LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for June 1, 2006Ubuntu Dapper and the distribution businessUbuntu's "Dapper Drake" release - more prosaically known as "6.06 LTS" - is due on June 1, and may well be available by the time you read this article. A distribution release is not a particularly rare occurrence in the Linux community, but there are a couple of things about Dapper which are just a little bit unusual and worthy of note.The "LTS" in this release's name stands for "long term support"; this distribution comes with a promise of security updates for five years (on server systems) or three years (on desktop systems). Exactly how that distinction will be made is not entirely clear; one assumes that, for example, graphical mail clients will go unsupported in June, 2009, while mail transfer agents will continue to get updates into 2011. That is the longest credible support promise ever made for a free distribution, and it may change the commercial landscape in interesting ways. There are many situations where the deployment of a Linux system makes a great deal of sense. In many of those, one wishes to start with reasonably current software, but to not have to worry much about upgrades for a long time thereafter. Web servers, print servers, database servers, kiosks, point of sale systems, and more all fall into this category. Once the system works, any sort of software change offers downtime and the risk of problems, but little in the way of advantages - except, of course, for security fixes. Anybody planning such a deployment must consider how the system will be supported and kept secure through its operating life. In recent years, the available choices have fallen into these categories:
Ubuntu's five-year guarantee provides another choice: install Dapper, and obtain updates until 2011 with no costs at all. The existence of the Ubuntu Foundation, with its $10 million nest egg, helps to make that five-year promise credible, and Ubuntu's record with security updates has been, so far, quite good. So it would not be surprising to see significant uptake on Ubuntu's promise. Whether those new Ubuntu users will come at the cost of the enterprise distributions, or whether they are mostly people getting away from the (relative) upgrade treadmill of the free distributions, remains to be seen. That leads to the other interesting aspect of this release: the increasing friendliness between Ubuntu/Canonical and Sun Microsystems. The two have just announced that the Dapper release will include a version for Sun's new Niagara SPARC architecture, and Sun executives are issuing quotes on how important a distribution Ubuntu is. Clearly something is going on here. Sun's troubles in recent years have been well documented; to a great extent, Sun's customers have been steadily turning into customers of the enterprise distributions. To Sun, Ubuntu may well look like an opportunity to poke holes in the revenue streams of its main competitors. Ubuntu, in turn, may see Sun's support (and the Niagara port) as a way to gain a foothold in the server market. If Sun's new servers find customers, Ubuntu will be the obvious distribution for any of those customers who wish to run Linux. How all of this plays out will be interesting to watch. Ubuntu's past releases have certainly been popular; if Dapper holds together well enough (and the initial signs are good), it may be the best-received Ubuntu release yet. If so, Ubuntu may well change the shape of the Linux distribution landscape. (For those who are interested in what's actually in the 6.06 LTS release, the "testing Dapper" page has a lot of information and screenshots).
The end of the JPEG patent - sort ofForgent Networks is a company which would easily qualify as a patent troll for many observers. This small company picked up a data compression patent in 1997, and has been busily using that patent to shake down corporations ever since. Since this patent is said to cover the JPEG image format, there is a wide list of possible victims to choose from. Those victims have dropped more that $100 million into Forgent's bank account, and Forgent currently has litigation outstanding with some 30 companies.The Public Patent Foundation chose this patent as one which was vulnerable to a challenge. The Foundation's work bore fruit on May 25, when the US Patent Office issued a ruling on the Forgent patent [PDF]. The resulting press release from the Public Patent Foundation was triumphant:
"The Patent Office has agreed with our conclusion that it would
have never granted Forgent Networks' '672 patent had it been aware
of the prior art that we uncovered and submitted to them," said Dan
Ravicher, PUBPAT's Executive Director.
It is worth noting that Forgent had a different spin on the ruling:
...the United States Patent and Trademark Office issued its first
office action, a non-final action, confirming a majority of the
claims in United States Patent 4,698,672. The action upholds 27 of
the 46 claims of Forgent's patent. Forgent will vigorously defend
the remaining claims that were not initially upheld in this first
office action.
Anybody wondering if the world is now safe for JPEG users will clearly need to look beyond the press releases and dig into the patent and the USPTO ruling directly. The short story is that, while the independent claims of U.S. Patent 4,698,672 have been invalidated, many of the more-specific dependent claims remain standing. Consider, for example, claim 1:
A method for processing digital signals, where the digital signals
have first values, second values and other values, to reduce the
amount of data utilized to represent the digital signals and to
form statistically coded signals such that the more frequently
occurring values of digital signals are represented by shorter code
lengths and the less frequently occurring values of digital signals
are represented by longer code lengths, comprising,
What the Public Patent Foundation asserted is that this claim - covering a fairly basic run-length encoding scheme - had already been claimed by another patent: #4,541,012 by Andrew Tescher. The Patent Office agreed, and ruled that claim 1 was invalid. The story does not stop there, however. There are a number of dependent claims which make claim 1 more specific; these include:
2. The method of claim 1 further including the step of amplitude
encoding said other values.
3. The method of claim 1 further including the step of encoding said first and second runlength code values with a sign value. 4. The method of claim 1 wherein said first values have amplitude zero, said second values have absolute amplitude one, and said other values have absolute amplitudes greater than one whereby said first and second runlength codes values are formed representing the number of consecutive zeros. 5. The method of claim 1 wherein said first values have the highest frequency of occurrence in said digital signals, wherein said second values have the next highest frequency of occurrence in said digital signals, and wherein said other values have the lowest frequency of occurrence in said digital signals. Claim 3 (adding a sign value) was also rejected, but claims 2, 4, and 5 were upheld by the Patent Office. The same pattern persists through the remaining claims: the independent claims were rejected, but the more-specific versions were allowed. That is why Forgent proclaims that the majority of its claims had been upheld. So, to a great extent, the Forgent patent survives, having lost only the most general of its claims. We asked Dan Ravicher of the Public Patent Foundation whether this ruling was enough to remove the threat against JPEG users; his response was:
It likely won't be enough to put an absolute end, but this is a
significant blow to the solitary patent that are using against the
JPEG standard. To the extent we've shown their armor to be made
more of tin or paper, than steel or iron, we've provided the public
the benefit of a more transparent view of the legitimacy of their
claims.
Whether the remaining claims in the patent are applicable to the JPEG standard is a matter for the courts to determine - and, given the thirty-some outstanding cases, the courts will certainly have the opportunity to do so. There is one interesting additional factor which, thanks to the Public Patent Foundation's work, may just come into play here. Forgent's patent was originally filed from a company called Compression Labs, Inc. It turns out that the Tescher patent, which provided the prior art used against Forgent's patent, was also developed at Compression Labs. In other words, when Compression Labs filed for the patent now being wielded by Forgent, it must have known about the existence of the prior art, since it had patented that prior art itself. But Compression Labs did not disclose that prior art to the Patent Office. Failure to disclose known prior art is a violation of the Patent Office rules. It seems likely that defendants in Forgent's litigation will find a way to let their respective courts know that the patent at issue was obtained in bad faith.
Security SQL injection vulnerabilities in PostgreSQLA recent urgent update to PostgreSQL vividly demonstrates the problems with validating user input that are the foundation of SQL injection attacks. Widely used techniques to escape characters in user input can still allow SQL injection when coupled with multibyte character encodings. While this problem was first discovered in PostgreSQL, today's security fix announcement for MySQL indicates a similar problem there as well. As discussed in the LWN SQL injection article, inserting strings of user input into SQL queries can be hazardous. Many applications do little or no validation of strings entered by a user before dropping them into a query; this negligence can lead to a compromise of the entire database. Better behaved programs attempt to escape various troublesome characters (typically single-quote and backslash), but because of the multibyte-encoding problem, problems can remain. It is not just database clients that need to validate user input, the database server needs to validate as well as the first bug shows. PostgreSQL allows the "\'" (backslash + single-quote) sequence to be used to represent a single-quote character in a query as well as the two single-quote character sequence ("''") that is the SQL standard. Unfortunately, the escaping code used by database clients often ignores the character encoding and just looks for bytes with a 0x27 ("'") value and replaces them with an escaped version. The security hole comes about because illegal multibyte character sequences can be used to enable quotes to slip past the escaping process. An example provided in the technical information describes how this can be done. In the UTF8 encoding, the byte value 0xc8 introduces a two-byte character; the second byte must be within the range 0xa0-0xff. However, PostgreSQL would accept any value for the second byte and treat both bytes as a single character. A malicious user could enter "0xc8'text", which would be converted by the well meaning client to "0xc8''text" (or "0xc8\'text"); the server would then treat the 0xc8' or 0xc8\ sequence as a single character, leaving an unescaped single-quote in the input, effectively injecting the attacker-supplied text. The second issue stems from certain far-eastern encodings where the value 0x5c ("\") is a valid value for the second byte of a two-byte character. In the SJIS encoding for example, the two-byte sequence 0x95 0x5c is a valid character, but a client that is not encoding-aware may try to escape the 'backslash' that it sees by doubling it. Adding single-quotes into the mix provides a means for a SQL injection. "0x95 0x5c'text" could become "0x95 0x5c\''text", which effectively inserts an unescaped single-quote into the query. It is interesting to note that 0x27 ("'") is not a valid value for the second byte of a two-byte character and, if PostgreSQL had rigidly adhered to the SQL standard and only accepted "''" to escape single-quotes, this issue would not exist. There is a straightforward fix for the first problem: do not accept illegal multibyte character sequences and refuse to process queries that contain them. Unfortunately, the second problem is more complicated and there is no single simple fix on the database server side. If database clients did their escaping in an encoding aware manner, this problem would not exist; expecting this from all clients is hopeless, however. The PostgreSQL developers chose to disallow "\'" for any encoding that allows embedded 0x5c characters. This closes the hole for all clients that use "''" to escape single-quotes but still allows for injections for clients that use "\'". This change is likely to break those clients altogether, however. Both of these problems could have been avoided by using prepared statements with placeholders (i.e. 'SELECT * FROM tbl WHERE id=?'). Even if the libraries did not implement the quoting correctly, the SQL engine would still not allow the parameter to be treated as anything but data for that particular spot in the query, thereby avoiding the injection. Another way to avoid this kind of problem is to use stored procedures. As these bugs show, it can be very difficult to appropriately filter and/or validate user input.
New vulnerabilities binutils: buffer overflow
cherrypy: information disclosure
dovecot: information disclosure
ImageMagick: heap overflow vulnerability
kernel: netfilter memory corruption
kernel: information disclosure
libtiff: buffer overflow
lynx: denial of service
php: multiple vulnerabilities
shadow-utils: mailbox creation vulnerability
tiff: denial of service
typespeed: buffer overflow
vixie-cron: privilege escalation
Updated vulnerabilities awstats: missing input sanitizing
zoo: archive problem
blender: integer overflow
busybox: insecure password generation
bzip2: race condition and infinite loop
ktools: buffer overflow
cpio: arbitrary code execution
cscope: buffer overflows
curl: heap-based buffer overflow
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
dia: format string vulnerabilities
enscript: arbitrary code execution
fetchmail: multidrop bug
firefox: multiple vulnerabilities
Foomatic: Arbitrary command execution in foomatic-rip
freeradius: authentication bypass
gdb: multiple vulnerabilities
gdm: improper file permissions
gedit: format string vulnerability
grip: buffer overflow
gzip: arbitrary command execution
hostapd: insufficient boundary checks
ipsec-tools: denial of service
kdebase: local root vulnerability
kdelibs: kate backup file permission leak
kernel: multiple vulnerabilities
kernel: denial of service
kernel: multiple vulnerabilities
kernel-patch-vserver: privilege escalation
kphone: insecure file creation
libextractor: heap-based buffer overflows
libgadu: memory alignment bug
libgd2: buffer overflows in PNG handling
libpam-ldap: authentication bypass
libpng: heap based buffer overflow
libtiff: denial of service
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
lynx: arbitrary command execution
mailman: denial of service
mpg123: buffer overflows
MySQL: logging bypass
mysql: information leaks
nagios: buffer overflow
nbd: arbitrary code execution
ntp: uses wrong gid
OpenLDAP: boundary error
openmotif: buffer overflows
OpenSSH: double shell expansion
perl: setuid vulnerabilities
php: several vulnerabilities
phpbb2: missing input sanitizing
phpbb2: multiple vulnerabilities
phpgroupware: missing input sanitizing
phpMyAdmin: multiple vulnerabilities
popfile: missing input sanitizing
postgresql: SQL injection
pound: HTTP Request Smuggling Attack
Py2Play: remote execution of arbitrary Python code
quagga: multiple vulnerabilities
quake: buffer overflow
rsync: integer overflow
scorched3d: multiple vulnerabilities
squirrelmail: multiple vulnerabilities
sudo: vulnerability via scripts
texinfo: temporary file vulnerability
tin: buffer overflow
unzip: long file name buffer overflow
w3c-libwww: possible stack overflow
xine-lib: buffer overflow
X.Org: buffer overflow
xpdf: buffer overflow
xpdf: denial of service
xpdf: integer overflows
xscreensaver: possible password exposure
xzgv: heap overflow
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current stable 2.6 kernel is 2.6.16.19, released on May 30. It contains a single fix for an information leak in the netfilter code.The current 2.6 prepatch is 2.6.17-rc5, released by Linus on May 24. With luck, this will be the final prepatch before the final 2.6.17 release. It consists of a fair number of fixes; see the long-format changelog for the details. Several dozen patches (all fixes) have found their way into the mainline after the -rc5 release. The current -mm tree is 2.6.17-rc5-mm1. Recent changes to -mm include the generic IRQ layer, an updated version of reiser4, the lock validator (see below), the adaptive readahead patch set, a new infrastructure for maintaining kernel statistics, and a new kernel API for inotify.
Kernel development news A summary of 2.6.17 API changesThe final 2.6.17 kernel release is getting close. Further internal API changes in this cycle are (one hopes) highly unlikely, so the following list should be definitive for this time around.
As always, look at the LWN 2.6 kernel API changes page for a list of changes over time.
Notifiers, 2.6.17 styleWhile plowing through the flood of patches early in the 2.6.17 cycle, your editor missed a significant API change: the new notifier interface. Notifiers are an internal kernel mechanism allowing code to register to be told about events of interest. There are notifiers for memory hotplug events, CPU frequency policy changes, USB hotplug events, module loading and unloading, system reboots, network device changes, and more.Back in November, 2005, this page looked at a proposed notifier API change motivated by the lack of locking on the notifier chains themselves. That proposal received a lukewarm reception. Many low-level data structures in the kernel explicitly avoid performing any locking, on the assumption that the higher layers will have to be concerned with their own locking in any case. So, it was asked, why should notifiers be any different? The answer seems to be that, unlike many other data structures, notifiers tend to be used across relatively wide parts of the kernel, making it hard to use any locking regime except one designed for the notifiers themselves. In any case, a version of the notifier patch was merged for 2.6.17-rc1. The current form of the API defines three different types of notifiers:
For 2.6.17, all notifier chains have been converted to the blocking or atomic types; there are no users of the raw interface in the mainline kernel. The notifier patch includes no threatening noises about removing the raw interface, but, sooner or later, somebody is likely to come along and want to clean it up. So avoiding raw notifiers is probably a good idea; this article will concentrate on the other two types. Blocking notifiers are essentially a raw notifier with an rwsem added for mutual exclusion. Any operation on a blocking notifier may, well, block on that rwsem. These notifiers can be created in the usual two ways:
#include <linux/notifier.h>
BLOCKING_NOTIFIER_HEAD(my_notifier);
struct blocking_notifier_head my_notifier;
BLOCKING_INIT_NOTIFIER_HEAD(my_notifier);
Code which wishes to hook into a blocking notifier should first fill in a notifier_block structure:
struct notifier_block {
int (*notifier_call)(struct notifier_block *block,
unsigned long event,
void *data);
int priority;
/* ... */
};
The notifier_call field should point to the function to be called when something interesting happens; the event and data parameters will be provided by the code generating the event. Notifiers are called in order of increasing priority; the return value from the final notifier called will be passed back to the code signalling the event. Normally, the final notifier is the one with the highest priority value, but any notifier can halt further processing by returning a value with the bit indicated by NOTIFIER_STOP_MASK set. Other than that one bit (currently 0x8000), the return values are arbitrary (as far as the notification code is concerned), but the convenience values NOTIFY_OK ("so far so good"), NOTIFY_STOP ("all is well, but don't call any more notifiers") and NOTIFY_BAD ("stop calling notifiers and veto the proposed action") are available. Once the code has a notifier_block ready, it should register it with:
int blocking_notifier_chain_register(struct blocking_notifier_head *chain,
struct notifier_block *nb);
The return value is apparently intended to allow an error status to be returned if the registration fails, but the 2.6.17 version of the code cannot fail. A blocking notifier can be unregistered with:
int blocking_notifier_chain_unregister(struct blocking_notifier_head *chain,
struct notifier_block *nb);
This call will return -ENOENT if the given notifier was not actually registered. Code which wishes to use a blocking notifier chain to signal an event can do so with:
int blocking_notifier_call_chain(struct blocking_notifier_head *chain,
unsigned long event,
void *data);
This function will call all notifiers in chain (unless one of them stops the process partway through), returning the value from the last notifier called. Atomic notifiers replace the rwsem with a spinlock; the API is very similar:
ATOMIC_NOTIFIER_HEAD(my_notifier);
struct atomic_notifier_head my_notifier;
ATOMIC_INIT_NOTIFIER_HEAD(my_notifier);
int atomic_notifier_chain_register(struct atomic_notifier_head *chain,
struct notifier_block *nb);
int atomic_notifier_chain_unregister(struct atomic_notifier_head *chain,
struct notifier_block *nb);
int atomic_notifier_call_chain(struct atomic_notifier_head *chain,
unsigned long event,
void *data);
Note that atomic notifiers use the same notifier_block structure as the blocking variety does. Nothing will ever sleep in the atomic notifier code, however, and notifier functions called from an atomic chain are not allowed to sleep either. As noted above, all notifier chains in the kernel have been changed to one of the above types; any out-of-tree code which uses a kernel chain will have to be updated accordingly. See the explanatory text for the notifier patch for a summary of what type was assigned to each existing chain in the mainline kernel.
The kernel lock validatorLocking is a necessary evil in operating systems; without a solid locking regime, different parts of the system will collide when trying to access the same resources, leading to data corruption and general chaos. But locking has hazards of its own; carelessly implemented locking can cause system deadlocks. As a simple example, consider two locks L1 and L2. Any code which requires both locks must take care to acquire the locks in the right order. If one function acquires L1 before L2, but another function acquires them in the opposite order, eventually the system will find itself in a situation where each function has acquired one lock and is blocked waiting for the other - a deadlock.A race condition like the one described above may be a one-in-a-million possibility, but, with computers, it does not take too long to exercise a code path a million times. Sooner or later, a system containing this sort of bug will lock up, leaving its users wondering what is going on. To avoid this sort of situation, kernel developers try to define rules for the order in which locks should be acquired. But, in a system with many thousands of locks, defining a comprehensive set of rules is challenging at best, and enforcing them is even harder. So locking bugs creep into the kernel, lurk until some truly inconvenient time, and eventually surprise some unsuspecting user. Over time, the kernel developers have made increasing use of automated code analysis tools as those tools become available. The latest such is the first version of the lock validator patch, posted by Ingo Molnar. This patch (a 61-part set, actually) adds a complex infrastructure to the kernel which can then be used to prove that none of the locking patterns observed in a running system could ever deadlock the kernel. To that end, the lock validator must track real locking patterns in the kernel. There is no point, however, in tracking every individual lock - there are thousands of them, but many of them are treated in exactly the same way by the kernel. For example, every inode structure contains a spinlock, as does every file structure. Once the kernel has seen how locking is handled for one inode structure, it knows how it will be handled for every inode structure. So, somehow, the lock validator needs to be able to recognize that all spinlocks contained within (for example) the inode structure are essentially the same. To this end, every lock in the system (including rwlocks and mutexes, now) is assigned a specific key. For locks which are declared statically (for example, files_lock, which protects the list of open files), the address of the lock is used as the key. Locks which are allocated dynamically (as most locks embedded within structures are) cannot be tracked that way, however; there may be vast numbers of addresses involved, and, in any case, all locks associated with a specific structure field should be mapped to a single key. This is done by recognizing that these locks are initialized at run time, so, for example, spin_lock_init() is redefined as:
# define spin_lock_init(lock) \
do { \
static struct lockdep_type_key __key; \
\
__spin_lock_init((lock), #lock, &__key); \
} while (0)
Thus, for each lock initialization, this code creates a static variable (__key) and uses its address as the key identifying the type of the lock. Since any particular type of lock tends to be initialized in a single place, this trick associates the same key with every lock of the same type. Next, the validator code intercepts every locking operation and performs a number of tests:
The interrupt tests are relatively straightforward, requiring just four bits of information for each lock (though the situation is a little more complicated for rwlocks). But the ordering tests require a bit more work. For every known lock key, the validator maintains two lists. One of them contains all locks which have ever been held when the lock of interest (call it L) is acquired; it thus contains the keys of all locks which might be acquired before L. The other list (the "after" list) holds all locks acquired while the L is held. These two lists thus encapsulate the proper ordering of how those other locks should be acquired relative to L. Whenever L is acquired, the validator checks whether any lock on the "after" list associated with L is already held. It should not find any, since all locks on the "after" list should only be acquired after acquiring L. Should it find a lock which should not be held, an error is signaled. The validator code also takes the "after" list of L, connects it with the "before" lists of the currently-held locks, and convinces itself that there are no ordering or interrupt violations anywhere within that chain. If all the tests pass, the validator updates the various "before" and "after" lists and the kernel continues on its way. Needless to say, all this checking imposes a certain amount of overhead; it is not something which one will want to enable on production kernels. It is not quite as bad as one might expect, however. As the kernel does its thing, the lock validator maintains its stack of currently-held locks. It also generates a 64-bit hash value from that series of locks. Whenever a particular combination of locks is validated, the associated hash value is stored in a table. The next time that lock sequence is encountered, the code can find the associated hash value in the table and know that the checks have already been performed. This hashing speeds the process considerably. Of course, there are plenty of exceptions to the locking rules as understood by the validator. As a result, a significant portion of the validator patch set is aimed at getting rid of false error reports. For example, the validator normally complains if more than one lock with the same key is held at the same time - doing so is asking for deadlocks. There are situations, however, where this pattern is legitimate. For example, the block subsystem will often lock a block device, then lock a partition within that device. Since the partition also looks like a block device, the validator signals an error. To keep that from happening, the validator implements the notion of lock "subtypes." In this case, locks on partition devices can be marked with a different subtype, allowing their usage to be validated properly. This marking is done by using new versions of the locking functions (spin_lock_nested(), for example) which take a subtype parameter. The lock validator was added to 2.6.17-rc5-mm1, so interested people can play with it. Waiting for another -mm release might not be a bad idea, however; there has since been a fairly long series of validator fixes posted. The key point behind all of this is that deadlock situations can be found without having to actually make the kernel lock up. By watching the sequences in which locks are acquired, the validator can extrapolate a much larger set of possible sequences. So, even though a particular deadlock might only happen as the result of unfortunate timing caused by a specific combination of strange hardware, a rare set of configuration options, 220V power, a slightly flaky video controller, Mars transiting through Leo, an old version of gcc, an application which severely stresses the system (yum, say), and an especially bad Darl McBride hair day, the validator has a good chance of catching it. So this code should result in a whole class of bugs being eliminated from the kernel code base; that can only be a good thing.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Security-related
Miscellaneous
Page editor: Jonathan Corbet Distributions Live CDs Part I: Why Do We Care?[Editor's note: this is the first in a four-part series; the next installment will appear in the next week or two.]A live CD is a custom Linux environment that boots and runs entirely from a CD - no hard disk required. Live CDs are used for many purposes, including showcasing desktop distributions, providing useful tools for system recovery, and providing target-specific environments such as games, multimedia, GIS and security. Linux user groups often create demo live CDs for use at trade shows, install fests and other events to show that Linux isn't just a toy for hackers. The usefulness of a live CD can be compared to the old DOS diskette used to run diagnostics on your PC. Since the floppy drive is a soon to be an extinct beast, technological evolution would have us using CDs for the same purpose. But a CD is to a floppy what a dump truck is to a spoon, and the extra space offers live CD creators nearly limitless options for customization. There are many live CDs ISO images available for download for end users and developers. One list available from Frozentech.com lists 309 versions. The list shows versions available for varying categories, from desktop replacements to clustering environments and home entertainment. End users need only download an ISO image, burn it to a CD and boot the CD. You'll need to verify that your computer is configured to allow booting from a CD - check your BIOS configuration to be sure. Some live CD's also have minimum hardware requirements. Check the web site for that CD for details. You might ask yourself why you're going to care about live CDs if you have a running desktop. First, live CDs are useful for specialized environments. A laptop configured for desktop use at home can boot an astronomy based live CD at night for field observations and then during the day at school use an educational live CD. No need to change the desktop configuration for three different environments. Many live CDs also offer the option of saving user data to USB-attached drives, leaving the hard disk (if available) untouched. This makes a live CD perfect for setting up demonstrations for trade shows, customer contacts and conferences. If your group needs a demonstration of a particular application but you don't know who will give the demonstration or what hardware they will be using, all you need do is set up the live CD to handle the situation. Second, a live CD can be used for system administration. If you've trashed your boot partition or accidentally overwritten important parts of the filesystem you can use a rescue CD to recover the partition or reinstall the OS without losing your user data. Live CDs can also be used, when appropriate, on public systems that don't offer the environment you need. A library kiosk or Internet cafe might offer you this option, for example. Finally, live CDs are a good way to work with embedded systems. Embedded systems often have limited memory and little or no local storage. A live CD can be used to test the embedded system or manage it. Imagine a consumer media device that needs customer controlled upgrades. They can download a live CD to their computer, burn the CD and boot it to automatically run an upgrade even if the consumer device is not network connected. More importantly, technologies used in live CDs often have important relationships with embedded systems. Compressed filesystems, read-only devices, and the use of ramdisks are all issues that are common between the two system types. Learning about live CDs can be a stepping stone into the interesting world of consumer devices.
Creating a live CDSince a CD can hold around 700MB of data and a typical desktop installation can require more than 10-20GB, it won't be possible to duplicate your entire operating system (much less your personal data files) on a live CD. However, with compression and kernel tricks you can get very close to that. Creating a personal live CD from your installed desktop is possible using the Linux live Scripts or similar tools. These tools make the assumption that the CD will be used on the same or very similar hardware that you're currently running on. For most desktop environments this is a safe assumption. Another method is to build your own distribution from source and use it to create your live CD. The best place to learn how to do that is the LinuxFromScratch project. This project provides a recipe-driven process for creating your own Linux distribution from source code inside a directory on your current system. Recipes here include options for doing cross compiled builds of your distribution so that you can use your x86 desktop to build for a different architecture device, like a consumer media box.
Live CD ReviewsWhile it is possible to create your own live CD, it makes sense to first take a look at a few ready made versions to get an idea of what you can get now and what you might want in your own live CD. In the coming weeks I'll review a series of related live CDs from three different classes: desktop replacements, small footprint and special purpose live CDs. The goal of these reviews is not to compare one against another but to give you some idea of the variety of live CDs that area available so you can make an informed choice when you pick an existing version or take on the challenge of creating your own. Most of the live CDs that will be reviewed are designed to allow end users to customize them with add-on packages, often packaged in project specific formats, such as compressed filesystem images, that you don't normally use with desktop distributions. I tested each of these on an EPIA M10000 board with 256MB of memory. This is an x86 compatible machine that requires the Via video drivers for both the kernel and X Window System - something that might be a little non-standard - just to see how each CD handles it. I'm also using the Linux Cool Keyboard which looks pretty much like a typical US QWERTY keyboard. In the reviews I'll be looking for a number of things:
Cleanliness is just a matter of taste. I prefer clean boots without much user interaction. Once I login I want to know where to go next to make the best use of the environment. For example, if this is a Games CD, where do I find the list of games and how do I start them? If this is a desktop CD, how clean is the desktop and how easy is it to find applications? Originality is very important in these reviews. There are literally hundreds of live CD's available on the net. Each of these needs to have something that makes people want to use it. The live CD may be original because it has been targeted at a particular audience. Perhaps the CD boots quickly and offers an easy to use graphical interface that no one else offers. If they all look like a typical Red Hat or SuSE installation, there isn't much reason to choose one over another. Why is this so important? When you have a need for a CD, knowing there are 200 versions that boot to a typical desktop will let you know you can choose any one of them instead of making your own. But if only one CD boots on your TurboNator 3000 processor, maybe you will want to make your own. Rating the CDs "On Target" value will be subjective - my interpretation of what category this CD belongs in (based in no small part on where FrozenTech.com lists the CD) and how well it stays true to that target. If a small footprint live CD takes up most of memory, that doesn't help with the small footprint problem I may be trying to solve. Extensibility will be very important for developers and users who need to customize the CD. Most live CDs offer some way to extend the features on the CD. In some cases this will be done at runtime only with changes saved to hard disk or a USB connected storage device. In other cases, the ISO image can be extended with additional packages. The ease of adding new packages, either at runtime or in the ISO image, will determine the value of this rating.
The Chosen FewIf you want to get an early start, here is the list of live CDs I'll be looking at. Note that I've already downloaded these, before publication, so that they didn't have time to try and update just to make me happy.
New Releases Musix GNU+Linux 0.40 releasedThe 0.40 release of Musix GNU+Linux is available. Musix is a Debian-based distribution with a strong emphasis on tools for creating, editing, and listening to music.
Turbolinux to Launch FUJI Desktop Linux OSTurbolinux has announced the launch of its FUJI Desktop Linux operating system. "Designed for optimum desktop and laptop computer performance, Turbolinux's FUJI operating system platform features several tools to facilitate the migration from Windows, including OpenOffice.org, Microsoft Office compatible software, Active Directory Authentication, file sharing, and other communications tools."
Release Candidate for Ubuntu 6.06 LTS is availableA release candidate for Ubuntu 6.06 is available for testing. "The Ubuntu team is proud to announce the Release Candidate for version 6.06 LTS of Ubuntu, Kubuntu and Edubuntu - codenamed "Dapper Drake". The Release Candidate includes installable live Desktop CDs, server images, alternate text-mode installation CDs and an upgrade wizard for users of the current stable release. We consider this release candidate complete, stable and suitable for testing by any user."
Distribution News Debian 'etch' release updateThe Debian release team has sent out an update on the upcoming 'etch' release. The approved goals for that release now include a transition to gcc 4.1, SELinux support, IPv6 support everywhere, a new Python framework, and more. The planned release date of December 4 (2006!) is unchanged. Click below for the full text.
BSP Marathon (or: helping releasing etch in-time)A report about upcoming Debian Etch bug squashing parties is online. "As you should all know, we had some bug squashing parties before the release of Debian 3.1 "sarge". These were quite effective, especially when they were centered around a meeting in real life. This led me to the proposal of a row of BSP this fall, helping to prepare the release of Etch. Naturally, fixing RC bugs is needed all the time. The BSPs we are planning will be focused on some sub-systems, so to help to release etch, *you* need to fix RC bugs all the time, so finish reading this mail, choose an RC bug and try to fix it!"
Release-critical Bugreport for May 26, 2006The May 26, 2006 Debian Release-critical Bugreport is online with status of the latest bug fixing efforts.
Mandriva to ship OpenVZMandriva has sent out a press release proclaiming its plans to include the OpenVZ virtualization mechanism in its Corporate Server 4.0 release. It seems that Mandriva is taking a different tack than a number of other distributors who have been pushing Xen instead.
OpenSUSE build service becomes operationalThe openSUSE build service is now operating, despite still being in an "alpha" stage. The build service is a web-based system for building and distributing packages for the openSUSE distribution; it is now being used for KDE, Apache, the kernel, and more.
Ubuntu Dapper will have a SPARC Niagara versionSun and Canonical have announced that the upcoming Ubuntu release ("6.06 LTS" or "Dapper Drake") will include a version for Sun's SPARC "Niagara" architecture. "Through the OpenSPARC initiative (http://www.opensparc.net), Canonical engineering and the Ubuntu community were given open access to the design of the UltraSPARC T1 processor and quickly completed the porting process. The release of the Ubuntu GNU/Linux distribution on UltraSPARC T1 processor-based systems merely ten weeks after the open source release of the chip design point validates the open hardware approach pioneered by SUN with the UltraSPARC T1 processor, and demonstrates the Ubuntu community's excitement at the benefits of Sun's SPARC processor-based CMT architecture for next-generation Web, communications and transactional services." Note that it was David Miller who "quickly completed" much of the kernel porting process.
Distribution Newsletters Debian Weekly NewsThe May 29 issue of the Debian Weekly News is available. This week's topics include desktop layouts, summer of code projects, boot-time optimization, and more.
Fedora Weekly News Issue 48The May 29, 2006 edition of the Fedora Weekly News is online with the following topics: New logo guidelines Available Now, Application for Google's Summer of Code Ended, Invitation to Fedora Documentation Translation, Puplet (Yum Applet) anyone?, OLPC laptop prototype, Fedora Core 5 Review with Screenshots, My desktop OS: Fedora Core 5, Google releases Picasa for Linux, Fedora Weekly Reports 2006-05-22, Fedora Core 4 and 5 Updates, Contributing to Fedora Weekly News and Editor's Blog.
Gentoo Weekly NewsletterThe May 29, 2006 edition of the Gentoo Weekly Newsletter is online with the latest Gentoo news.
Edubuntu newsletter Issue 01The first issue of the Edubuntu newsletter has been published. The table of contents includes: Edubuntu 6.06 LTS Release Candidate, Edubuntu is now available via ShipIt, Call for testing of Edubuntu CD images in preparation for release, Brand-new Edubuntu.org website, 2nd meeting of the Edubuntu Council and Edubuntu Summer of Code.
Kubuntu NewsletterThe May 27, 2006 edition of the Kubuntu Newsletter is online. "In this newsletter: release candidate, Kubuntu meeting, KOffice 1.5.1, Kubuntu in Rosetta, Adept 2.0, Icecream and the Summer of Code."
Minor distribution updates Call for translations for Dapper using RosettaA call for translations has gone out for the Ubuntu distribution. "This week, we imported the last missing translation domain for Dapper and thus, you should be able to translate any package in Dapper's main component using Rosetta. There are a few VERY IMPORTANT packages for translation, these should now show up at the top of the list when you select your language on that page."
Package updates Fedora updatesUpdates for Fedora Core 5: apr 1.2.2-7.3 (rebuild with new gcc), dhcdbd-1.15-1.FC5 (bug fix), eclipse-changelog 2.0.4_fc-1 (bug fixes), gcc 4.1.1-1.fc5 (bug fixes and other improvements), hplip 0.9.11-1.2 (bug fix and new documentation), ImageMagick 6.2.5.4-4.2.1.fc5.3 (bug fix), kasumi 2.0-1.fc5 (upstream release), libdv 0.104-3.fc5 (disable problem patch), libstdc++so 7-4.2.0-0.3.20060428.fc5.2 (bug fix), libtiff 3.7.4-7 (apply previous patch), libtool-1.5.22-2.3 (rebuild with new gcc), lsof 4.77-1 (bug fix), mailman 2.1.8-0.FC5.1 (security fixes), openoffice.org-2.0.2-5.12.2 (bug fix and other improvements), squid 2.5.STABLE14-1.FC5 (update to new upstream), vnc-4.1.1-39.fc5 (OpenGL enabled by default).Updates for Fedora Core 4: mailman 2.1.8-0.FC4.1 (security fixes).
Mandriva updatesMandriva has announced upgraded netpbm packages that fix some converter crash issues.
rPath Linux updatesrPath Linux has announced a maintenance release of Conary. Conary version 1.0.16 includes conary, conary-build, conary-repository and conary-web-common.
Slackware Changelog NoticeThe Slackware Changelog Notice for May 27, 2006 is online with new Slackware package releases.
Trustix updatesTrustix Secure Linux has sent out a bug fix update for ckermit and stunnel.
Newsletters and articles of interest The Gentoo Development GuideFor anybody who has ever wondered what goes into the creation of a Gentoo package: the first version of the Gentoo Development Guide is now online. It contains a great deal of information on how to create ebuilds and the relevant policies.
Distribution reviews My desktop OS: Debian Etch (NewsForge)Flavio Henrique Araque Gurgel reviews Debian Etch in a NewsForge article. "Some people like to work in Linux distributions that are at the cutting edge of technology. Other prefers stability at any cost. I want both, and Debian Testing, codenamed Etch, gives me that. The Debian project's testing tree has up-to-date software along with good stability, since packages are highly tested in the Unstable branch before they move to Testing."
Page editor: Forrest Cook Development Polypaudio, a networked sound serverPolypaudio is a relatively new cross-platform networked sound server project. The first release came out in July, 2004, the software has been released under the Lesser General Public License. "Polypaudio is a networked sound server for Linux and other Unix like operating systems and Microsoft Windows. It is intended to be an improved drop-in replacement for the Enlightened Sound Daemon (ESOUND)." The main function of a sound server is to allow multiple audio applications to simultaneously share the same sound card, the networking capabilities extend this ability across machines.Some of the main Polypaudio features include:
The Polypaudio FAQ explains some of the Polypaudio dependencies and compatibilities, and has numerous examples of command-line operations. Although GNOME/GTK is not required for Polypaudio operation, some GTK-based GUI utilities are provided, including Polypaudio Manager, Polypaudio Volume Meter and Polypaudio Volume Control. Version 0.9.0 of Polypaudio was announced on May 26, 2006. It now fully matches or improves upon the ESOUND feature set. "This is a major step ahead since we decided to freeze the current API. From now on we will maintain API compatibility (or at least try to). To emphasize this starting with this release the shared library sonames are properly versioned. While Polypaudio 0.9.0 is not API/ABI compatible with 0.8 it is protocol compatible. Other notable changes beyond bug fixing, bug fixing and bug fixing are: a new Open Sound System /dev/dsp wrapper named padsp and a module module-volume-restore have been added." Polypaudio version 0.9.0 adds new versions of the modules gst-polyp for use with the GStreamer multimedia framework, libao-polyp for Ogg-vorbis support, and xmms-polyp for sinking XMMS media player output. With its support for a wide variety of popular audio utilities, actively developed code, and broad capabilities, the Polypaudio project fills an important role in Linux-based audio development.
System Applications Audio Projects JACK 0.101.1 ReleasedVersion 0.101.1 of the JACK Audio Connection Kit is out. New features include support for the FreeBob backend and operability on Mactel platforms.
Database Software MySQL 4.1.20 has been releasedVersion 4.1.20 of the MySQL dbms has been released. "This is a security fix release for the recent production release family."
MySQL 5.0.22 has been releasedVersion 5.0.22 of the MySQL dbms has been released. "This is a security fix release for the recent production release family."
The Future of Perl in PostgreSQL (O'ReillyNet)Andrew Dunstan discusses the use of Perl and PostgreSQL in part three of an O'Reilly series. "If your PostgreSQL database doesn't do exactly what you want, you can write server-side extensions--in Perl. Andrew Dunstan discusses some of the enhancements to PL/Perl in PostgreSQL 8.0 and 8.1, as well as some of the features he and the rest of the team plan to add."
Interoperability Samba 3.0.23rc1 Available for DownloadVersion 3.0.23rc1 of Samba has been announced. "This is the first release candidate of the 3.0.23 code base and is provided for testing purposes only. While close to the final stable release, this snapshot is *not* intended for production servers. Your testing and feedback is greatly appreciated."
Mail Software Apache SpamAssassin 3.1.2 availableVersion 3.1.2 of the Apache SpamAssassin email filter has been announced. "3.1.2 includes a large number of bug fixes and documentation updates."
MailStripper 1.4.0 releasedVersion 1.4.0 of MailStripper, an email spam filter, is out. Changes include bug fixes and other improvements.
Security Sussen 0.22 is availableVersion 0.22 of Sussen, a vulnerabilities and configuration issue scanner, is available with new features and bug fixes.
Desktop Applications CAD PythonCAD release 32 is availableThe thirty-second development release of PythonCAD has been announced. "The thirty-second release fixes a configuration problem where the newly added autosplitting feature would not be activated properly or could disable autosplitting in a Layer. A small bug in the reworked splitting code was also fixed, as well as a few other small errors."
Data Visualization PyX 0.9 releasedVersion 0.9 of PyX, the Python graphics package, has been announced. "This release features a new set of deformers for path manipulations like smoothing, shifting, etc. A new set of extensively documented examples describing various aspects of PyX in a cookbook-like fashion have been written. Type 1 font-stripping is now handled by a newly written Python module. The evaluation of functions for graph plotting is now left to Python. Thereby some obscure data manipulation could be removed from the bar style for handling of nested bar graphs. Transparency is now supported for PDF output. Many more small improvements and bug fixes top off this release."
Desktop Environments GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Software AnnouncementsThe following new KDE software has been announced this week:
KDE Commit-Digest (KDE.News)The May 28, 2006 edition of the KDE Commit-Digest has been announced. "In this week's KDE Commit-Digest: KViewShell gets support for PostScript files. Work begins on Akonadi (the new KDE PIM data storage backend) and amaroK 2.0, with further optimisations to the stable amaroK version. kttsd (the kde-accessibility text-to-speech system) is ported to Phonon. KDELibs is now fully ported to D-BUS. Aesthetic improvements to KSysGuard."
Electronics gSpiceUI 0.8.55 releasedVersion 0.8.55 of gSpiceUI, a GUI front end for the GNU-Cap and Ng-Spice circuit simulation engines, is out. has been announced. "This is largely a maintenance release which fixes some problems I came across doing some design work. There are also some enhancements to existing functionality."
Qucs 0.0.9 announcedVersion 0.0.9 of Qucs, an integrated circuit simulator, is out. Release details are on the OpenCollector site: "The new release comes with a Russian translation and the GUIs language can be explicitely chosen in the application settings dialog. The digital simulation abilities have been improved by a VHDL text editor and hand-crafted VHDL files can be used as subcircuits. The number of ports of the S-parameter component is no more limited. Components can now be either deactivated as a short or an open. There are some new components such as a coaxial line, a differential voltage probe, a switch, AM- and PM-modulators and a relais. Also many bug-fixes have been incorporated."
Financial Applications SQL-Ledger 2.6.12 is outVersion 2.6.12 of SQL-Ledger, a web-based accounting package, is out. See the What's New page for release notes.
Games Balazar Brother 0.2 releasedVersion 0.2 of Balazar Brother, a 3D puzzle game, is out. "The next world, currently in development, will be... the Pompon forest! It will recall something to Balazar Arkanae 2 players. And here is your first ennemy in the forest: the striking fruit!"
GUI Packages Lintouch 1.10 releasedVersion 1.10 of Lintouch has been released. "Lintouch is an opensource HMI software. It lets you design user interfaces for process automation. Lintouch runs on most popular hardware and software platforms, is lightweight and easily extensible." See the release announcement for more information on this version.
Interoperability Wine 0.9.14 releasedVersion 0.9.14 of Wine has been announced. Changes include: "Better MS/RPC compatibility, Many fixes to Direct3D shaders, Several improvements to the header control and Lots of bug fixes."
Wine Weekly NewsletterThe May 26, 2006 edition of the Wine Weekly Newsletter has been published. Topics include: Picasa, Wine 0.9.14, LJ Article, Picasa Port to Linux, DirectDraw Patch, Patch Submission Ideas, MSI Problem and Font Issue.
Medical Applications MirrorMed releases MirrorMed 1.0 RC3 (LinuxMedNews)LinuxMedNews has an announcement for version 1.0RC3 of MirrorMed, a PHP-based open-source EHR and practice management system. "MirrorMed-1.0RC3 has several new important features. Mostly, the billing workflow has been dramatically improved."
Science SciPy 0.4.9 releasedVersion 0.4.9 of SciPy, an open-source library of scientific tools for Python, has been announced. "This version adds support for NumPy version 0.9.8. It also has enhancements to sparse matrices, including a new linear solver module with UMFPACK support, and new support for fitting conditional maximum entropy models. This release also fixes bugs in ndimage, sparse, stats, weave, and other packages."
Web Browsers Firefox Bon Echo Alpha 3 milestone releasedThe third Firefox "Bon Echo" alpha has been released. New stuff this time around includes "anti-phishing protection" (testing of web sites against a blacklist, essentially), search changes, and client-side session and permanent storage (fancier, larger cookies).
Languages and Tools C GCC 4.1.1 releasedVersion 4.1.1 of GCC, the GNU Compiler Collection, is out. See the changes document for details on this release.
Caml Caml Weekly NewsThe May 30, 2006 edition of the Caml Weekly News is out with new Caml language articles.
HTML gURLChecker 0.10.0 releasedStable version 0.10.0 of gURLChecker has been announced. "gURLChecker is a graphical web sites checker for GNU/Linux and other POSIX OS. It can work on a whole site, a single local page or a browser bookmarks file."
Lisp SBCL 0.9.13 releasedVersion 0.9.13 of Steel Bank Common Lisp has been announced. "This version provides better error reporting, and improves the performance of toplevel form compilation and object file loading."
PostScript AFPL Ghostscript 8.54 announcedVersion 8.54 of AFPL Ghostscript has been announced. "Major new features include: The COMPILE_INITS build define now generates a compressed read-only filesystem which is linked into the executable and accessible from the interpreter as a new %rom% iodevice. This both improves installed footprint and allows using the same mechanism for embedding Resource files and fonts as well as postscript library and configuration files. This release also supports the proprietary Luratech JBIG2 and JPEG 2000 libraries."
Python Python Quick Reference Card 0.55 releasedVersion 0.55 of the Python Quick Reference Card has been published under a Creative Commons license. "The Python Quick Reference Card (PQRC) aims to provide a printable quick reference documentation for the Python language and some of its main standard libraries (currently for Python 2.4)."
Dr. Dobb's Python-URL!The May 30, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.
Ruby RubyGems (Linux Journal)Dirk Elmendorf writes about Ruby Gems in a Linux Journal article. "RubyGems is a system for managing Ruby software libraries. Ruby code packaged in this manner is called a gem. When you find Ruby software you want to use in a project, gems offer a means of downloading, installing and managing the software."
Ruby Weekly NewsThe May 28, 2006 edition of the Ruby Weekly News is available with new Ruby language articles from the Ruby-talk mailing list.
Tcl/Tk Dr. Dobb's Tcl-URL!The May 30, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.
Page editor: Forrest Cook Linux in the news Recommended Reading Firefox snaps at Microsoft's heels (Telegraph)The Telegraph looks at the Mozilla Foundation, with an emphasis on its finances. "Despite its success, however, Mozilla's fans are becoming increasingly concerned that the organisation is moving away from its altruistic roots and becoming a fully fledged money-making operation. The company makes no secret of the fact that it turns a profit. Firefox uses Google as its preferred search engine partner. When a user carries out a search via the browser's built-in search facility, about 80 per cent of the advertising revenue from any associated hits goes back to Mozilla."
Macro virus for Staroffice discovered (Techworld)Techworld is reporting that a macro virus for StarOffice (and thus, presumably, OpenOffice.org) has been found by our old friends at Kaspersky Lab. "The Stardust virus is contained in a StarOffice document that uses macros and then infects a global template. If a user opens a document infected with Stardust, every StarOffice text document, with a '.sxw' extension, or document template, with a '.stw' extension, will be infected..." There is no mention of whether it can propagate through ODF files.
Trade Shows and Conferences Day one at FreedomHEC (NewsForge)Steve R. Hastings covers day one of the FreedomHEC conference on NewsForge. "This morning's activities started with a discussion to set the schedule for the day. Presentations included a lightning overview of SysFS and Udev, presented by Greg Kroah-Hartman; a session on how the kernel development community works, presented by Randy Dunlap; a question and answer session on the Linux SCSI layer with James Bottomley, the kernel maintainer of the SCSI layer; open source rocketry using Linux; and a question and answer session with Kroah-Hartman on how to get a driver added to the stock Linux kernel."
Report from FreedomHEC (NewsForge)NewsForge reports from the first FreedomHEC conference. "The final session of the first day was a question and answer session with Kroah-Hartman on getting drivers accepted into the Linux kernel. It was a lively session, touching on many areas of kernel development. Kroah-Hartman assured the attendees that kernel developers are interested in their drivers. 'People always say, 'Oh, they won't want my driver; we only ship a few hundred devices per year that use it.' I always tell them that we have device support in the Linux kernel for hardware with only one or two known users. Really, we'll take your driver!'"
Telling Stories at JavaOne (O'ReillyNet)O'Reilly covers the 2006 JavaOne conference. "JavaOne 2006 left attendees with an incomplete answer to the big question: will Sun open source Java? The answer was better than a definite maybe, but not by much. Daniel Steinberg looks back at the conference, its mixed message, and its many successes outside of the general sessions."
First Day KDE 4 Multimedia Meeting (KDE.News)Jos Poortvliet reports on day one of the KDE 4 Multimedia Meeting. "In the rainy Netherlands, eighteen KDE hackers have been working in the Annahoeve on Multimedia for the fourth incarnation of KDE. This report outlines the meeting topics, and the results of interesting presentations and explains how KDE developers outbid each others marshmallow records."
Second Day Multimedia Meeting (KDE.News)KDE.news reports from the second day of the KDE 4 multimedia meeting. "This article will report on the progress the hackers made yesterday, including the 'why' and 'what' of redesigning and speeding up amaroK, work on the KIO slaves and Phonon."
The Python "Need for Speed" SprintSean Reifschneider has sent us coverage of the Python "Need for Speed" Sprint in Reykjavik, Iceland. "We started the week with the Python 2.5 alpha 2 release candidate being around 10% slower than 2.4.3, the previous stable release. Largely, this slowdown is due to newly added features, particularly a change in the object type of exceptions which is showing a 60% slowdown."
Companies Google Releases Picasa for Linux (Slashdot)Slashdot has an announcement for Google's release of Picasa for Linux. "Today I'm pleased to announce that we're making Picasa, our photo management application, available for Linux. This is a pre-beta labs release and since we're still learning on how to best make software for Linux, we're asking that you submit your bugs as you find them. Picasa for Linux uses Wine internally; this shows a bit in the interface, but it works even better than we had hoped." Picasa is not open-source software, see the End User License Agreement for details.
Novell sells Celerant, focuses on Linux (Linux-Watch)Linux-Watch notes Novell's sale of its Celerant Consulting management consulting branch to Caledonia Investments. "Now that Celerant is sold, Novell will be better able to focus on its core businesses of Linux and open source; systems, security and identity management; and its renewed interest in workgroup computing. In particular, Novell is looking forward to a summer launch of the next-generation of its SUSE Linux Enterprise 10 for Novell server and desktop systems."
Novell, NCR offer Linux on NCR POS Platforms (CIOL)CIOL.com covers a partnership between NCR and Novell. "NCR and Novell today announced a global agreement to offer Novell Linux Point of Service on NCR RealPOS retail point-of-sale (POS) terminals. This agreement makes available a software platform and hardware combination for retailers deploying Linux-based POS solutions. NCR's future plans call for offering Novell Linux Point of Service on NCR easypoint kiosks and NCR fastlane self-checkout."
Linux Adoption Japan to develop and deploy open source "Secure VM"The Japanese National Information Security Center (NISC) has announced plans to develop an open-source secure virtual machine. "Data breach (especially information leak via virus-infected P2P file-sharing programs) has been a social problem in Japan for these two years, and it seems that to solve it is one of the project's goals. They say it will not just be a research project, but will also be deployed in production environments of governmental organizations. Both Linux and Windows are planned as its guest OSes, but apparently they are assuming that Windows will continue to be used mainly, because they say that they chose to develop "Secure VM" (instead of switching to an open source desktop) "in order to improve security while keeping the existing client environment/UI as much as possible.""
Legal U.S. PTO smashes JPEG patent (Linux-Watch)Linux-Watch reports on the rejection of the JPEG patent. "Another attempt to tie down a standard with a patent has gone down in flames. The U.S. Patent and Trademark Office has rejected a patent that Forgent Networks was asserting against the Joint Photographic Experts Group, better known as JPEG, images standard. In the reexamination proceeding initiated late last year by the PUBPAT (Public Patent Foundation), The PTO Office Action released yesterday a finding that the prior art submitted by PUBPAT completely anticipated the broadest claims of the patent, U.S. Patent No. 4,698,672 (the '672 Patent)."
Could more Eolas-like open source benefactors hurt Microsoft, others? (ZDNet)Here's a ZDNet blog entry by David Berlind on software patents and free software. "After losing to Eolas, Microsoft, was forced to remove important plug-in functionality from Internet Explorer. Firefox, on the other hand was not. Eolas has turned out to be an open source benefactor, allowing open source developers access to its intellectual property. In other words, in an extremely unusual twist of fate, a patent worked against commercial software and in favor of open source software to the point that the open source software had a distinct usability advantage over commercial alternatives."
Interviews Interview: Mark Shuttleworth (451 Group)The 451 Group (an analyst operation) has done an interview with Ubuntu founder Mark Shuttleworth; the first part of that interview has been published, liberally annotated with comments from the analysts. "For example, in the consumer space, people are very protective about the desktop, but they're not at all protective of the smart phone. So consumer adoption of Linux on the smart phone is enormous - people are absolutely willing to accept the idea that they might use new tools, new pieces of software, new user interfaces and so on, as long as you don't threaten certain key applications that they're comfortable with, that they know and trust."
Interview: Red Hat's open source scholarship challenge (NewsForge)NewsForge interviews Venkatesh Hariharan about an open-source scholarship challenge in India. "There is no dearth of IT talent in India, but for a country that churns out thousands of IT students every year, the number of Indian contributors in the open source software (OSS) world is disproportionately low, due in part to a lack of proper mentoring. To encourage more students to go into OSS development, the Kanwal Rekhi School of Information Technology (KReSIT) at the Indian Institute of Technology Bombay partners with Red Hat for an open source scholarship challenge each year. Participants, mentored by OSS leaders, get the opportunity to work and collaborate to solve a real-world problem, and the winners get a share of the Rs. 10 lakh (about $22,000) prize."
Resources Create your own distribution torrents (Linux.com)Mayank Sharma shows how to distribute an ISO image with bittorrent on Linux.com. "The BitTorrent protocol has revolutionized peer-to-peer (P2P) file sharing. It works by enabling users to download fragments of a large file from other users simultaneously, rather than waiting for one file to complete, thus speeding the download process. As a result, many popular Linux distributions have started releasing their ISOs through torrents, many of which you can find at LinuxTracker. But if your favourite distro doesn't offer a release torrent, why not make your own?"
Runit makes a speedy replacement for init (Linux.com)Mark Alexander Bain looks at Runit on Linux.com "runit, a Unix init scheme with service supervision written by Gerrit Pape, is a complete replacement for SysVinit. Its key benefits include improved boot speed and ease of use. In the time that it takes you to read this article, you could move from init to runit. In a recent article covering the use of cinit to implement a parallel boot process, I managed to turn a booting time of 2 minutes 54 seconds into 2 minutes 3 seconds -- a massive saving of 51 seconds. By converting the same Linux machine to runit, I was able to reduce booting time to 55 seconds."
Building a Self-Healing Network (O'ReillyNet)Greg Retkowski writes about self-healing networks on O'Reilly. "Wouldn't it be nice if your network services could detect their own failures and gracefully restart? Sure, you could have cron or FAM jobs always checking them, but that's so unrefined. Instead, consider Greg Retkowski's solution: building a small Cfengine and NAGIOS combination to detect and recover from failure."
Reviews OpenSUSE 10.1 Is Versatile, but Uneven (eWeek)eWeek reviews OpenSUSE 10.1. "In the past, we've found that SUSE distributions have lagged behind Red Hat and Debian-based distributions in the all-important area of software installation and management. OpenSUSE 10.1 has made some strides in this area, but the system's software management story remains murkier than we'd like."
Miscellaneous Google Summer of Code KDE projects (KDE.News)KDE.News has announced the KDE projects in this year's Google Summer of Code. "KDE is happy to announce the selection of 24 student applications for the Google Summer of Code 2006. This year, Google received a total of 6400 applications worldwide spread across 102 different Open Source organisations. "It looks like we've got some very interesting projects for KDE as a whole, and a good number of projects for KOffice", said Boudewijn Rempt, the maintainer for Krita, celebrating the selection of 4 KOffice student proposals."
Beyond the Open-Source Hype (Foreign Policy)Here's a Foreign Policy column arguing that open source software has, perhaps, been oversold. "However, it is misleading to say that open source empowers people in ways proprietary software does not. Both open source and proprietary software allow you to change the behavior of a software program in significant ways without touching the program's source code. The truth is that software authors, whether they work for a large software firm or no one at all, want users to adapt their product to specific locations and needs. Microsoft makes a living out of making its software customizable while still closely guarding its source code." (Thanks to Sami Juvonen).
Page editor: Forrest Cook Announcements Non-Commercial announcements EFF: Huge Win for Online Journalists' Source ProtectionThe Electronic Frontier Foundation has announced a the results of a legal ruling that affects online journalists. "A California state appeals court ruled in favor of the Electronic Frontier Foundation's (EFF's) petition on behalf of three online journalists Friday, holding that the online journalists have the same right to protect the confidentiality of their sources as offline reporters do."
OLPC hardware details postedThe One Laptop Per Child hardware information page has been updated with a great many details on just what will go into the OLPC package. The most interesting stuff is under the "what makes this system unique" heading; clearly a great deal of thought has gone into the design of this system. "Wireless mesh: Child-child sharing! OLPC Laptops are full-time wireless routers. Mesh networking reduces the need for dedicated infrastructure (e.g. access points and/or cabling), and extends greatly the areas in which machines may be connected to each other and/or to the internet."
The OLPC developer's programThe One Laptop Per Child effort has a big pile of prototype systems, and they are looking for developers who would like to use them to help with OLPC development. Note the limits of these prototype systems: they are bare circuit boards with a power supply and a connector for a serial console. But, if you would like to play with such a system and help make it work better, the OLPC project may send you one. Have a look at the OLPC developer's program page for information on the systems, a list of tasks that need doing, and instructions on applying for a system.
Commercial announcements FUEL Database 1.0 ReleasedVersion 1.0 of FUEL Database, an embedded DBMS for Windows CE/Mobile, Embedded Linux, and VxWorks platforms, is out. "ITTIA plans to support all industry-standard platforms. Developers will be able to develop their application in one operating system environment and, without changing a single line of database code, deploy their application into a different operating system with ease. As a result, they can develop with minimal investment, zero administration, no disruption, and, with ITTIA's reasonable licensing model, gain a competitive edge for their application."
IBM invests in Brazil Linux Tech CenterIBM has announced the investment of $2.2 million in a Brazilian Linux Technology Center. "Developers at IBM's Linux Technology Center in Brazil will work to make Linux better as part of the open source community specializing in developing Linux with cell, power and virtualization technologies. The investment will be used to complete construction of a Linux development laboratory in Hortolândia and expand a second lab in Campinas, on Brazil's Unicamp campus."
TimeSys Introduces LinuxLink Subscriptions for Freescale i.MX31TimeSys has announced the availability of LinuxLink subscriptions for the Freescale Semiconductor i.MX31 multimedia processor. "Collaboration of Nissin Systems and Freescale will enable development of networking products using the state-of-the-art technologies requiring video, audio and mobile technologies, including a network-enabled camera, security camera, IP TV phone, media player, biometrics authentication device and other business equipment. In addition, communication equipment and appliance manufacturers can efficiently develop their custom boards and application software, significantly reducing procurement cost and speeding up development cycle."
Win4Lin announces major upgrade to 2000/XP desktop productWin4Lin has released version 3 of their 2000/XP desktop product. ""Win4Lin Pro 3.0 is an important step forward in both usability and performance. We are pleased to offer the world's fastest and easiest method for installing Windows on a Linux desktop, where users can literally be running Windows XP in less than thirty minutes, said Leo Reiter, Win4Lin CTO."
New Books Building Scalable Web Sites - O'Reilly's Latest ReleaseO'Reilly has published the book Building Scalable Web Sites by Cal Henderson.
Java I/O, Second Edition - O'Reilly's Latest ReleaseO'Reilly has published the book Java I/O, Second Edition by Elliotte Rusty Harold.
No Starch Press releases "Object Oriented PHP"No Starch Press has published the book Object Oriented PHP by Peter Lavin.
Contests and Awards SafeDesk Puts Bounties on STS Open-Source DevelopmentThe SafeDesk Bounty Program has been launched. "SafeDesk is currently inviting individuals or groups from the FOSS community to participate in making STS Bounty program in an effort to further develop an even better thin-client server solution as a compliment to the LTSP and other server-based solutions. Initial projects not only support the STS project directly, but also support the Debian Live project from which SafeDesk and its engineers have already been contributors."
Education and Certification LPI promotes Linux Certification within North-East Asia RegionThe Linux Professional Institute has announced the holding of Linux certification events and exam labs in Japan and South Korea from May 31 through June 7, 2006.
Calls for Presentations Zend/PHP Conference 2006 Call for PapersA call for papers has gone out for the 2006 Zend/PHP Conference & Expo. The event takes place from October 29 to November 2, 2006 in San Jose, California. "The conference selection committee will consider all abstracts submitted on or before June 15th, 2006. Notifications will be made by August 1st, 2006."
OSDC Australia CFPA call for papers has gone out for the Open Source Developers' Conference 2006. The event takes place in Melbourne, Australia on December 5-8, 2006. Proposals are due by July 12.
Upcoming Events Collaborative Technologies Conference announcedCMP Media has announced the session topics for the Collaborative Technologies Conference. The event will take place in Boston, MA on June 19-22, 2006. "During these CTC sessions, industry thought leaders and technology innovators will explore strategies, practices and tools that can help businesses cut costs, increase productivity, reduce time-to-market, align workgroups and create a more streamlined, dynamic organization."
Events: June 1 - July 27, 2006
Miscellaneous PSF: Summer of Code projects announcedThe Python Software Foundation has announced its 2006 Google Summer of Code projects. "25 projects were been accepted, tying with the Apache Software Foundation for the largest number of funded proposals. The accepted projects include 5 enhancements to the CPython interpreter or standard library, 3 PyPy projects, 3 SciPy projects, and 2 projects relating to the Soya3D library for 3-dimensional graphics."
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||