviews Krita maintainer Boudewijn Rempt. "If even KDE people like Mirko Boehm can say that we've proved by now that the one thing KDE cannot do is create an office suite, then KOffice has a problem... Because actually, we've shown that we can do it! KOffice 1.5 is going to be so great -- from little changes like the new guides in KPresenter and Kivio to big changes in Krita. Even KWord, which had languished for a long time, has received a lot of work and is now much, much more robust."
John the Ripper 1.7, by Solar Designer (Security Focus)Federico Biancuzzi interviews Solar Designer, creator of the John the Ripper password cracker. "Solar Designer: For the past 9 years I've been spending much of my time on computer and network security. In particular, I've been developing free Unix security tools and other (non-security) software designed to be safe to use, as well as making existing software and technologies safer to use (discovering, dealing with, and sometimes publicizing vulnerabilities whenever that seemed appropriate). This is what the Openwall Project is about."
Resources Running Apache2 With PHP5 And PHP4 At The Same Time (HowtoForge)HowtoForge has a tutorial that shows how to install and configure Apache2 with PHP5 and PHP4 enabled at the same time. "This tutorial shows how to install and configure Apache2 with PHP5 and PHP4 enabled at the same time. Because it is not possible to run both PHP5 and PHP4 as Apache modules, we must run one of them as CGI, the other one as Apache module. In this document I will use PHP5 as Apache module and PHP4 as CGI, and I will describe the setup for the Linux distributions Debian Sarge (3.1) and Ubuntu 5.10 (Breezy Badger)."
Making apt Work for You: A Book Excerpt (Linux Journal)Linux Journal presents a book excerpt on the apt utility from the book Linux Patch Management: Keeping Linux Systems Up to Date by Michael Jang. "One of the popular Linux patch management systems is based on the Advanced Package Tool, known as apt. While it was developed for Debian Linux, it is the standard patch management tool for a number of Debian and Red Hat-based distributions, including Knoppix, Xandros, and even the Lineox rebuild of Red Hat Enterprise Linux. But if you prefer apt, the associated tools can be installed on most Linux distributions. In this chapter, you'll learn the fundamentals of apt, including some of its more useful commands."
AMIA oswg releases Open Source EHR Review (LinuxMedNews)LinuxMedNews mentions a new Open Source Electronic Health Records review site. "The American Medical Informatics Association Open Source Working Group is presenting Review of Open Source Electronic Health Records (EHR). This review will cover the top Open Source projects that posses Medical Practice Management, Medical Billing Software, and Electronic Health Records. To start with, three systems will be evaluated; MirrorMed/ClearHealth, FreeMED and OpenEMR."
Free Linux handheld app stack to gain easier porting (LinuxDevices)LinuxDevices covers an application environment for Linux-based handheld and mobile devices. "The GPE (GPE palmtop environment) project is planning a "device abstraction" layer aimed at simplying (sic) new device ports, according to maintainer Florian Boor. The GPE project integrates a variety of free software components, including the X window system, GTK+ graphics toolkit, matchbox window manager, and MiniMo browser. It also maintains its own login and configuration programs, as well as widget and type libraries, screenshot and other utilities, and a PIM (personal information manager) application suite."
CLI Magic: Getting into Motion (Linux.com)Linux.com shows how to keep an eye on your home or office with an old webcam, a Linux box and Motion. "Linux recognizes that the camera has been connected, but you still need to install some drivers. Although this is not difficult, this is the part that can put people off. The drivers aren't hard to install, but you need the kernel source in place before you can compile the drivers. This can be a bit daunting if you haven't compiled drivers before. You'll need to check with your own distribution, but I'll show you how to do it with Debian to give you an idea of how easy it is."
Desktop publishing with Writer and Scribus (Linux.com)Linux.com covers desktop publishing with Scribus and OpenOffice Writer. "Although OpenOffice.org Writer offers many tools that allow you to create sophisticated layouts, you might want to use a dedicated desktop publishing application to lay out a brochure or a book. The latest version of the open source DTP application Scribus, 1.3.2, can import Writer's .odt documents, which makes Writer and Scribus a perfect combo for DTP work. Here's a brief overview of Scribus' essential tools and features from Writer users' point of view."
My sysadmin toolbox (Linux.com)Adam Williamson, Mandriva employee and amateur systems administrator looks at a few of his favorite tools. "My first tool is htop. Most Linux users, when they first wanted to find out what was eating all their CPU time, were taught about top. Top tells you what processes are running and how many resources they're using ... in just about the most unfriendly way possible. Htop does exactly the same thing as top, but is much less likely to induce migraines."
Using Wikis and Blogs to Ease Administration (Linux Journal)Linux Journal has a tutorial on TWiki and WordPress and shows how wikis and blogs can be useful for system administration and documentation. "I find that one of the most difficult aspects of system administration is keeping documentation accurate and up to date. Documenting how you fixed a pesky problem today will help you remember how to fix it months later when it occurs again. If you ever have worked with others, you realize how critical good documentation is. Even if you are the only system administrator, you still will reap the benefits of good documentation, even more so if another sysadmin is ever brought on board."
Reviews Ajax Foundations, Ajax at Work: Book Reviews (Linux Journal)Linux Journal has a pair of mini reviews for Ajax Foundations and Ajax at Work. "Foundations of Ajax is the smaller of the two books, and it certainly feels as though it's geared to someone just getting started with Ajax. The first third of the book--three chapters and 74 four pages--covers the philosophy and technology behind Ajax. Then, after a chapter on implementing basic Ajax techniques, the book moves on to another big block--three chapters and 92 pages--covering JavaScript development. The final chapter presents a case study in three parts; introducing patterns, describing a framework (written by the authors) and building an Ajax project. The book closes with two appendices and a good index."
Develop your own filesystem with FUSE (developerWorks)IBM developerWorks takes a look at FUSE. "Before the advent of user space filesystems, filesystem development was the job of the kernel developer. Creating filesystems required knowledge of kernel programming and the kernel technologies (like vfs). And debugging required C and C++ expertise. But other developers needed to manipulate a filesystem -- to add personalized features (such as adding history or forward-caching) and enhancements."
My domains, MyDNS (Linux.com)Joe 'Zonker' Brockmeier reviews MyDNS on Linux.com. "Why would you want to use MyDNS rather than the Berkeley Internet Name Domain (BIND), which is pretty much the standard name server? First, BIND is dangerously close to a monoculture when it comes to name servers -- if BIND has a major security issue, most of the Internet suddenly has a major security issue. Several years ago, BIND had a string of vulnerabilities that convinced me that it would be a Good Thing if more people used alternatives to BIND."
Using SQL-Ledger in a small business (NewsForge)NewsForge looks at SQL-Ledger for small business accounting. "SQL-Ledger is a Web-based accounting system that does business-class double-entry bookkeeping. It can have multiple users on the system at one time, with individual privileges, using individual forms. Data entry can be audit-safe, with deletion allowed or not. As the project's Web site explains, "Accounting data is stored in a SQL Server. For the display any text or GUI browser can be used. The entire system is linked through a chart of accounts. Each item in inventory is linked to income, expense, inventory and tax accounts. When items are sold and purchased the accounts are automatically updated.""
Accelerated X flame wars! -- Maybe not (Free Software Magazine)Free Software Magazine looks at XGL and AIGLX. "When I first heard about these two competing solutions my immediate response was "Oh no! Not ANOTHER flame war...". But once I examined the two of them, I found that they're not as mutually exclusive as it first seemed. To explain why I'll go through a summary of how each works and the differences and similarities between them." (Found on GnomeDesktop)
Page editor: Forrest Cook Announcements Non-Commercial announcements Austin Group details plan and scope for next revision of joint standardThe Austin Group has announced an effort to produce the next version of its joint standard. "The Austin Group met at the Standards Council of Canada, Ottawa, ON, on February 21-24 2006 to consider the goals and plan the precise milestones for the next revision of the joint standard (that is ISO/IEC 9945 (POSIX), IEEE Std 1003.1 and The Open Group Base Specifications Issue 6)."
Join the Fellowship and win a Free HP notebook PCThe Free Software Foundation Europe is offering new incentives to active members. "Like last year's PDA, donated by xtops.de the Free Software Foundation Europe will be raffling off two HP notebooks to all active Fellows on 1 April this year. For two lucky Fellows, April Fool's Day will be anything but foolish. "This is a great start into the second year of our Fellowship," says Georg Greve, president of FSFE. "The Fellowship is essential to our activities. It allows us to pursue activities like the Microsoft antitrust case, or our work at the United Nations. These may seem far away, but if we do not defend our freedoms also in these places, we are bound to lose them everywhere.""
New python.org and Call for VolunteersA Call for Volunteers has been sent out for the new python.org site. "We would like to announce that the beta python site will be made live on the 5th March 2006. In order to ensure that the switch is as smooth as possible, we are asking for some volunteers to help in finalising the migration and checking of content and links. Guido van Rossum will be announcing this during his keynote speech at Pycon and there will be sprints from 27th February through to the 2nd March. All the information you'll need is here."
Commercial announcements Bizgres MPP 2.1 Available for Public DownloadVersion 2.1 of Bizgres MPP, the scalable data warehousing clustered version of PostgreSQL, is available for a free trial. "Bizgres MPP 2.1 is based on PostgreSQL 8.1 and will support most PostgreSQL applications out of the box. It allows you to spread your database across multiple servers, and run parallelized queries over databases up to 100 terabytes in size, with data read rates over 10GB/second. Bizgres MPP is built on a fault-tolerant shared-nothing architecture which allows for cluster expansion, using commodity hardware."
DNUK Selects Chelsio's T210-CX iSCSI Target SolutionChelsio Communications has announced the selection of its T210-CX4 10GbE TOE/iSCSI acceleration adapters by DNUK for use in Linux systems. "Chelsio's T210-CX4 TOE/iSCSI adapter and iSCSI Target software v1.0 is a proven turnkey solution set that offers significant cost savings for storage target systems by leveraging the volume, scalability, and simplicity of off-the-shelf server platforms, standard Ethernet connectivity, and copper CX-4 cabling."
Empower Technologies Introduces TI development kitEmpower Technologies has announced a new development kit for the TI OMAP5912 dual-core processor. "A one-stop development solution, Empower's LDK5912 comes complete with both hardware and software offerings that enable developers to create reference consumer electronics products at significantly reduced development time, risk and cost. The kit runs LinuxDA out of the box, so developers can use the LDK5912 to compile, download and test applications within minutes of set-up."
Gigabytes and Silver Strand Solutions announce Gigastrand InternationalGigabytes Computer Store and Silver Strand Solutions have joined together to announce Gigastrand International. Gigastrand International will supply computers and home entertainment systems using the Linspire Operating System. In addition, Gigastrand International will provide specialized materials for people with niche interests such as using Linspire to to be an audiophile, run a small business, and much more.
Linux Networx Announces Linux Supercomputing Storage SolutionsLinux Networx has announced the availability of new supercomputing storage solutions. "Integrating the appropriate storage configuration within a supercomputing system has been proven to power performance acceleration and utilization increases by a factor of 20 or more. Linux Networx storage solutions combine best-in-class hardware, management software and high performance file systems to best meet the unique requirements of each supercomputing environment. Linux Networx storage solutions are tightly integrated with the company's LS series of Linux Supersystems -- a family designed to deliver new levels of Total Application Throughput."
Novell Continues Linux Market Leadership in ChinaNovell, Inc. has announced its continuing leadership in the Chinese Linux market. "Novell holds a 25.1 percent share of the Linux market in China, surpassing other local and international Linux distributors. Novell's success in China reflects a strong commitment to Chinese open source development and to Novell's growing customer base in this rapidly expanding market."
New Books Building Extreme PCs--O'Reilly's Latest ReleaseO'Reilly has published the book Building Extreme PCs by Ben Hardwidge.
Writing Security Tools and Exploits--latest from SyngressSyngress has published the book Writing Security Tools and Exploits by James C. Foster and Vincent Liu.
Resources The "First Ever Think Tank Report on the Future of Commercial Open Source"SDForum and the Olliance Group have announced the availability of a report from an "open source think tank" event held in January. This group got together and came up with a number of not entirely earth-shaking conclusions. "There are not enough developers to participate in all the open source communities. With too many projects and not enough focus on key projects -- there is simply not enough talent to mature open source fast enough." The Olliance site requires registration to obtain the report, but said report is under the Creative Commons Attribution license. So you can also get a copy from LWN [PDF].
Contests and Awards VMware Announces Ultimate Virtual Appliance ChallengeVMware, Inc. has announced the Ultimate Virtual Appliance Challenge. "VMware, Inc., the global leader in virtual infrastructure software for industry-standard systems, today announced the Ultimate Virtual Appliance Challenge contest with prizes totaling $200,000 to foster continued innovation in developing virtual appliances. Virtual appliances are pre-built, pre-configured and ready-to-run software applications, all packaged within virtual machines. They can be run using VMware virtualization products, including VMware Player and VMware Server which are both available for free download at http://www.vmware.com/download/."
Education and Certification IBM Linux tutorials for LPI examsIBM developerWorks has a series of tutorials to help you prepare for system administrator certification and the topics in LPI exams 201 and 202. Tutorials generally require a free registration.
Event Reports Coverage of LPI at LinuxWorld MexicoThe Linux Professional Institute has provided coverage of their presence at the recent LinuxWorld Mexico conference. "LPI attended the first annual Linux World Mexico and hosted exam labs, a trade show booth, and a special press conference on LPI's 30,000 certificant."
Upcoming Events DEF CON 14 Call for PapersA call for papers has gone out for the DEF CON 14 security conference. DEF CON 14 will be held on August 4-6, 2006 at the Riviera Hotel & Casino in Las Vegas, NV. Papers are due by June 15.
Geoffrey Moore will present Keynote at 2006 Desktop Linux SummitDesktop Linux Summit has announced its keynote speaker, author Geoffrey A. Moore. "Moore will speak from his newest book, "Dealing with Darwin: How Great Companies Innovate at Every Phase of Their Evolution," and hold a book signing for attendees. The event, sponsored by industry leaders such as Novell and Red Hat, will be held April 24-25, 2006 at the Manchester Grand Hyatt in downtown San Diego."
Novell Brainshare ConferenceNovell's global BrainShare Conference will take place on March 19-24, 2006, in Salt Lake City, UT.
Novell and Red Hat Take Top Sponsorships at Desktop Linux SummitNovell and Red Hat will be the top sponsors at the fourth annual Desktop Linux Summit. "The Desktop Linux Summit today announced that Linux industry giants Novell and Red Hat have signed on as platinum sponsors for the show, which is the only event to focus exclusively on Linux and open source software for the desktop. In its fourth year, the Summit will be held April 24-25, 2006 at the Manchester Grand Hyatt in downtown San Diego, California."
OOoCon 2006 location chosenThe location for OOoCon 2006 has been chosen. The event will take place in Lyon, France.
2nd PyWeek Python Game Programming ChallengeThe second PyWeek Python Game Programming Challenge has been announced. "The date for the second PyWeek challenge has been set: Sunday 26th March to Sunday 2nd April (00:00UTC to 00:00UTC). The PyWeek challenge invites entrants to write a game in one week from scratch either as an individual or in a team. Entries must be developed in Python, during the challenge, and must incorporate some theme chosen at the start of the challenge."
64 Studio and Lionstracs at Sounds Expo 2006The Linuxaudio.org members, 64 Studio audio distribution and Lionstracs will have exhibits at the London Sounds Expo trade show on March 9-11, 2006.
CFP: 13th Annual Tcl/Tk ConferenceA Call For Papers has gone out for the 13th Annual Tcl/Tk Conference. The event will take place on October 9-13, 2006 in Naperville, Illinois, submissions should be in by May 31.
O'Reilly Where 2.0: The Future of Mapping and Local SearchO'Reilly has announced the 2006 Where 2.0 conference. "There's a new world of technology taking shape, moving the computing ecosystem to higher ground: geospatial. Pioneered by grassroots developers, startup projects, and innovative mash-ups, these new mapping and location-related tools and services are promising both disruptions and opportunities. To explore this technology frontier, O'Reilly Media is planning the second Where 2.0 Conference, happening June 13-14 at the Fairmont Hotel in San Jose, California."
Events: March 2 - April 27, 2006
Web sites New GNOME developers forumThe new GnomeDev.com site is online with a wired variety of GNOME developer topics.
Audio and Video programs FOSDEM videos availableFor those of you who couldn't make it to FOSDEM: Michael Opdenacker has posted videos of a number of the talks. The list includes sessions by David Weinehall, Richard Stallman, Jeff Waugh, and others.
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||