LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for March 9, 2006Some notes from the Coverity surveyBack in January, LWN reported on a grant awarded to Coverity by the U.S. Department of Homeland Security. Coverity (working with Stanford) would apply its static analysis tools to the code bases of a large set of free software projects and report on the results. The effort was designed to help provide a sense of the quality of free software while simultaneously helping to improve that quality.Coverity has now announced its first set of results in the form of a press release, a table of defect counts, and a glossy report. The main point made in the report - and picked up on by most of the media coverage - is that the software which makes up the "LAMP stack" (kernel, Apache, MySQL, PostgreSQL, PHP, Perl, Python) has a significantly lower rate of defects than the larger set of projects reviewed. From this result, one might well conclude that the most heavily-used and carefully-reviewed projects tend to have better code. Perhaps not a breathtaking result, but it's still nice to know. The projects with the lowest defect density include Ethereal, OpenVPN, Perl, and xmms; the all-time winner is xmms, with a total of six detected errors. At the other end of the scale, one finds Amanda, Firebird, NetSNMP, OpenLDAP, Samba, X, and Xine. The MySQL code base turned up 136 defects (a density of 0.224 per thousand lines of code), while PostgreSQL has 295 (density of 0.362). Those results are interesting in the context of this quote from the report:
For example, MySQL, PostgreSQL, and Berkeley DB have certified
versions of their software that contain zero Coverity defects.
We asked Coverity CTO Ben Chelf about the discrepancy between this claim and the published results, and heard back:
We are working with the community now to determine exactly why that
is. Obviously the code changes over time so that is one potential
factor for the new issues. We hope that by opening up this mainline
access, we can assure that all _future_ versions of many of these
packages will contain zero Coverity defects.
Unfortunately, that response does not really answer the question. The possibilities would seem to be: (1) whoever paid for the "certified versions" has not fed the resulting fixes back into the mainline; (2) all of the detected defects have been introduced into the code base since the certification run was done, or (3) the tests run on the "certified versions" were less comprehensive. None of those ideas is particularly reassuring. That notwithstanding, the work being done at Coverity is clearly helping to clean up the code of the projects being surveyed. Patches for some bugs found in the kernel are already circulating, and various other projects are looking at the results as well. With regard to Samba, the Coverity folks provided us with a quote from Jeremy Allison:
Coverity has found bugs in parts of Samba that we had previously
considered completely robust and tested. It's like having a
developer on the team with an inhuman attention to detail, who
points out all the corner cases and boundary conditions you hadn't
considered when you first wrote the code. It's making a *major*
contribution to the code quality of the Samba project.
Running static analysis tools on the code is a clear win for software quality and Coverity, by chasing down the resources to pay for this kind of work, is helping the free software community. Even so, we could not resist asking Mr. Chelf this question: wouldn't it help the community even more to release the checker under a free license, so that the community could do its own analysis and improve the tool as well? He responded:
We want to have a very strong relationship with the open source
community for a long time to come. We recognize that open source
software is a more and more critical part of many organizations'
(commercial and non-commercial) infrastructure. As we keep a
healthy finger on the heartbeat of what the community wants from
this type of technology, we feel we'll be the best ones to provide
it, regardless of form. Does that mean open source? It's too early
to say at this point.
In other words, we'll have to content ourselves with the reports from Coverity - when Coverity sees fit to provide them - for the foreseeable future. It is vastly preferable to not having those reports. Still, there would be a great advantage to having static analysis tools which did not depend on any one corporation's generosity to run. The community seems to be a bit slow in the development of these tools, however. The "sparse" utility, written by Linus Torvalds, is regularly used to find certain types of bugs in the kernel. It has seen little use beyond the kernel, however, and has not developed anything close to the capabilities of Coverity's tools. The once-promising smatch project seems to have stalled for the last two years. Various other projects exist (Wikipedia has a list), but none seem to have reached any sort of critical mass. The free software community prides itself on the quality of its code. Static analysis techniques will clearly be an important part of maintaining that quality in the future. Many eyeballs do indeed shake out bugs; adding some automated eyeballs to the mix will help find even more of them. We have been lucky that a company which has developed some interesting static analysis techniques has - for a few years, now - shared the results of its analysis with parts of the free software community. We should hope that this generosity continues for a long time, but we may also want to think about creating some tools of our own for the day when that generosity runs out.
The next generation office suiteOpenOffice.org is a great package. It provides powerful capabilities in a number of areas - document editing, spreadsheets, presentations, etc. - and makes it possible for Linux users to interoperate with the large part of the world which is dependent on proprietary office applications. Much of the time, OpenOffice is the tool needed to enable Linux to replace a proprietary desktop system. It would be a hard tool to live without.That said, there is some truth in a comment recently posted by Jeff Waugh:
OpenOffice.org is not aggressively competitive with Microsoft
Office - it's playing to match the feature matrix instead of
leapfrogging and defining new ground to fight on. That is not a
winning strategy, particularly when the stakes involve the future
of Software Freedom in the hands of users around the world.
This statement is, perhaps, not entirely true; OpenOffice has, for example, been a big part of the push toward the Open Document Format. The open format push has most certainly shifted the battle, to the point that even Microsoft has had to respond. Beyond that, however, it is hard to point to a long list of new things which OpenOffice has brought to the office productivity arena. It is mostly a good copy of that other office application. Critics of free software are fond of claims that the community is restricted to imitating developments done in the proprietary world. Free software, it is said, is not where innovation is done. To a great extent, OpenOffice could be said to validate that claim. It is not clear that this situation can change; OpenOffice is a large and intimidating code base which can be hard to contribute to, and the project's mission would seem to argue against the creation of surprising new features. The community is not limited to OpenOffice, however. Jeff's posting points to a weblog entry by Marc Maurer, wherein he (by way of a large Flash file) demonstrates the long-anticipated collaborative editing addition to AbiWord. Authors, connected by the net, can simultaneously work on the same document and see each others' changes as they happen. Now every document can be written by committee, a process known to produce superior results. Seriously, however, there are clear advantages to being able to work in this mode. Perhaps the tiresome process of sending document files around as attachments and trying to integrate changes from others could eventually fade away. And the world has shown, many times, that if people are given new ways to communicate and work together, they will do surprising things with that capability. So this addition to AbiWord (hopefully due to show up in the 2.6 release) is a welcome step forward. Meanwhile, the KDE project recently held a "GUI and functionality design competition" for KOffice 2. the results of this competition have now been posted; they show that a number of smart people are thinking about where KOffice could go from here. The winning entry [PDF] from Martin Pfeiffer takes a long look at how people work with documents. His ideas, if realized, could take much of the tiresome clicking out of the editing process and make the task of putting together documents (especially large ones) much more straightforward and fun. The fact that much effort in the free software community has gone into the replication of features available elsewhere is not particularly surprising. If one wants to build a user community for a software package, one is well advised to provide the capabilities that the target users have come to expect. In many areas, however, that goal has been met, and the time has come to move into new capabilities that users do not - yet - expect to find. By many accounts, office suites are one of those areas. We have the capabilities that most users need; it will be fun to watch as developers create features that users do not yet know that they need.
Some lessons from MythTVYour editor's eighth-grade son was looking around for an end-of-year school project. Fearing the alternatives (most of which seemed to involve explosives), your editor made the logical suggestion: let's build a MythTV box together. That project looked like a good Linux learning project which might just yield a device which would be useful around the house. Plus, with what he thought was expert Linux guidance (kids are so gullible sometimes), the project couldn't fail.Well, it didn't fail, but it was not always clear that a successful outcome was in the works. For the benefit of others who may be considering the creation of such a box, here's a few things your editor learned on the way. Do not expect it to be easy. Contemporary Linux users tend to be a spoiled bunch. For the most part, any of thousands of programs can be installed by way of a single package manager operation. Often these programs come pre-configured in some sort of minimally working way; finishing the job is just a matter of making a few tweaks. So what could be so hard about installing MythTV? After all, there are packages for many distributions just waiting to be used. Even with pre-built packages, installing MythTV reminds your editor of installing Linux back in 1993. Remember trying to come up with an XFree86 configuration file for a previously unknown monitor? MythTV is somewhat like that. There's a great deal of configuration to perform, and a lot of parameters to tweak. Get one wrong, and the whole thing fails in mysterious ways. Anybody who is not up for a long setup experience would be well advised to stick with simpler tasks - like writing new sendmail rulesets. Choose your hardware with care. MythTV requires a fairly strong system in general; it's not a suitable application for that Pentium 100 system gathering dust in the basement. A capable (but supported!) video card is required. Then, there is the issue of choosing a TV card.
And it does work, once one gets it configured correctly. That involves tracking down the firmware and putting it in the right place, ensuring that the correct modules get loaded (something that doesn't seem to happen by default), and going through a lengthy process of figuring out which stations can actually be tuned and carefully instructing MythTV to avoid all the others. That last step, incidentally, requires a development version of the dvb-apps package obtained from CVS. Then one finds out that, in order to cope with a high-definition signal, one needs a seriously fast processor; that 1.8GHz Athlon you have gathering dust in the basement just won't cut it. Meanwhile, getting plain old, low-resolution TV out of the card, while said to be possible, has proved to be a challenge in real life. Expect pitfalls. One of the many MythTV configuration screens is for setting up the TV card(s). One of the options given there is the pcHDTV HD3000. Every day, some well-meaning MythTV user probably tells the system that his or her pcHDTV HD3000 is a pcHDTV HD3000, while a hundred experienced users, if they only knew, would be shouting "NO, YOU FOOL! It's a trap!" at the top of their lungs. This poor user is heading for some significant pain; MythTV will never work in that configuration. As the battle-hardened veterans know, an HD3000 card should be configured as a DVB device (described in the documentation as "a video standard primarily found in Europe"). Then it will work. One can only imagine a legion of sadistic MythTV hackers leaving the pcHDTV-HD3000 option on the menu as a way of ensuring that beginning users spend more time staring at Google than watching TV. The allegedly easy path isn't necessarily so. Part of the work plan involved researching the best distribution for the creation of a MythTV box. What better way for an eighth grader to learn about how Linux systems are created? He quickly settled on KnoppMyth, which comes with claims like:
KnoppMyth can be installed in as little as 10 minutes (depending
upon your hardware speed) then all you have to wait for is the
first week of TV scheduling to be downloaded. If all your hardware
is supported under Linux, you may not have to edit any
configuration files.
Why bother with anything else when you can get all of the pieces off a single disk? KnoppMyth does not appear to be a project which receives a great deal of development time; the 5.0 release has been in the works for quite a while. A number of the download links on the main page are dead. It still uses version 0.18 of MythTV. More to the point, however: while one may not have to edit configuration files, nothing gets one out of the need to go through a couple dozen MythTV setup and configuration screens. There are dozens of operating parameters to tweak. TV cards must be set up. A separate step is required to set up video sources. Yet another step exists just to connect the configured TV cards with the configured video sources. Then there's the set of channel configuration screens. One has to figure out where the programming information will come from and set that up. Then one has to actually make the resulting combination work - something your editor never succeeded in doing. Among other things, KnoppMyth did not set up the video card (a Radeon 9250-based card) correctly in its XFree86-based graphics system, with the result that the XVideo extension was not available. Suffice to say that MythTV (along with lower-level tools like mplayer) is not happy without XVideo. So your editor dumped the whole mess and installed Fedora Core 4, which had no trouble figuring out the video configuration. The excellent Fedora Myth(TV)ology document made most of the rest of the setup relatively easy - modulo the level-60 secret incantations required to make the HD3000 work properly. Don't expect it to tell you anything.. The MythTV setup program will not work properly if the MythTV backend daemon is running. But it won't check for said daemon, and it won't say why it is failing. MythTV has a built-in logging system with eight log levels, but your editor has yet to find anything of interest there. Other things just fail silently, with no indication of why, for example, an attempt to watch TV in real time yields a black screen for ten seconds before returning to the menu. In summary: MythTV may have a lot of things to recommend it, but there is some work to be done to make it installable by normal people. Today's MythTV reminds your editor of installing early Slackware releases: a long and fiddly process with the occasional trap to avoid. The Linux installation problem has been nicely solved; if the target hardware is supported, putting together a Linux system to use that hardware is usually a straightforward task. What has been done for Linux as a whole can certainly be done for MythTV. Until it has been done, MythTV is likely to be inaccessible to many who would like to use it. Having written the summary, your editor would like to briefly touch on two other lessons. It's seriously cool. Once the system works, it does just what it is claimed to do. It can watch and record television, skip over advertisements, move around quickly in the program, handle multiple tuners, juggle conflicting recording schedules, work with a wide variety of remote controls, browse the web, play games, etc. Packaged in a suitably powerful and quiet box, MythTV could be a welcome part of one's larger entertainment complex. We may not be able to build MythTV boxes for much longer. The capabilities provided by MythTV go against everything the Powers That Be in the entertainment industry want us to have. As they continue to push for hostile legislation and DRM-encumbered hardware, they will eventually make the creation of a MythTV box impossible. Hardware which can tune in tomorrow's signals, and which makes the result available to software that doesn't know the secret handshakes, will be unavailable. MythTV is a powerful - if rough-edged - tool; it's how access to video programming should be. It would be a shame if MythTV were to smooth out the setup experience, only to be obliterated by legal systems worldwide.
Security An introduction to Elliptic Curve CryptographyElliptic Curve Cryptography (ECC) has been gaining momentum as a replacement for RSA public key cryptography largely based on its efficiency, but also because the US National Security Agency (NSA) included it, while excluding RSA, from its Suite B cryptography recommendations. Suite B is a set of algorithms that the NSA recommends for use in protecting both classified and unclassified US government information and systems. Public key cryptography is the basis for tools like ssh as well as Secure Sockets Layer (SSL) for encrypting web traffic. For readers who would like more information, a nice introduction to public key cryptography and the RSA algorithm can be found on Wikipedia. ECC is based on some very deep math involving elliptic curves in a finite field. It relies on the difficulty of solving the Elliptic Curve Discrete Logarithm Problem (ECDLP) in much the same way that RSA depends on the difficulty of factoring the product of two large primes. The best known method for solving ECDLP is fully exponential, whereas the number field sieve (for factoring) is sub-exponential. This allows ECC to use drastically smaller keys to provide the equivalent security; a 160-bit ECC key is equivalent to a 1024-bit RSA key. Smaller key sizes lead to faster processing, which is very interesting to folks that are implementing encryption on small, mobile devices with limited resources in terms of power, CPU and memory. It is also very desirable for large web servers that will be handling many encrypted sessions. These are the technical considerations driving adoption. The NSA's recommendation makes it very attractive to companies that sell encryption products to the government and many non-governmental entities will also want products that implement ECC. In order to use elliptic curves as part of a public key cryptosystem, both parties must agree on a set of domain parameters that fully specify the curve that is being used. Various groups, notably the US National Institute for Standards and Technology (NIST) and the Standards for Efficient Cryptography Group (SECG) have recommendations for the domain parameters to be used for various key sizes. The Internet Engineering Task Force (IETF) also has a draft specification for adding ECC to SSL/TLS. Sun Microsystems has donated ECC code to OpenSSL and the Network Security Services (NSS) library; this allows the Apache web server and Mozilla browsers (and many other programs) to use ECC. Unfortunately, as with RSA before its patent expired, the ECC landscape is littered with patent claims; some of dubious enforceability due to prior art. Sun claims patents on ECC technology, but has provided a "patent peace" provision in its license that states that it will not enforce its patent claims and asks that anyone holding patents associated with the code not enforce them against Sun. The wild card in the ECC patent arena seems to be Certicom which claims a large number of ECC patents and has not made a clear statement of its intentions with regard to open source implementations. The NSA licensed Certicom's patents for $25 million to allow them and their suppliers to use ECC, lending some credence to at least some of the Certicom patents. Other companies also have patents on various pieces of ECC technology. As is often the case with patents, it is well nigh impossible to determine what the patents cover and if an implementation infringes without going to court. Ironically, the clearest description of what is and is not patented is an RSA Laboratories FAQ entry:
In all of these cases, it is the implementation technique that is patented,
not the prime or representation, and there are alternative, compatible
implementation techniques that are not covered by the patents.
Of course, this is not legal advice from RSA and may or may not be how it is interpreted by the courts. We will all have to wait and see how it plays out if one or more of the patent holders decides to sue. [The author wishes to thank his employer, Privacy Networks, for sending him to the RSA 2006 conference which inspired this article.]
New vulnerabilities bmv: integer overflow
flex: buffer overflow
freeciv: denial of service
initscripts: privilege escalation
irssi-text: denial of service
kernel: multiple vulnerabilities
Mozilla Thunderbird: remote code execution and DoS
WordPress: SQL injection
zoo: stack-based buffer overflow
Updated vulnerabilities ADOdb: PostgresSQL command injection
apache: cross-site scripting
blender: integer overflow
bluez-hcidump: buffer overflow
BomberClone: remote execution of arbitrary code
bzip2: race condition and infinite loop
ktools: buffer overflow
cpio: arbitrary code execution
curl: buffer overflow
cyrus-imapd: buffer overflows
dia: missing input sanitizing
emacs21: format string vulnerability in "movemail"
enscript: arbitrary code execution
evolution: format string issues
fetchmail: multidrop bug
ffmpeg: buffer overflow
Foomatic: Arbitrary command execution in foomatic-rip
gdb: multiple vulnerabilities
gdk-pixbuf: multiple vulnerabilities
gedit: format string vulnerability
gettext: Insecure temporary file handling
gnupg: false positive signature verification
gnutls: denial of service
grip: buffer overflow
gzip: arbitrary command execution
heimdal: privilege escalation
imagemagick: arbitrary command execution
imap: buffer overflow in c-client
ipsec-tools: denial of service
kdebase: local root vulnerability
kdelibs: heap overflow
kdelibs: kate backup file permission leak
kernel: multiple vulnerabilities
kernel: multiple vulnerabilities
kernel: multiple vulnerabilities
kernel multiple vulnerabilities
xpdf heap based buffer overflow
libdbi-perl: insecure temporary file
libgadu: memory alignment bug
libgd2: buffer overflows in PNG handling
libmail-audit-perl: insecure temporary file creation
libpam-ldap: authentication bypass
libpng: heap based buffer overflow
libungif: memory corruption
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
libXpm: new buffer overflows
lynx: arbitrary command execution
mailman: denial of service
metamail: buffer overflow
mod_python: remote access vulnerability
mozilla: multiple vulnerabilities
nbd: arbitrary code execution
ncpfs: multiple vulnerabilities
ntp: uses wrong gid
openmotif: buffer overflows
OpenSSH: double shell expansion
pcre3: arbitrary code execution
perl: setuid vulnerabilities
PHP: safe_mode bypass
php: multiple vulnerabilities
phpbb2: multiple vulnerabilities
phpMyAdmin: multiple vulnerabilities
postgresql: improper validation with Asserts enabled
pound: HTTP Request Smuggling Attack
pstotext: remote execution of arbitrary code
Py2Play: remote execution of arbitrary Python code
scorched3d: multiple vulnerabilities
spamassassin: denial of service
squid: authentication handling
squirrelmail: multiple vulnerabilities
struts: cross-site scripting vulnerability
sudo: vulnerability via scripts
tar: buffer overflow
File overwrite vulnerability in tar and unzip
tcpdump: multiple DoS issues
tetex: integer overflows
texinfo: temporary file vulnerability
tin: buffer overflow
unzip: long file name buffer overflow
up-imapproxy: format string vulnerabilities
uw-imap: buffer overflow
vixie-cron: crontab allows any user to read another users crontabs
w3c-libwww: possible stack overflow
xine-lib: buffer overflows
xine-ui - insecure temporary file creation
xloadimage: buffer overflows
xorg-x11: heap overflow
xpdf: buffer overflow
xpdf: potential vulnerabilities
xpdf: heap overflows
xpdf: denial of service
xpdf: integer overflows
zlib: buffer overflow
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch remains 2.6.16-rc5; no new -rc releases have been made over the last week. A slow trickle of patches continues to find its way into the mainline git repository as bugs are tracked down and fixed.The current -mm release is 2.6.16-rc5-mm3. Recent changes to -mm include a patch to allow NFS mounts from a common server to share superblocks, CPU hotplug support for the x86-64 architecture, a continuation of the /proc rework, and some device mapper work. The current stable 2.6 kernel is 2.6.15.6, released on March 5, following shortly after 2.6.15.5. The two updates carry a few dozen patches, a number of which address security-related issues.
Kernel development news Quote of the week
Users of Suspend2 can rest assured that I will not allow the patches to suffer
bitrot. I will be continuing to use them myself, and will therefore have the
best of incentives to keep them up-to-date.
Now for the downside: I won't, however, be making any sort of concerted effort at getting them merged into the vanilla kernel after my move, and am not inclined to make a big effort beforehand.
Double kfree() errorsLess than 24 hours after Coverity announced the availability of a new set of machine-detected potential kernel bugs, Dave Jones started posting fixes. Judging from these fixes, a number of the problems detected this time around are double-free errors - passing the same pointer to kfree() twice. Freeing memory twice is a sure way to corrupt core kernel data structures, leading to trouble in unpredictable places far from where the real bug is to be found. Avoiding this kind of error would make life easier for everybody involved.To that end, Dave tossed out a simple idea: have kfree() poison pointers so that a second call can be detected immediately. His first proposal looked like this:
#define kfree(foo) \
__kfree(foo); \
foo = KFREE_POISON;
This code was not meant to be incorporated as-is; for starters, it probably needs a pair of braces. But there were a couple of other problems which popped up. One of them is that, since passing a NULL pointer to kfree() is legal, passing it twice is also legal. But this code would break that case. Whether that would be a problem for real code is unclear. Al Viro pointed out a more serious issue: the pointer passed to kfree() is not always an lvalue which can be assigned to. So simply redefining kfree() in this way would lead to compilation errors. The end result is that a transparent, in-place replacement for kfree() may be hard to implement. An alternative might be the creation of a safe_kfree() variant, combined with some serious pressure to use that variant. Then, perhaps, double-free errors could be caught when they happen. Or, instead, one could use the double-free checking already built into the kernel. The slab allocator, which is (among other things) the engine behind kmalloc() and kfree(), has options for poisoning (writing special values to) all memory which it handles. One value (0x5a in every byte) marks uninitialized memory, while another (0x6b) is written into memory when it is freed. The resulting patterns jump out nicely in oops listings, often making the cause of the problem immediately obvious. But the use-after-free value can also enable the detection of double-free errors - assuming that the memory is not reallocated between kfree() calls. The problem, it seems, is that not a whole lot of developers are running with slab poisoning enabled. As a result, they are working without a valuable debugging tool and allowing certain kinds of bugs to persist in the code base. So a part of the solution to the problem may well be a stronger effort to get developers to turn the slab poisoning option on. Beyond that, any sort of checking added to kfree() (or a variant) should be harder to disable than the existing debugging options.
RCU and open file accountingDavid Miller has been making great progress in his port of the Linux kernel to Sun's new "Niagara" (SPARC) CPU architecture. He has run into one little problem, however:
I just wanted to report that I am hitting the "VFS: file-max limit
xxx reached" problem quite easily on my 32-cpu Niagara machine with
16GB of ram with current 2.6.x GIT. It seems far too easy to get a
box into this state due to SLAB fragmentation and RCU. And once
you get a machine into this state it is totally unusable.
Our test case is usually a "make -j8192" kernel build along with a parallel bootstrap of gcc. That puts about 256 processes on each cpu's runqueue, I doubt ksoftirqd can run much at all. The file limit problem was last discussed here in October, when it delayed the release of the 2.6.14 kernel. A fix merged at that time made the problem harder to trigger, but, as David's experience shows, the problem has not been solved altogether. One might argue that a relatively small number of users run the sort of workload that David is playing with. But the point remains: with current kernels, including the upcoming 2.6.16 release, it is possible for a suitably-written program to run the open file count to its maximum, thus denying any sort of service to other users. This seems like a problem which one might want to fix. One piece of the puzzle here is the way that the open file count is managed. Currently, that count is decremented in the slab destructor set up for file structures. This method works, but it can cause the decrement to be delayed by an arbitrary amount of time, with the result that the open file count overstates the number of files which are actually held open by processes in the system. Moving that operation out of the slab destructor can help to keep the count more in sync with reality. The core of the problem, however is the use of the read-copy-update (RCU) mechanism for management of file structures. When a file is closed, the task of freeing the structure is queued in RCU. Using RCU lets the kernel ensure that the structure is not freed while references to it remain, but without the sort of locking overhead that comes with other techniques. As a result, performance is measurably improved on SMP systems. When there is a lot of opening and closing of files going on (such as, say, when a wild-eyed developer starts an 8192-process kernel build), the length of the RCU callback queue can get quite long. By the time that the RCU code decides that the system has quiesced and it is safe to invoke the RCU callbacks, the queue might have thousands of entries. Working through the entire callback queue led to latency problems elsewhere in the system, so 2.6.14 included a patch which put an upper limit on the number of callbacks which would be processed in any single iteration. The limit helped with the latency problem. But, if the generation of RCU callbacks continues at a high rate, the length of the callback queue can only grow. Every entry in the queue represents memory which could be returned to the system, but which has not yet been made available. So, as the queue grows, memory gets fragmented and the system heads towards the dreaded out-of-memory state. An attempt at a solution can be found in this patch by Dipankar Sarma, which has been sitting in the -mm tree for a while. Dipankar's patch puts a configurable upper limit on the number of RCU callbacks which will be processed in any single batch; that allows system administrators to tune the batch size to their particular needs. On a server which is dealing with large number of file requests, and on which latency is not a crucial issue, the batch size can be set to a large number. The patch also adds a high-water limit. If the length of the RCU callback queue ever exceeds that limit, the RCU code will (1) set the batch limit to infinity (or the integer representation thereof) and (2) send out an inter-processor interrupt forcing every CPU on the system to schedule. The combination of these actions will cause the system to work through the entire RCU queue at the soonest possible time. Once the queue length goes below a low-water limit, the old batch limit will be restored. It is, in other words, a somewhat unsubtle approach; the system is given a kick in the rear and told to go clean up its mess. But, it seems, that is exactly what the system needs at such a time. The cleanup task can only be deferred for so long; the work eventually needs to be done regardless. David has reported that the patches fix the problem on his Niagara system, and suggests that they should be merged into 2.6.16. It is a fairly significant patch to merge at this late point in the cycle, but there seems to be a reasonably high level of confidence in its stability. So, chances are that it will be included as a preferable alternative to shipping 2.6.16 with a known problem.
Some upcoming sysfs enhancementsA glance at Greg Kroah-Hartman's state of the driver core and sysfs message shows that a number of changes are queued up for future kernel cycles. A couple of those add new features to sysfs, and seem worth a mention.Attribute files in sysfs serve as a channel for sharing information between the kernel and user space. As more of the information interface moves to sysfs, an increasing number of user-space programs will be making use of sysfs attributes. Often, these programs will want to respond when the value of a sysfs attribute changes. In current kernels, however, there is no easy way for an application to know when an attribute has changed; the only option is to repeatedly re-read the file and check for new values. The current -mm kernels include a patch by Neil Brown which makes it possible to create pollable attributes. With such attributes, user space need only open the attribute of interest pass it to poll() with the POLLERR and POLLPRI events selected. When poll() returns, the file can be reopened and reread to obtain the new value. Internally, the patch adds a wait queue head to every kobject on the system; that queue is inserted into a poll table in response to a poll() call. The sysfs code has no way of knowing, however, when the value of any given sysfs attribute has changed, so the subsystem implementing a pollable attribute must make explicit calls to:
void sysfs_notify(struct kobject *kobj, char *dir, char *attr);
Here, kobj and attr describe the attribute whose value has been changed. The dir argument need only be supplied when the given kobject has a special subdirectory (and the attribute is in that directory). This call will cause any polling process to wake up and see that a new value is available. With the current code, there is no way to mark attributes which can be polled. Any process which calls poll() on an attribute which does not support polling will end up waiting rather longer than the developer intended. While sysfs attributes are normally low-bandwidth items - holding generally a single value - the relayfs subsystem (added in 2.6.14) is meant to be a high-bandwidth pipe from the kernel to user space. Relayfs is often used for debugging tasks, such as relaying large amounts of kernel trace data for later analysis. User space gets at that data stream by opening a channel file created in the special-purpose relayfs filesystem. As it turns out, relayfs contains a fairly nice internal abstraction for its file operations, making it possible to create entries for relay channels in other filesystems. Paul Mundt recently put together a patch taking advantage of this feature to allow kernel code to create relayfs channels in sysfs. The reaction to this capability was positive; indeed, it was seen as a better interface to the relay code than relayfs itself. So Paul's patches have grown into a full reworking of the relay interface, with the separate relayfs filesystem going away entirely. Most of the interfaces remain unchanged; in particular, almost the entire kernel API (as described in the documentation file) remains as it was before. But now there is a pair of new functions:
int sysfs_create_relay_file(struct kobject *kobj,
struct relay_attribute *attr);
void sysfs_remove_relay_file(struct kobject *kobj,
struct relay_attribute *attr);
A simple call to sysfs_create_relay_file() will add a relay channel attribute to the given kobject. The relay_attribute structure must be filled in with information about the actual channel. On the user-space side, the only change is that the application must look in a different place to find the relay channel. All of the supported operations (mmap() in particular) work as before. Barring last-minute objections, both of these patches seem likely to be merged for 2.6.17.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Interview with DPL Branden RobinsonBranden Robinson, outgoing Debian Project Leader, was kind enough to answer a few questions via email.LWN: Now that your term is winding down, do you feel that you have accomplished what you hoped to accomplish?
No. In and of itself that is not a bad thing; it's better to have a
surfeit of ideas than a paucity of them, but even so I found the position
to be a subtly different kind of challenge than I expected.
Still, I learned a great deal about the inner workings of the Debian Project's infrastructure that I don't think I could really have come to understand any other way. I look forward to being a resource for the next Debian Project Leader. The important work that Debian has to do will continue. Project Scud was announced almost exactly one year ago. Since then, has this project helped with the management of the Debian project?
In ways, it has. The DPL team was valuable to me in my role in that I
think it was essential in either keeping me informed about various
behind-the-scenes happenings, or in offering differing perspectives on
things I already knew about.
Should some variant of it be continued into the coming year?
I think so, yes -- however, the DPL Team had a big problem with visibility
to the Debian Project at large, and that was a significant liability.
It felt to me like the DPL Team was constantly engaged with somewhat
sensitive personnel issues that were difficult to air publicly in a way
that was both constructive and fair to all the parties involved.
The level of harmony within the team, however, was very high, and it was a good working environment. We all exhibited respect for each other and were able to work constructively even where we had differences of opinion. I had been afraid that we wouldn't gel, and with the exception of one member who simply didn't (and doesn't) have the time to participate, I think we did. Quite apart from who wins the DPL election, I value the stronger relationships I've forged with Debian developers over the past year, both within and apart from the DPL Team. When it comes to the team approach being continued into the coming year, I think it's inevitable. Whether it's called "the DPL team" or "Project Scud" or doesn't have a name at all, but is instead "the guys the DPL drinks with at the pub", I feel certain the concept will continue to exist in some form, just as it predates its explicit identification last year. The role of DPL is a multifaceted one, and it's just plain good leadership to share the responsibilities. Just as the DPL has the trust of the developers, so too must a DPL demonstrate trust in others. The best leaders find ways to trust new people, rather limiting their horizons. Are there things you are particularly happy about? Or particularly unhappy about?
I'm particularly happy that the day-to-day machinery of Debian, of package
maintenance, quality assurance, release management, propagation of
unstable packages to testing, and so on, continued to hum along as it
should. Debian's technical processes are, for the most part, highly
developed and mature, and not something the Project Leader needs to meddle
with. That was deliberate in the design of the Debian Constitution, and I
think that is a point of continuing success.
The Sarge release, and, critically, the maturity of the d-i (debian-installer) project are also achievements I'm enthusiastic about. I don't claim credit for them in my capacity as DPL, except insofar as I was smart enough to know not to meddle with something that was working. Our release management processes have started to seriously hum over the past year. I think we really have a handle on management of major transitions. The BTS has seen major improvements, the devscripts package has more useful tools, and more people are leveraging these new features to get their work done. On the downside, I'm particularly unhappy that a few particularly thorny issues occupied virtually 100% of my time. I made a conscious decision even before I was elected to grapple with what the Project has identified as the most critical issues, not necessarily those where I could make a big splash for myself or grab headlines. One consequence is that things I have achieved are difficult to measure; another is that I didn't have much time left over to work on even the somewhat strange things I consider "fun", like coming up with a new set of trademark usage guidelines. That's still being managed ad hoc, and it doesn't really need to be. It pays to keep in mind, though, that the most visible thing Debian does is get free software to our users. That's the primary mission, and every time I dwell on my frustrations, I need to remind myself that Debian is fundamentally succeeding in that mission. The free software landscape is littered with the remains of projects that have failed in it. Consequently, it is invaluable to maintain one's sense of perspective. Why did you chose not to run for a second term?
There are factors on a few fronts. As you may gather from my previous
answers, I have a bit of battle fatigue. More importantly, however, I have
come to appreciate the wisdom that a few people in the Debian Project have
already expressed. First, you don't necessarily have to be the DPL to get
things accomplished. The DPL is not a strong executive under our
constitution, and some of the DPL's constitutional powers, such as the
dismissal of a delegate against his or her will, have never been exercised.
Secondly, many developers don't seem to really appreciate the first point.
It's often been remarked that the Debian Project only seems to seriously
grapple with internal management issues once a year during the elections.
In between, most people seem to just wait for the Project Leader to pull a
rabbit out of a hat.
While it's certainly possible that a more talented leader than myself could do so (or simply be the straw the breaks the camel's back), it would be healthier if more developers were more involved with those issues. What I'd like to do next is see if I can mold myself into an example of what I'm beginning to think of as the "good Debian citizen". I've had the benefit of an "insider's view" of what's right and wrong at the core of the Project -- what I think is critical now is to better uphold clause four of our Social Contract, in which we commit to openness with our users. That clause talks specifically about bug tracking, but many within the Project think we should apply it more generally. Some Debian developers have an ambivalent relationship with the Project's "insiders" because, simultaneously, they are details of infrastructure management that most of them don't care to know about -- except when they're perceived as not working. In that case, they demand satisfaction. I don't particularly decry this so much as note it to be human nature. What do you think will be the biggest challenge for the next DPL?
Infrastructure reform, which seems to eat every DPL that dares to grapple
with it, will threaten to do so with the next leader as well.
Is there anything else you would like to add?
It has been a tremendous honor to serve my fellow Debian developers and
users in this office. I've had a few opportunities to speak before
audiences familiar with Debian during my term -- the Open Source World
Conference in Màlaga, Spain, and at Free Software and Open Source Days in
Istanbul, Turkey, are two recent examples.
Everywhere I go in my capacity as a Debian representative, I meet many people who have boundless enthusiasm for the Debian Project and the work that we do. In many cases these are people who are as young as I was when I started using Debian, ten years ago, or even younger. Many of them want to be involved but want advice on how to contribute -- they don't know if they have anything to offer the project. The advice I offer is simple: identify something you care about, where your natural interests tend to flow, and throw yourself into it. A GNU/Linux distribution is an infinitely improvable thing -- that is, we're never going to run out of ways to improve it. When there aren't features to be added or bugs to be fixed, there are translations to be made, documentation to be written, or licenses to be fixed. It seems basic to Debian old-timers, but it's a new insight to Debian's vigorous youth. At the GPLv3 launch conference in Boston this past January, I troubled Eben Moglen for a recipe on how to grow the Free Software community. His advice was simple, as most good advice is: "Each one, teach one." Over the past year I've been able to impart just a little bit of my meager knowledge to a great many people. That has been the most rewarding part of this job.
New Releases New Quantian release 0.7.9.2 availableQuantian 0.7.9.2 is the second Quantian release based on Knoppix 4.0.2. Quantian adds hundreds of scientific / numeric packages, as well as an openMosix enabled 2.4.27 kernel, to the CDROM version of Knoppix.
SUSE Linux 10.1 Beta6 is readyThe sixth beta for the Agama Lizard (aka SUSE Linux 10.1) is out. The team has decided to spend more time strengthening this release, and have revised the schedule. The final release is now expected on April 13, 2006.
Distribution News Debian voting issuesThe candidates for Debian Project Leader will debate each other on IRC on Thursday March 16, 2006 from 22:30 UTC to 01:00 UTC the following day. The announcement also contains a Call for Questions and a Call for Panelists.So far (as of March 5th) on 174 Debian developers (out of a potential 972) have voted on the GFDL position statement. Voting ends on March 11. Details of the general resolution can be found here.
Other Debian newsChristian Perrier reports on proposed changes to su. "As reported in #276419, su in the login Debian package doesn't permit to specify options to the invoked shell and doesn't respect quoted arguments. We plan to revert this behavior and follow su's documentation and other implementations."Martin Schulze has announced the return of the packages.debian.org service. "This service had to move to a new machine after it consumed too much I/O traffic due to archive reorganisation." Martin Schulze also looks at the contents of the Debian backup server. "The backup of a resource is more than just a copy of the current state. It consists of 10 to 100 versions, representing several past days. Each day a new copy is created on the backup system. Copies older than the configured number of copies get purged." This Bits from the kernel team takes a look back at what already happened after the sarge release and what you should expect for etch.
Announcing fedora-security-listA new list has been created for the discussion of security issues in Fedora, including Fedora Extras and Fedora Legacy.
Ubuntu - Dapper UI SprintMark Shuttleworth reports that the Dapper UI sprint has been happening in London and on #dapper-look. "We are reviewing progress on UBZ desktop specs, as well as the artwork, theming and icons for Dapper in both Ubuntu and Kubuntu."
CFP: Debian Quality Assurance meeting in ExtremaduraThe Region of Extremadura in Spain has generously offered to host a number of work meetings for Debian during 2006. A Quality Assurance meeting is planned for December 13-17, 2006 (Wed-Sun). "This first announcement is a Call for Participation: if you have been involved in Debian QA, are interested in contributing or have some good QA ideas, you may want to consider attending this meeting." Space is limited.
Distributions at FOSDEMWe have a couple of FOSDEM reports. The Debian-Java team met and discussed Debian-Java policy changes, Debian-Java welcomes women, and Java in kFreeBSD port.The openSUSE project participated at FOSDEM with both a "DevRoom" and a small booth. "For those of you who didn't make it to FOSDEM, we have recorded the nine talks and three speed talks about openSUSE, SUSE Linux, and the work of SUSE R&D." There's a picture gallery too.
New Distributions andLinuxandLinux is a complete Linux distribution that runs seamlessly in Windows, using CoLinux. There is no need to partition, dual boot, configure or dedicate a machine. Users will have a complete Linux environment running along with Windows in a matter of minutes. The latest version is Proof Of Concept v2.1, which includes CDrom and floppy access, sound, faster networking and much more.
Sharif LinuxSharif Linux is a bilingual English/Persian operating system maintained by Sharif FarsiWeb. It is based on GNU/Linux and is customized for the computing requirements of Iran and the Persian language, specially for enterprise-level and educational uses. The current version of Sharif Linux, version 1.4, includes GNOME 2.10, including Evolution 2.2.3 and Evince 0.4.0, OpenOffice.org 2.0.1, Firefox 1.0.7, FarsiWeb fonts 0.4, Linux kernel 2.6.15, and much more.
Distribution Newsletters Debian Weekly NewsThe Debian Weekly News for March 7, 2006 covers the call for votes on the General Resolution to address the Debian project's position on the GNU Free Documentation License, requirements and rights for official Debian sub-projects, Debian GNU/kFreeBSD for AMD64, the IRC debate for the Project Leader Election, QA activities, and several other topics.
Fedora Weekly News Issue 36This week the Fedora Weekly News looks at the Call for Papers: FUDCon Wiesbaden 2006, Announcing fedora-security-list, Running OLPC within VMWare Player, Updated QEMU-Admin tool with network bridging, Security wars: Novell SELinux killer rattles Red Hat, and more.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for the week of March 6, 2006 covers Gentoo Linux 2006.0 download statistics, a Portage fix, the PPC team meeting, the Gentoo event calendar for London, San Jose and Bonn, and several other topics.
February OpenSolaris Community NewsletterThe February edition of the OpenSolaris Community Newsletter is available. Topics include OpenSolaris Charter was approved, Community started ramping up on the formation of development projects, more source and binary technology released, variety of contributions continue to be offered, some external code contributions have led to ARC cases, source code management conversations are increasing and more.
Ubuntu Documentation Newsletter - second editionThis issue of the Ubuntu Documentation Newsletter looks at Documents for Ubuntu 6.04, Kubuntu Documentation, Wiki Documentation, and more.
DistroWatch Weekly, Issue 141The DistroWatch Weekly for March 6, 2006 is out. "As more and more distributions provide bootable disks containing a complete operating system, it is clear that these "live CDs", as they are often referred to, are having a huge impact on our daily computing lives; today we report on Debian Live and Mandriva One, as well as on several efforts to accelerate the boot process of KNOPPIX. Having trouble with finding all the interesting software sources for your Ubuntu installation? Then worry not, the new Ubuntu source-o-matic makes it easy. Also in this issue: Click-N-Run for Ubuntu, a new Linux web site with podcasts for Linux beginners, a couple of entertaining links for Monday laughs, and a first look at the brand new Rubix Linux 1.0. Finally, we are pleased to inform that the February 2006 DistroWatch donation has gone to FreeBSD Foundation."
Package updates Fedora updatesUpdates for Fedora Core 4: dhcp (bug fixes), system-config-netboot (bug fixes), xterm (bug fixes), squirrelmail (fix broken languages), shadow-utils (bug fix), ncurses (cleanup), mc (bug fixes), gnbd-kernel (update to 2.6.11.5 kernel), cman-kernel (update to 2.6.11.5 kernel), dlm-kernel (update to 2.6.11.5 kernel), GFS-kernel (update to 2.6.11.5 kernel).
Mandriva updatesMandriva has provided new libaio packages in main to provide out-of-the-box support for Oracle Express in Mandriva Linux 2006. Samba has been updated for Corporate 3.0 users.
Slackware updatesSlackware has upgraded bash-completion and proftpd. Various python packages have been recompiled against Berkeley DB 4.2.52. There a few fixes for coreutils, xfsprogs and dmapi. The full slackware-current changelog has all the gory details.
Trustix updatesTrustix has fixed various bugs in postfix and samba for TSL 2.2 & 3.0.
Distribution reviews My desktop OS: GRML (NewsForge)NewsForge takes a look at a relatively unknown distribution called GRML. "GRML says it's for "users of texttools and system administrators," but GRML actually offers more. It's Linux that "just works." My users are not geeks, but GRML makes all our lives easy."
Five things I dislike about SUSE 10 (Linux.com)Joe Barr is not happy with his boxed set of SUSE Linux 10.0. "The open version of SUSE is touted as making all the latest stuff available earlier than you can get it in the commercial version, with perhaps a few bumps in the road as a result, for hobbyists and aficionados to play with and test and help debug the latest application releases before they get rolled up into the professional edition. It turns out the retail version has exactly the same set of bumps in the road as the open version."
Page editor: Rebecca Sobol Development Using Linux to manage a large audio collectionRecently, your author decided to dig into a long-delayed project, the consolidation of a large collection of music onto a hard drive-based archive. Over the years, a large collection of music has been built up, the majority of which is live concert recordings from various tape trading networks. Prices of hard drives in the several hundred gigabyte size range have been steadily falling, making an online audio archive possible and affordable.Music recording technology has gone through an amazing number of technology changes in the last 30 years. First there were reel-to-reel tapes, then audio cassettes. VHS-HiFi was a short-lived medium that offered improvements over cassettes until the audio DAT tape showed up. After that was CD-R media. Add to that vinyl records, commercial CDs, sound tracks from video tapes, and live recordings from multi-track digital recorders. Recently, a large number of BitTorrent sites have been good sources of live music recordings. Your author is somewhat picky about audio standards, although he routinely shuns audiophile audio hardware. The Microsoft .wav file format seemed like the universal standard to use as an archive medium. The 44.1K sampling rate was chosen due to its compatibility with audio CDs. Compressed formats like Ogg Vorbis and MP3 have their uses for portable players, but for archiving purposes, .wav is for the most part, the best sounding and most universally workable standard. Taking that one step further, .wav files can be bit-for-bit converted to and from FLAC, the Free Lossless Audio Codec. FLAC typically squashes music by about 50% of its original size, and .flac files can be played directly with music players such as XMMS. It is trivial to re-convert .flac files to .wav for burning CD-Rs. The standard Linux filesystem was chosen as way of storing the archive. It offers a wealth of handy command-line utilities for management, and GUI-based interfaces for those who prefer the that mode of operation. Some conventions were chosen for representing the music from a typical live concert. Each concert gets stored in a unique directory named ArtistYYYYMMDD. Individual songs were stored in their own .wav files with a similar naming scheme: ArtistYYYYMMDDd#T##.wav where YYYYMMDD is the date, d# is the (optional) disk number from a multi-CD set and T## is the track number. Additionally, a file called ArtistYYYYMMDD.txt can be included to contain a textual description of the audio source, processing information, song lists, and other information. It would be nice to have a meta-data file such as an XML file that contains more information in a computer readable format, but that's for the future. A big collection of CD-burning source material was recently rescued from an old computer system and a big pile of backup tapes from the same machine. The majority of this data consisted of 1-2 GB .wav files that were created by copying audio DATs into a CMI8732-based sound card with a lossless S/PDIF digital audio interface. The audio stream was converted to .wav files with the obsolete SoundRecorder utility, or Cinelerra. Sound from analog sources was fed into the computer using an external Flying Cow Analog to S/PDIF converter. Many of the audio DATs were recorded with a 48Khz audio sampling rate; those were converted to 44.1Khz files with SoX. Most of the source material was stereo volume normalized with Ecasound and some custom audio scripts. Volume normalization is a bit of an art, it usually works best on large parts of the source .wav file, broken up by concert sets, or where the person running the recorder tweaked the recording level. Normalizing groups of songs gets rid of annoying volume changes from song to song. Although Cinelerra is primarily a video editor, it has the critical ability of being able to digest a 2GB audio file without choking. It also has the ability to mark audio edit points throughout the source material, and bulk-render individual .wav files as marked by the edit points. After all of that, the music archive is showing many signs of improvement. All of the long gaps and audience chatter has been removed from the source material. The volume of the .wav files is fairly constant from concert to concert. The songs are now accessible individually. Your author was lucky in that he discovered how poor the CD-R medium is for long time archiving before he deleted his source .wav files. CD-R media degrades with heat, dirt, and repeated handling. Now that the music archive is coming together, some big advantages are beginning to surface. It is possible to copy the entire archive to another computer with a one line ssh/tar command. This is extremely powerful for backing up the data or copying sections to a friend's computer. A spare computer can easily be retrofitted with a large hard drive, then turned into a music library audio appliance. Although not as portable as an mp3 player, the entire archive can be copied to a laptop for listening away from home. This is very much a work in progress, it is also a process that will never be finished. The archive is up to 45Gb and is growing daily. Some software remains to be written. A random music player should be easy to write with just a few lines of Python code. That could be extended to include more advanced features such as noting song groups that should always be played together, and skipping files that contain short spoken segments such as a band introduction. In the source material, files are occasionally split into two pieces due to the editing out of a bad section in the middle, your author is still searching for a way to join two .wav files into one to fix that problem. Linux and the wide variety of open-source tools have made this entire process a breeze, if somewhat time consuming. Audio recording has gone through a series of diverging technologies, this distillation effort has reversed that trend.
System Applications Database Software MySQL 5.1.7-beta has been releasedVersion 5.1.7-beta of the MySQL database is available for testing. "This is the first published Beta release in the 5.1 series. All attention will continue to be focused on fixing bugs and stabilizing 5.1 for later production release."
pgAdmin III v1.4.2 ReleasedVersion 1.4.2 of pgAdmin has been released. "The pgAdmin Development Team are pleased to announce the release of version 1.4.2 of pgAdmin, the Open Source administration and development platform for PostgreSQL 7.3 and above. pgAdmin can be run on Linux, FreeBSD, Mac OSX, Solaris and Windows."
PostgreSQL Weekly NewsThe March 5, 2006 edition of the PostgreSQL Weekly News is online with new PostgreSQL information and events.
Mail Software Bogofilter 1.0.2 releasedVersion 1.0.2 of Bogofilter, a Bayesian spam filter, is available. "This release fixes has some minor configuration script scripts, some minor option errors, suppresses multiple messages when the database nears its maximum size, has an emacs VM entry in the FAQ and updated emacs VM support."
Gotmail 0.8.8 ReleasedVersion 0.8.0 of Gotmail, a Perl interface to hotmail.com, is out. "This is a simple maintenance release with only a few basic bug fixes applied including better dealing with spaces in folder names and extra lines in config files."
Web Site Development Campsite 2.5 announcedVersion 2.5 of Campsite, an open-source multi-lingual content management system for news websites, is out. "Version 2.5 is a major feature release."
Using Ajax from Perl (O'Reilly)Dominic Mitchell discusses the use of Ajax from Perl on O'Reilly. "If you're even remotely connected to web development, you can't have failed to have heard of Ajax at some point in the last year. It probably sounded like the latest buzzword and was one of those things you stuck on the "must read up on later" pile. While it's definitely a buzzword, it's also quite a useful one. Ajax stands for "Asynchronous JavaScript and XML." It's a term coined by Jesse James Garret in "Ajax: A New Approach to Web Applications." Ignore the football team, they're mere impostors. ;-) What does that actually mean? In short, it's about making your web pages more interactive."
Scheduling Jobs in a Java Web Application (O'ReillyNet)Chris Hardin discusses Java Web Application scheduling on O'Reilly. "Web application frameworks are built to service requests when they come in, typically from web users. This seems fine, but what if you need to execute code at specific times (for example, to generate reports in the middle of the night when CPU use is low)? Quartz provides best-of-breed Java scheduling functionality, and in this article, Chris Hardin shows how to get Struts to load up Quartz and your scheduled work."
Miscellaneous Open Graphics schematics postedThe Open Graphics project is working toward the development of a completely open 3D graphics adaptor for use with free systems. Last week, the project announced its intent to release the first set of schematics for wider review. The schematic [PDF] and a slightly outdated bill of materials are now available. Quite a bit of work remains to turn this design into an actual product, but the developers are working with the apparent hope of getting something out this year.
New Live CD showcasing XGL (FootNotes)If you are curious about what can be done with all the 3D work going on: FootNotes has a blurb about the Kororaa live CD, a Gentoo-based live system with all the Xgl goodies on it.
Desktop Applications Audio Applications FUPlayer 0.2.1 is availableStable version 0.2.3 of FUPlayer has been announced, it features bug fixes. "FUPlayer is a full featured music manager and player for the GNOME desktop. With it, you can play music from your hard drive, create playlists, do real file management using its Trash, and play, rip, and burn audio CD's. It features an interface similar to those of many modern manager-style players, but with many improvements, such as true non-modal search and browse functionality, find-as-you-type, and drag destination highlighting." See the CHANGELOG file for more information.
QjackCtl 0.2.20 releasedVersion 0.2.20 of QjackCtl, a Qt interface to the JACK Audio Connection Kit (JACK) is out with a number of new capabilities.
Rhythmbox needs YOU! (GnomeDesktop)The Rhythmbox project needs volunteers to work on its music player playlist feature. "Rhythmbox 0.9.3 gained support for all mass-storage audio players (auto-detected if HAL knows about them, or via .is_audio_player). What it doesn't have is support for playlists on all those players. Last night we committed support for reading playlists from PSPs, and we want to add support for the rest. If you have an audio player which uses playlists (and isn't an iPod or PSP), you need to run to bugzilla and tell us about it."
CAD Twenty-ninth release of PythonCAD availableRelease 29 of PythonCAD has been announced. "The twenty-ninth release of PythonCAD contains various improvements to the internal entity creation and manipulation code. The routines for transferring entities between layers has been reworked, as have the routines for deleting entities. This code rework flushed out a number of bugs and sub-optimal code issues which have been resolved."
Desktop Environments GNOME 2.14 Release Candidate (2.13.92) Released!GNOME 2.13.92 has been released. "This is our last unstable release before the big .0 release. Lots of new features and bug fixes have been added during this cycle, probably more than what you can remember if you've been running all the unstable releases so far."
GARNOME 2.13.92 (aka 2.14 RC) is outVersion 2.13.92 of GARNOME, the GNOME testing distribution, is out. "This release includes all of GNOME 2.13.92 (aka 2.14 Release Candidate) plus a whole bunch of updates that were released after the GNOME freeze date."
GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Software AnnouncementsNo new KDE software announcements were received this week. You can find the latest KDE software releases at kde-apps.org.
Electronics gEDA 20060123 announcedThe OpenCollector Database has an announcement for a new release of the gEDA suite, a collection of electronic design automation (EDA) tools. "This release includes schematic backup and autosaving, a new "L" net drawing mode, improved PNG export, new file selection dialog boxes (when using at least GTK+ 2.4.x), embedded picture support, spice-sdb backend improvements, and many bugfixes."
Kicad 2006-03-07 releasedRelease 2006-03-07 of Kicad, a printed circuit and electronic circuit CAD application for KDE, is available with bug fixes and other improvements.
Financial Applications Release of GnuCash 1.9.2 (unstable) (GnomeDesktop)Unstable version 1.9.2 of GnuCash, a financial management application, has been announced. "The GnuCash development team proudly announces GnuCash 1.9.2 aka "With extra flavor enhancements", the third of several unstable 1.9.x releases of the GnuCash Open Source Accounting Software which will eventually lead to the stable version 2.0.0. This release contains many bugfixes since the second release but is still only intended for developers and adventurous testers who want to help tracking down bugs."
Games Ember 0.4.0 releasedVersion 0.4.0 of Ember has been announced on the WorldForge game site. "Ember is a fully functional 3d client for the WorldForge project. Its meant to be as extensible as possible, to allow for future world builders to adapt it to their worlds or games. This release adds a lot of new features and refactored code. One of the main changes is the addition of scripting language support. Many of the existing gui components and widgets have been converted to Lua code. Together with a build in code editor and a new more robust widget look this makes for a solid foundation for further gui development."
Interoperability Wine 0.9.9 releasedVersion 0.9.9 of Wine has been announced. Changes include: Many new features and improvements in Richedit, More Web browser support, Recursive directory change notifications, Wine installation is now fully relocatable, Direct3D 8 and 9 now use the same code, Many debugger improvements, Systray is now handled by the explorer process and Lots of bug fixes.
Wine Weekly NewsletterThe March 5, 2006 edition of the Wine Weekly Newsletter is out with the latest Wine project news.
Music Applications dssi-vst 0.4 releasedVersion 0.4 of dssi-vst, a DSSI plugin wrapper for Win32 VST plugins, is out. "The main change since the 0.3.1 release is that dssi-vst now builds with newer versions of the Wine tools. Wine 0.9.5 or newer is now required. This release also builds with version 2.4 of the VST SDK, although it should still work with the older 2.3 as well."
Qsynth 0.2.5 releasedVersion 0.2.5 of Qsynth, a Qt interface to FluidSynth, is out with new features and bug fixes.
Office Suites OpenOffice.org 2.0.2 releasedOpenOffice.org 2.0.2 is out. This release adds integrated spellchecking dictionaries, some new import filters, KDE address book interoperability, and a new set of icons.
Miscellaneous File permissions in Nautilus (GnomeDesktop)GnomeDesktop.org points to a blog about Nautilus file permission modifications. "Christian Neumair has posted an overview of some of the work he is doing with regards to changing file permissions within Nautilus. A very good read for those that are interested."
Languages and Tools Caml Caml Weekly NewsThe March 7, 2006 edition of the Caml Weekly News is out with new Caml language articles.
Java GNU Classpath 0.90 releasedVersion 0.90 of the GNU Classpath essential Java libraries have been released. Changes include: "JTables can be rearranged and resized. Free Swing text components support highlighting and clipboard. Much improved styled text. Fast event dispatching and lower memory consumption. Better support for mixing lightweight and heavyweight components in AWT containers. GNU Crypto and Jessie cryptographic algorithms have been added providing ssl3/tls1 and https support. Unicode 4.0.0 support. GIOP and RMI stub and tie source code tools. XML validaton support for RELAX NG and W3C XML schemas. New file backend for util.prefs. Updated gnu.regexp from POSIX to util.regex syntax."
PHP PHP OpenID 1.0.0 ReleasedVersion 1.0.0 of the PHP OpenID library is available. "JanRain, Inc. is proud to announce the first stable release of our OpenID library for PHP! This release incorporates improved documentation, bugfixes, a configuration helper for the server example, and support for installation with the PEAR command-line installer."
PHP Weekly Summary for February 27, 2006The PHP Weekly Summary for February 27, 2006 is out. Topics include: True labelled break goes off-list, portable string API in HEAD, segfault recovery, life without $this, stack overflow prevention, deprecation macros in 5_1, and late static binding patch.
Python PyCon Python IDE reviewJonathan Ellis presents a Python IDE review from the recent PyCon convention. "I presented an IDE review at PyCon last Friday. It was basically a re-review of what I thought were the 3 most promising IDEs from the Utah Python User Group IDE review, to which I added SPE, which was by far the most popular of the ones we left out that time. The versions reviewed are: PyDev 1.0.2, SPE 0.8.2.a, Komodo 3.5.2, Wing IDE 2.1 beta 1".
Dr. Dobb's Python-URL!The March 6, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.
Ruby Ruby Weekly NewsThe March 5, 2006 edition of the Ruby Weekly News looks at the latest discussions from the ruby-talk mailing list.
Tcl/Tk Dr. Dobb's Tcl-URL!The March 6, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.
Miscellaneous SchemaSpy 2.1.2 released (SourceForge)Version 2.1.2 of SchemaSpy has been announced. "SchemaSpy analyzes schema metadata, letting you click through the hierarchy of your tables' parent/child relationships either graphically or through HTML tables. It works with just about any RDBMS given an appropriate JDBC driver. SchemaSpy also identifies several common schema anomalies."
Page editor: Forrest Cook Linux in the news Recommended Reading Jon Maddog Hall on Linux, saving money and ruling the world (ComputerWorld)ComputerWorld has an interview with Jon 'maddog' Hall. "Customers will realize that return on investment (ROI) overrules total cost of ownership (TCO), and they will tell Microsoft that they, as customers, will not buy any more software from Microsoft unless it is 'free'. Then Free and Open Source Software will blossom overnight."
The NZ "Get the Facts" Style Report (Groklaw)Groklaw covers a new anti-FOSS FUD campaign in New Zealand. "Slashdot has posted an article about a report to the New Zealand State Services Commission regarding FOSS: Gavo writes "Law firm Chapmann Tripp advises New Zealand State Services Commission that the New Zealand Government should be wary of using 'infectious' open source software. They claim 'While the use of open source software has many benefits, it brings with it a number of legal risks not posed by proprietary or commercial software.'" Here's the scoop, although I don't know if the New Zealand government is aware of it. Chapman Tripp works for Microsoft."
ODF Alliance Announced (Groklaw)Groklaw covers the newly formed Open Document Format (ODF) Alliance, an international group of industry partners, associations, NGOs and academic/research institutions. "Members include corporations you would expect to be part of this push, such as IBM and Sun and Novell and Red Hat, and some you'll be happy to see on the list, like Corel and Oracle and Opera Software, and the Information and Communications Technology (ICT) for the City of Vienna, and quite a collection of educational and library associations, such as the American Library Association, the Indian Institute of Technology, the Technical University of Denmark and tarent GmbH."
Trade Shows and Conferences Gadgets on parade at CeBit (ZDNet)ZDNet looks forward to CeBit. "CeBit is huge, and thousands of technology companies will cram into almost 30 halls, bringing everything from fax machines and printers to smart phones and dual-core chip-based notebooks. We can't predict everything that will grab the headlines and get people talking at the show, but it's clear that there are some key themes and products to watch out for."
A Report from LinuxForum 2006 (Groklaw)Groklaw has coverage of LinuxForum 2006, in Copenhagen, Denmark. "LinuxForum runs over two days: Friday (today) is more business-minded and Saturday is for the geeks... er... I mean... the more technically minded. Thus, today's program was definitely of more interest to the wider Groklaw audience. Tomorrow will be exciting too, but only for some Groklawians. Also, it will be harder to report, so you will have to make do with my report from today." Day 2 coverage is also available.
Companies Chip startup adopts Linux, open cores for PMPs, DTV (LinuxDevices)LinuxDevices looks at new microprocessor offerings from Vivace Semiconductor. "A fabless semiconductor startup focused on "multi-function video processing chips" has adopted Linux and an open-source RISC core. Vivace Semiconductor's roadmap, unveiled at a venture capital event today in San Francisco, includes a VSP200 chip targeting portable video players, and a VSP300 chip targeting high-definition integrated digital TVs (DTVs)."
Israeli Software Company Faces U.S. Probe (Forbes)Forbes is carrying an AP article saying that a US governmental panel (the same one which happily declined to worry about the sale of several US ports) is doing a full review process on the sale of Sourcefire to an Israeli company. "The objections by the FBI and Pentagon were partly over specialized intrusion detection software known as 'Snort,' which guards some classified U.S. military and intelligence computers." ...and which is free software.
Linux Adoption 'Academy' builds business case for Linux in gov't (Silicon.com)Silicon.com covers the successful deployment of Linux in Birmingham, England. "Birmingham City Council is the lead authority on the project which began last year. It has embarked on one of the most ambitious projects, replacing the software on 300 PCs - at its central library and 39 local libraries - with open source. The spokesman told silicon.com: "Nine months ago our library infrastructure was in need of updating and what we've done is look at open source as an alternative to conventional desktop software. We've implemented a refresh of the desktop which uses open source software throughout." Now the desktops have OpenOffice 2, Firefox and Gimp image software. The spokesman said: "These are all powerful applications. What we have is a very stable, very secure desktop."
Linux at Work Planetary lab's research orbits around Scyld cluster (NewsForge)NewsForge looks at the University of Arizona Lunar and Planetary Lab (LPL) and its Scyld Beowulf cluster from Penguin Computing. "The lab is home to almost a dozen separate research groups, each with five to 12 researchers, each with his or her own computing needs. The groups conduct research on various topics such as space physics, planetary occultations, and spacecraft missions. Sometimes LPL researchers study material that has gone into space or been brought back from space by NASA, trying to be the first to publish findings in scientific journals."
'World's largest' Wi-Fi network keeps Linux under wraps (Computerworld)Computerworld looks at the use of Linux for setting up a large wireless network in Victoria's Department of Education. ""We are aware that the modules used in EduPass are open source already, and so is Red Hat Linux, but we have erred on the side of caution," Meadows said, adding her team has "thought long and hard" about it. "There are big security companies that build on Linux and don't release the code [and] we give credit to Openssh, Freeraduis, Squid, and Linux which are all open to scrutiny. The bits that are proprietary concern how all servers are randomly set to check updates and a lot of advanced proxy features." Even without releasing EduPass's code, DET is being a good open source citizen by remaining in "close touch" with and contributing "issues" back to the Freeraduis and Openssh projects."
Legal Rivals: Microsoft offer is a 'poisoned honeypot' (ZDNet)ZDNet covers the latest twists as the European Commission looks into Microsoft's compliance with sanctions imposed in an antitrust decision. " The Commission said Microsoft failed to properly document the interconnections and rivals could not use them. Microsoft offered in January to open portions of the secret source-code for its servers, a solution neither sought nor welcomed by Commission experts. The Free Software Foundation Europe and Samba rejected the idea. Microsoft would require FSFE/Samba to change its license, which requires source code be openly distributed and freely available."
Interviews Mr. Dell opens up about Desktop Linux (DesktopLinux.com)DesktopLinux.com talks with Michael Dell. "Dell emphasized that his company is not leading Linux, it's tracking Linux. So, it's not going to pick one desktop distribution and try to make it number one. Thus, while 'Ubuntu is now the most popular desktop distribution on Dell PCs, it may not be a year from now.'"
Resources CLI Magic: Securely deleting files with shred (Linux.com)Linux.com takes a look at destroying data with shred. "While shred might not work on bad sectors, it is one of the best tools available to securely erase data from your hard disk. It is always more secure to run shred on a complete partition rather than a file, because some filesystems keep backup files and shred makes no attempt to delete these. For the extremely paranoid, however, no command works better than concentrated sulphuric acid."
Linux and smart phones (Linux.com)Luigi Paiella communicates between a Linux laptop and a smart phone in a Linux.com article. "So you want a cell phone that's also a PDA? Smart phones can make calls, synchronize your calendar with your PC, act as data storage devices, and connect your PC to the Internet. You can use your Linux PC to connect with and even program some mobile phones using some of the following tools. In testing these open source applications I used a Nokia phone running Symbian OS v8.0 and the Series 60 Platform second edition user interface, with USB, Bluetooth, and Internet connectivity."
OOo Off the Wall: That's Your Version--Document Control in OOo Writer (Linux Journal)Bruce Byfield looks at OpenOffice.org Writer tools that help with version control. "OpenOffice.org has multiple Undo levels. You can set the levels as high as you like from Tools -> Options -> OpenOffice.org -> Memory -> Undo. However, if your files receive extensive revision or if more than one person writes or edits them, you need more sophisticated tools to handle changes. OpenOffice.org Writer provides three such tools: Changes, Compare Documents and Versions. All share some common interface features and are quick to learn, although possibly confusing for users unfamiliar with version control."
Reviews First look: KOffice 1.5, part 1: The major applications (Linux.com)Linux.com reviews KOffice 1.5. "As I examined KOffice's major applications, a pattern started to emerge. In KWord, KSpread, and KPresenter, basic functions are available, but only a few advanced features. At a rough estimate, each has about three-quarters of the features that you would find in an equivalent commercial product or in OOo. This status is a mixed blessing. On one hand, it suggests that KOffice is not rushing its development by trying to be all things to all users. Instead, KOffice seems to be gradually perfecting existing functions a little more with each release. This tactic is particularly evident in the steady improvement of the user interface."
Review: MythTV 0.19 (Linux.com)Linux.com has a review of MythTV. "MythTV describes itself on its home page as a "homebrew" personal video recorder (PVR), but thanks to its many available plugins, it's actually a complete open source home entertainment system that lets you to watch and record TV programs, watch movies, view photos, listen to music, play games, and more."
Virtualization in Xen 3.0 (Linux Journal)Rami Rosen reviews Xen 3.0, a virtual machine monitor, on Linux Journal. "After much anticipation, Version 3.0 of Xen recently was released, and it is the focus of this article. The main goal of Xen is achieving better utilization of computer resources and server consolidation through paravairtualization and virtual devices. Here, we discuss how Xen 3.0 implements these ideas. We also investigate the new VT-x processors from Intel, which have built-in support for virtualization, and their integration into Xen."
Miscellaneous Open Season On Open Source? (Business Week)Business Week says that the open source community has been "thrown into a tumult" as a result of acquisitions; it looks like an article which could have been written in 1999. "The fear is that a round of buyouts could undermine the ethos of open source. Many coders volunteer their time, spending nights and weekends testing bugs and writing patches because they see themselves as part of an important, grassroots movement. Will that motivation remain if they're just helping to fill the coffers of Oracle or other tech giants?"
Page editor: Forrest Cook Announcements Non-Commercial announcements An ACM policy statement on DRMEd Felten has posted a policy statement on DRM from the US public policy committee of the ACM. "DRM should not be used to interfere with the rights of consumers. Neither should DRM technologies interfere with any technology or use of consumer systems that are unrelated to the copyrighted items being managed." The statement is also available as a PDF file which, amusingly, causes evince to require a password on your editor's system (xpdf displays it fine).
FSF announces annual member meetingThe Free Software Foundation has announced its annual member meeting to be held at MIT, Cambridge MA, on Saturday April 1, 2006. This meeting has been subtitled "GPLv3 and the future of free software movement".
English Wikipedia reaches 1 million articlesThe Wikipedia online encyclopedia has reached its one million article mark. "Although its method of editing is new and controversial, Wikipedia has already won acclaim and awards for its detailed coverage of current events, popular culture, and scientific topics; its usability; and its international community of contributors. BBC News has called Wikipedia "One of the most reliably useful sources of information around, on or off-line." Daniel Pink, author and WIRED Magazine columnist, has described Wikipedia as "the self-organizing, self-repairing, hyperaddictive library of the future," and Tim Berners-Lee, father of the Web, has called it "The Font of All Knowledge.""
Commercial announcements GWAVA Announces Release of Reload for GroupWiseGWAVA has announced the availability of a GroupWise backup solution for Linux. "Reload is a hot backup and restore solution for GroupWise administrators to rapidly and easily restore an entire GroupWise system or a single GroupWise email message. Organizations can now restore single messages, allow users to automatically recover deleted mail in minutes and dramatically improve the reliability and speed of backup and restore procedures."
Novell Reports Financial Results for First Fiscal Quarter 2006Novell, Inc. has announced its financial results for its first fiscal quarter ended January 31, 2006. "Novell reported revenue of $274 million, compared to revenue of $290 million for the first fiscal quarter 2005. Net income available to common stockholders in the first fiscal quarter 2006 was $2 million or $0.00 per diluted common share."
The PolyServe Distributed Performance Management SystemPolyServe, Inc. has announced the enhanced PolyServe File Serving Utility for Linux. "The updated software package features a powerful performance dashboard tool, adding to the solution's advantages over isolated network attached storage (NAS) appliances. Enabled by PolyServe's shared data clustering software, the performance dashboard tracks performance on individual servers and aggregates this information across the cluster to provide critical real-time performance statistics."
New version of Project Open]project-open[, a provider of open-source based project management software, has announced the release of Version 3.1 of ]project-consulting[. The new version includes several new modules and more then 100 detail improvements from customer rollouts.
Announcing the samba4WINS Replicating WINS ServerThe samba4WINS Replicating WINS Server has been announced. "Initiated by SerNet and sponsored by Computacenter, Fujitsu Siemens Computers (FSC) and LiSoG e.V. it became possible to develop a free software needed by many users: the replicating WINS server - samba4WINS. Due to this solution WINS server running with Windows in a lot of environments can be migrated to Linux."
Terra Soft Releases Y-HPC v1.1, Initiates Switch CampaignTerra Soft Solutions has announced the release of version 1.1 of its Y-HPC Cluster Construction and Management Suite for G5 Xservers. "New to Y-HPC v1.1 is XCPU, a process management system for clusters divided into control nodes and compute nodes. XCPU incorporates a set of simple tools for starting cluster-wide processes wherein the control nodes migrate execution to the compute nodes via the '9p' process management service. The XCPU server is 'mounted' in much the same way NFS is mounted. In this regard, services provided by XCPU are available as files in a file system."
TimeSys Introduces Global Authorized Support and Service Partner ProgramTimeSys has announced its new Global Authorized Support and Service Partner Program. "LinuxLink is the first commercial offering to support the majority of embedded Linux developers who build and assemble their own commercial-grade custom Linux platform. The ASSP program delivers comprehensive, native-language sales, support and value added-services to LinuxLink subscribers. ASSP program members participate in the Developer Exchange, which provides LinuxLink subscribers with access to interactive support from TimeSys, semiconductor companies and industry experts."
LinuxLink by TimeSys Gains Traction in Embedded Linux MarketTimeSys has sent out a status report on their LinuxLink Web-based resource for embedded Linux development. LinuxLink "..has achieved significant growth since its introduction in August, 2005. LinuxLink is an industry-changing delivery model, and the first commercial offering to support the majority of embedded developers who build and assemble their own commercial-grade custom Linux platform. The LinuxLink approach has been validated by embedded developers, semiconductor manufacturers and embedded solutions providers."
New Books No Starch Press Releases "Write Great Code, Volume 2"No Starch Press has published the book Write Great Code, Volume 2 by Randall Hyde.
Resources Get to know Firebird in 2 minutesCarlos H. Cantu has written a multilingual quick start document about the Firebird database, entitled "Get to know Firebird in 2 minutes". "If you are reading this paper, this is probably your first encounter with the Firebird RDBMS. This paper will present to you the main features of the Firebird database. At the end, I am sure you will be anxious to download its lightweight installer and try it out yourself."
Grid Computing Pros Weigh in on Security IssuesThe Globus Consortium Journal for March 2006 features Grid security perspectives from a range of experts from both the open source and vendor community. Click below for the press release.
Linux Gazette #124The March edition of Linux Gazette is out. This edition has articles on Interfacing with the ISA Bus, by Abhishek Dutta, PyCon 2006 Dallas, by Mike Orr, Migrating a Mail Server to Postfix/Cyrus/OpenLDAP, by René Pfeiffer, Build a Six-headed, Six-user Linux System, by Bob Smith, plus the usual features.
Absolute Basics For Setting Up Your Printing NetworkThe CUPS project has a new tutorial on setting up the cupsd.conf file for remote printing.
Moglen and company on Sarbanes-OxleyRecently, there have been allegations that violating the GPL could put a U.S. company (and its management) in violation of the Sarbanes-Oxley Act - which was intended to address corporate governance issues. The Software Freedom Law Center has just put out a paper refuting these allegations. "The SFLC paper defines the realistic impact of a GPL violation as it could be applied under SOX. The SFLC paper points out that SOX generally applies only to public companies and that disclosure in a company's SEC reports is not necessary if a companys use of the license is immaterial to its business. It also states that companies that must comply with SOX bear the full cost of SOX compliance regardless of the licenses of the software they choose." Click below for the press release, or head over to the SFLC site for the full paper.
Contests and Awards Extend Firefox Contest Winners Announced (MozillaZine)MozillaZine mentions the winners of the Extend Firefox Contest. "The finalists were announced last month. Grand Prize Winners include Reveal, Web Developer and Firefox Showcase."
2005 LinuxQuestions.org Members Choice Award WinnersLinuxQuestions.org has announced the winners of its 2005 Members Choice Awards. Winners include Ubuntu, MySQL, OpenOffice.org, Firefox, and many more.
Education and Certification LPI announces new affiliate for greater China regionThe Linux Professional Institute will be offering its certification program in China. "The Linux Professional Institute (LPI), the world's premier Linux certification organization announced that it was making an additional investment in the Chinese market and surrounding region through the development of a "Master" affiliate for the region. This new organization will work closely with Chinese Linux professionals, the Open Source community and local software/hardware vendors and developers to increase the professional use of Linux and Open Source software through LPI's internationally-recognized certification programs."
Upcoming Events BEA to Kick Off Fourth Annual Global Dev2Dev Days Seminar SeriesBEA Systems, Inc. has announced the lineup for the fourth annual Dev2Dev Days seminar series. "This year's global seminars are slated to focus on the blending of commercial software and open source frameworks. The program, which is scheduled to kick off on March 21 in Washington D.C. and to conclude in Mexico City on May 4, is designed to provide an ideal forum for developers and some of the industry's best "liquid thinkers" to network and share the latest technology information and best practices to help them transform and optimize their business from the ground up."
Google, Oracle, Open Source Academy join FOSS Means BusinessGoogle, Oracle and the Open Source Academy will be present at the FOSS Means Business conference in Belfast, Northern Ireland on March 16, 2006.
Call for Papers - hack.lu 2006A call for papers has gone out for hack.lu 2006. The event will take place in Luxembourg on October 19-21, 2006, abstracts are due by May 1. "The purpose of the hack.lu convention is to give an open and free playground where people can discuss the implication of new technologies in society. hack.lu is a balanced mix convention where technical and non-technical people can meet each others and share freely all kind of information."
PostgreSQL Anniversary Summit, Call for ContributionsA call for contributions has gone out for the PostgreSQL Anniversary Summit. The event will take place on July 8-9, 2006, in Toronto, Canada, submissions are due by March 31.
Events: March 9 - May 4, 2006
Web sites LinuxMAO.org, a french Linux Audio WikiLinuxMAO.org is a new French language Wiki for Linux audio users. "In a rather humble than chauvinistic initiative, let's say it's a common wisdom french people do not speak english that fluently... ,-) Contributers are welcome!"
New Samba WikiA new Samba Wiki has been announced. "This new Samba wiki is available for both users and developers alike. The wiki provides a means for the Samba community to provide dynamic or temporary documentation or to provide other relevant information."
Audio and Video programs Your GNOME Podcast (GnomeDesktop)GnomeDesktop.org has announced the availability of the first GNOME Podcast. "The first episode of Your GNOME Podcast has been released! In this and future episodes, we'll be featuring current GNOME news, blasts from the past, interviews, reviews and feedback, as well as much more."
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Your editor, after some digging, stumbled across the