LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for July 13, 2006Denial of reality vulnerabilitiesOn July 7, the folks at rPath sent out a security update for a pair of kernel vulnerabilities. The update reads, in part:
Previous versions of the kernel package are vulnerable to two
denial of service attacks. The first allows any local user to fill
up file systems by causing core dumps to write to directories to
which they do not have write access permissions.
The bug in question is designated CVE-2006-2451; it was fixed in the 2.6.17.4 kernel release. All kernels since 2.6.13 are vulnerable, but one cannot just rely on the nominal version number: Red Hat helpfully backported this bug into the 2.6.9 kernel shipped with RHEL4. Reading the description above, some system administrators may feel that there is no particular urgency in applying this update. The risk that a rogue user would fill up a disk with core dump files may seem small, so an update fixing the problem - and which requires a system reboot to be effective - can maybe be deferred for a while. After all, the Linux kernel core dump code takes pains to avoid overwriting files with core dumps, so the real potential for harm is small. It's a denial of service bug. Except that it's not. All that is required is to create a program containing a string in the format understood by cron, send it over to /etc/cron.d, and use the bug to create a core dump there. Eventually cron will wander along, helpfully pick the line it understands out of the surrounding binary junk, and execute (as root) the commands found there. It is a simple and straightforward local root exploit; an example implementation has been posted to the full-disclosure list. Paul Starzetz has posted a complaint about the characterization of a fully-exploitable vulnerability as a denial of service problem; he has seen this done with other vulnerabilities as well. He is right. "Denial of service" makes the vulnerability seem less severe, especially if it is only exploitable locally. Those words may cause vulnerabilities to remain open longer by inspiring inaction on both the administrator and distributor sides. If a bug can be exploited for privilege escalation, it should not be described as a denial of service problem. To its credit, Red Hat (which is where the bug was discovered) notes that the bug could be exploited to gain root privileges. Ubuntu, which closed the vulnerability four days later, says "This could be exploited to drain available disk space on system partitions, or, under some circumstances, to execute arbitrary code with full root privileges." This advisory could use an edit as well: "under some circumstances" makes the exploit seem unlikely or difficult. A more accurate wording would be "if the attacker wants." Lest it seem that rPath and Ubuntu are receiving too much grief: as of this writing, five days after disclosure, rPath, Ubuntu, and Red Hat are the only distributors to have fixed this problem. They have done the most important part: making an update available. All other distributors who have shipped kernels based on 2.6.13 or later remain vulnerable to a trivial local root exploit. Might this slow response be caused, in part, by the perception that this is a mere local denial of service bug? As a community, we feel that we have the best security support out there. Vulnerabilities are not hidden, and fixes come promptly. In cases like this one, however, we have let our users down. Presenting an easily exploitable root vulnerability as a denial of service problem is just the sort of obfuscation that we normally try to avoid. And the fact that a number of distributions remain vulnerable is a failure to live up to our own promises. We can - and must - do better than that.
OpenDocument: cleared for use?The press release from the Software Freedom Law Center came with an attention-getting headline: Software Freedom Law Center Clears OpenDocument Format for Free Software Use. Since a number of free software projects have supported OpenDocument for some years now, and since OpenDocument has been heavily promoted as a way of leveling the office suite playing field, many in the community may have been surprised to see SFLC jumping in to "clear" the format at this time. Still, free software developers will be glad to know that "...that they can legally implement OpenDocument Format (ODF) in free and open source software. OpenDocument Format is a free file format for saving and exchanging editable documents, spreadsheets, databases and presentations."The problem is that the legal opinion from SFLC says no such thing. With all legal texts, one is well advised to read the fine print; in this case, the small text makes it clear that SFLC's survey was of a rather more limited scope than the press release would suggest. The SFLC analysis was seemingly inspired by concern over the patent policies of OASIS, the standards body which has adopted ODF. OASIS standards can include patented technology; depending on the policy chosen when a given standard process starts, those patents need not be made available under any sort of license compatible with free software. In the case of ODF, however, the standard was developed in the "royalty free on limited terms" mode. Whether the standard is truly free, in the end, depends on whether the "limited terms" are workable or not. So the SFLC went to look at the patent terms disclosures required of the standard committee's members. Only Sun had filed such a disclosure, and Sun's terms were deemed to be reasonable. From this work, SFLC concluded that none of the OASIS standard committee members have any patents which they will be able to assert against those who implement OpenDocument. None of the companies which put together this standard have any submarine patents lurking below the surface. This is good to know, but the disclaimer text makes it clear just how limited this statement is:
Patent-holders not qualifying as Obligated Members of the OASIS
Technical Committee may in future assert essential
claims. Obligated Members could in future assert non-essential
claims... Programs with additional
functionality beyond the implementation of the ODF standard,
including programs with office suite functionality, may in fact
practice licensed essential claims outside the field of use
restriction of one or more licenses... This opinion
expresses no view of the validity of any patent, nor whether any
patent is infringed by ODF or by any implementation thereof. No
patent search has been conducted in connection with the preparation
of this opinion.
So SFLC did not actually go looking for possibly relevant patents. Given the current state of affairs, the existence of patents which could possibly applied to ODF seems almost certain. Searching them out would have been pointless; in this field, it is often simply better not to know about possible patent problems. So, while the SFLC has done a good thing by ruling out one particular set of potential ODF patent problems, there are limits to the extent to which ODF can be "cleared for free software use." As long as the current patent regime exists, free software will never be truly safe.
The end of the multiarch era?Your editor, having a distinct masochistic streak, runs several different computers, each with a different Linux distribution. For added pain, most of them run the bleeding-edge, development version of their particular distribution. As a result, surprises are, well, not particularly surprising. Even so, your editor's x86-64 system running Fedora development (the distribution formerly known as "Rawhide") managed to raise some eyebrows recently - and the news was not all bad.One of the endearing features of Fedora Development on x86-64 is that the chances of running "yum update" successfully at any given time tend to be less than 50% - especially if the system has any packages from Extras installed. Between dependency hassles and travel, this particular system had not been updated in some time. Your editor finally broke down, deleted a few packages which were blocking the update, and set off on what looked like a plausible attempt to catch up to the leading edge. After a quick check of the current backups, your editor fired off the "yum update" command. After thinking at length and forcing every other process out to swap in the way only yum can do, the word came back: the system could be updated, at the cost of downloading some 420 packages. Installing that many potentially unstable packages onto an important system requires a significant girding of loins - a state of preparedness which can be difficult to maintain while waiting for all those packages to download from the (not particularly speedy) mirror network. Once that process completed, yum had another long think, then announced a file conflict: /usr/bin/oowriter from openoffice.org-writer-2.0.3-7 conflicted with the same file in openoffice.org-writer-2.0.3-5. Yum, of course, refused to update the system. That much is understandable, but its subsequent decision to delete all 420 downloaded (but uninstalled) packages can only be seen as gratuitous and mean-spirited. To the uninitiated, it would appear that yum is complaining about a package conflicting with itself. Experienced Fedora x86-64 users, however, recognize the problem immediately: the x86-64 and i386 versions of the same package are refusing to play well together. This was, thus, your editor's introduction to the good news portion of this exercise: Fedora Development now has a native 64-bit version of OpenOffice.org. All that was necessary was to manually clear out the old, 32-bit version and rerun the update (in the process re-downloading all 420 packages). Some quick tests show that the 64-bit OpenOffice.org appears to work, and your editor can now begin the task of cleaning out the vast pile of 32-bit libraries that OpenOffice.org traditionally dragged onto the system with it. While a full assessment is yet to be made, it is your editor's opinion that OpenOffice.org was the last 32-bit application running on this 64-bit system. That means that the whole multi-architecture support infrastructure needed to run 32-bit programs can now go away, and it will not be a moment too soon. Multiple architecture support seems like a nice idea. With a bit of work, a system can transparently run binaries compiled for a different architecture. That can be good for system migrations, and it can make it easier to grab precompiled (or proprietary) applications from elsewhere and quickly make use of them. It allowed your editor to run OpenOffice.org even though that application was not able to build and run properly on your editor's system. But multiple-architecture support can be an administrative nightmare. Keeping multiple versions of the same package synchronized can be a challenge, and, if the package creators are not careful, they will not mix well together. It is amazing how many libraries must be dragged along for both architectures; the inevitable crufting up of the system happens much more quickly. Your editor never asked to have two versions of MySQL, CUPS, gphoto, GTK2, PAM, etc., but they showed up anyway. And one can only hope that whoever came up with /lib64 has had the opportunity to spend much time in a solitary cell with a bunch of applications using old configure scripts. In a world where applications cannot be rebuilt, multiarch support might be a life saver. But, in a free software environment, we should not need it. We can build our programs to run on the target's native architecture, and need not saddle ourselves with the overhead and hassles of multiarch support. Your editor is looking forward to cleaning up the some 140 i386 packages still on this system - they should not be needed anymore.
Security Wireless networking driver vulnerabilitiesOne of the major conveniences of wireless networking is its invisibility, but that is also one of its major weaknesses. A recent announcement of wireless driver flaws serves as a reminder that simply having a wireless card installed may be enough to allow unauthorized access. Unlike other network devices, there is no wire to remind the user that they may be making their computer vulnerable to malware. Two security researchers used an open source tool called lorcon to send a large number of wireless packets to various wireless devices. They were looking to see if they could cause the drivers to fail when they received unexpected data. The result was that they found many flaws in the wireless drivers, including one that would allow a malicious user to take over a machine that was equipped with the vulnerable wireless card. Many of the driver flaws they found did not require that the user or wireless card actually be connected to the network to be exploited. It is unclear whether this exploit is of concern to Linux users as the researchers are not releasing many details until their talk at the Black Hat conference on 2 August. It is clear, however, that this is an area that is ripe for exploitation on Linux as well as other platforms. Wireless cards do a lot of things invisibly in order to determine what other devices there are in the neighborhood and these actions are often completely outside of the control of the user. Normally, open source drivers provide at least a path to quickly fix any security problems discovered -- unfortunately, this is not the case with many of the wireless drivers used on Linux systems. Wireless card manufacturers have so far been mostly unwilling to release enough information for kernel hackers to create full open source drivers for those devices. Because of this, many users are installing closed source drivers to access their wireless cards. In some cases, users are installing Windows drivers and using NdisWrapper to link those into the Linux kernel. Because the wireless vendors are relatively likely to fix the windows drivers, this approach may provide a reasonably quick resolution to security problems. At least, that may be the case for currently-supported hardware, if the vulnerability does not originate in the interaction between the driver and ndiswrapper, and if the user knows to download and install the updated driver. It is likely that any closed source native Linux wireless driver would have a lower priority for a vendor to fix and therefore a security vulnerability might remain unpatched for a significant amount of time. It is far better, of course, to use hardware which has open-source support. Vulnerabilities in open-source drivers should be fixed quickly, and those fixes will be made available by the distributor's package management system. As wireless technology becomes more prevalent and more devices and protocols are deployed, it is clear that more exploits and vulnerabilities will be found. Italian researchers recently ran an experiment at the Milan airport to highlight the number of potentially exploitable Bluetooth devices they could find; in 23 hours were able to spot 1400 of them. Wireless manufacturers and standards committees do not seem to learn from the security flaws of the past and that will lead to exploits in the future.
New vulnerabilities gimp: arbitrary code execution
kernel: privilege escalation
libmms: buffer overflows
ppp: privilege escalation
samba: memory exhaustion
shadow: privilege escalation
SHOUTcast server: multiple vulnerabilities
Updated vulnerabilities acroread: unspecified security problems
asterisk: buffer overflow
binutils: buffer overflow
busybox: insecure password generation
bzip2: race condition and infinite loop
ktools: buffer overflow
courier: denial of service
cpio: arbitrary code execution
vixie-cron: privilege escalation
cscope: buffer overflows
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
freetype: integer overflows
gdb: multiple vulnerabilities
gdm: improper file permissions
gedit: format string vulnerability
gnupg: remote denial of service
grip: buffer overflow
gzip: arbitrary command execution
Hashcash: possible heap overflow
ImageMagick: heap overflow vulnerability
kdebase: local root vulnerability
kdebase: privilege escalation
kdelibs: kate backup file permission leak
kernel: multiple vulnerabilities
kernel: denial of service
kernel: netfilter memory corruption
kernel: multiple vulnerabilities
kernel: information disclosure
kiax: arbitrary code execution
libgadu: memory alignment bug
libgd2: denial of service
libpam-ldap: authentication bypass
libpng: heap based buffer overflow
libtiff: buffer overflow
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
lynx: arbitrary command execution
mozilla products have multiple vulnerabilities
mutt: IMAP namespace buffer overflow
mysql: denial of service
MySQL: logging bypass
nbd: arbitrary code execution
ntp: uses wrong gid
openmotif: buffer overflows
openoffice.org: several vulnerabilities
OpenSSH: double shell expansion
opera: integer overflow and SSL spoof
perl: setuid vulnerabilities
php: multiple vulnerabilities
phpbb2: missing input sanitizing
phpbb2: multiple vulnerabilities
phpMyAdmin: multiple vulnerabilities
postgresql: SQL injection
Py2Play: remote execution of arbitrary Python code
quagga: multiple vulnerabilities
quake: buffer overflow
scorched3d: multiple vulnerabilities
sendmail: denial of service
shadow-utils: mailbox creation vulnerability
squirrelmail: file inclusion vulnerability
sudo: vulnerability via scripts
texinfo: temporary file vulnerability
tikiwiki: multiple vulnerabilities
tin: buffer overflow
unzip: long file name buffer overflow
w3c-libwww: possible stack overflow
xine-lib: buffer overflow
xine-lib: buffer overflow
xine-ui: format string vulnerabilities
X.Org: buffer overflow
xpdf: buffer overflow
xpdf: denial of service
xpdf: integer overflows
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current stable 2.6 kernel is 2.6.17.4, released on July 6. It contains a single fix for a locally-exploitable vulnerability in the prctl() system call. 2.6.16.24 was also released with the same fix.The current 2.6 prepatch remains 2.6.18-rc1. Almost 200 patches have gone into the mainline since -rc1 was released; they are almost all fixes, but the "TCP Compound" congestion control algorithm was also removed due to doubts about the code's origin. The current -mm tree is 2.6.18-rc1-mm1. Recent changes to -mm include a vast number of new warnings for unchecked return values, a set of software suspend updates, and a new version of the vectored I/O operation patch set.
Kernel development news A survey on kernel qualityAs has been reported on LWN recently, Andrew Morton has been heard to worry that bugs are being added to the kernel more quickly than they are being fixed. But it is hard to know for sure. In an attempt to obtain a little more data on the problem, Andrew has asked LWN to run a survey of its subscribers. The results will, hopefully, shed some light on how a wider part of the community sees the kernel quality issue; they will be discussed at the upcoming kernel summit.This opportunity is an honor for LWN subscribers, who are seen as being more than sufficiently knowledgeable to provide good answers while being unlikely to attempt to skew the results. It is a chance for all of us to help with the development process. If you are an LWN subscriber, please take a few minutes, proceed to the survey and help out.
Quotes of the week
All these functions return error codes, and we're not checking
them. We should. So there's a patch which marks all these things
as __must_check, which causes around 1,500 new warnings.
These are all bugs and they all need to be fixed. -- Andrew Morton releases 2.6.18-rc1-mm1
[Y]ou seem to be quite self-confident. That is a nice thing to have
for say a pro boxer, but it can be a disadvantage when dealing with
a complex OS.
-- Ingo Molnar
initramfs and where user space truly beginsThe initramfs mechanism was added to the 2.5.46 kernel. With initramfs, a boot-time filesystem can be created (in cpio format) and appended to the kernel image file. When the system boots, it will have access to the filesystem from the very beginning of the bootstrap process - far before it reaches the point of being able to mount disks. Initramfs works much like the venerable initrd facility, but, unlike initrd, initramfs does not require the system to be able to mount a disk and find the filesystem image.Initramfs is increasingly useful as hardware becomes more complex. Often, simply finding the root filesystem can involve complex hardware setup, conversations across the network, getting cryptographic keys, piecing together RAID or LVM volumes, and more. Currently, much of this work is done inside the kernel itself, leading to kernel code which duplicates user-space tools - but with less review and maintenance. Moving this work into a user-space boot-time filesystem promises to shrink the kernel, make the boot process more reliable, and allow distributors (and users) to customize the early bootstrap process in interesting ways. Thus far, however, use of initramfs has been limited; in particular, all of the early boot code remains in the kernel. One of the blocking points has been the need for a minimal C library which would work in that environment. This library (klibc) has been under development, slowly, for years. That work has recently culminated in a set of klibc patches posted by H. Peter Anvin. Klibc is now in a position to help rework the Linux bootstrap process - and to force discussion of just how the kernel should interact with tightly-coupled utilities. The core klibc patch includes replacements for a long list of C library functions and system call wrappers. It is sufficient, for example, to support a minimal shell called "dash" and a port of the gzip utility. There is a root filesystem mounting utility which can handle several filesystem types, obtaining an IP address using bootp or DHCP, NFS mounts, assembly of RAID volumes, resuming of suspended systems, and more. Much of the code which performs those functions can then be removed from the kernel itself. Klibc and the kinit program which comes with it appear to be getting close to ready for real use. This code, like other efforts to move core kernel features into user space, raises a number of questions. Some of these are likely to come up at the kernel summit in Ottawa, but a real solution is likely to be rather longer in coming. The fundamental question is this: are klibc and kinit part of the kernel? They consist of code which used to be part of the kernel itself, and which is a necessary part of the kernel bootstrap process - if the related code is removed from the kernel, the kernel will not be able to run without kinit. Both components are tightly tied to the kernel, to the point that a kernel upgrade may often require upgrading kinit and klibc as well. A system where the kernel and kinit go out of sync may well fail to boot. To many developers, these reasons are more than adequate to justify packaging (and building) kinit and klibc with the kernel itself. If the code is kept and built together, it has a much higher chance of continuing to function as a coherent whole. Every kernel/kinit combination will have been tested together and will be known to work. If, instead, the two are separated, the resulting kinit will be, in essence, a large body of kernel code which is not reviewed and maintained with the rest of the system. The quality of kinit could be expected to suffer, complaints from users could grow, and differences between distributions could increase. On the other hand, if kinit must be part of the kernel, one could well ask just where the line should be drawn. Should udev, which has suffered from (rare) kernel version incompatibilities, be included? How about the user-space software suspend code? Cluster membership utilities? Filesystem checkers? Wireless network authentication daemons? Unless Linux is going to head toward a more BSD-like organization (an unlikely prospect), we will not see all of the above tools included in the kernel tarball anytime soon. And so, according to some, kinit and klibc should be maintained as out-of-kernel packages like any other user-space code. There is another important issue here, however: compatibility between distributions and between kernel versions. Earlier this year, your editor had a system running a development distribution fail to boot; that distribution's maintainers had concluded that, since the distribution-specific initrd image mounted /proc and /sys, there was no reason for the initialization scripts to do so as well. Your editor, who has never had much use for initrd, was left with a system which was unable to run a vanilla kernel.org kernel. That particular change was (after your editor complained) backed out, but the issue remains: distribution-specific initialization code can make it impossible to run kernels obtained from elsewhere. Ted Ts'o has also pointed out an initialization problem which makes RHEL4 unable to run current kernels on some systems. He says:
Kinit SHOULD be merged into the kernel, and the responsibility of
creating the initrd/initramfs image should be moved from the
distribution into the kernel build process. There can and should
be a way for distro's to add their own "value add specials" into
the initrd/initramfs image, but we have to take over creating the
base initial userspace environment.
This is a discussion which could go on for some time; it could become one of the more contentious issues at the kernel summit. There is a subset of the kernel development community which has a strong desire to move as much code as possible into user space. Not everybody agrees that this is the right approach, but, to the extent that code is shoved out of kernel space, there must be a vision describing how all of the pieces will continue to work well together into the future. That vision does not yet appear to exist.
execns()The developers behind a whole range of virtualization and containerization projects are continuing to work on ways to get the isolation features they need into the mainline kernel. Much of that work is centered around the elimination of global namespaces and additions to the unshare() system call so that interested processes can retreat into their own, private namespaces. For example, on mainline Linux systems today, the process ID namespace is global - a given process ID identifies the same process for every other process on the system. The container developers would like to move away from a global PID namespace so that containers can present their own process IDs to the processes trapped inside. Many other kernel namespaces are receiving the same sort of treatment.Cedric Le Goater has posted a patch set which takes this work forward in an interesting way by de-globalizing another namespace and adding a different interface for creating new namespaces. The new namespace type added by the patch is the "user" namespace - the system's view of user ID values. For the most part, the kernel just uses user IDs for the enforcement of permissions; it does not really care if one set of processes interprets user ID values differently than another. So, if processes within one container cannot see resources (processes, SYSV IPC, filesystems) belonging to another container, there is little opportunity for processes to interfere with each other, even if they are running with the same numeric user ID value. That user ID can map to two entirely different accounts in the different containers, and the isolation provided by those containers will keep them separate. The one little exception is the user_struct structure maintained in kernel/user.c. This structure exists to allow the kernel to enforce per-user resource limits; to that end, one is allocated for each user ID currently active on the system. The function responsible for looking up one of these structures (find_user()) implements a global user ID namespace, so processes sharing a user ID number in different containers will affect each others' resource limits. Cedric's patch fixes this problem by creating a new namespace type for user IDs, allowing resource limits to be isolated within containers. The implementation of this namespace is simple, but allowing processes to move into a new user namespace with unshare(), as it turns out, is not. When a process gets around to calling unshare(), it may have a long list of resources which are reflected in the user_struct structure. Disconnecting from the old structure will require the system to somehow disassociate the process's current resource usage from that structure and add them to the new one instead. This process is detailed and error-prone; even if it works once, keeping it maintained and functional into the future could be a challenge. The same challenge applies to SYSV IPC namespaces. A process which holds references to a SYSV semaphore, for example, must have those references taken away, any undo information handled properly, and so on. Rather than try to fix up unshare() to handle all of these issues, Cedric has taken a different approach: only allow a process to disconnect from namespaces when all of its references to those namespaces are being shut down anyway. That time is when the process calls a form of exec() to run a new program. So Cedric has created a new form of the execve() call:
int execns(int unshare_flags, char *filename, char **argv, char **envp);
This call will function like execve, in that it will cause the process to run the program found in filename with the given arguments and environment. The new unshare_flags argument, however, allows the caller to specify a set of namespaces to be unshared at the same time. As a result, the new program starts fresh with its new namespaces and no dangling references into the older ones. To help ensure that things happen this way, execns() closes all open files, regardless of whether they are marked "close on exec." Moving namespace creation into exec() would seem to make some sense. The creation of namespaces is a rare act, done as part of the establishment of a new container; it's not something that running processes just occasionally decide to do. The execns() will allow a container's init-like process to start with a clean slate while, with luck, simplifying the unsharing logic within the kernel.
Crash-only software: More than meets the eyeNext time your Linux laptop crashes, pull out your watch (or your cell phone) and time how long it takes to boot up. More than likely, you're running a journaling file system, and not only did your system boot up quickly, but it didn't lose any data that you cared about. (Maybe you lost the last few bytes of your DHCP client's log file, darn.) Now, keep your timekeeping device of choice handy and execute a normal shutdown and reboot. More than likely, you will find that it took longer to reboot "normally" than it did to crash your system and recover it - and for no perceivable benefit.George Candea and Armando Fox noticed that, counter-intuitively, many software systems can crash and recover more quickly than they can be shutdown and restarted. They reported the following measurements in their paper, Crash-only Software (published in Hot Topics in Operating Systems IX in 2003):
In their experiments, no important data was lost. This is not surprising as, after all, good software is designed to safely handle crashes. Software that loses or ruins your data when it crashes isn't very popular in today's computing environment - remember how frustrating it was to use word processors without an auto-save feature? What is surprising is that most systems have two methods of shutting down - cleanly or by crashing - and two methods of starting up - normal start up or recovery - and that frequently the crash/recover method is, by all objective measures, a better choice. Given this, why support the extra code (and associated bugs) to do a clean start up and shutdown? In other words, why should I ever type "halt" instead of hitting the power button? The main reason to support explicit shutdown and start-up is simple: performance. Often, designers must trade off higher steady state performance (when the application is running normally) with performance during a restart - and with acceptable data loss. File systems are a good example of this trade-off: ext2 runs very quickly while in use but takes a long time to recover and makes no guarantees about when data hits disk, while ext3 has somewhat lower performance while in use but is very quick to recover and makes explicit guarantees about when data hits disk. When overall system availability and acceptable data loss in the event of a crash are factored into the performance equation, ext3 or any other journaling file system is the winner for many systems, including, more than likely, the laptop you are using to read this article. Crash-only software is software that crashes safely and recovers quickly. The only way to stop it is to crash it, and the only way to start it is to recover. A crash-only system is composed of crash-only components which communicate with retryable requests; faults are handled by crashing and restarting the faulty component and retrying any requests which have timed out. The resulting system is often more robust and reliable because crash recovery is a first-class citizen in the development process, rather than an afterthought, and you no longer need the extra code (and associated interfaces and bugs) for explicit shutdown. All software ought to be able to crash safely and recover quickly, but crash-only software must have these qualities, or their lack becomes quickly evident. The concept of crash-only software has received quite a lot of attention since its publication. Besides several well-received research papers demonstrating useful implementations of crash-only software, crash-only software has been covered in several popular articles in publications as diverse as Scientific American, Salon.com, and CIO Today. It was cited as one of the reasons Armando Fox was named one of Scientific American's list of top 50 scientists for 2003 and George Candea as one of MIT Technology Review's Top 35 Young Innovators for 2005. Crash-only software has made its mark outside the press room as well; for example, Google's distributed file system, GoogleFS, is implemented as crash-only software, all the way through to the metadata server. The term "crash-only" is now regularly bandied about in design discussions for production software. I myself wrote a blog entry on crash-only software back in 2004. Why bother writing about it again? Quite simply, the crash-only software meme became so popular that, inevitably, mutations arose and flourished, sometimes to the detriment of allegedly crash-only software systems. In this article, we will review some of the more common misunderstandings about designing and implementing crash-only software.
Misconceptions about crash-only softwareThe first major misunderstanding is that crash-only software is a form of free lunch: you can be lazy and not write shutdown code, not handle errors (just crash it! whee!), or not save state. Just pull up your favorite application in an editor, delete the code for normal start up and shutdown, and voila! instant crash-only software. In fact, crash-only software involves greater discipline and more careful design, because if your checkpointing and recovery code doesn't work, you will find out right away. Crash-only design helps you produce more robust, reliable software, it doesn't exempt you from writing robust, reliable software in the first place.Another mistake is overuse of the crash/restart "hammer." One of the ideas in crash-only software is that if a component is behaving strangely or suffering some bug, you can just crash it and restart it, and more than likely it will start functioning again. This will often be faster than diagnosing and fixing the problem by hand, and so a good technique for high-availability services. Some programmers overuse the technique by deliberately writing code to crash the program whenever something goes wrong, when the correct solution is to handle all the errors you can think of correctly, and then rely on crash/restart for unforeseen error conditions. Another overuse of crash/restart is that when things go wrong, you should crash and restart the whole system. One tenet of crash-only system design is the idea that crash/restart is cheap - because you are only crashing and recovering small, self-contained parts of the system (see the paper on microreboots). Try telling your users that your whole web browser crashes and restarts every 2 minutes because it is crash-only software and see how well that goes over. If instead the browser quietly crashes and recovers only the thread that is misbehaving you will have much happier users. On the face of it, the simplest part of crash-only software would be implementing the "crash" part. How hard is it to hit the power button? There is a subtle implementation point that is easy to miss, though: the crash mechanism has to be entirely outside and independent of the crash-only system - hardware power switch, kill -9, shutting down the virtual machine. If it is implemented through internal code, it takes away a valuable part of crash-only software: that you have an all-powerful, reliable method to take any misbehaving component of the system and crash/restart it into a known state. I heard of one "crash-only" system in which the shutdown code was replaced with an abort() system call as part of a "crash-only" design. There were two problems with this approach. One, it relied on the system to not have any bugs in the code path leading to the abort() system call or any deadlocks which would prevent it being executed. Two, shutting down the system in this manner only exercised a subset of the total possible crash space, since it was only testing what happened when the system successfully received and handled a request to shutdown. For example, a single-threaded program that handled requests in an event loop would never be crashed in the middle of handling another request, and so the recovery code would not be tested for this case. One more example of a badly implemented "crash" is a database that, when it ran out of disk space for its event logging, could not be safely shut down because it wanted to write a log entry before shutting down, but it was out of disk space, so... Another common pattern is to ignore the trade-offs of performance vs. recovery time vs. reliability and take an absolutist approach to optimizing for one quality while maintaining superficial allegiance to crash-only design. The major trade-off is that checkpointing your application's state improves recovery time and reliability but reduces steady state performance. The two extremes are checkpointing or saving state far too often and checkpointing not at all; like Goldilocks, you need to find the checkpoint frequency that is Just Right for your application. What frequency of checkpointing will give you acceptable recovery time, acceptable performance, and acceptable data loss? I once used a web browser which only saved preferences and browsing history on a clean shutdown of the browser. Saving the history every millisecond is clearly overkill, but saving changed items every minute would be quite reasonable. The chosen strategy, "save only on shutdown," turned out to be equivalent to "save never" - how often do people close their browsers, compared to how often they crash? I ended up solving this problem by explicitly starting up the browser for the sole purpose of changing the settings and immediately closing it again after the third or fourth time I lost my settings. (This is good example of how all software should be written to crash safely but does not.) Most implementations of bash I have used take the same approach to saving the command history; as a result I now explicitly "exit" out of running shells (all 13 or so of them) whenever I shut down my computer so I don't lose my command history. Shutdown code should be viewed as, fundamentally, only of use to optimize the next start up sequence and should not be used to do anything required for correctness. One way to approach shutdown code is to add a big comment at the top of the code saying "WISHFUL THINKING: This code may never be executed. But it sure would be nice." Another class of misunderstanding is about what kind of systems are suitable for crash-only design. Some people think crash-only software must be stateless, since any part of the system might crash and restart, and lose any uncommitted state in the process. While this means you must carefully distinguish between volatile and non-volatile state, it certainly doesn't mean your system must be stateless! Crash-only software only says that any non-volatile state your system needs must itself be stored in a crash-only system, such as a database or session state store. Usually, it is far easier to use a special purpose system to store state, rather than rolling your own. Writing a crash-safe, quick-recovery state store is an extremely difficult task and should be left to the experts (and will make your system easier to implement). Crash-only software makes explicit the trade-off between optimizing for steady-state performance and optimizing for recovery. Sometimes this is taken to mean that you can't use crash-only design for high performance systems. As usual, it depends on your system, but many systems suffer bugs and crashes often enough that crash-only design is a win when you consider overall up time and performance, rather than performance only when the system is up and running. Perhaps your system is robust enough that you can optimize for steady state performance and disregard recovery time... but it's unlikely. Because it must be possible to crash and restart components, some people think that a multi-threaded system using locks can't be crash-only - after all, what happens if you crash while holding a lock? The answer is that locks can be used inside a crash-only component, but all interfaces between components need to allow for the unexpected crash of components. Interfaces between components need to strongly enforce fault boundaries, put timeouts on all requests, and carefully formulate requests so that they don't rely on uncommitted state that could be lost. As an example, consider how the recently-merged robust futex facility makes crash recovery explicit. Some people end up with the impression that crash-only software is less reliable and unsuitable for important "mission-critical" applications because the design explicitly admits that crashes are inevitable. Crash-only software is actually more reliable because it takes into account from the beginning an unavoidable fact of computing - unexpected crashes. A criticism often leveled at systems designed to improve reliability by handling errors in some way other than complete system crash is that they will hide or encourage software bugs by masking their effects. First, crash-only software in many ways exposes previously hidden bugs, by explicitly testing recovery code in normal use. Second, explicitly crashing and restarting components as a workaround for bugs does not preclude taking a crash dump or otherwise recording data that can be used to solve the bug. How can we apply crash-only design to operating systems? One example is file systems, and the design of chunkfs (discussed in last week's LWN article on the 2006 Linux file systems workshop and in more detail here). We are trying to improve reliability and data availability by separating the on-disk data into individually checkable components with strong fault isolation. Each chunk must be able to be individually "crashed" - unmounted - and recovered - fsck'd - without bringing down the other chunks. The code itself must be designed to allow the failure of individual chunks without holding locks or other resources indefinitely, which could cause system-wide deadlocks and unavailability. Updates within each chunk must be crash-safe and quickly recoverable. Splitting the file system up into smaller, restartable, crash-only components creates a more reliable, easier to repair crash-only system.
The conclusionProperly implemented, crash-only software produces higher quality, more reliable code; poorly understood it results in lazy programming. Probably the most common misconception is the idea that writing crash-only software is that it allows you to take shortcuts when writing and designing your code. Wake up, Sleeping Beauty, there ain't no such thing as a free lunch. But you can get a more reliable, easier to debug system if you rigorously apply the principles of crash-only design.[Thanks to Brian Warner for inspiring this article, George Candea and Armando Fox for comments and for codifying crash-only design in general, and the implementers(s) of the Emacs auto-save feature, which has saved my work too many times to count.]
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Book review: Red Hat Fedora 5 UnleashedYour editor recently received a review copy of Red Hat Fedora 5 Unleashed by Paul Hudson and Andrew Hudson, published by Sams. This book comes with a Fedora Core 5 DVD.The Fedora Project is a fast-paced distribution, and with Fedora Core 6 due out soon, why bother with a book about Fedora Core 5? While it is based on FC5, this book has much useful information that will be applicable to future versions of Fedora, and to other versions of Linux as well. I expect this to be a good reference book long after the included DVD becomes nothing more than drink coaster. The book strives to be friendly toward new Linux users while presenting information of interest to seasoned users. It contains over a thousand pages divided into seven parts, including the appendix. Part I: Installation and Configuration includes sections on Introducing Fedora, Preparing to Install Fedora, Installing Fedora, Post-Installation Configuration, and First Steps with Fedora. Each section is broken down into sub-sections and contains a reference. Part II covers Desktop Fedora, with a look at the X Window System, window managers and desktops. Part II also covers RPM, with a nice section covering the rpm command line options, and other methods of installing and removing packages. Once you know how to install packages this section leads you through various applications: email clients, web browsers, IRC and other Internet applications, followed by productivity applications, multimedia applications, graphics, printing and games. System administration is covered in Part III, with chapters on Managing Users, Automating Tasks, System Resources, Backup and Recovery, Network Connectivity, Remote Access with SSH and Telnet, and a chapter on Xen. Your editor did not delve deeply into the section on Fedora as a Server, but there is much information there about installing and configuring Apache, with sub-sections for numerous Apache modules. There a brief look at some other web server options as well. There are also chapters on database servers, print and file servers, FTP servers, mail servers, proxy servers, DNS servers, LDAP servers and news servers. The Programming section looks at Perl, Python, PHP and C/C++ with information about development tools and more. That is followed by a section on housekeeping tasks to keep your Fedora box secure and running at peak efficiency. This section includes a look at many command line tools for examining and managing your system. So should you buy this book? If you are already running Fedora Core 6, this is not the book for you. If you have a friend that wants to get started on Linux this is a good reference book. Even if you've been running Linux for a while, but want to know more, this is good reference book that will be useful for (at least a few) years to come.
New Releases BLAG-50000 ReleasedBLAG Linux and GNU has released BLAG50000 (grass), a Fedora Core 5 based distribution with additional packages from Extras, FreshRPMS, Dries and ATrpms. "BLAG is a single-cd distro with everything desktop users "expect" from a desktop, plus a collection of nice server apps."
Distribution News FC6 test2 freeze slipping by a weekAs the title says, Fedora Core 6 test 2 has been delayed. The new freeze date will be July 19, 2006.
EOL for Mandriva Linux LE2005 is approachingMandriva Linux LE2005 is no longer supported as of July 13, 2006. LE2005 users should upgrade to a supported product.
Ubuntu Edgy merge progressMatt Zimmerman reports on the progress of merging changes from Debian unstable into Edgy main.
New Distributions Univention Corporate ServerUnivention Corporate Server (UCS) is a Linux distribution from Univention GmbH, a company that offers a range of Linux-based products and services. The company also offers a Groupware Server and a Corporate Desktop.
Distribution Newsletters Debian Weekly NewsThe Debian Weekly News for July 11, 2006 covers the speed of buildd, hidden files in Debian packages, configuring a boot graphic to the Debian kernel without compiling the kernel, dependency resolution, next Debian Conference in Edinburgh, and several other topics.
Fedora Weekly News Issue 54The Fedora Weekly News covers Open Video Contest Deadline Extension, FC6 test2 freeze slipping by a week, New FWN Column: Ask Fedora Project, DejaVu fonts Testing for Fedora, Fedora Core 6, Test 1 Review, and several other topics.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for July 10, 2006 looks at GNOME 2.14 stable, the new VDR project, developer of the week - Andrew Gaffney, and much more.
DistroWatch Weekly, Issue 159The DistroWatch Weekly for July 10, 2006 is out. "As the Debian Weekly News celebrates its five years of existence, some of our readers will be pleased to learn about a renewed effort to port the world's largest Linux distribution to the MINIX kernel. On the not so positive side, the Debian/Ubuntu world was rocked by a Debian developer's revelation that there is still much tension between the two projects. Good reviews continue to follow the recent development release of SUSE Linux Enterprise Desktop 10, while a new FreeBSD-based live CD project should cause some welcome excitement among the BSD geeks. In the First Looks section, we'll evaluate a commercial Linux distribution from Japan - Turbolinux 11 "Fuji" International edition."
Package updates Fedora updatesUpdates for Fedora Core 5: gnupg (supports CCID smart card readers), netatalk (rebuild for broken libgssapi deps), lam (upgrade to upstream version 7.1.2), lftp (add BuildRequires for broken Brew), GFS-kernel (updated for 2.6.17-1.2139_FC5), dlm-kernel (updated for 2.6.17-1.2139_FC5), cman-kernel (updated for 2.6.17-1.2139_FC5), gnbd-kernel (updated for 2.6.17-1.2139_FC5), xorg-x11-drv-ati (stable release from upstream), evolution-sharp (now uses libecal-1.2.so.6 instead of libecal-1.2.so.3), initscripts (adds a udev helper, cleanup, bug fixes), libselinux (bug fix), selinux-policy (bump for FC5), kdebase (bug fixes), gtk2 (update to 2.8.20), kdemultimedia (bug fix), kdelibs (apply upstream patches), gawk (bug fixes), procps (bug fixes), GFS-kernel (updated for 2.6.17-1.2145_FC5), gnbd-kernel (updated for 2.6.17-1.2145_FC5), cman-kernel (updated for 2.6.17-1.2145_FC5), dlm-kernel (updated for 2.6.17-1.2145_FC5), vim (patchlevel 35), compat-db (bug fix), squirrelmail (fix fatal typo in config_local.php).Updates for Fedora Core 4: squirrelmail (many bug fixes), compat-db (bug fix), squirrelmail (fix fatal typo in config_local.php).
Mandriva updatesUpdates for Mandriva Linux 2006.0: ppp (check setuid() call), cups (bug fix in the cupsd initscript).
rPath updatesUpdates for rPath Linux 1: debugedit (add source code to conary), lighttpd (bug fix), gnome-pilot, gnome-pilot-conduits (support for x86_64 architecture), icu (moves the binaries to /usr/bin), conary, conary-build, conary-repository, conary-policy (Conary 1.0.22 maintenance release)
Trustix Secure Linux updateTrustix has fixed various bugs in clamav and quagga for TSL 2.2 and 3.0.
Distribution reviews Desktop Linux Defined: SUSE Linux Enterprise Desktop 10 (MadPenguin)MadPenguin reviews SUSE Linux Enterprise Desktop 10. "If there's anywhere SUSE has excelled since day one, it's been on the desktop. Nobody that has ever used the SUSE Linux desktop in any form could seriously argue that fact. Their Enterprise offering is no different, and I'd say they've even taken it one step further than the free release. For one thing, they've completely redesigned the GNOME interface (more on that in a moment), and integrated Beagle desktop search into the distro so completely that you wonder how you lived without it before. The desktop itself, as far as aesthetics go, is one of the best in the business. Granted, SUSE has always been beautiful, but let me assure you this version keeps the tradition alive and well."
Review: Xandros Desktop Linux 4.0 (Linux.com)Linux.com has a review of Xandros Desktop Linux 4.0. "On the technical side, Xandros 4.0 is a Debian-derived distro shipping with a 2.6.15 kernel and a KDE 3.4.2 desktop environment. Xandros has put a lot of work into customizing the user experience, slimming down and reorganizing menus and panels, adding some custom applications, and integrating some third-party Windows compatibility apps -- all with an eye toward making its operating system painless for refugees from Microsoft."
Page editor: Rebecca Sobol Development The Elisa Media Center projectFluendo has announced the initial release of the Elisa Media Center:
Elisa is a project to create an open source cross platform media center solution. While our primary development and deployment platform is GNU/Linux and Unix operating systems we also currently support Microsoft Windows and also hope to support MacOSX in the future. Elisa runs on top of the GStreamer multimedia framework. In addition to personal video recorder functionality (PVR) and Music Jukebox support, Elisa will also interoperate with devices following the DLNA standard like Intel's ViiV systems.
The initial release of Elisa, version 0.0.1, was announced this week.
The 0.0.x series is aimed at developers and early adopters with later releases targeting the wider user community. This particular release is mainly a technology preview aimed to show the current features and user interfaces of Elisa to enable us to get early feedback and input from the wider community. The APIs are subject to change very soon though.
For a look at Elisa in action, take a look at the screenshots page, the code is available for download here.
System Applications Database Software PostgreSQL Weekly NewsThe July 9, 2006 edition of the PostgreSQL Weekly News is out with the latest PostgreSQL DBMS news.
Managing Many-to-Many Relationships with PL/pgSQL (O'Reilly)David E. Wheeler works with PL/pgSQL on O'Reilly. "A common pattern when managing the relationship between object-oriented applications and databases is the many-to-many relationship. Object-relational mappers usually manage these relationships as collections of objects, wherein one class has an accessor that returns a collection of related objects."
Interoperability Samba 3.0.23 is availableVersion 3.0.23 of Samba has been announced. "There has been a substantial amount of cleanup work done during this development cycle. We would like to thank both Coverity and Klocwork for analyzing the Samba source code. As a result, this release includes fixes for over 400 defects."
Libraries FreeImage 3.9.0 released (SourceForge)Version 3.9.0 of the FreeImage imaging library is available. "Release 3.9.0 brings two new plugins for SGI and raw FAX G3 formats, better support for HDR images in the rescale function, a new thumbnail generation function, as well as several internal code enhancements. The library has been updated with the new libtiff (3.8.0) and libpng (1.2.12) libraries. FreeImage is also distributed with improved wrappers (VB6/VBA, C++ and Delphi). Lastly, many bugs reported by our users have been fixed (check the changes log for details) and the PDF documentation has been updated."
First version of ImgFusion released (SourceForge)The initial release of ImgFusion has been announced. ImgFusion is an: "Open source library for image fusion (i.e. combining several images while preserving as much information from each image as possible) written in C++. Fast and memory efficient. This is the first version of ImgFusion, still needs more testing but works flawlessly in most cases."
Security SELinux Policy Editor 2.0 Released (SourceForge)Version 2.0 of SELinux Policy Editor has been announced. "SELinux Policy Editor(seedit) is a tool to make SELinux easy. It is composed of Simplified Policy and its tools. The main feature is Simplified Policy. Simplified Policy hides detail of SELinux. I am glad to announce that SELinux Policy Editor 2.0(seedit 2.0) has been released. We have renewed the tool. Almost everything have been changed. Policy generator and new GUI are developed, and many others."
Sussen 0.25 releasedVersion 0.25 of Sussen, a vulnerabilities and configuration checking tool, is out with new features, bug fixes and code cleanup.
Web Site Development Release of Campsite 2.6.0 "Joey"Version 2.6.0 of Campsite, an open-source multi-lingual content management system for newspaper and magazine web sites, is out with numerous new capabilities and bug fixes.
MediaWiki 1.7.1, 1.6.8 released (SourceForge)Two new versions of MediaWiki have been announced. "MediaWiki is the collaborative editing software that runs Wikipedia, the free encyclopedia, and other projects. It's designed to handle a large number of users and pages without imposing too rigid a structure or workflow. New Bugfix/security releases for Summer (1.7) and Spring (1.6) 2006 snapshot branches. A potential HTML injection with some vulnerable versions of PHP in a debugging script has been fixed. Some installer issues in 1.7 have been fixed."
MoinMoin 1.5.4 releasedVersion 1.5.4 of MoinMoin, a Python-based wiki software package, has been announced. "MoinMoin 1.5.4 is a bug fix release and a recommended update. The 1.5 branch brings you several new features such as the GUI editor, which allows the users to edit pages in a WYSIWYG environment, and many bug fixes."
Plone 2.5 releasedVersion 2.5 of Plone, a web Content Management System, has been announced. "This is an infrastructure oriented release with a focus on getting Plone ready for the future. This means integrating Zope 3 technologies where sensible, and utilizing new technology from CMF as much as possible. The long term goal is to make the distinction between Plone as end-user product and Plone as infrastructure more clear."
Desktop Applications Audio Applications Calliope 1.0 alpha_rc15 announced (SourceForge)Release 1.0 alpha_rc15 of Calliope, a jukebox music server/content and music-management system, is available. "Calliope now supports CD burning, command line song play, and has way fewer bugs".
Sfront 0.90 releasedVersion 0.90 of Sfront is out with a number of new capabilities. "Sfront compiles MPEG 4 Structured Audio (MP4-SA) bitstreams into efficient C programs that generate audio when executed. MP4-SA is a standard for normative algorithmic sound, that combines an audio signal processing language (SAOL) with score languages (SASL, and the legacy MIDI File Format). Under Linux and Mac OS X, sfront supports real-time, low-latency audio input/output, local MIDI input from soundcards, and networked MIDI input using RTP and SIP."
Traverso 0.30.0 announced Traverso 0.30.0 announcedVersion 0.30.0 of Traverso, a multi-track audio recording editing and mixing program, is out. "This release is the first in a series towards the final 1.0.0 release. Traverso offers an innovative User Interface concept, with which it tries to differ from other multitrack audio applications and, more importantly, provides a powerfull tool to easy and quickly record or import, edit and mix songs."
Desktop Environments GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Commit-Digest (KDE.News)The July 9, 2006 edition of the KDE Commit-Digest has been announced. Here's the content summary: "Kamefu (a multi-machine emulator frontend) has been renamed Gamefu. Physiks, a physics educational project, and a project for advanced session management, both a result of the Summer Of Code, are imported into KDE SVN. Work progresses in the "GMail-style conversation view for KMail" and "WorKflow" projects. KDE 4 changes: KPat, a card game application, gets OpenGL bling, while kwin gets experimental compositing support and compiz-like effects. Okular gets support for the TIFF file format. Akonadi advances towards its goals with the import of a command-line and GUI client."
Xfce 4.4 beta 2 (4.3.90.2) releasedVersion 4.4 beta 2 of Xfce, a lightweight desktop system, is out. "Besides Mousepad and Thunar, this release also includes the new Xfce archive manager Xarchiver. Other than that a large number of bugs were fixed, and several core components were improved." See the changelog file for details.
Financial Applications GnuCash 2.0.0 releasedGnuCash 2.0.0 - the first stable version of GnuCash using the GTK2 toolkit - is now available. While there are some new features in this release, its main selling point is the move to a contemporary toolkit. LWN reviewed a 2.0 beta release back in May. Click below for the full announcement.
Interoperability Wine 0.9.17 releasedVersion 0.9.17 of Wine has been announced. Changes include: Still more work on Direct3D shaders, Now using the Gecko engine directly for MSHTML, Better support for apps switching to full screen mode, Support for multiple joysticks and Lots of bug fixes.
Wine Weekly NewsletterThe July 10, 2006 edition of the Wine Weekly Newsletter is available with the latest Wine project news. Topics include: CrossOver Update, Mac News, Changes to Fedora Packages, ClamAV Integration, Safedisc RPM, Win64 / 64-bit Winelib, DWARF2 Testing Needed, Indenting Traces and GUID List.
Mail Clients SquirrelMail 1.4.7 Released (SourceForge)Version 1.4.7 of SquirrelMail has been announced. "SquirrelMail is a PHP4-based Web email client. It includes built-in pure PHP support for IMAP and SMTP, and renders all pages in pure HTML 4.0 for maximum compatibility across browsers. It has strong MIME support and a flexible plugin system. It's our proud pleasure to announce the release of SquirrelMail 1.4.7. This release contains a number of fixes, including two security updates. Details about this release can be seen in the ChangeLog."
Music Applications Initial release of naconnectThe initial release of naconnect is available. "naconnect is, like its inspiration aconnect, an ALSA MIDI sequencer connection manager. However, it uses ncurses instead of simple command line."
RSS Software RSSOwl 1.2.2 Release Candidate 1 available (SourceForge)Version 1.2.2 Release Candidate 1 of RSSOwl has been announced. "RSSOwl is a RSS / RDF / Atom Newsreader written in Java using SWT as fast graphic library. Read News in a tabfolder, save favorites in categories, Export to PDF / RTF / HTML / OPML, Import Feeds from OPML, perform fulltext-search, use internal browser. The first release candidate of upcoming RSSOwl 1.2.2 is now available for all supported operating systems".
Video Applications xvidcap releases completely overhauled 1.1.4 preview 3 (SourceForge)Version 1.1.4 preview 3 of xvidcap is available. "xvidcap is a screen capture enabling you to capture videos off your X-Window desktop for illustration or documentation purposes. It is intended to be a standards-based alternative to tools like Lotus ScreenCam. This is a major refactoring of the project to increase ease-of-use and ease-of-installation. The project has dropped a number of peripheral features to put more speed into the central functionality."
Web Browsers Mozilla Firefox 2.0 Beta 1 Release Candidate Builds Available (MozillaZine)MozillaZine reports on the availability of release candidate builds of Mozilla Firefox 2.0 Beta 1. "Over the past few days, several release candidate builds of Mozilla Firefox 2.0 Beta 1 have been posted to the bonecho-beta1-candidates directory on ftp.mozilla.org. However, contrary to the indications given by some news outlets, Firefox 2.0 Beta 1 has not yet been released. In common with many software projects, several release candidate (test) builds of Firefox are made available in the run-up to major milestone releases. These builds are similar, but not identical to, the final milestone releases and are designed to allow the testing community to discover any last-minute problems."
Word Processors AbiWord 2.4.5 released (GnomeDesktop)GnomeDesktop.org has an announcement for AbiWord 2.4.5, a word processor. "This release a bugfix release only, but this time the amount of bugfixes is rather huge. Especially the import and export filters have received a lot of attention due to the Google Summer of Code program, which is funding these developments."
Languages and Tools Caml Caml Weekly NewsThe July 11, 2006 edition of the Caml Weekly News is out with new Caml language articles.
HTML WebKit Ported to Qt 4 (KDE.News)KDE.News covers the new Unity project. "Today the KDE team announces a new project to re-synchronize our HTML engine, KHTML, with the WebKit engine. Code named Unity, the project has so far focused on porting the WebKit engine to Qt 4 with minimal changes to the existing code-base. WebKit is a derivative of the KHTML engine developed by Apple Computer Inc."
PHP phpMyAdmin 2.8.2 is released (SourceForge)Version 2.8.2 of phpMyAdmin is available. "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields. Welcome to version 2.8.2 which fixes an XSS vulnerability and a few bugs."
Python Python 2.5 beta 2 releasedVersion 2.5 beta 2 of Python is available. "Since the first beta, a large number of bug fixes have been made to Python 2.5 - see the release notes for the full details. There has been one very small new feature added - the sys._current_frames() function was added. This is extremely useful for tracking down deadlocks and related problems - a similar technique is already used in the popular DeadlockDebugger extension for Zope."
python-dev SummaryThe June 1-15, 2006 edition of the python-dev Summary is online with coverage of the python-dev mailing list.
Dr. Dobb's Python-URL!The July 12, 2006 edition of Dr. Dobb's Python-URL! is out with new Python language articles and resources.
Ruby Ruby Weekly NewsThe July 9th, 2006 edition of the Ruby Weekly News looks at the latest discussions on the ruby-talk mailing list and comp.lang.ruby newsgroup.
Tcl/Tk Dr. Dobb's Tcl-URL!The July 11, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.
IDEs EasyEclipse 1.0.2 Final announced (SourceForge)Version 1.0.2 Final of EasyEclipse, an Eclipse plugin installer, is out. "Compared to 1.0.1, there are very few updated plugins, but many bug fixes and tests and checks."
Page editor: Forrest Cook Linux in the news Recommended Reading Rethinking Community Documentation (O'ReillyNet)Andy Oram has written a lengthy analysis of the state of community documentation in an O'Reilly article. "Good documentation makes good software great. Poor documentation makes great software less useful. What is good documentation, though, and how can communities produce it effectively? Andy Oram explores how free and open source software projects can share their knowledge with users and how publishers and editors fit into the future of documentation."
From 0 to 1 in 100 years (Linux Journal)Doc Searls talks about network neutrality in his Linux Journal blog. "Net Neutrality is a snowball. That is, it's an idea that started small but grew steadily as it rolled forward, gaining mass and speed as it accreted the passions and opinions of many -- on all sides of the issue. Today the topic is so large and complex that it's hard to find where it began. It has also become so highly politicized that it may sink the telecom reform legislation that carriers have been working on since the last round of reform, in 1996."
Trade Shows and Conferences Alan Kay's EuroPython Keynote - Children FirstPython creator by Guido van Rossum reports on the EuroPython keynote by Alan Kay. "Two days ago, Alan Kay gave a very inspiring keynote here at EuroPython. I can't possibly do it justice but I want to describe it anyway. Alan was still recovering from a recent bout of pneumonia, so instead of delivering the presentation in person, he talked to us from his living room in California over a video link provided by CERN. It was one of the best video presentations I've ever seen -- delivered in person it would have been even more stunning."
Four Core continues series of KDE 4 meetings (NewsForge)NewsForge covers the Four Core meeting in Trysil, Norway. "Last week, members of the KDE project attended the Four Core meeting, one of several events designed to accelerate the development of KDE's next major release. Attendees worked on readying the fundamental kdelibs and kdebase packages for version 4 so that work on overlying applications may continue."
PostgreSQL Anniversary Summit a success (NewsForge)NewsForge has a report from the PostgreSQL Anniversary Summit. "This weekend marked the 10th anniversary of PostgreSQL's posting as a public, open source project. To celebrate, the PostgreSQL project held a two-day conference at Ryerson University in downtown Toronto, Ontario, Canada."
PostgreSQL 10th Anniversary Summit (Planet PostgreSQL)Planet PostgreSQL has coverage of the PostgreSQL 10th Anniversary Summit. On the code sprint: "Day One of the code sprint has finished, and seems to have been a great succeess, althought it did not turn out the way some people were expecting. Instead of a room full of people doing heads-down coding, there were many small groups of people discussing ideas in depth that had only been hinted at in the previous two days."
Linux Adoption Toronto high school expels Linux lab (ITBusiness.ca)ITBusiness.ca covers the story of the removal of a Linux lab at a Toronto, Canada high school. "Ed Montgomery, a computer science teacher at Monarch Park Collegiate, said in an e-mail to ITBusiness.ca that he was given a note in May, telling him that the Linux lab would be dismantled and replaced with a Microsoft-based Classroom Migration Technology Initiative (CTMI) lab. On June 21, according to Montgomery, Terry Wister, the head of school wide services for Monarch Park, removed all of the Linux computers from the lab room under the direction of the schools principal, Rob MacKinnon, while Montgomery was out at lunch. When Montgomery came back from lunch, he said all of the machines in the lab were running Windows."
Legal Open source IP case puts spotlight on patents (SearchOpenSource)SearchOpenSource has an interview with lawyer Tom Carey about the FireStar lawsuit. "An interesting twist is that because under terms of the JBoss merger agreement, Red Hat is holding $43 million of the purchase price in escrow, which is supposed to protect Red Hat from breach of warranties and other such protections. So, Red Hat in a sense has $43 million in house money to play with -- to potentially pay to FireStar or pay to the shareholders of JBoss. At some level, Red Hat probably doesn't care very much who [the money] goes to. FireStar may be very skillful, or very lucky, but it has found a defendant that has free money available to make the problem go away." Red Hat also has a strong interest in not encouraging patent trolls, however.
Interviews Barcelona GPLv3 Roundtable: Heinz, Weiden, and Oliva, interviewed by Sean Daly (Groklaw)Groklaw has an interview with Federico Heinz, Fernanda Weiden and Alexandre Oliva from the Barcelona GPLv3 conference. "Federico Heinz is President of Free Software Foundation Latin America and co-Founder of La Fundación Vía Libre, which has as its subtitle, "Compartiendo la riqueza intelectual" which has a lovely overtone in Spanish. In English, it sounds less evocative, but it's still meaningful: sharing intellectual wealth. I think of it as having an overtone of sharing the riches of the mind."
Sebastian Sauer Talks About Scripting with Kross (KDE.News)KDE.News has an interview with Sebastian Sauer, author of Kross. "KOffice 1.5 saw the addition of Kross, a framework to allow for scripting plugins in a number of languages. Krita and Kexi come with a number of plugins with more available for download at KDE-Files.org. To find out more about this intriguing technology and how it came about KDE Dot News interviewed the author Sebastian Sauer. Read on to discover how you can use Kross."
KDE and Distributions: Red Flag Interview (KDE.News)KDE.News has an interview with Huang JianZhong, a Senior Manager in the Desktop Product R&D Department of Red Flag Linux. "Red Flag Desktop Linux is the leading distribution in China and surrounding regions. Its goal is to provide the most professional desktop product available. It has more than an 80% desktop share in the Chinese linux market, and over one million copies are shipped each year with KDE as its only desktop environment. Huang JianZhong, a Senior Manager in the Desktop Product R&D Department of Red Flag, speaks below about the history of Red Flag Linux and their relationship with KDE. In 2006, Red Flag Linux has been visible by joining the Open Source Development Labs and their ongoing work with Asianux."
Resources Intrusion Detection With BASE And Snort (HowtoForge)HowtoForge sets up BASE and Snort on Debian Sarge. "This tutorial shows how to install and configure BASE (Basic Analysis and Security Engine) and the Snort intrusion detection system (IDS) on a Debian Sarge system. BASE provides a web front-end to query and analyze the alerts coming from a Snort IDS system. With BASE you can perform analysis of intrusions that Snort has detected on your network."
aDesklets: Eye candy for the Linux desktop (Linux.com)Linux.com dresses up a desktop with aDesklets. "Have you ever seen the Mac OS X desktop and wished all that eye candy were available for Linux? Now you can jazz up your Linux desktop with desklets -- nifty little windows that float on your desktop and display information such as weather updates, system monitors, and calenders. Once you have aDesklets installed, you can download and install an assortment of desklets."
Reviews Hardware diagnostics with open source tools (NewsForge)NewsForge takes a look at some of the diagnostic tools found on the GRML live CD. "A GNU/Linux live CD distribution can come handy for hardware diagnostics. For this purpose, my favorite live CD distribution is GRML, which bundles the tools we're about to discuss, along with some other useful programs for both home users and veteran system administrators. Other distributions also include some or all of these tools."
A scanner for wireless interlopers (Linux.com)Joe Barr tries out RogueScanner on a Ubuntu machine. "Wireless security firm Network Chemistry recently released a cross-platform, free software security tool called RogueScanner in conjunction with its wireless network protection package RFprotect. RogueScanner, licensed under the GPL and the latest of three free software security modules available from Network Chemistry, allows you to monitor your network for rogue wireless devices. Release 1.0 comes in both Windows and Linux versions."
Device Profile: Trinity Audio Group portable digital audio workstation (LinuxDevices)LinuxDevices takes a look at the Trinity Audio Group's new Linux-based Digital Audio Workstation (DAW). "The Trinity DAW will let users record stereo 16- or 24-bit audio tracks at sample rates up to 96kHz (192kHz support is planned). It will also let users add effects to recorded or imported audio samples, and mix down multi-track audio through a graphical interface. Additionally, the Trinity DAW will offer a wireless network interface, and run a normal web browser and other software enabling users to interact with two fledgling online music communities that TAG is starting." The device won't be available until October.
Desktop Linux Integration Nears With Portland Project Beta Release (SYS-CON India)SYS-CON India covers the first beta release of the Portland Project. "The Portland Project, the collaborative venture that simplifies the process of porting and integrating applications for Linux desktops, announced the Beta release of its programming interfaces for GNOME and KDE environments. Several of the global Linux distributors have indicated a commitment to support their application vendors with early versions of the Portland Project tools."
Collaborative text editing with Gobby (Linux.com)Linux.com looks at Gobby for cross-platform, collaborative editing. "Wikis and groupware are great for distributed collaboration between teams, but they lack the ability to provide real-time feedback to teams working on a shared document. Collaborative editors, on the other hand, give multiple users a convenient way to work together on one or more documents. Mac users have had SubEthaEdit for some time, but Gobby is the first collaborative editor for Linux, Windows, and Mac OS X users. Let's take a look at how you can start editing documents with your friends and co-workers using Gobby."
Open source casts new mold for type design (News.com)News.com looks at DejaVu fonts. "In 2003, type design company Bitstream, in conjunction with the GNOME Foundation, released a font family called Vera for open-source use. Under the license terms, anyone was permitted to make new fonts based on Vera, as long as the derivatives were given a different name. Now, with Vera essentially dormant, an international group has picked up work on an offshoot called DejaVu. There are other Vera derivatives, such as Erav. But DejaVu has caught on widely enough for it to be the default font for Dapper Drake, the latest update to Ubuntu Linux. It may also become the default font for Red Hat's Fedora version of Linux." (Thanks to Nicolas Mailhot)
Tremulous: The best free software game ever? (NewsForge)NewsForge reviews Tremulous, a GPL-licensed first-person shooter game. "Tremulous is basically a struggle between two teams: the humans, a species I will assume you are familiar with, and the aliens, which look like bugs and sometimes crawl along walls and ceilings. During the game, each side progresses through three stages, with advanced abilities and equipment coming in during the second and third stages. There is one major difference between the species, beyond being on different teams. Humans can upgrade their equipment. Aliens can upgrade themselves."
Miscellaneous Open source as software obsolescence insurance (Linux-Watch)Steven J. Vaughan-Nichols considers the advantage of open-source software against obsolescence. "Lance Ulanoff, my colleague at PC Magazine, has a problem. One of his favorite applications is the Macromedia vector-based drawing tool, Freehand. Those of you who pay close attention to software as a business already know where this tale is going. Macromedia was bought out by Adobe Systems last year. Guess who owns Freehand's chief rival, Illustrator? Why, yes, it's Adobe. So, Lance went in to talk to Adobe about their plans for Freehand... I'll make a long story short: the future doesn't look good for Freehand."
Musings From Studio Dave (Linux Journal)Dave Phillips starts a blog about Linux audio software. "I use Linux exclusively here at Studio Dave. I have a modest home studio that I use for music composition and recording, but it's also a central component in my teaching practice. Students are introduced to ear-training with Tom Cato's wonderful Solfege, they learn how to capture audio and manipulate it with the Audacity soundfile editor, and they read scores in standard notation beautifully rendered by the LilyPond music typesetter. They also see and hear the sophisticated control systems (e.g. XMMS, MPlayer, xine) I use to play their CDs, DVDs, and MP3 collections."
Page editor: Forrest Cook Announcements Non-Commercial announcements Free Software Foundation Europe on Microsoft finesThe Free Software Foundation Europe has sent out a release cheering the new fines imposed on Microsoft. "Microsoft is still as far from allowing competition as it was on the day of the original Commission ruling in 2004. All proposals made by Microsoft were deliberately exclusive of Samba, the major remaining competitor. In that light, the fines do not seem to come early, and they do not seem high."
FSFE NewsletterThe July 7, 2006 edition of the Free Software Foundation Europe Newsletter is online. Topics include: GPLv3 conference in Barcelona, FSFE at UN WIPO PCDA/2, Anja Vorspel hired part time to help in FSFE office, Georg Greve at dorkbot.swiss, Linuxwochen in Linz (Austria) and Stefano Maffulli at Java Conference Milano.
LPI Announces Initiative with Guangdong Linux Center in ChinaThe Linux Professional Institute has announced a new initiative with the Guangdong Linux Center in China. GDLC will become a sub-affiliate for the Guangdong Province. "GDLC is a non-profit organization sponsored by seven major government departments which include the Development and Reform Commission of Guangdong Province, the Department of Science and Technology of Guangdong Province, the Department of Information Industry of Guangdong Province, the Department of Education of Guangdong Province, the Guangdong Provincial Finance Bureau, the Department of Public Security of Guangdong Province and the Department of Quality and Technology Administration of Guangdong Province. GDLC is managed and operated by the Department of Information Industry of Guangdong Province."
Commercial announcements IBM Delivers Lotus Notes for Linux PCsIBM has announced Lotus Notes for Linux. "IBM today announced the availability of IBM Lotus Notes on Linux, the industry's first business-grade collaboration software to support Linux on the desktop. Lotus Notes on Linux now provides millions of Lotus Notes users worldwide with software that enables an open desktop alternative to proprietary desktop operating systems."
Moroccan Ministry of Sea Fisheries chooses Mandriva LinuxMandriva has announced that the Moroccan Ministry of Agriculture, Rural Development and Sea Fisheries (MARDSF) has signed a contract with Liberty Tech to migrate all its servers to Mandriva Linux. Technical support will be handled by Mandriva and Liberty Tech via a yearly subscription to the Mandriva Corporate Club.
Nagios Ready for SplunkingSplunk has announced Splunk 2 Nagios. "Splunk today announced the availability of Splunk 2 Nagios, an integrated module that provides seamless workflow between the Nagios project, the most popular open source systems management host and service monitor, and Splunk, the industry's first search software for fast moving IT data. Splunk 2 Nagios is a result of a partnership with the Nagios project announced in February of this year."
Ubuntu Makes Opera 9 available for easy download and installationOpera Software has announced that the Opera 9 browser is now supported on Ubuntu 6.06 LTS. "After the launch of Ubuntu 6.06 LTS, Canonical is pleased to announce the availability of Opera 9 for Ubuntu. With just a few clicks of the mouse, all Ubuntu users can download and install the latest version of the Opera browser, which was released to critical acclaim on June 20."
Trolltech Successfully Completes IPOTrolltech has announced the completion of its IPO on the Oslo Stock Exchange, it will be listed with the symbol TROLL. "A total of 7.5 million shares were subscribed and the price has been set at NOK 16 per share. Approximately 65% of the demand in the institutional offering came from national investors. The offering increased the number of shareholders to more than 300. The underwriters of the IPO were ABG Sundal Collier and SEB Enskilda. ABG Sundal Collier has, in light of the demand, exercised an over-allotment option of 1,125,000 additional shares. Of the total number of shares offered, 94 % have been allocated to the institutional offering and 6% to the retail offering. After completion of the transaction the company has a total of 51,104,028 outstanding shares."
VMware Server available for free downloadVMWare has announced that its VMWare Server product is available for free (beer) download. "With VMware Server, users can quickly create and provision new server capacity by partitioning a physical server into multiple virtual machines, bringing the powerful benefits of virtualization to every server."
New Books Prentice announces A Practical Guide to Red Hat LinuxPrentice Hall has published the book A Practical Guide to Red Hat Linux: Fedora Core and Red Hat Enterprise Linux, 3rd edition by Mark G. Sobell.
Ajax Design Patterns - O'Reilly's Latest ReleaseO'Reilly has published the book Ajax Design Patterns by Michael Mahemoff.
Dictionary of Information Security--latest from SyngressSyngress has published the book Dictionary of Information Security by Rob Slade.
BigNum Math--latest from SyngressO'Reilly has published the book BigNum Math by Tom St Denis.
Resources Linux Hardware Compatibility (Technocrat.net)Technocrat.net takes a quick look at a new database that documents Linux hardware compatibility. The Phoronix Linux Compatible Hardware database was launched July 7, 2006.
LinuxUser & Developer articles availableSeveral articles from the latest issue of LinuxUser & Developer magazine are available online. Titles include The US Patent System--Reform or Collapse? by Pamela Jones, "Trusted" Computing by Jeremy Allison, The politicians and the database by Suw Charman, and more.
The EFF's Frequently Awkward QuestionsThe EFF has posted a set of questions to pull out the next time you attend a talk by a representative of the entertainment industry. "Sony BMG recently implemented a DRM technology that damaged users' computers. But for independent researchers' analyses, this serious flaw may have gone undiscovered. After this scandal, will record labels allow any computer scientist or security expert to examine these products and agree not to sue them under the DMCA?"
Education and Certification Infosec San Diego Boot Camp Training CoursesThe Infosec San Diego Boot Camp Training Courses have been announced. They will be held at the San Diego Training & Conference Center in San Diego, CA 92101 on November 7-10, 2006.
Upcoming Events OSI open board meeting at OSCONThe Open Source Initiative will hold a board meeting on July 27 in Portland, Oregon at the O'Reilly OSCON.
Events: July 13 - September 7, 2006
Web sites LinuxQuestions.org Adds Linux and Open Source Job MarketplaceLinuxQuestions.org has announced its new LQ Jobs Marketplace site. "LinuxQuestions.org is proud to announce the addition of the "LQ Job Marketplace", which will allow employers to post available positions for Linux, Open Source and programming related jobs. The LQ Job Marketplace will allow postings for full-time, part-time, permanent, temporary and contract positions. There will be a nominal one time fee associated with posting a new job, while viewing available positions will remain free for both LQ members and guests."
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Elisa Media Center]](/images/ns/elisamedia.png)
The current