LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for April 6, 2006Thunderbird looks forwardThe Thunderbird mail client developers have recently posted a Thunderbird 2 page describing the changes they anticipate for the next major release. According to the roadmap, this release is expected in the "late Fall 2006" (presumably northern hemisphere) time frame. The task list is ambitious, but perhaps not sufficiently so.One of the planned changes is to introduce multiple views of the folder pane - the list of mail accounts and folders which appears on the left of the window. Thunderbird users with vast numbers of folders would evidently like to be able to filter the display in various ways to make the list easier to work with. So there will be options to display "favorite" folders, the most recently used folders, or those with unread messages. Current Thunderbird implements "labels" for messages; the user can mark a message as being "important," "work," "personal," "todo," or "later." There is no facility for adding new labels, so those which might be useful to your editor ("muchmuchlater") are not available. For 2.0, the developers have realized that (1) any self-respecting application must allow users to apply tags to objects, and (2) labels are really just a form of tags. So labels will be "rebranded" as tags, and users will be able to create their own tags. The association of colors with tags will be possible, preserving the color-coding capability that Thunderbird has now. Another new feature is called "improved phishing support," which, one assumes, is not exactly what the developers intend to implement. Plans include integrating the Firefox2 safe browsing extension and making use of both local and network blacklists. There are also (unspecified) plans for improving the internal bayesian filter for spam filtering. Then, there's the animated new mail alerts and a tooltip-like popup which can provide a summary of new messages in a folder without actually opening that folder. Your editor must confess to being unconvinced that inflicting even more little popup windows on the desktop will truly improve the overall experience. There are a few other things which might be nice to have on this list. Your editor has been using Thunderbird with a (non-LWN) account for a while now, on the notion that there must be something to these graphical mail clients which makes them worth using. Based on this experience, he has a few suggestions for features he would like to see implemented ahead of animated alerts:
Thunderbird is a nice mail client in a number of ways, and its developers look like they plan to make it nicer yet. Your editor supports this work, but hopes that attention to some basic usability issues will not suffer as new features are added to this application. In many ways, graphical mail clients are still slower, more awkward, and less powerful than the text-oriented clients they ostensibly replace. Sooner or later, it would be nice to close that gap.
Fedora and MP3The Linux world hears relatively little from Eric Raymond these days, a fact which maybe bothers some people more than others. Be that as it may, Eric recently broke his silence, in classic form, on the Fedora-devel list. It seems that Eric has come to save the Fedora distribution and set it back onto the path of Total World Domination.There are a few small details that Eric would like to see fixed, including the FC5 artwork ("...backgrounds that look like a Teletubby hocked loogies into a dish full of soap scum."). But the real issue is in a different area: media support - DVD playback, Java applets, Flash media, and, especially:
For a consumer OS to be unable to play MP3s and handle podcasts is
just plain not acceptable, not in the world after iTunes.
The problem, of course, is that MP3 is a patented format. Since Fedora is, by design, a 100% free distribution, it is unable to include patent-encumbered software. So no MP3 format in Fedora. Adding MP3 support to an installed Fedora Core system is not a particularly difficult task for somebody who knows where to look (or how to ask a search engine), but it does require some extra steps. Red Hat's lawyers do not even allow Fedora (or its web sites) to even include a pointer to where this software can be found for fear of "contributory infringement" charges. As a result, adding MP3 support is too hard for many desktop users, especially home desktop users. One option might be to get a distribution license for the GStreamer MP3 plugin. With such a license, Fedora could ship a fully licensed MP3 decoder, with BSD-licensed source. There remain issues with just how that plugin could be shipped with certain GPL-licensed players, but the real problem is elsewhere: a Fedora distribution with this plugin would no longer be redistributable by others. It would, in other words, no longer be a 100% free distribution. Another option would be to put together some sort of third-party, repository with a carefully-chosen set of Fedora additions, a few of which just happen to include MP3 support. Said repository would naturally be hosted in a carefully-chosen country. Fedora could come with instructions for configuring the system to use that repository as a source of "useful extra software," with no mention of what is to be found there. Such a scheme might be vague enough to make the lawyers relax - though they have not made their feelings known on the matter. Yet another approach would be for Eric to make his own, MP3-enabled Fedora offshoot distribution - call it Fully-Armed Fedora or some such. Eric, however, has declined that opportunity, saying:
I don't have the money or the lawyers to pull it off. This sort of thing
is why we have commercial partners with office buildings.
What is really being called for here, in other words, is for Red Hat to stick its neck out and take the legal risk that comes with providing easy MP3 capability to Fedora users. Red Hat is understandably reluctant to do that. The company's relatively high profile and significant cash pile (around $800 million) make it a more likely lawsuit target than many others. Red Hat management probably sees much risk and little benefit in inviting lawsuits by including MP3 support, directly or indirectly. Eric's claim is that companies like Red Hat need to make a business decision to solve the MP3 problem in one way or another, even if it means making deals with patent trolls or shipping proprietary software. A Linux desktop which cannot deal with MP3 files is simply too crippled to be taken seriously by a large portion of the potential user base. If Fedora is ever to succeed in that market, it must do what the target users want it to do. There is a point here. Using Ogg for one's CD collection is no sacrifice, especially if one's portable player (running Rockbox, say) also supports that format. But there is an increasing amount of interesting content on the net which is only available in the MP3 encoding. All of that content is inaccessible using a stock Fedora Core system. That is, indeed, an unacceptable situation for many users. Solutions must be approached carefully, however. Future systems are likely to present other problems: DRM-encoded video formats, broadcast flags, locked-down computers which only run officially-signed software, and more. Any solution which does not also offer at least some hope of addressing those issues will not get us very far. So, in other words, to properly solve the MP3 problem, we must (1) continue working to encourage the creation of content in free formats, and (2) face the legal issues which are at the root of these problems. Those goals will not be helped much by bolting proprietary or otherwise encumbered software onto our free systems. Meanwhile, some other issues may be amenable to easier solutions. To that end, Warren Togami has announced the creation of a new mailing list for the discussion of artwork for future Fedora Core releases. Fedora Core 6 still won't play MP3 files, but maybe it can look a little nicer.
Sveasoft and the GPLSveasoft is a small company which makes its living by selling supported versions of Linux-based firmware for a number of wireless routers. Paying subscribers can download current versions of the firmware, which adds a number of features not normally found on those routers. They can grab updated versions as they become available, and participate in support forums as well.Sveasoft's products are based on free software - Linux in particular. The company's approach to GPL compliance has raised eyebrows for a couple of years now. One tactic employed by the company has been to terminate support accounts for any subscriber who further redistributes the Sveasoft binaries or source. The GPL says that customers are entitled to that code (for the GPL-licensed portions of Sveasoft's products, at least), and that they have the right to pass it on to others. Sveasoft has responded that, when this redistribution happens, it is no longer obligated to provide future versions of the software. The company has employed various schemes for determining which subscriber has redistributed any particular version, and has been quite aggressive at shutting down accounts. To some, it looks very much like Sveasoft is attempting to add restrictions to the GPL-licensed software it uses for its products. It is, in essence, imposing a penalty on anyone who redistributes its products. In the end, however, challenges to this model have not gotten far, and the Free Software Foundation has stated that Sveasoft is in compliance with the GPL - at least, with regard to its support agreements. It seems that the story does not stop there, however. Sveasoft makes "pre-release" versions of its firmware available to subscribers. In practice, it seems that these "pre-release" releases are the actual product; the "public" releases tend to lag far behind. It also seems that the corresponding source is not made available to anyone - not even subscribers. Sveasoft argues that, since this is a limited, "pre-release" distribution, it is not obligated to provide source as well. The GPL, however, makes no exceptions for "pre-release" distribution. The OpenWRT Project, on whose work Sveasoft's product is based, has had enough. So, in March, the project notified Sveasoft that its OpenWRT license was terminated due to GPL violations. From OpenWRT's point of view, Sveasoft no longer has any rights to be distributing OpenWRT's work in any form. Sveasoft responds that it remains in compliance with the GPL, and that OpenWRT has improperly incorporated Sveasoft code which was never meant to be licensed under the GPL - a charge that OpenWRT developers deny. Since then, there has been a great deal of discussion, and Sveasoft's proprietor has come forward with an offer to create source tarballs on request for any subscriber who has received a copy of the binary firmware. There is also apparently an updated source tarball available to subscribers, though there has been no independent confirmation, yet, that it contains all of the source it should. The OpenWRT project has not, in any public way, rescinded its revocation of Sveasoft's license. Still, it would appear that public pressure has helped to move things in the right direction. For now, at least. History suggests that Sveasoft will continue to push the boundaries of the GPL. Recent history also suggests, however, that Sveasoft may become less relevant in this area; by many accounts, the fully-free alternatives - beyond OpenWRT itself - go beyond the Sveasoft offerings in a number of ways. See this page on LinksysInfo.org for a detailed comparison of a few projects.
Security .desktop files and securityOne of the areas of quiet cooperation between the GNOME and KDE projects is the shared specification for .desktop files. These files create a connection between an icon on the desktop and an application to be launched or file to be accessed when the icon is clicked upon by the user. The format is simple and flexible, and it allows the same desktop icons to be implemented on either desktop system.There is been an ongoing level of concern over these files, most recently voiced by Sam Watkins on the XDG mailing list. The issue that that .desktop files are, for all practical purposes, shell scripts capable of doing anything that the user can do. But they do not have to be marked as executable, and they have complete control over how they are presented on the desktop. A .desktop file can show up as a document or image file, but actually be some sort of hostile script. A user, hoping only to view a file which has shown up on the desktop, may end up running something entirely different. A number of ways of addressing the issue have been proposed. The simplest, perhaps, is to require that .desktop files have execute permission to be launched. Since setting that bit requires an explicit action on the part of the user, a hostile icon cannot be put directly onto the desktop by, for example, a file downloaded via a web browser. Some people have objected that .desktop files are not actually executables - they cannot be run from the command line. Putting a suitable #! line at the beginning of the file would fix that, however. Another possibility would be to mark known-good .desktop files with an extended attribute. If an attempt was made to launch an unmarked file, a suitably scary dialog would be put up and confirmation required from the user. Or, .desktop files with executable content could be restricted in the set of icons they could use, so that, at least, the fact that a program would be run would be obvious. Or some sort of global system database could keep track of the trusted .desktop files. Perhaps the most elaborate suggestion is to run all .desktop programs (and perhaps others) in a tightly-restricted sandbox with little access to the rest of the system. With some work, the desktop environment could be reworked to make most things work transparently for users. For example, selecting a file in a file-browser dialog would grant the right to access that file to the associated application. The Plash project has made progress toward the implementation of such a system. Which of these solutions will be adopted, if any, remains to be seen. It is not clear that everybody sees a real problem with the capabilities of .desktop files. Experience has shown, however, that even difficult and unlikely attack vectors will be exploited eventually. It would be a shame if the adoption of desktop Linux were to be held back by security concerns.
Brief items Coverity: one bug fixed every six minutesCoverity has sent out a press release claiming that free software projects fixed one bug every six minutes in the week following the release of the results from the company's first scan. "In seven days, the defect density for 32 open source projects analyzed dropped from 0.434 defects per thousand lines of code to 0.371 defects. Samba, a widely used open source project used to connect Linux and Windows networks, showed the fastest developer response, reducing software defects in Samba from 216 to 18 in the first seven days."
New vulnerabilities dia: buffer overflows
horde: two remotely exploitable vulnerabilities
kaffeine: buffer overflow
mailman: denial of service
mediawiki: cross-site scripting
MySQL: logging bypass
php: insecure data
samba: clear text password exposure
storebackup: multiple vulnerabilities
Updated vulnerabilities ADOdb: PostgresSQL command injection
apache: cross-site scripting
blender: integer overflow
bzip2: race condition and infinite loop
cairo: denial of service
ktools: buffer overflow
cpio: arbitrary code execution
crossfire: arbitrary code execution
curl: heap-based buffer overflow
cyrus-imapd: buffer overflows
dia: missing input sanitizing
emacs21: format string vulnerability in "movemail"
enscript: arbitrary code execution
fetchmail: multidrop bug
Foomatic: Arbitrary command execution in foomatic-rip
freeradius: authentication bypass
gdb: multiple vulnerabilities
gedit: format string vulnerability
gnupg: incorrect signature verification
grip: buffer overflow
gzip: arbitrary command execution
imap: buffer overflow in c-client
ipsec-tools: denial of service
kdebase: local root vulnerability
kdelibs: kate backup file permission leak
kernel: multiple vulnerabilities
kernel multiple vulnerabilities
libapreq2: algorithm weakness
libgadu: memory alignment bug
libgd2: buffer overflows in PNG handling
libpam-ldap: authentication bypass
libpng: heap based buffer overflow
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
lynx: arbitrary command execution
mod_python: remote access vulnerability
mozilla: multiple vulnerabilities
Mozilla Thunderbird: remote code execution and DoS
nbd: arbitrary code execution
ncpfs: multiple vulnerabilities
ntp: uses wrong gid
openmotif: buffer overflows
OpenSSH: double shell expansion
perl: setuid vulnerabilities
phpbb2: multiple vulnerabilities
phpMyAdmin: multiple vulnerabilities
pound: HTTP Request Smuggling Attack
Py2Play: remote execution of arbitrary Python code
scorched3d: multiple vulnerabilities
squirrelmail: multiple vulnerabilities
sudo: vulnerability via scripts
tar: buffer overflow
File overwrite vulnerability in tar and unzip
tcpdump: multiple DoS issues
tetex: integer overflows
texinfo: temporary file vulnerability
tin: buffer overflow
unzip: long file name buffer overflow
uw-imap: buffer overflow
w3c-libwww: possible stack overflow
webcalendar: multiple vulnerabilities
xine-lib: buffer overflows
xine-ui - insecure temporary file creation
xloadimage: buffer overflows
xpdf: buffer overflow
xpdf: potential vulnerabilities
xpdf: denial of service
xpdf: integer overflows
zlib: buffer overflow
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch is 2.6.17-rc1, released by Linus on April 2. Patches merged since last week include the splice() and sync_file_range() system calls (see below), hotplug memory support for User-mode Linux, an LED subsystem, the conversion of local_t into a signed type, basic support for braille devices in the input layer, and the "ipath" driver for PathScale InfiniPath devices. See last week's and the previous week's summaries for detailed lists of changes in 2.6.17-rc1. For even more detail, see the short-form and long-format changelogs.No patches have been merged into the mainline since 2.6.17-rc1 was released. The current -mm tree is 2.6.17-rc1-mm1. Recent changes to -mm include a lot of fixes and a new version of the kgdb debugger, but little in the way of major changes.
Kernel development news Quote of the week
Which part of "sysfs patches can be written by idiots and usually
are" is too hard to understand? Oh, wait. I see... Well,
nevermind, then...
-- Al Viro is back.
The LWN Kernel Page in CzechYour editor, who has enough trouble putting together a Kernel Page in English, has never seriously thought about supporting other languages. It is, however, pleasant to see that this page can now be found translated into Czech, thanks to Robert Kratky. Hopefully this work will be useful to Czech readers.
Two new system calls: splice() and sync_file_range()The 2.6.17 kernel will include two new system calls which expand the capabilities available to user-space programs in some interesting ways. This article contains a look at the current form of these new interfaces.
splice()The splice() system call has a long history. First proposed by Larry McVoy in 1998; it was seen as a way of improving I/O performance on server systems. Despite being often mentioned in the following years, no splice() implementation was ever created for the mainline Linux kernel. That situation changed, however, just before the 2.6.17 merge window was closed when Jens Axboe's splice() patch, along with a number of modifications, was merged. As of this writing, the splice() interface looks like this:
long splice(int fdin, int fdout, size_t len, unsigned int flags);
A call to splice() will cause the kernel to move up to len bytes from the data source fdin to fdout. The data will move through kernel space only, with a minimum of copying. In the current implementation, at least one of the two file descriptors must refer to a pipe device. That requirement is a limitation of the current code, and it could be removed at some future time. The flags argument modifies how the copy is done. Currently implemented flags are:
Internally, splice() works using the pipe buffer mechanism added by Linus in early 2005 - that is why one side of the operation is required to be a pipe for now. There are two additions to the ever-growing file_operations structure for devices and filesystems which wish to support splice():
ssize_t (*splice_write)(struct inode *pipe, struct file *out,
size_t len, unsigned int flags);
ssize_t (*splice_read)(struct file *in, struct inode *pipe,
size_t len, unsigned int flags);
The new operations should move len bytes between pipe and either in or out, respecting the given flags. For filesystems, there are generic implementations of these operations which can be used; there is also a generic_splice_sendpage() which is used to enable splicing to a socket. As of this writing, there are no splice() implementations for device drivers, but there is nothing preventing such implementations in the future, for char devices at least. Discussions on the linux-kernel suggest that the splice() interface could change before it is set in stone with the 2.6.17 release. Andrew Tridgell has requested that an offset argument be added to specify where copying should begin - either that, or a separate psplice() should be added. There is also some concern about error handling; if a splice() call returns an error, how does the application tell whether the problem is with the input or the output? Resolving those issues may require some interface changes over the next month or so.
sync_file_range()Early in the 2.6.17 process, some changes to the posix_fadvise() system call were merged. The new, Linux-specific options were meant to give applications better control over how data written to files is flushed to the physical media. The capabilities provided are needed, but there were concerns about extending a POSIX-defined function in a Linux-specific way. So, after some discussions, Andrew Morton pulled that patch back out and replaced it with a new system call:
long sync_file_range(int fd, loff_t offset, loff_t nbytes, int flags);
This call will synchronize a file's data to disk, starting at the given offset and proceeding for nbytes bytes (or to the end of the file if nbytes is zero). How the synchronization is done is controlled by flags:
An application which wants to initiate writeback of all dirty pages should provide the first two flags. Providing all three flags guarantees that those pages are actually on disk when the call returns. The new implementation avoids distorting the posix_fadvise() system call. It also allows synchronization operations to be performed with a single call, instead of the multiple calls required by the previous attempt. In the future, it may also be possible to add other operations to the flags list; the ability to request metadata synchronization seems to be high on the list. (Thanks to Michael Kerrisk - who agitated for this change - for providing some of the background information).
Priority inheritance in the kernelImagine a system with two processes running, one at high priority and the other at a much lower priority. These processes share resources which are protected by locks. At some point, the low-priority process manages to run and obtains a lock for one of those resources. If the high-priority process then attempts to obtain the same lock, it will have to wait. Essentially, the low-priority process has trumped the high-priority process, at least for as long as it holds the contended lock.Now imagine a third process, one which uses a lot of processor time, and which has a priority between the other two. If that process starts to crank, it will push the low-priority process out of the CPU indefinitely. As a result, the third process can keep the highest-priority process out of the CPU indefinitely. This situation, called "priority inversion," tends to be followed by system failure, upset users, and unemployed engineers. There are a number of approaches to avoiding priority inversion, including lockless designs, carefully thought-out locking scenarios, and a technique known as priority inheritance. The priority inheritance method is simple in concept: when a process holds a lock, it should run at (at least) the priority of the highest-priority process waiting for the lock. When a lock is taken by a low-priority process, the priority of that process might need to be boosted until the lock is released. There are a number of approaches to priority inheritance. In effect, the kernel performs a very simple form of it by not allowing kernel code to be preempted while holding a spinlock. In some systems, each lock has a priority associated with it; whenever a process takes a lock, its priority is raised to the lock's priority. In others, a high-priority process will have its priority "inherited" by another process which holds a needed lock. Most priority inheritance schemes have shown a tendency to complicate and slow down the locking code, and they can be used to paper over poor application designs. So they are unpopular in many circles. Linus was reasonably clear about how he felt on the subject last December:
"Friends don't let friends use priority inheritance".
Just don't do it. If you really need it, your system is broken anyway. Faced with this sort of opposition, many developers would quietly shelve their priority inheritance designs and go back to working on accounting code. The kernel development community, however, happens to have a member who has a track record of getting code merged in spite of this sort of objection: Ingo Molnar. History may well repeat itself, as Ingo (working with Thomas Gleixner) has posted a priority-inheriting futex implementation with a request that it be merged into the mainline. This approach, says Ingo, provides a useful functionality to user space (it is not meant to provide priority-inheriting kernel mutual exclusion primitives) while avoiding the pitfalls which have hit other implementations. The PI-futex patch adds a couple of new operations to the futex() system call: FUTEX_LOCK_PI and FUTEX_UNLOCK_PI. In the uncontended case, a PI-futex can be taken without involving the kernel at all, just like an ordinary futex. When there is contention, instead, the FUTEX_LOCK_PI operation is requested from the kernel. The requesting process is put into a special queue, and, if necessary, that process lends its priority to the process actually holding the contended futex. The priority inheritance is chained, so that, if the holding process is blocked on a second futex, the boosted priority will propagate to the holder of that second futex. As soon as a futex is released, any associated priority boost is removed. As with regular futexes, the kernel only needs to know about a PI-futex while it is being contended. So the number of futexes in the system can become quite large without serious overhead on the kernel side. Within the kernel, the PI-futex type is implemented by way of a new primitive called an rt_mutex. The rt_mutex is superficially similar to regular mutexes, with the addition of the priority inheritance capability. They are, however, an entirely different type, with no code shared with the mutex implementation. The API will be familiar to mutex users, however; in brief, it is:
#include <linux/rtmutex.h>
void rt_mutex_init(struct rt_mutex *lock);
void rt_mutex_destroy(struct rt_mutex *lock);
void rt_mutex_lock(struct rt_mutex *lock);
int rt_mutex_lock_interruptible(struct rt_mutex *lock,
int detect_deadlock);
int rt_mutex_timed_lock(struct rt_mutex *lock,
struct hrtimer_sleeper *timeout,
int detect_deadlock);
int rt_mutex_trylock(struct rt_mutex *lock);
void rt_mutex_unlock(struct rt_mutex *lock);
int rt_mutex_is_locked(struct rt_mutex *lock);
The alert reader may have noticed that this looks much like the realtime mutex type found in the realtime preemption patch. Ingo once said that the realtime patches would slowly trickle into the mainline, and that is what appears to be happening here. With this patch set, the PI-futex code is the only user of the new rt_mutex type, but that could certainly change over time. The PI-futex patch also includes a new, priority-sorted list type which could find users elsewhere in the kernel. There has been relatively little discussion of this patch so far; it has been included in recent -mm trees. It is too late for 2.6.17, but, if no real opposition develops, the PI-futex code might just find its way into a subsequent kernel.
On the safety of the sysfs interfacesOne of the patches in the upcoming 2.6.16.2 stable kernel release is a fix for a security vulnerability designated as CVE-2006-1055. It makes a small change to the code which implements the ability to write to sysfs attributes; with this change, the maximum amount of data which can be written to an attribute is PAGE_SIZE-1 bytes, or 4095 on most systems. Since last June, the limit had simply been PAGE_SIZE, allowing a full page to be written.Since the page is zeroed before being filled, this change ensures that the data coming from user space will be null-terminated when it is passed to the specific sysfs store() function. Without that assurance, that function might have proceeded merrily off the end of the one-page buffer, accessing data which did not come from user space and possibly overwriting buffers elsewhere. The possibility of this happening was enough to raise security fears and motivate a quick fix. The interesting thing is that the prototype for the store() function is:
ssize_t (*store)(struct kobject *kobj, struct attribute *attr,
const char *buffer, size_t size);
The size parameter is the amount of user data being passed in. So, one might ask, why bother null-terminating the buffer, when its size has already been made available to the receiving code? Certain developers, whose code was receiving 4096-byte data via sysfs attributes, have, indeed, asked that question. The question was answered, in one way, in the message featured in the quote of the week. More diplomatically, one might say that, regardless of how the interface was designed, a number of sysfs attribute implementations have be coded on the assumption that the incoming data will be null-terminated. So they do not bother to check the length of that data, and they will do bad things in the absence of the expected terminator. With the 2.6.16.2 patch, the situation will be fixed and those implementations made safe again. But it is hard not to be a little nervous about the situation. If there is carelessly-written code in the tree, there may be other issues with it as well, and the return of null-termination may not help much. It would be nicer if there were a way to verify that the interfaces were being used correctly. In the mean time, people writing sysfs interfaces - each of which is an interface to user space and a possible target of attack - may want to look a little more carefully at their code before submitting it.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Architecture-specific
Security-related
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Debian Project Leader elections - who votesThe third call for votes has gone out for this year's Debian Project Leader elections and the project secretary reports a low ebb for voter participation. By this time next week a new DPL will have been chosen. As the Debian developers muddle though their decision, others ask why this election is restricted to Debian Developers. What about all the other people who regularly contribute time and effort to the Debian project?All Debian elections are open to the Developers, those people who have their key on the official key ring. This makes validation of votes easier. All votes must be signed by a key and if that key isn't on the keyring, it doesn't count. Also the secretary can track who has voted and make sure that each person's vote is counted only once. (It's possible to change your vote by sending in an amended ballot, which then invalidates the previous ballot.) But the Debian Project continues to grow and part of that is an increasing number of people who contribute to Debian without becoming Debian Developers. They help out as translators, package maintainers, and other places and they care about the issues. What they don't have is their key on the keyring, so they can't vote. Those people who are Debian Developers have worked hard to get there. Voting is a privilege that they have earned. Still, it seems clear that Debian cannot afford to disenfranchise the many others who contribute to the project. As Benjamin Mako Hill posted, "I'd like to see those who have made long-term, sustained, and significant contributions to Debian enfranchised. That could mean broadening the category of developer through changes to NM or it could also mean another enfranchised category of contributor." Perhaps it's time for a second keyring. One that doesn't give it's members all the privileges of a Debian Developer (like access to the servers), but shows that one has made a commitment to the project and deserves the right to vote.
New Releases Debian Live Initiative releases first code (DebianPlanet)DebianPlanet reports that the website live.debian.net is now available. "Debian Live aims to make software to produce official Debian Live CDs, rather like Knoppix. The first version uses the Casper technology created by Ubuntu."
Dapper Drake Flight 6Ubuntu has announced the availability of Flight 6 ISO images, the latest alpha of Dapper Drake. Flight 6 is available in Ubuntu, Kubuntu and Edubuntu flavors as a Live CD image and an install image. Xubuntu install CDs are also available this time around.
SUSE Linux 10.1 Beta9SUSE Linux has released a ninth beta for the upcoming 10.1. The schedule for 10.1 has changed. Beta 9 should be followed by RC1 on April 12, with a Goldmaster release by the end of the month.
Musix GNU+Linux 0.39 has been released!Musix GNU+Linux v0.39 has been released. This is an experimental version using the latest versions of many applications, so be ready to file bug reports.
New CDMEDIC Live CD (LinuxMedNews)LinuxMedNews covers the release of CDMEDIC Live CD fusion.iso v2.0. This is a live CD created with Linux Live Scripts, based on Debian sid and UnionFS. "The aim of this new CDMEDIC Live CD is to make a free distribution for complex medical data such as PET-CT, with the possibility of creating, reviewing, manipulating and distributing medical images and reports accessible from any operating system."
Distribution News The end of the Fedora FoundationRed Hat has sent out a rather long (but worth reading - click below) message on why there will not be an independent Fedora Foundation after all. It comes down to this: "Red Hat *must* maintain a certain amount of control over Fedora decisions, because Red Hat's business model *depends* upon Fedora. Red Hat contributes millions of dollars in staff and resources to the success of Fedora, and Red Hat also accepts all of the legal risk for Fedora. Therefore, Red Hat will sometimes need to make tough decisions about Fedora." Instead, there will be a new Project Board populated initially by five Red Hat people (Jeremy Katz, Bill Nottingham, Elliot Lee, Chris Blizzard, and Rahul Sundaram) and four community members (Seth Vidal, Paul W. Frields, Rex Dieter, and one to be named). The project chairman, who can veto board decisions, will be Max Spevack.
New Grimoire Lead for Source MageThe Source Mage GNU/Linux project has elected a new lead for the Grimoire Team. "So who is our new Grimoire Lead? Well I have a surprise for you as the new Grimoire Lead is none other than Arwed von Merkatz (50%, 56% with the roll-over votes), with Seth Woolley (34%, 47% with the roll-over votes) coming in a close second! We had an 91% turnout (with 16% abstaining) for this vote, so I would like to thank all of those who voted to make this one of our highest turnouts yet. =)"
The end of AudioSlackLuke Yelavich, creator of AudioSlack, has announced that he is moving on to new pursuits and will no longer maintain the distribution.
New Distributions Ehad Linux'Ehad' (the Hebrew word for the numeral '1') and Ehad Linux is an Israeli project offering a repackaging of standard Mandriva Linux binary packages, in order to provide a single localized installation CD for Mandriva users in Israel. The current stable release is Ehad 2006 Classic edition - release 2 (compatible with Mandriva Linux 2006). (Thanks to Shlomi Fish)
Games KnoppixGames Knoppix is live CD/DVD with lots of games. Here's a list of what you'll find on the most release, 4.0.2-0.3 DVD. (Thanks to Shlomi Fish)
Distribution Newsletters Debian Weekly NewsThe Debian Weekly News for April 4, 2006 covers a CD installer images for GNU/kFreeBSD on AMD64, moving GFDL Documentation to non-free, the Debian Project Leader Election, extending voting privileges to (some) non-DDs, an Oracle repository for Debian, the Debian Conference Video License, and several other topics.
Fedora Weekly News Issue 40The Fedora Weekly News for April 3, 2006 looks at the FC5 SELinux FAQ, Fedora Tracker lives again!, FC5 Flash Font bug and workaround, Fedora's Way Forward, Thinkpad, Thinkpad, Thinkpad, Ogg, Ogg, Ogg, Fedora Core 5 Reviews, Textbooks on OpenOffice.org, and more.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for the week of April 3, 2006 covers Gentoo/MIPS stage 3 for Cobalt servers, Gentoo at LinuxWorld Expo Boston, and several other topics.
DistroWatch Weekly, Issue 145The DistroWatch Weekly for April 3, 2006 is out. "As always, April 1st was a perfect day for many web sites to come up with most unlikely stories, catching great many people. Now back to serious business, we are pleased to announce our first ever competition - a chance to win a copy of Beginning Ubuntu Linux. This new book for Linux novices is a great introduction to the world of Debian and Ubuntu and has already received a positive review on Slashdot. In other news: SUSE Linux 10.1 delayed once again, miscellaneous Debian happenings, an update on the Linux DVD that can boot 10 different live distributions, and a link to Hack In The Box - a web site that does a great job at keeping us informed about cybercrime. Finally, the recipient of our March 2006 donation is the GParted project."
Package updates Fedora updatesUpdates for Fedora Core 5: scim-hangul (new upstream release), scim-anthy (new upstream release), mrtg (update to mrtg-2.13.2), wpa_supplicant (bug fixes), policycoreutils (not specified), selinux-policy (not specified), mc (bug fixes), k3b (update to version 0.12.14), openoffice.org (fixes for a11y and font handling), pcmciautils (bug fixes), gnome-applets (bug fix), perl-HTML-Parser (upgrade to 3.51), perl-DBD-Pg (upgrade to upstream version 1.47), perl-Net-DNS (upgrade to upstream version 0.57), binutils (fix ld error message formatting), wpa_supplicant (work around older & incorrect drivers), logwatch (update to 7.2.1), gthumb (update to 2.7.5.1), newt (bug fix).Updates for Fedora Core 4: kernel (2.6.16.1), rpm (makefile fix, selinux fix), k3b (update to version 0.12.14), dovecot (bug fix).
Slackware updatesProgress on Slackware 11.0 continues. Abiword has been removed, KDE has been upgraded to 3.5.2, libmusicbrainz-2.1.2 and libtunepimp-0.4.2 have been added, plus lots of other upgrades. Click below to see a slice of the change log.
Trustix updatesTrustix Secure Linux has various bug fixes available for courier-imap, sqlgrey (v2.2 & 3.0) and kernel, samba (v2.2, 3.0 & Enterprise Server 2).
Newsletters and articles of interest Updating made easy with EasyUbuntu (Linux.com)Linux.com examines EasyUbuntu, a script which simplifies the installation of utilities for non-free media formats. "Ubuntu uses only open/free formats, so it doesn't include playback support for formats such as MP3, Windows Media Audio (WMA), and Audio Video Interleave (AVI) that may have some restrictions. If your country has no such restrictions or legal issues with these formats, the Restricted Formats article on the Ubuntu wiki can help you install software that plays such files. Or you can do it they easy way, with EasyUbuntu, a Python script that gives Ubuntu users access to commonly used applications and codecs through a neat graphical user interface (GUI)."
Mandriva RPM site is a labor of love (NewsForge)NewsForge takes a look at SeerOfSouls.com, a place to get RPMs for Mandriva Linux. "SeerOfSouls.com was born because of Wade's desire to help other people who are learning about Linux. "It started as a simple request one day to rebuild a package for a stable release, and it was appreciated by the user," he says. "I got a couple more requests and it escalated. I decided I would start doing it as much as I could. Little did I know it would end up being as big as it is currently, and still growing."" The site will soon branch out to include Fedora Core 5 RPMs.
The Perfect Xen 3.0 Setup For Debian (HowtoForge)HowtoForge covers the setup of Xen 3.0 on Debian Sarge (3.1). "I will use Debian Sarge for both the host OS (dom0) and the guest OS (domU). In an additional section at the end I will also show how to create a virtual local network with virtual machines, with dom0 being the router. This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web."
Distribution reviews My desktop OS: CentOS 4.2 (NewsForge)NewsForge hears from a CentOS fan. " I have been a Unix and Linux system administrator for more than 20 years, and have worked with many different operating systems. Over the last several years I've spent a lot of time with various versions of Red Hat Linux and Fedora Core, and I'm the editor of the Fedorazine online magazine. I run a Web consulting company, where I maintain several production servers for Web and email, and I need to have a stable production Linux environment for them. I chose to use CentOS as a platform for the servers, and since I already had a commitment to maintaining a number of different servers in CentOS, I decided a while ago to start using it on my desktop as well."
My Desktop OS: OpenVMS with CDE (NewsForge)NewsForge takes a look at OpenVMS. "Low cost: My desktop runs on the world's fastest workstation (as of 11 years ago). This investment, injected with a few expense dollars, has paid dividends 24x7 for years. Countless x86s and MIPSes have been come and gone, and the killer OS of the time was entombed long ago, yet critical software continues to run even on new hardware. Other OSes are camouflaged as backward-compatible, and porting existing software to these new versions is commonplace. OpenVMS's middle name is "backward compatible"; it continues to run the same 64-bit images that I compiled years ago."
Page editor: Rebecca Sobol Development The first alpha release of Python 2.5The first Alpha release of version 2.5 of the Python language has been announced.
This is an *alpha* release of Python 2.5, and is the *first*
alpha release. As such, it is not suitable for a production
environment. It is being released to solicit feedback and
hopefully discover bugs, as well as allowing you to determine
how changes in 2.5 might impact you.
A series of Python Enhancement Proposals (PEPs) detail the new features. Some of them include:
A.M. Kuchling's What's New in Python 2.5 document lists the above enhancements, and details some other modifications to the language. See the Python 2.5 release notes for more details on the new features and bug fixes in Python 2.5. Downloads and more information are available on the Python 2.5 page.
System Applications Database Software Bizgres 0.9 releasedVersion 0.9 of Bizgres has been announced. Changes include a merge with the PostgreSQL 8.1.3 source code, new bitmap-on-disk indexes, sort improvements and more. A commercial support program is also available.
Firebird 2.00 Release Candidate 1Version 2.00 Release Candidate 1 of the Firebird database has been announced "Firebird 2 contains a large number of new features, including derived tables, support for Execute Block, increased table sizes, new improved index code (the 252-byte index length limit is no longer applicable), expression indices, numerous optimiser improvements, enhanced security features, support for on-line incremental backups, new international language support, along with numerous other improvements and bug fixes."
PostgreSQL Weekly NewsThe April 2, 2006 edition of the PostgreSQL Weekly News is online with new PostgreSQL articles and resources.
Interoperability Samba 3.0.22 is availableSamba version 3.0.22 has been announced. "This is a security release of Samba. The Samba 3.0.21 release series (including the patch releases a through c) has been discovered to expose the clear text of the server's machine account credentials in the winbind log files when the log level is set to 5 or higher."
Security GnuPG 1.4.3 releasedStable version 1.4.3 of GNU Privacy Guard (GnuPG), a tool for secure communication and data storage, is available with a long list of new features.
Web Services httplib2: HTTP Persistence and Authentication (O'Reilly)Joe Gregorio discusses HTTP persistence and authentication in an O'Reilly article. "In this latest Restful Web column, Joe Gregorio explains HTTP persistent connections, pipelining, and the sad state of HTTP authentication."
Desktop Applications Audio Applications LASH 0.5.1 releasedVersion 0.5.1 of LASH is out with bug and usability fixes. "LASH is a session management system for GNU/Linux audio applications. It allows you to save and restore a complex setup of many applications connected together (via Jack and Alsa sequencer) with a single click of a button."
MusE 0.8.1 releasedVersion 0.8.1 of MusE, a multi-track virtual studio, is out. "It is basically a bug fix release for a note-off bug that crept into 0.8."
Snd-ls V0.9.5.5, Das_Watchdog V0.2.2 and Ceres V0.44The audio utilities Snd-ls V0.9.5.5, Das_Watchdog V0.2.2 and Ceres V0.44 have been released.
Desktop Environments GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Electronics Covered 0.4 releasedStable version 0.4 of Covered, a Verilog code coverage analysis tool, is out with a long list of bug fixes.
Games Security vulnerabilities in Armagetron Advanced 0.2.8 (SourceForge)Version 0.2.8 of the game Armagetron Advanced has a security vulnerability. "All 0.2.8 beta and release candidate versions of Armagetron Advanced and 0.2.8.0 itself are vulnerable to file path related attacks. Versions 0.2.7.1 and earlier lack the features that introduce the vulnerability and are safe."
Instant Messaging Gaim 2.0.0 Beta 3 releasedVersion 2.0.0 beta 3 of Gaim, an instant messaging client, is out. "We'd like to note that none of the beta 3 RPMs include a Gadu-Gadu protocol plugin. So if you need Gadu-Gadu then you should stick with beta 2. And as my pappy always used to say: don't hitch your wagon to a stump if it has eyes. We never did know what he was talking about."
Interoperability Wine 0.9.11 releasedVersion 0.9.11 of Wine has been announced. Changes include: Fake dll files created in the system directory to help installers, Desktop mode now properly supports multiple processes, Better type parsing in dbghelp, Several OpenGL fixes, A bunch of Unicode functions in advpack and Lots of bug fixes.
Wine Weekly NewsletterThe April 2, 2006 edition of Wine Weekly Newsletter is online with coverage of the Wine project. Topics include: Wine 0.9.11, Software Freedom Law Center Update, Non-Profit Status?, Using Photoshop Plugins with Gimp, Vista App Compatibility, New Kernel Option & Wine, New apt Repository, Major Changes to Desktop Mode and Finishing advpack.dll.
Multimedia Creative Commons releases ccHost 2.0Version 2.0 of ccHost is available. "ccHost, an Open Source project that provides web-based infrastructure to support collaboration, sharing, and storage of multi-media using Creative Commons licenses and metadata, released version 2.0 today. This major feature release combines approximately six months of development, usage, and testing into packages that anyone may download, install, and use to build on-line media sharing communities."
Music Applications Khagan 0.1 releasedVersion 0.1 (the initial release) of Khagan has been announced. "Khagan is a live user interface builder for controlling parameters via OSC. It's mainly aimed at the Om modular synth but anything OSC can be controlled. You can create gui's using the phat widgets. The pad widget is xinput ready and if used with a graphics tablet allows 5-d control."
Pyphat 0.1 and phat 0.4 released.Pyphat 0.1 and phat 0.4 is out. "Phat pad is a 5-d input pad that is xinput enabled. X, y, pressure, tilt x and tilt y can returned when used with an xinput device such as a graphics tablet. Knobs and fansliders know have a log mode and an resize bug in sliderbuttons is fixed."
kluppe 0.5.2 releasedVersion 0.5.2 of kluppe, a JACK-based loop player designed for live-use, is out. Changes include bug fixes and display improvements.
Office Suites OpenOffice.org NewsletterThe March, 2006 edition of the OpenOffice.org Newsletter is online with a new collection of OpenOffice.org articles.
Video Applications First release of DIVA (GnomeDesktop)GnomeDesktop.org mentions the initial release of DIVA, a mono-based video editing tool. "This is the initial, ALPHA release of Diva. Please do bear in mind it contains bugs and is not meant for general usage (yet). In particular, this software has received very little testing with NTSC video. Although theoretically things should work fine, they might not and be prepared for that."
Miscellaneous JBidwatcher 1.0pre6 released (SourceForge)Version 1.0 pre 6 of JBidwatcher is available. "JBidwatcher, a high quality, popular open source, cross-platform eBay bidding/sniping/monitoring application, announces the release of 1.0pre6. This version is a stepping stone to a major 1.0 release, but includes fixes for recent eBay changes that made JBidwatcher non-functional. Many UI cleanups and enhancements have been added as well."
Speech and Debate Timekeeper 1.4 Released (SourceForge)Version 1.4 of Speech and Debate Timekeeper has been announced. "Debate Timekeeper and IE Timekeeper, collectively called Speech and Debate Timekeeper, version 1.4 has been released for Windows, Mac OS X, Linux/Unix, PalmOS, and Pocket PC platforms. Speech and Debate Timekeeper is a collection of two multi-platform timer programs for all debate formats and individual events. They give visual and vocal time signals at user defined intervals. The debate timer has preprogrammed speech order and time limits for each debate format and keeps track of prep time for both sides. It is written in Java and uses SuperWaba."
Languages and Tools Caml Caml Weekly NewsThe March 28 - April 4, 2006 edition of the Caml Weekly News is out with new Caml language articles.
Python Python 2.4.3 final is outVersion 2.4.3 final of Python is available. "Python 2.4.3 is a bug-fix release. See the release notes at the website (also available as Misc/NEWS in the source distribution) for details of the more than 50 bugs squished in this release, including a number found by the Coverity Scan project."
wxPython 2.6.3.2 is outVersion 2.6.3.2 of wxPython, a cross-platform Python GUI toolkit, is available with bug fixes. See the recent changes document for details.
Dr. Dobb's Python-URL!The April 4, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.
Ruby Ruby Weekly NewsThe April 2nd, 2006 edition of the Ruby Weekly News looks at the latest discussions from the ruby-talk mailing list.
Tcl/Tk Dr. Dobb's Tcl-URL!The April 5, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.
Build Tools Maven 2.0: Compile, Test, Run, Deploy, and More (O'ReillyNet)Chris Hardin reviews Maven 2.0, a cross-platform Java project creation and management tool. "Maven is the new kid on the block, much like Ant was just a few short years ago. Maven 1.0 has been around for a few years and it was accepted by a wide audience of developers as an Ant replacement, but it offered very little relief from the old Ant build.xml file. Maven 1.0 was slow and clunky and using it was almost as difficult as getting started on a project with Ant. In fact, it was Ant at its core, and after an almost complete rewrite, Maven 2.0 was born."
Remake 0.61 releasedStable version 0.61 of Remake has been announced. "remake is a patched and modernized version of GNU make utility that adds improved error reporting, the ability to trace execution in a comprehensible way, and a debugger. The debugger lets you set breakpoints on targets, show and set variables in expanded or unexpanded form, inspect target descriptions, see the target call stack, and even execute arbitrary GNU make fragments (e.g. add a dependency to an existing target)."
Version Control Aegis 4.22 announcedVersion 4.22 of Aegis is out with new functionality and bug fixes. "Aegis is a transaction-based software configuration management system. It provides a framework within which a team of developers may work on many changes to a program independently, and Aegis coordinates integrating these changes back into the master source of the program, with as little disruption as possible."
AMIA Open Source EMR Review Statistics (LinuxMedNews)LinuxMedNews mentions a version control system comparison. "The AMIA Open Source EMR Review has developed a new method for studying version control systems. This is in order to make some objective statements about the development process from the three FOSS electronic medical record (EMR) projects being studied."
Miscellaneous lbDMF 0.7.0 releasedVersion 0.7.0 of lbDMF is out. lbDMF is: "A component based programming framework. This project is aimed to support various target frameworks. A wxWidgets based GUI sample app demonstrates the concept. There are additional console samples and regression tests, that shows the usage." The changes for this version include: "Added features are loading from and saving to a file. Such as configuration data. The GUI saves states like maximized or not, load or don't load last logged in application. New RPM/SRPM packages for Linux and Binary samples for all supported platforms"
Page editor: Forrest Cook Linux in the news Recommended Reading The Lessons of the $100 Laptop (eWeek)eWeek reports from Nicholas Negroponte's LinuxWorld keynote. "'I have come to a conclusion that every new release of software is distinctly worse than the other. Why? It's because the fat lady can't sing. There's a natural tendency to add stuff,' Negroponte said. 'Suddenly it [becomes] like a very fat person - uses most of their energy to move the fat. We've gotten to the point where we have to completely rethink.'"
Microsoft starts supporting, er, Linux (Register)The Register reports on Microsoft's virtualization announcements. "Microsoft today lobbed three massive bombs into the server virtualization market. First off, it will now support - wait for it - Linux, when the OS is running on top of its Virtual Server product. Secondly, Microsoft has made Virtual Server free. And, in a move few thought possible, Microsoft has teamed with the developers of the open source Xen product to gang up on server slicing leader VMware."
Trade Shows and Conferences LinuxWorld: Motorola reports on its experiences with Linux phones (NewsForge)NewsForge reports from LinuxWorld, where a Motorola manager discussed that company's experience with putting Linux in its phones. "Still unresolved, Vandenbrink says, is a common understanding of what it means to be a 'good GPL citizen.' Hardware and software vendors disagree, leaving different pieces of the stack at different levels of 'openness.' Motorola's stance is that a commitment to openness is critical; it learned that during its first generation of Linux phones."
The Open Source Legal Landscape, by Brendan Scott (Groklaw)Groklaw covers a talk by Brendan Scott at LinuxWorld, Sydney. "Brendan Scott, who heads up Open Source Law, just gave an interesting talk, "The Open Source Legal Landscape," at LinuxWorld in Sydney on Wednesday, and he has given me permission to share it with you on Groklaw. I think you'll find it very helpful, particularly if you are a company thinking of using GPL'd or other FOSS code, or if you are involved in a project that is trying to decide how to license your project. If you prefer, you can download it as a PDF. He explains a number of things, including why you should not get your legal advice from your engineers."
Penguin Day Seattle employs FOSS for good works (NewsForge)NewsForge reports from Penguin Day Seattle. " Free and open source software can help save the world. That was the point of Seattle's Penguin Day, which brought together nonprofits and FOSS advocates looking to support this other community. The event, held last weekend, drew organizations from around the country and around the globe, including Maryland, New York, Ohio, Texas, Washington, D.C., Canada, the UK, and Turkey."
The SCO Problem The End to the Trademark Tale (Groklaw)Groklaw reports that SCO has failed in its attempt to obtain the UNIX SYSTEM LABORATORIES trademark. "The USPTO denied the application, as you can see in their letter of final denial dated September 12, 2005. They had six months to respond to the letter, and if they failed, that would usually be the end of the process. That deadline came and went on March 13, 2006. According to the USPTO website, SCO did not file any response. What normally happens next? The application would be marked "Abandoned.""
Companies IBM offers bounty for Exchange customers (ZDNet)IBM is paying customers to dump Microsoft Exchange, according to this article on ZDNet. "IBM upped the stakes in an ongoing contest over corporate e-mail software with a program that offers business partners up to $20,000 to dump Microsoft's Exchange in favor of IBM's Lotus software on Linux. Dubbed "Migrate to the Penguin," the latest IBM incentive plan, to be announced later on Thursday, is an expansion of its Move2Lotus program, which is aimed at winning over third-party consultants and software resellers that work with Microsoft's Exchange."
Linux Adoption Linux to be top Oracle platform within a year (CBR)Computer Business Review reports on a survey done by the International Oracle Users Group claiming that Linux will become the top platform for Oracle databases within the next year. "By next year, respondents say those numbers will change to 44% Linux, 43% Solaris, followed by 37% Windows Server 2003 and, not surprisingly, a marked drop to 21% for Windows 2000. What's interesting is that the survey implies that migration to Linux will come, not only from Solaris, but Windows as well."
Tradeware trades Solaris for Red Hat (NewsForge)NewsForge finds another business that is replacing proprietary Unix with Linux. "Tradeware Global is a financial services company that allows securities brokers to provide direct market access to their clients. It currently handles 5% of all transactions in the New York and American stock exchanges. Tradeware is about halfway through with an infrastructure migration that is moving the company's 100+ servers off of Solaris and onto Red Hat Linux."
Legal Justices question eBay patent arguments (Yahoo)Yahoo has a Reuters article on the Supreme Court hearing of the eBay patent case. "'You're talking about a property right, and the property right is explicitly the right to exclude others,' Justice Antonin Scalia told eBay's lawyer. 'That's what a patent right is ... give me my property back.'"
Interviews A lawyer who is also idealist - how refreshing (Guardian)Glyn Moody talks with Eben Moglen about the GPLv3 effort in this Guardian article. "In the year 2006, the home is some real estate with appliances in it. In 2016, the home will be a digital entertainment and data processing network with real estate wrapped around it. The basic question then is: Who has the keys to your home? You or the people who deliver movies and pizza? The world they are thinking about is a world in which they have the keys to your home because the computers that constitute [your home's] entertainment and data processing network work for them, rather than for you."
Resources Setting up Linux compatibility on FreeBSD 6 (NewsForge)NewsForge has an article on running Linux applications under FreeBSD. "In this article I will cover the steps necessary to enable and configure Linux binary compatibility on FreeBSD 6. I'll also share a couple of my own experiences with getting some well-known desktop Linux applications to run on FreeBSD 6."
The Gemcutter's Workshop: Many Developments in the Ruby Community (Linux Journal)Linux Journal recaps news, events and releases in the Ruby world. "The past couple of weeks have been huge in the Ruby world. A number of major releases of popular Ruby packages were made, and several interesting posts were made to blogs and the Ruby mailing list. Let's now take a quick look at the bi-week that was."
Speed your code with the GNU profiler (developerWorks)IBM developerWorks covers the use of the GNU profiler. "The performance needs of software vary, but it's probably not surprising that many applications have very stringent speed requirements. Video players are a good example: a video player is not much use if it can only play a video at 75 percent of the required speed. Other applications, such as video encoding, are lengthy operations that are best run "batch" style, where you start a job and leave it running while you go do something else. Although these types of applications don't have such hard performance limits, increasing speed will still bring benefits, such as being able to encode more videos over a given period and being able to encode at a higher quality in the same time."
What Is Wireless Security (O'ReillyNet)O'ReillyNet looks at security in wireless networks. "Network security in a wireless LAN environment is a unique challenge. Whereas wired networks send electrical signals or pulses through cables, wireless signals propagate through the air. Because of this, it is much easier to intercept wireless signals. This extra level of security complexity adds to the challenges network administrators already face with traditional wired networks. There are a number of extremely serious risks and dangers if wireless networks are left open and exposed to the outside world. This article covers the types of attacks wireless networks encounter, preventive measures to reduce the chance of attack, guidelines administrators can follow to protect their company's wireless LAN, and an excellent supply of online resources for setting up a secure wireless network."
My sysadmin toolbox (Linux.com)Linux.com has another installment of the sysadmin toolbox. "I'm a librarian by trade, and while this tool may be a little specialized for general sysadmin work, if you're a librarian who's ever had to deal with Machine-Readable Cataloging (MARC) records, then the MARC Record Translation Program (MRTP) is for you. MRTP will take a file of MARC records and turn them into legible, readable records that are editable by hand or with Perl. Comparable in some respects to MarcEdit, this program is more of a scripting program than a GUI-based app. It's really only useful for a specialized market, but if you need it, you need it."
Windows Linux DualBoot Tutorial (Howto forge)Howto forge presents a tutorial on setting up a Windows/Linux dual-boot system. "This tutorial was written to help set up a dual boot on a SATA drive but it will also work for PATA so continue forward and I will let you know if you need to skip something. In order to have a fully functional dual boot system it is preferred that Windows be loaded first. After that you can load Linux and easily dump the boot configuration on Windows NTLDR file (comparable to Linux boot file)."
Reviews A look at GNOME 2.14 (Ars Technica)Ars Technica reviews GNOME 2.14. "The GNOME team recently announced another excellent release. GNOME 2.14 includes a variety of spiffy enhancements, bug fixes, improvements, and new features that make it the best GNOME desktop environment ever. Already available in Ubuntu Dapper and the recently released Fedora Core 5, GNOME 2.14 awaits your use and abuse. I've poked and prodded it and now I'm ready to talk about it." (Found on GnomeDesktop)
My quest for a Linux audio player (Linux.com)Linux.com looks at Linux audio players. "My test system is a Toshiba Tecra 9000 laptop with an Intel 82801CA-ICH3 sound card. I use Ubuntu Dapper Drake 6.04, GNOME, and the Advanced Linux Sound Architecture (ALSA). Dapper Drake is still a beta release of Ubuntu, which may have led to some of the instability I witnessed. I confined myself to looking at the audio players I could find included within the Ubuntu APT software repositories."
Gregarius aggregator succeeds with feeds (Linux.com)Linux.com looks at Gregarius. "Gregarius is written mainly in PHP, and available under the GNU General Public License (GPL). In order to run it you need a Web server, SQL database, and PHP with the appropriate extensions for accessing the database of your choice. Apache, with the mod_rewrite module, is the preferred Web server for Gregarius, although you can use other Web servers as well. The program supports MySQL and SQLite databases, and PostgreSQL support is on the way for an upcoming version."
Low-cost all-in-one remote access server runs Linux (LinuxDevices)LinuxDevices takes a look at Opengear's Linux-powered, remote access server. "The CM4001 is the lowest-cost model yet in Opengear's CM4000 line of remote access servers based on uClinux and other open source software. The new model is meant primarily to help IT departments support small branch offices, but can also be used by consultants and software vendors to support small clients, or by mobile users to access their office systems via Microsoft's RDP (remote desktop protocol) or via open source VNC (virtual network computing) software, Opengear says."
Is Linux Voice over IP Ready? (Linux Journal)Linux Journal takes a look at VoIP on Linux. "Linux generally has two types of sound architecture: the older Open Sound System or OSS, which works with every UNIX-like system, and the newer Advanced Linux Sound Architecture or ALSA, which has better support for Linux, as the name indicates. One application may support OSS and another, ALSA. When you have a choice, we advise you to select the use ALSA option in VoIP programs. Select ALSA or OSS settings for sound and recording levels accordingly in your distribution's volume control panel. We tested four applications, based on popularity. We tested all of them on Fedora Linux."
Miscellaneous Binghamton University and STOC Launch Linux Collaboration Center (LinuxElectrons)LinuxElectrons mentions a new Linux Technology Center that is being launched in Binghamton, NY. "The Linux Technology Center (LTC) will focus on improving basic and applied research in Linux-based and open-source applications by drawing together key competencies from the University and industry leaders, IBM and Mainline Information Systems, Inc. The center is expected to enhance research capabilities and expand the Linux knowledge base, fostering job creation and economic growth in the Greater Binghamton community and New York State."
Page editor: Forrest Cook Announcements Non-Commercial announcements MozillaZine Folding@Home Team Completes 10 Million Points (MozillaZine)MozillaZine covers the progress made by the Mozilla folding@home team. "Folding@Home is a project based on the distributed computing model, and aims to find a cure for diseases related to protein folding. Over a year ago, MozillaZine forum members had formed a folding@home team, and had entered the top 100 folding teams last year. We're pleased to announce that our team has been making steady progress and has completed 10,000,000 points towards the cause."
Portland Project releases desktop "technology preview"The community open source effort, the Portland Project, is releasing its first software that ties together the KDE and GNOME desktops. The protocols are being released to Independent Software Vendors (ISVs) for testing and the first beta is expected next month. The final set of the interfaces are slated for inclusion in the Linux Standard Base. The Portland Project has technology preview is available.
Software Freedom Conservancy launchedThe Software Freedom Law Center has announced the launch of the Software Freedom Conservancy, meant to provide free services to free software projects. "The Software Freedom Conservancy will be a fiscal sponsor for FOSS projects by providing free financial and administrative services to its members. It will provide individual developers protection from personal liability for their projects and will seek to provide participating projects with tax-exempt status, allowing them to receive tax deductible donations. The Conservancy will file a single tax return that covers each of the member's projects and will handle other corporate and tax related issues on behalf of its members." Initial members include Wine and Busybox.
Commercial announcements ARM Launches RealView Development Suite 3.0ARM Ltd has announced availability of its RealView Development Suite version 3.0. "With this release, ARM has created an integrated, end-to-end toolchain for true hardware/software co-development, optimized for the SoC features most requested by embedded systems developers. These features include an enhanced compiler optimization engine that results in more than 10 percent improvement on the EEMBC score, a powerful debug engine with multicore DSP awareness, high-performance compilation of Linux, and GNU tools interoperability."
Emu Software Releases Flagship Product NetDirector Under Open Source LicenseEmu Software has announced that the its flagship product, NetDirector, is now available under a modified version of the Mozilla Public License, the NetDirector Public License. NetDirector can be downloaded from the NetDirector community portal. Emu Software will continue to offer commercial support and release new management modules to extend the product's functionality in conjunction with partners and the open source community.
FSMLabs launches Compact Server PlatformFSMLabs, Inc. has announced a new real time compact server platform. "FSMLabs' RTCore technology scales seamlessly from single processor systems to multi-core silicon including the impressive 8-way / 16 core platform recently introduced by IWILL. "Running on eight dual core chips in a single box really highlights the flexibility of RT Linux and the utility of the dynamic processor reservation scheme in RTCore," said Cort Dougan, FSMLabs Director of Engineering. FSMLabs "processor reservation" technology permits real-time threads to set aside processors exclusively for real-time operations (typically data plane), while remaining CPU resources are shared among threads in enterprise-type loads (control and management plane)."
IBM provides Linux PPC64 machines to universitiesIBM has announced an effort to place 64 bit PowerPC machines in Universities. "IBM has been working with a small number of Universities around the world to assist them with their interest in getting closer to the Linux development community. IBM has provided 64-bit Linux on Power Architecture machines to the Universities who in turn host them for the Open Source development community at large. The Universities are interested in creating a closer connection w/ the Open Source community and contributing to it, and they feel this is a means of accomplishing that. These servers are freely available with a simple registration for use."
LPI Appoints Operations Manager for North America and Asia PacificThe Linux Professional Institute has appointed Larry McArthur as Area Operations Manager for North America and Asia Pacific. "Mr. McArthur has had an extensive career of broad executive-level experience at several global companies and has been very active in business activities in North America, China and Asia for over 30 years."
LPI Names Prosoft Learning Corporation as North American AffiliateThe Linux Professional Institute has announced a new affiliate, Prosoft Learning Corporation. "We are delighted to welcome Prosoft to our worldwide team of affiliates. Their successful history in providing highly innovative IT training and certification solutions makes them an ideal partner for our efforts to continue to spread Linux professionalism in North America, said Jim Lacey, president and CEO of LPI."
OpenVZ Project Releases Software to Support Fedora Core 5The OpenVZ project has announced the availability of its operating system level server virtualization software for Fedora Core 5. Also, the industry-exclusive "zero downtime migration" feature will be made available for the OpenVZ software.
Oracle's Cluster File System Endorsed by Linux CommunityOracle Corporation has announced the endorsement of its cluster filesystem by the Linux community. "Building on the company's long-term commitment to the Linux and open source community, Oracle today announced that its enterprise-class cluster file system has been accepted into the mainline Linux kernel. As the first cluster file system to be distributed with the Linux kernel, Oracle(R) Cluster File System 2 (OCFS Release 2) provides users with an open source alternative to proprietary cluster file systems."
Penguin Computing announces Scyld ClusterWarePenguin Computing, Inc. has announced its new Scyld ClusterWare portfolio. " Scyld ClusterWare, the latest evolution of the innovative architecture of Scyld Beowulf(R), provides a virtualized cluster environment that allows even non-system administrators to run a cluster. The new portfolio introduces support for multiple Linux platforms for broad compatibility with commercial applications and a high availability feature set to ensure maximum productivity in competitive HPC environments."
UGS Ships NX 4 product lifecycle management softwareUGS has announced the release of version 4 of its NX product lifecycle management software for Linux. "UGS is the world's first PLM software and services provider to offer a complete solution for the Linux environment. "This is a landmark step in the PLM industry and creates significant advantages for UGS customers," said Chuck Grindstaff, executive vice president, Products, UGS. "We announced our Linux plans last year and are now the first among our competitors to provide a complete world-class PLM solution for this popular operating environment."
VMware Introduces Open Virtual Machine Disk Format SpecVMware, Inc. has announced its virtual machine disk format specification. "This will enable use by all developers, software vendors and projects and includes open licensing compatible with those operating under open source licenses such as the GPL. In addition, VMware is committed to supporting any other open virtual machine disk formats broadly adopted by customers and working toward converging on open standards in this area. "Encouraging the use of a common virtual machine disk format should lead to better interoperability across the industry."
LinuxWorld AnnouncementsOpen-Xchange Inc. has announced that its open source collaboration server Open-Xchange has been named a finalist for a LinuxWorld Expo Product Excellence Award in the "Best Messaging Solution" category.rPath has announced that its flagship product has been selected as a finalist in two categories at LinuxWorld Boston 2006 Product Excellence Awards, Best Virtualization Solution (rBuilder Online) and Best Systems Management Tool (rBuilder). Novell has announced a beta program for Mono 1.2, the upcoming availability of SUSE Linux 10.1, and the company has introduced a Linux* build service framework that will simplify the creation of Linux packages for SUSE Linux or any other Linux distribution and will become the development platform for future SUSE Linux distributions. Product demos: See Collax Linux-based servers at the Emu Software booth, Appro XtremeServers at the Appro booth and the AMD booth, and storage solutions from Coraid, "the Linux Storage People", in booth # 107.
New Books Head Rush Ajax - O'Reilly's Latest ReleaseO'Reilly has published the book Head Rush Ajax by Brett McLaughlin.
Ajax Hacks - O'Reilly's Latest ReleaseO'Reilly has published the book Ajax Hacks by Bruce Perry.
Resources Linux Heavies Weigh in on Grid / Virtualization DirectionsA new edition of the Globus Consortium Journal has been announced. "What is it about the Linux operating system that makes it so well-suited for Grid computing, virtualization and clustering? In today's new release of the Globus Consortium Journal (www.globusconsortium.org/journal), Linux and Grid professionals answer that question."
The Linux Documentation Project Weekly NewsThe April 4, 2006 edition of the Linux Documentation Project Weekly News is available. Topics include: Discussions on The LDP lists, Updated HOWTOs, FAQs and Guides, Mirror information update and The LDP/LDPWN mini-HOWTO.
Linux Gazette #125The April edition of Linux Gazette is out. Articles include A Brief Introduction to IP Cop, by Edgar Howell, Implementing a Simple Char Device in Linux, by Ranjeet Mishra, Digging Secure Tunnels with IPsec, by René Pfeiffer, uClinux on Blackfin BF533 Stamp - A DSP Linux Port (Part 2), by Pramode C.E., How to Give Linux Away, by Scott Ruecker, plus the usual features.
OS Reviews launchesOS Reviews, a site dedicated to reviews of free software, has announced its existence. Currently posted are reviews of AppArmor, OpenVPN, Battle For Wesnoth, Octave, Bacula, and more; the reviewer appears to be doing a fairly thorough job. See the OS Reviews mission statement for more on what the site is trying to do.
Education and Certification Ubuntu certification from LPIThe Linux Professional Institute and Canonical have announced the creation of a certification examination for the Ubuntu distribution. "The Ubuntu certification will consist of a single exam on top of LPI's existing 101 and 102 exams. This will give candidates the advantage of an existing global standard, LPIC-1, plus the 'Ubuntu Certified Professional' status." The exam expected to be widely available in June.
Calls for Presentations RUXCON 2006 Call for PapersA Call for Papers has gone out for RuxCon 2006, a security conference. The event will take place in Sydney, Australia on September 30 - October 1, 2006. Submissions are due by August 31.
Upcoming Events CMP Media Launches DSO World at ESCCMP Media has announced the DSO World event at the Embedded Systems Conference in San Jose, CA. "CMP Media will launch DSO World, a 3-day event co-located with the annual Embedded Systems Conference Silicon Valley, in Booth #1016, April 4 - 6, 2006. CMP joins Intel, IBM, Wind River, ENEA, and Freescale to address key topics of DSO (device software optimization). DSO World will feature the most up-to-date, practical information to help technology and business managers choose the best strategies and approaches for delivering top performance, scalability, and ROI."
Register and book accommodation for GUADEC 2006 (GnomeDesktop)GnomeDesktop.org has posted a reminder for the GUADEC 2006 registration. "The GUADEC 2006 registration has started. Make sure to check the discounts you may get as a group or as a GNOME Foundation member. We recommend you to book accommodation with us in the GNOME Village, you won't get better prices out there, probably not as much fun either. And think this seriously: bring your partner, your friends, your family... (well, maybe not all at the same time). Vilanova 2006 is going to be interesting and fun also for them, with a top summer location in the coast and near Barcelona city."
openSUSE at LinuxWorld Conference and ExpoThe openSUSE project has announced its LinuxWorld Conference & Expo presentations. "openSUSE.org is present at next week's LWE in Boston at booth #325. We'll show the current SUSE Linux 10.1, the openSUSE build service and give an general overview over the openSUSE project."
OSDL Desktop Linux Group Gets Ready for Busy MonthThe OSDL will hold several summits at the upcoming LinuxWorld Boston conference as well as other summits on printing, power management and wireless networking through the month of April. "The Open Source Development Labs (OSDL) today announced that members of its Desktop Linux (DTL) working group will lead an interactive panel discussion on the increasing evolution of Linux from server to desktop at the LinuxWorld East conference in Boston. The panel, "The State of the Linux Desktop," is scheduled to take place on April 4, 2006 at 2:30 p.m. ET in room 104C."
SESS06 call for participationA call for participation has gone out for Software Engineering for Secure Systems (SESS06). The event takes place in Shanghai, China on May 20-28, 2006 in conjunction with the 28th International Conference on Software Engineering.
Events: April 6 - June 1, 2006
Audio and Video programs Richard Stallman at Torino: transcript and videoCiaran O'Riordan has posted a transcript of Richard Stallman's March 18 talk in Torino, Italy. This talk was centered on the GPLv3. "However, freedom zero does not include imposing your purposes on someone else who is going to run the program, because his freedom zero is the freedom to run the program for any purpose of his. So, there is no such thing as the freedom to use any software to impose your purpose on someone else, in fact, that should be illegal. I'm serious. And that's what DRM is." The talk is also available as an Ogg Theora video stream.
Page editor: Forrest Cook Letters to the editor Misleading Information in Article "The Grumpy Editor's guide to RSS aggregators"
Hello,
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Python]](/images/ns/python.png)
This is the first release in a series of alpha and beta releases.
The final Python 2.5 will not arrive until August of 2006, according to
the