LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for September 7, 2006Security updates for embedded systemsThe Avaya S8500 Media Server is a product which "allows for a distributed enterprise over an IP infrastructure in the mid-market space (up to 3200 ports)." Whatever that means. It fits in a 1U rack space; it also, as it happens, runs Linux - Red Hat Enterprise Linux, in particular. So, when Red Hat recently produced a security update for its kernel, Avaya sent out an advisory of its own. As it turns out, however, Avaya has classified this set of vulnerabilities as being of "low" concern, so, by the company's posted policy, there will be no software update coming anytime soon. Instead, the fixes will be packaged up with the next regular operating system update.In the mean time, however, Avaya has a helpful suggestion:
For all system products which use vulnerable versions of the
kernel, Avaya recommends that customers restrict local and network
access to the server. This restriction should be enforced through
the use of physical security, firewalls, ACLs, VPNs, and other
generally-accepted networking practices until such time as an
update becomes available and can be installed
Restricting network access will certainly make a network server product more secure, but it might just interfere with the tasks said server was purchased to perform in the first place. In a separate episode, your editor was recently wandering around on the net in search of a fix for some obnoxious behavior exhibited by his DSL router. As it turns out, this router runs Linux. One can telnet into it and wander around. It's always amusing to discover that one is running even more Linux systems than had been previously thought. This one is built upon a MontaVista distribution, and is running a 2.4.17 kernel. As LWN readers may have noticed, there have been a few security issues discovered in the 2.4 kernel after 2.4.17 was released. Quite a few. The support services sold by MontaVista to its customers must certainly include security updates, but there does not appear to be any mechanism for getting those updates through to the end customers who will actually be running vulnerable software. That is true even in your editor's case, where the router was obtained directly from the local huge telecom company, which should have good records regarding the equipment at its customers' homes. Said large telecom company tends to be held in rather low esteem by its customers, but, even so, one might expect that it would make a minimal attempt to keep those customers (who are, in the end, connected to its network) secure. The end result is that your editor's DSL router - a Linux system with all the power BusyBox can deliver - almost certainly contains known security holes. It has writable flash storage, and can run programs uploaded to it. This is a rather discouraging situation when one considers that, for many users, this router will be the front gate to their home or small business network. The potential for mass mayhem is real. In both cases, we are seeing situations where Linux systems have been deployed into security-relevant roles, but the security update mechanism has not kept up with them. As Linux pushes its way into more low-end consumer-grade devices, this problem will multiply. Who thinks about applying security updates to their telephone? And which manufacturers of cheap consumer electronics will concern themselves with pushing security updates to their customers? Linux systems can be quite secure, especially when they are pared down to a minimal set of functions. But one of the things that keeps Linux secure is the quick closing of known security holes, and the quick dissemination of those fixes to deployed Linux systems. Without that support structure in place, Linux systems (like all others) become vulnerable to holes discovered after they were built. Embedded systems tend to lack that support structure. When the system is, say, a music player with no connection to the wider world, there is no particular cause for concern. Network-connected devices, however, are subject to attack. Fortunately, network-connected devices should also be able to detect and install security updates - though setting up such a mechanism in a way which does not create privacy concerns can be a challenge. It should be a solvable problem. The use of Linux in embedded systems is a cool thing - especially if those systems are designed to allow improvements by their users. It is one more step toward World Domination. But that cause could be set back significantly by a single Linux-based router or cellphone worm. We do not yet know how to create systems which will remain secure indefinitely into the future. Until that problem is solved, we must maintain structures which can close vulnerabilities as they are discovered. Purveyors of embedded systems ignore that need at their peril.
Various notes, all about PythonDave Jones's How user space sucks talk at OLS this year received quite a bit of attention. It is simultaneously discouraging and encouraging to know that so many of our applications behave as inefficiently as they do. Discouraging because we should be doing better than that; encouraging because there are obviously easy fixes to be made.Jeff Waugh recently brought back memories of that talk with a weblog entry on how Python behaves. For the curious: start up an interactive Python interpreter, then examine it from another window with strace. That Python interpreter, seemingly doing nothing, is, in fact, busily waking up ten times per second so that it can do nothing in a more active way. The offending code (in the readline library) is easy to find; it wakes up every 100ms just in case somebody might have registered a hook to look for events outside of the input file descriptor. As it turns out, the Python GTK library does the same thing so that it can check for pending signals. So a system running a number of Python GTK applications (and some systems have many) will be experiencing the load of each one of them doing nothing every 100ms. This sort of behavior uses CPU time needlessly and it keeps the processor from sleeping - thus draining laptop batteries more quickly. Not good behavior - and a bit of low-hanging fruit that, one hopes will get fixed in the near future. Meanwhile, the Python developers are working toward a major new release with the first Python 2.5 release candidate in testing for the last few weeks. For a full description of what's in Python 2.5, see A.M. Kuchling's excellent summary. New language features include conditional expressions (something like the "? :" notation used in C, but with a very different syntax), partial function application (forms of functions with some of the arguments supplied ahead of time), a number of exception handling improvements, a "with" statement intended to provide robust cleanup handling, and a number of performance improvements. There is also a long list of new modules and enhancements to existing modules. The Python developers have long talked, often not entirely seriously, about "Python 3000," the upcoming major update to the language. While the Python language has evolved considerably over the 2.x series, it has done so in a compatible manner - older Python programs continue to run (though Python extensions written in other languages have tended to break). With Python 3000, the plan is that anything can happen, and there will be no guarantee (or even, perhaps, hope) that unmodified Python 2.x programs will work. Python 3000 has been, as they say, Py in the sky for some time. But it looks like that situation might change before too long; some serious plans for the Python 3000 series have been laid down, and development may happen soon. Very soon, according to Python benevolent dictator for life Guido van Rossum:
We are now officially starting parallel development of 2.6 and
3.0. I really don't expect that we'll be able to merge the easily
into the 3.0 branch much longer, so effectively 3.0 will be a fork
of 2.5.
He goes on to suggest that much of the work for Python 2.6 may be oriented toward helping programs (and programmers) make the jump to the eventual 3000 release. So Python 2.6 may not contain a whole lot of new features, but it could have a bunch of new warnings for things that will break in the future - and fixes to the standard modules to avoid those warnings. The first alpha Python 3000 release is expected sometime next year; it could be a year or so after that before the stable release (to be Python 3.0) is ready. Current plans are to continue to develop and support 2.x for some time - well into the 3.x series.
What will be in Python Python hackers who are concerned about changes to the language might want to take a look at PEP 3099, a document listing the things that will not change. These include no implicit self, no programmable syntax, no overly complex parser, and so on. There will be no braces added in Python 3.0, preserving the grouping by indentation that is such a strong characteristic of the language; for some amusement, fire up Python and type:
from __future__ import braces
In the end, for all its changes, the Python language will still be very much true to its original goals: a straightforward language with one clear way to carry out most tasks. Python 3.0 will also be developed in an evolutionary manner - no massive rewrite or multi-year series of pronouncements from the language designer. As a result, Python 3.0 should, despite its rather later start, be in use well before Perl 6. Finally, for a different and interesting project, PyPy is worth a look. These developers are writing an entirely new Python interpreter - in Python. There are a lot of goals driving this work, one of which is the ability to compile the interpreter into a runtime system which is highly targeted for its intended purpose. Different builds can use different memory management algorithms, for example. The developers believe that they will eventually be able to build Python systems which run faster than the current C interpreter - though, at this point, they are running about three times slower. It is an active project, however, which is making rapid progress; expect interesting things from that direction.
Eclipse signs up Black DuckBlack Duck Software was profiled on LWN by Pamela Jones just over one year ago. This company sells a product which enables companies to verify the sources of software in products that they ship; in particular, it seems oriented toward helping proprietary software vendors avoid unwitting violation of licenses like the GPL. This product includes "code prints" of thousands of free software releases; these prints can be compared against a program to determine if any of that program's code came from one of those projects. It seems like a product which could bring some peace of mind to company managers who worry about whether their programmers might be using free code in projects which are not intended for free release.Whether the database of code prints (much of which is obtained through a "special relationship" with SourceForge) constitutes a derived product from the free software code it is "compiled" from is an interesting question - but one for a different article. Today's topic involves this Black Duck press release stating that the Eclipse project has purchased Black Duck's "protexIP" product to verify licenses in the Eclipse code base. From the PR:
"Companies worldwide are capitalizing on applications developed by
the Eclipse community, and many software vendors sell products that
are dependent on Eclipse," said Mike Milinkovich, executive
director of Eclipse Foundation. "For that reason, it is absolutely
vital for us to analyze our code before we release it to our
community."
At first blush, it might seem a little strange that a free software project would purchase a proprietary tool to help ensure that no free code is incorporated by mistake. There are, however, a couple of reasons why Eclipse might want to take this step:
So, if there are people within Eclipse who are worried about those types of code contamination, perhaps using Black Duck's products will help them to sleep a bit better at night. One wonders, however, about what sort of commercial pressures might have pushed Eclipse to make this decision. While Black Duck would, beyond doubt, like to see this adoption as the beginning of a trend in the free software world, some of us may feel a little differently. It would be a sad day if we came to the point that free software projects had to buy this sort of service to be taken seriously in the commercial world. Releasing software is a remarkably easy process - at least, for those of us who are not under the control of large corporate legal departments. Loading up the process with expensive validation bureaucracy in the name of license compliance seems like a step in the wrong direction.
Security AJAX and securityAsynchronous Javascript and XML (AJAX) is one of the latest techniques used by web application developers to provide a user experience similar to that of a local application. Unfortunately, AJAX also provides a number of serious security issues that should be considered and, at least partly because the technique is relatively new, many of the tutorials and other documentation completely disregard the security implications. Developing secure code rarely gets the attention it deserves and new technologies are typically slow to develop 'best practices' and to disseminate that information throughout their community. This can only lead to exploits in the future. Traditional web applications are synchronous in nature, a user clicks a button or link which sends a request to the server; the server replies with a page of HTML and the browser displays the new page. AJAX applications do some amount of work in the background, making requests of the server, sometimes without explicit user input. These applications do not refresh the entire page as they receive replies from the server; they only modify parts of the page or their internal state which gives users a much smoother, less page oriented experience. One of the best known examples of an AJAX application is Google Maps. While the user is viewing a particular section of the map, the client requests other sections of the map that are not yet visible and this allows the user to seamlessly scroll the map to view off-screen sections. Auto-completion for text fields, automatically updating form elements and form submission without a page refresh are other common uses for AJAX in these 'Web 2.0' applications. In order to handle the asynchronous server requests, AJAX programs use the Javascript XmlHttpRequest (XHR) object. The name of this object is really where the X in AJAX comes from as XML is not necessarily used in the XHR request or response. A client sends a request to a specific URL on the same server as the original page and can receive any kind of reply from the server. These replies are often snippets of HTML, but can also be XML, Javascript Object Notation (JSON), image data or anything else that Javascript can process. Various queries and requests that were once handled internally on the server are now exposed as a de facto API for AJAX applications. This drastically increases the attack surface of these programs because there are so many additional ways to potentially inject malicious content. Filtering user input correctly is, as always, the single most important safeguard for a web application; this is an area that traditional web applications have regularly failed to handle correctly. It is difficult to see how adding additional ways to get user input into the application is going to help this problem. SQL injection and Cross-site scripting (XSS) are two attacks that can be made against an application that does not filter user input correctly. AJAX techniques allow for additional ways to exploit these vectors in the background, undetectable by the user. The Myspace samy worm (more technical description here) is an example of the kinds of things that can be done. At the recent Black Hat Briefings, there was a session describing a port sniffer written in Javascript that could potentially discover internal network details behind a firewall and report them to a malicious site. The requirement that XHR objects refer only to URLs on the same server is an excellent security choice. Unfortunately, it is probably the single biggest complaint that web designers have about AJAX. Because they often want to display information from various sources on the same page, the restriction is considered to be 'too strict' and to get around it, AJAX bridges came about. An AJAX bridge proxies requests to other servers, returning the remote server's response. This allows XHR objects to refer to URLs on the server that returned the page, but still retrieve content from other servers elsewhere in the web. Unfortunately, this can lead to various abuses. Depending on how it is written, the bridge can provide a means to attack the third party site via SQL injection or XSS and allow the malicious user to hide behind a level of indirection. Various monitoring tools could detect the attack and shut down access for the aggregating site, effectively causing a denial of service attack. By proxying requests, a site is implicitly trusting its users not to abuse the APIs of third parties. Many of these attacks are not new, nor do they require AJAX to function, but by incorporating AJAX techniques into web applications, they are made easier. At one time, it was considered reasonable to turn off Javascript for many or all sites, but with the prevalence of Web 2.0 applications, this just is not possible for most web users. Web application developers need to be vigilant in rooting out the bugs that allow these attacks to succeed.
New vulnerabilities capi4hylafax: missing input sanitizing
cheesetracker: buffer overflow
gcc: file overwrite vulnerability
ImageMagick: buffer overflows
kernel: denial of service
MySQL: denial of service
openssl: insufficient signature checking
openttd: denial of service
sendmail: denial of service
Updated vulnerabilities AlsaPlayer: multiple buffer overflows
apache: cross-site scripting
audacious: buffer overflow
binutils: buffer overflow
busybox: insecure password generation
bzip2: race condition and infinite loop
cpio: arbitrary code execution
vixie-cron: privilege escalation
cscope: buffer overflows
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
mozilla: multiple vulnerabilities
freeradius: several vulnerabilities
freetype: integer overflows
gdm: improper file permissions
gedit: format string vulnerability
grip: buffer overflow
gtetrinet: buffer overflows
gzip: arbitrary command execution
ImageMagick: heap overflow vulnerability
kdelibs: kate backup file permission leak
kernel: denial of service by memory consumption
krb5: local privilege escalation
lesstif: libXm library privilege escalation
libgadu: memory alignment bug
libgd2: denial of service
libmms: buffer overflows
libmusicbrainz: buffer overflows
libpam-ldap: authentication bypass
libpng: buffer overflow
libpng: heap based buffer overflow
libtiff: buffer overflows
libtiff: buffer overflow
libvncserver: authentication bypass
libwmf: integer overflow
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
lynx: arbitrary command execution
mutt: IMAP namespace buffer overflow
mysql: format string bug
MySQL: privilege violations
MySQL: logging bypass
nbd: arbitrary code execution
ncompress: buffer underflow
openoffice.org: several vulnerabilities
php: arbitrary code execution
phpbb2: missing input sanitizing
phpbb2: multiple vulnerabilities
phpMyAdmin: multiple vulnerabilities
postgresql: SQL injection
Py2Play: remote execution of arbitrary Python code
quake: buffer overflow
sendmail: denial of service
shadow-utils: mailbox creation vulnerability
squirrelmail: insecure permissions
streamripper: buffer overflow
sudo: vulnerability via scripts
texinfo: temporary file vulnerability
tin: buffer overflow
unzip: long file name buffer overflow
w3c-libwww: possible stack overflow
wireshark: several vulnerabilities
xine-lib: buffer overflow
xine-lib: buffer overflow
xine-ui: format string vulnerabilities
X.org: local privilege escalations
X.Org: buffer overflow
xpdf: buffer overflow
xpdf: integer overflows
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch is 2.6.18-rc6, released by Linus on September 3. It is possibly the final prepatch before the 2.6.18 final release. There are a lot of fixes; one of those is the removal of much of the SMP alternatives work, which was causing build problems with some compilers. See the long-format changelog for the details.A handful of additional fixes have gone into the mainline git repository since the -rc6 release. The current -mm tree is 2.6.18-rc5-mm1. Recent changes to -mm include some enhancements to the no-MMU architecture support, a number of NFS server improvements, a steady trickle of reiser4 fixes, and a set of patches allowing a kernel to be built with no block device support (though those don't quite work yet). On the 2.4 front, Willy Tarreau has released 2.4.33.3 with a small set of important fixes, and 2.4.34-pre2 with a larger set of fixes. The current plan is that the gcc 4.x support discussed here a couple of weeks ago will be merged into 2.4.34-pre3. Other notes: a number of developers have been having difficulties posting patches to lists hosted on vger.kernel.org recently. The list maintainers have begun using bogofilter in an attempt to cut down on the amount of spam getting through to the list - and, presumably, to reduce the amount of time they put into manually maintaining filter patterns. To date, bogofilter appears to believe that quite a few patches are spam. On the other hand, a substantial amount of distinctly non-technical mail involving nontraditional approaches to family quality time and members of the animal kingdom has been sailing through without a hitch. One can only assume that the training process will eventually iron out these little problems.
Kernel development news Quote of the week
"Tiedostoa tai hakemistoa ei ole" just means "No such file or directory".
-- Linus Torvalds
EVERYBODY knows that. It's not like there's even a single ä or ö in the whole sentence, so you can't even blame the strange letters (and that's unusual, since in Finnish, usually every other letter is 'ä' if only just to confuse the uninitiated).
Support for drivers in user spaceDevice drivers are generally done inside the kernel for the usual reasons of performance and control. There are times, however, when the ability to run a device driver in user space is helpful. These include situations where the code is far too large to go into the kernel (X.org, for example) and where the author of the driver does not wish to place the code under the GPL. Some types of drivers (such as those for USB devices) are easily run in user space now, but others can be a bit more challenging. Very few PCI drivers, for example, are written in user space.Thomas Gleixner has written an interface module which may help to change that situation. With this code in place, PCI drivers (some of them, at least) can be written almost entirely in user space, with only a small stub module loaded into the kernel. That module has two specific jobs to carry out. The first is to register the device to be driven, with a couple of bits of important information. To that end, it should fill out an iio_device structure, which contains the following fields:
struct iio_device {
char *name;
char *version;
unsigned long physaddr;
void *virtaddr;
unsigned long size;
long irq;
irqreturn_t (*handler)(int irq, void *dev_id, struct pt_regs *regs);
ssize_t (*event_write)(struct file *filep, const char __user * buf,
size_t count, loff_t *ppos);
struct file_operations *fops;
void *priv;
/* ... */
};
The first part of the structure provides information about the hardware to be driven - its name, where its I/O memory area lives (physaddr), where that area has been mapped into the kernel (virtaddr), its size, and the interrupt being used by the device. If virtaddr is zero, then physaddr is interpreted as the beginning of a range of I/O ports, rather than a memory address. The fops field provides the file operations for the device; normally, they are set to the generic versions provided by the IIO (for "industrial I/O") driver: iio_open(), iio_read(), iio_mmap(), etc. With this setup, the driver can create a basic device which allows a user-space program to read from or write to device memory (or ports). I/O memory can also be mapped into user space. The capabilities described thus far are not all that different from what can be done with /dev/mem; the main difference is that the stub driver can enable the PCI device and perform any other needed initialization. The real hitch in writing user-space PCI drivers, however, has been in the handling of interrupts. There is currently no way to write a user-space interrupt handler, and the IIO patch doesn't really change that. Instead, the stub driver is expected to provide a minimal interrupt handler of its own. This handler is needed because every device requires its own specific interrupt acknowledgment ritual. The kernel must respond quickly to an interrupt and give the device the attention it craves so that said device will stop asserting the interrupt. After that, any additional processing can be done at relative leisure. So, once the handler provided with the stub driver acknowledges the interrupt, the rest of the work can normally be done by the user-space driver. All that is needed is to let this driver know that the interrupt has happened. The IIO module provides a couple of mechanisms for that purpose. One is a second device node associated with the device; whenever an interrupt happens, a byte can be read from this "event device." So a user-space driver can simply block on a read from that device, or it can use poll() in more complicated situations. It is also possible for the user-space driver to receive SIGIO signals when an interrupt happens, but using signals will normally increase the ultimate response time to the interrupt. So, to make all this happen, the stub driver provides a minimal interrupt handler in the handler() field of the iio_device structure. When an interrupt happens, the IIO module will call this handler; if it returns IRQ_HANDLED, user space will be notified. If the stub driver provides an event_write() function, that function will be called in response to a write operation on the event device. This capability can be used to further control the kernel-space response to interrupts, request that interrupts be masked, etc. Readers who think that the event mechanism shares some features with the proposed kevent subsystem are right. It is probable that the IIO event handling code will be rewritten to use kevents, if and when kevents are merged into the mainline. Meanwhile, however, the IIO driver works. Thomas has posted an example driver (or parts of one, anyway) to show how this mechanism can be used. The real question which appears to be on a number of minds, however, is: could ATI and nVidia use IIO to move their drivers out of the kernel. Only those vendors can answer that question, however, so, until they say something, nobody really knows.
Parallel IDE driversBack in 2003, Jeff Garzik announced the availability of "a new SCSI driver." That driver was, in fact, the libata subsystem, which was to be the foundation for serial ATA support in Linux. In the process, however, Jeff had thought a bit about supporting the current parallel ATA (PATA) drives, but that was not really his goal:
Note that PATA in my driver is only an afterthought. The main area
of focus, now and in the future, is SATA.
In the last three years, the parallel ATA drives that most of us use have continued to be driven by the old IDE driver subsystem. Some of this code dates back to the beginning of Linux; since then it has been maintained by a substantial list of people, a number of whom are widely held to have been driven insane by the experience. The current maintainer, Bartlomiej Zolnierkiewicz, has kept a rather low profile for some time now; he signed off no patches in either of the 2.6.17 or upcoming 2.6.18 kernels. Not much has been happening in the IDE area. That does not mean that things have been quiet in the parallel ATA area, however. Over the last year or so, Alan Cox has been working to bring full PATA support into the libata code. The resulting drivers have been sitting in the -mm tree for a while, but that period is about to end: the PATA driver set has been queued for merging into 2.6.19. The stated advantages of the new PATA code are many. The code has been reworked from the beginning, and is up to current kernel standards. The use of libata means that these drivers are well integrated with their SATA cousins, bringing two divergent subsystems back together. The new drivers support a number of chipsets that the IDE layer doesn't handle. Error handling has been much improved. Also, according to Alan's announcement from August, the new drivers feature "active maintenance and updates" and "more interesting bugs to find and help fix." On the other hand, the new PATA drivers are not considered to be ready for production use yet, and distributors are not expected to enable them in the near future. The merging into 2.6.19 is intended mainly to broaden the test base. A completely new disk subsystem is the sort of thing that one likes to test very well before entrusting it with data that one wishes to actually keep; that process may go on for a little while yet. It is also worth noting that the new PATA code also drops support for some ancient IDE controllers. The issue that gets everybody's attention, however, is that, as with all drives handled through libata, PATA drives show up as if they were SCSI disks, and are named /dev/sd*. Anybody who just switches to the new drivers without updating /etc/fstab (or using the mount-by-label feature) is likely to have a rough bootstrap experience. That is an easy problem to work around, but the use of the SCSI drive namespace seems to bother some people. What appears to be happening in reality is that Linux is slowly moving toward having a generic disk subsystem, where everything can just be called /dev/diskN. All that's left is a few details and a new set of udev rules to rename the device nodes. Someday, most of us will be using the new PATA code. But this is not a process which is expected to go quickly, and there are no plans to remove or deprecate the existing IDE code:
At this point in time it is premature to discuss or plan the point
at which the old IDE layer would go away. That discussion can start
at the point where everyone is happy that the new libata based
layer is providing better quality and coverage than the old
one. Even then there would be no need to hurry.
So it appears that Linux will have parallel subsystems for parallel ATA support for some time.
Guest page hintingParavirtualized systems are operating systems unto themselves - they look like independent systems to the greatest extent possible. In the end, however, a paravirtualized system is still running under a host, and must interact with that host. A recent set of patches (entitled "guest page hinting") shows how running paravirtualized systems in a fully independent mode can hurt performance - and the sorts of tricks which can be required to make things run more efficiently.Consider, for example, a short-lived application which runs on a guest system. That application may dirty a number of pages, then exit, its job finished. The guest system knows that the dirty pages are no longer in use, and can be recycled. From the host's point of view, however, the only thing known is that the pages are dirty. So the host will, if needs to reclaim those pages, carefully write their (useless) data out to swap first. This is a wasted effort which would be nice to avoid. The hinting patches add a couple of low-level primitives for use by guest operating systems: set_page_unused() and set_page_stable(). The former marks a page as being unneeded by the guest, while the latter marks the page as being in active use. The s/390 architecture (which is the main target for this patch set currently) can implement these states through a pair of page flags which the guest can set, making the operations fast. Once pages have been marked as unused, the host system can reclaim them with no further effort, making the whole virtual memory subsystem more efficient. The next step is to consider page cache pages. These pages will contain data from a file found on a storage device somewhere, meaning that they can be recreated from the source if need be. That, in turn, means that the host could discard them in response to memory pressure. But, once again, the host knows nothing about the guests' page caches. So the hinting patches add another state, called "volatile," to mark pages with backing store. When the host is feeling memory pressure, it is free to discard volatile pages without saving their contents first. It must, however, make sure that the guest system knows that this action has taken place so that the page can be removed from the guest's page cache. In the current patch set, this notification only works for s/390 machines, however. Pages which have been locked into memory pose an extra challenge here - they can be part of the page cache, but they still shouldn't be taken away by the host system. So such pages cannot be marked as "volatile." The problem is that figuring out if a page is locked is harder than it might seem; it can involve scanning a list of virtual memory area (VMA) structures, which is slow. So the hinting patches add a new flag to the address_space structure to note that somebody has locked pages from that address space in memory. When the flag is set, those pages are not marked as being volatile. The swap cache also benefits from some hinting work - once the guest has written a page to swap, that page has good backing store and can be grabbed by the host system. The approach taken is similar to that used with the page cache, though there are a few extra details to take care of. For example, the guest must take care to have the page marked stable (and deal with its potentially having been discarded by the host) before freeing the associated entry in the swap area. Attentive readers may have noticed that these patches are heavily oriented toward the s/390 architecture. IBM has, of course, been doing virtualization for a very long time, so it is not surprising that some relatively advanced virtualization patches are coming from that direction - or that IBM's architectures are designed with virtualization in mind. Other paravirtualization projects will encounter many of the same issues, however, and may well benefit from this work. So the next stage for this patch set should be consideration by other projects and possible work to make the hinting features more generally applicable.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Debian's Alioth crackedAnybody having trouble getting through to the Debian Alioth web server now knows why: the system was broken into by way of a pmwiki vulnerability. "This security alert is over, however we have way too many projects running some custom-installed web applications. We're going to review everything that is installed and come up with suggestion to use the packaged (and thus security-supported) version of the web applications when possible."It has now been decided that the new Alioth will be hosted in a Xen client. "This means it's easy to stop (or shutdown) the Alioth host for inspection, or to simply reinstall it from scratch. That's why while preparing the new Alioth, I'm documenting the configuration of all the services."
New Releases Ubuntu 6.10 alpha - Knot 2 releasedEdgy Eft Knot 2, the second in a series of milestone CD images that will be released throughout the Edgy development cycle, is now available in Ubuntu, Kubuntu, Edubuntu and Xubuntu flavors.
Slackware 11.0 rc4Slackware 11.0 should be out soon. A fourth release candidate has been announced in the September 3 change log entry. For a complete list of changes check the slackware-current changelog.
Debian GNU/Linux 3.1 updatedThe Debian project has updated the stable distribution Debian GNU/Linux 3.1 (codename `sarge'). "This update mainly adds security updates to the stable release, along with a few corrections to serious problems. Those who frequently update from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update."
Distribution News Yet another Debian resolution on firmwareDebian project leader Anthony Towns has put forward a new general resolution proposal for the Debian developers to consider. This one starts with the idea that the social contract, in its current form, cannot be met, so it should be reverted to its pre-2004 language. The resolution would explicitly exempt firmware, allowing "etch" to be released on time and in compliance with the social contract. "I think it's a mistake to have a social contract that we can't meet -- I would much rather say "we're not only meeting our social contract, but we're going above and beyond it" than keep worrying about how we've overpromised and keep having to underdeliver." Click below for the full text, or see this LWN article for the previous episode in this story.
cdrkit: Debian's fork of cdrtoolsThe Debian cdrtools maintainers have posted the first version of "cdrkit," the project's fork of the cdrtools package. The reasons behind this fork were covered in LWN last month. It was nearly bound to happen; the real question is the extent to which distributors will cooperate in the maintenance of the new version. The Debian folks have reached out to other distributors, so the initial signs are good. Meanwhile, cdrkit needs testing.
minutes of debburn/cdrkit team meeting, 2006-09-05Click below for the minutes of the September 5 meeting of the debburn/cdrkit maintainers.
New Debian Tcl/Tk list, maintenance team formingDebian's tcl/tk maintainer is putting together a team to co-maintain tcl/tk and some of it's add-ons (e.g. tcllib, itcl). "It is also, in my opinion, past time to develop some more formal policies for tcl/tk-using packages. For this reason, I have created a mailing list for discussing Debian's tcl/tk infrastructure and policy, and an Alioth project for tcl/tk maintenance."
Debian Bug Squashing Party in Zurich: 9 Sept 2006Two Debian Bug Squashing Parties will take place in Zurich, Switzerland. The first will take place Saturday, 9 Sept. 2006.
Bug Squashing around the world - more about the BSP-MarathonClick below for an update on more Debian Bug Squashing Parties around the world.
Fedora Core to drop openmotifIt's official: Fedora Core 6 will not include the openmotif library, which has a non-free license. The library will be removed prior to the October 2 development freeze. As a result, a number of packages using openmotif (including cmucl, ddd, nedit, and xpdf) will break; they, too, will be removed if they cannot be shifted over to lesstif in the next month (but, in most cases, that work has already been done).
Gentoo Trustees AnnouncementThe Gentoo Foundation has announced its newly elected Board of Trustees. The new board has five members; Chris Gianelloni, Grant Goodyear, Stuart Herbert, Seemant Kulleen and Renat Lumpau.
The future of NetBSDCharles Hannum, one of the original NetBSD developers, has sent out a long, unhappy posting about the state of that project. "The NetBSD Project has stagnated to the point of irrelevance. It has gotten to the point that being associated with the project is often more of a liability than an asset. I will attempt to explain how this happened, what the current state of affairs is, and what needs to be done to attempt to fix the situation." Click below for the original message; the full discussion can be found in the archives.
Ubuntu Edgy feature freeze imminentAccording to the Ubuntu schedule, the Edgy feature freeze is in effect. A beta release is expected before the end of the month.
New Distributions Ubuntu Christian EditionUbuntu Christian Edition is a free, open source operating system geared towards Christians. It is based on Ubuntu Linux and is suitable for both desktop and server use. Along with the standard Ubuntu applications, Ubuntu Christian Edition includes the best available Christian software. The latest release contains GnomeSword, a top of the line Bible study program for Linux based on the Sword Project. The recently released Ubuntu CE v1.2 is based on Ubuntu 6.06.1 LTS.
Distribution Newsletters Debian Weekly NewsThe Debian Weekly News for September 5, 2006 looks at security updates to the sarge Mozilla packages that need testing, availability of DebConf session videos, donations needed for an etch release advertisement, a new Tcl/Tk team, bug squashing parties and much more.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for August 28, 2006 covers the Gentoo 2006.1 release, GCC 4.1.1/ glibc 2.4 stable, Gentoo Summer Camp and several other topics.
Ubuntu Weekly News #12The Ubuntu Weekly News for September 2, 2006 is out. "In this edition, read about the release of a milestone image and call for testing, a roundup of news from the Google Summer of Code student projects and a sneak preview news of another project, 'upstart', by Ubuntu Developer Scott James Remnant, designed to change the way that a Unix/Linux boots for the first time in 30 years."
DistroWatch Weekly, Issue 167The DistroWatch Weekly for September 4, 2006 is out. "Following a new release of Gentoo Linux last week, another popular "geek" project is likely to announce a major new version this week. Slackware Linux, the world's oldest surviving Linux distribution, has been through no fewer than four release candidates, so the final version can't be far away. Also expected later this week - GNOME 2.16. In other news, Linspire scraps the annual fee for its software repository, Ubuntu contributors keep enhancing their favourite distribution with extra software, services and even a new start-up script, and the NetBSD world is rocked by accusations of mismanagement by one of the project's founders. We also have the pleasure to announce that DistroWatch has once again been voted one of the "Top 101" web sites by PC Magazine and that the August 2006 donation of US$350 goes to the Puppy Linux project."
Minor distribution updates First release candidate for 64 Studio distribution64 Studio 0.9.4 is the first release candidate for the 64 Studio 1.0 distribution. "The CD image will install a custom Debian system specialised for multimedia content creation, including a NUMA-enabled SMP Linux 2.6.17 kernel with realtime preemption for dual Opteron systems."
Updated versions and derivates of Red Hat Enterprise Linux (Heise Online)Heise Online covers the release of CentOS 4.4. "The novel features introduced with the update include among others a transition from Mozilla Suite 1.7 to its indirect successor Seamonkey 1.0, which will henceforth be maintained. For some items of hardware such as the network chips by Intel, Broadcom and Nvidia, as well as the Qlogic storage adapter, drivers such as bnx2, cciss, e1000, emulex, forcedeth, qlogic and tg3 were updated. While the drivers that were added are the SAS driver adp94xx by Adaptec and the OpenIPMI tools. In addition the update sported improvements with regard to network, USB, and SCSI subsystems, as well as NFS and autofs4."
September 5th - Morphix SVN Commit DayMorphix has released Morphix Base 0.5-pre6 'Amalthea', MorphixLiveKiosk 0.01 and MorphingMorphix 0.3, as part of Morphix SVN Commit Day, September 5, 2006.
Package updates Fedora updatesUpdates for Fedora Core 5: anacron (bug fix), enscript (wrap long headers), mkinitrd (rebuild against parted-1.7.1), pyparted (rebuild against parted-1.7.1), mc (new mc CVS snapshot), db4 (bug fix), gnome-applets (bug fix), cups (bug fix), gimp (version 2.2.13), xsane (version 0.991).
rPath updatesUpdates for rPath Linux 1: conary, conary-build, conary-repository (Conary 1.0.30 maintenance release).
Trustix updatesUpdates for Trustix Secure Linux 2.2 & 3.0: amavisd-new, apache, cyrus-sasl, nfs-utils, openswan and squid (various bug fixes).
Ubuntu updatesUpdates for Ubuntu 6.06 LTS: kboincspy_0.9.1-3~dapper1, seahorse_0.9.3-0ubuntu5~dapper1, konversation_1.0-0ubuntu1~dapper1, openoffice.org 2.0.3-6dapper1, openoffice.org-l10n 2.0.3-6dapper1, openoffice.org-amd64 2.0.3-6dapper1-1, openoffice.org 2.0.3-6dapper2.
Newsletters and articles of interest Maintainer's resignation highlights problems in Debian project (Linux.com)Linux.com covers the resignation of Matthew Garrett from the Debian project. "The resignation of Matthew Garrett, one of the most active developers in Debian, has drawn attention to some ongoing issues about how the project operates. Specifically, Garrett's announcement on his blog cites a lack of civility and a slowness in decision-making, and compares Debian unfavorably to Ubuntu, the Debian-derived distribution which is increasingly attracting the efforts of many Debian maintainers."
Distribution reviews Linux From Scratch (Packt Publishing)Packt Publishing interviews Gerard Beekmans, creator of Linux From Scratch. "MS: What prompted you to write Linux From Scratch? GB: I started working with Linux about eight years ago. I was living in The Netherlands at the time (where I was born and raised). After trying out a few distributions I couldn't settle on any one pre-packed system to fit my needs. I also didn't get the feeling I was learning everything I could learn about how Linux works, especially behind the scenes. That's how the LFS project started. I was putting together a Linux system from scratch as an attempt to figure out how things worked. I wrote down the steps I took to get such a system up and running, thinking that there are probably other people out there who would be interested in it."
Page editor: Rebecca Sobol Development A look at the Firefox 2 Beta 2 browserThe beta 2 release of version 2 of the Firefox web browser, aka Bon Echo, has been announced, it is the fifth developer milestone for Firefox 2. This early release is aimed at developers and testers, not end users. The Bon Echo Alpha 2 release was tested here last May.![[Firefox]](/images/ns/firefoxlogo2.png)
New features in Firefox 2 beta 2 include:
The Firefox 2 beta 2 release notes page looks at the new features in more detail and the Bon Echo Planning Center explains what to expect in upcoming Firefox releases. Firefox 2 beta 2 is available for download here. Testers should familiarize themselves with the known issues section of the release notes, as well as the Firefox System Requirements document. Your editor gave this version of Firefox a quick spin, it started up with a few NS_ERROR_FAILURE messages, but continued working anyway. The multiple tab features look useful, in addition to the left and right tab extender buttons, there is also a down arrow that shows a list of all of the open tabs. All but the currently used tab are now displayed with a lower contrast view. The tab changes to a medium contrast when the mouse move on top, then goes to a high contrast when clicked on, this may take some getting used to. Several times, the left most tab disappeared from the screen after submitting changes on a web entry form, this appears to be a bug. The back and forward buttons are now split, and have an additional down arrow that brings up a list of recently viewed pages. In previous versions of Firefox, this was all done with the single arrow buttons. Additionally, there is a similar down arrow next to the current URL display. This appears to your editor as the addition of unnecessary features and screen clutter, remember this old axiom: simpler is better. All of the errors encountered in the Bon Echo Alpha One release appear to have been fixed. Firefox 2 appears to be getting more stable, although it is probably best to wait for the official release before relying on it for critical work.
System Applications Audio Projects Speex 1.2 beta 1 releasedVersion 1.2 beta 1 of Speex, a speech CODEC, is out. "This new release brings many significant improvements. The quality has been improved, both at the encoder level and the decoder level. These include enhancer improvements (now on by default), input/output high-pass filters, as well as fixing minor regressions in previous 1.1.x releases. A strange and rare instability problem with pure sinusoids has also been fixed. On top of that, memory use has been greatly reduced, especially for fixed-point and narrowband. The fixed-point narrowband encoder+decoder memory use has been cut by more than half, making it possible to fit both in less than 6 kB of RAM. In general, CPU requirement had gone down, especially for the fixed-point port."
Database Software MySQL 5.0.24a has been releasedVersion 5.0.24a of MySQL is available. "This is a minor release to fix a few bugs, and a possible security flaw."
Interoperability Samba 3.0.23c availableVersion 3.0.23c of Samba has been announced. "This is the version that production Samba servers should be running for all current bug-fixes. Please read the changes in the Release Notes for details on new features and difference in behavior from previous releases."
Mail Software Archiveopteryx 1.10 releasedVersion 1.10 of Archiveopteryx has been announced. "Archiveopteryx (formerly Oryx Mailstore) is a mail archive server that stores normalized mail in a PostgreSQL database, and serves it using IMAP/POP. It has now been used in production for several months, and is available both on commercial terms and as open source. This release comes sooner than planned, because we feel the deployment of privilege separation is important enough to justify it."
bogofilter 1.1.1 releasedStable version 1.1.1 of Bogofilter, a spam filter, is out. "Version 1.1.1 improved on 1.1.0 with a minor token parsing fix, a new Italian FAQ, and cleaned up formatting for the English and French FAQs."
Desktop Applications Desktop Environments GNOME 2.16 releasedGNOME 2.16 is out. Click below for the announcement, or see the GNOME 2.16 page for the release notes, download information, and more.
Gnome 2.17 schedule announcedThe first draft of the GNOME 2.17 release schedule has been announced. "what's worth to mention? the release cycle will have 27 weeks - christmas and new year's day are on monday, guess we don't want a tarballs due on these holidays. also, API/ABI/Feature freeze and UI freeze will not be the same date again."
GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Software AnnouncementsThe following new KDE software has been announced this week:
KDE Commit-Digest (KDE.News)KDE.News has announced the September 3, 2006 edition of the KDE Commit-Digest. "In this week's KDE Commit-Digest: Kickoff, the experimental application menu alternative developed by SuSE, is imported into KDE SVN. Import of the work to support SVG scalable tilesets in KMahjongg. KViewShell gets support for LZW compressed fax files. Strigi gets support for the D-Bus Inter-Process Communication service, KBFX, a prospective element of Plasma, gets full support for Strigi. Kaffeine gets DVB plugin support. Amarok sees fundamental changes in a key statistics technology, along with a name change of the technology to "Amarok File Tracking (AFT)". Development of SafeSite, a network-aware phishing protection service proceeds. Interface changes in KTorrent."
KOffice: Summer of Code students deliver the goods (KDE.News)KDE.News covers KOffice contributions from the 2006 Summer of Code. "Under the KDE umbrella, the KOffice project took part in the 2006 Summer of Code with four participants. And not only that, but the Dutch Programmeerzomer, sponsored by Finalist, also selected a KOffice project. The summer is over, the season of mists and long hacking nights has arrived and the question that's obviously in everyones mind is, have these five delivered? -- and, more importantly, will Gabor, Alfredo, Emanuele, Thomas and Fredrik continue hacking on KOffice?"
First Konqueror Bug Triage Day (KDE.News)KDE.News covers the first Konqueror Bug Day. "The aim was to either confirm or close as many unconfirmed Konqueror bugs as possible, known as bug triage. About 150 bugs were dealt with."
Xfce 4.4 Release Candidate 1 (4.3.99.1) releasedVersion 4.4 Release Candidate 1 (aka 4.3.99.1) of the Xfce lightweight desktop environment is out. "This release fixes a lot of bugs that were present in the second beta release, but also introduces new features, like the trash support in Thunar and xfdesktop. Besides that, this release also includes Xarchiver 0.4.0."
Electronics gEDA 20060824 announcedVersion 20060824 of gEDA, a collection of electronic CAD tools, has been announced, along with version 20060825 of the gEDA Suite installer CD ISO image. gEDA changes include: "Numerous bug-fixes, usability and documentation improvements from an every-growing band of contributors."
Fonts and Images Linux Libertine 2.1.9 releasedVersion 2.1.9 of the Linux Libertine open font set is available.
GUI Packages Trolltech Releases Second Preview of Qt for Java (KDE.News)KDE.News looks at Qt Jambi. "Trolltech has released a second preview of Qt Jambi - a prototype version of Qt that allows Java programmers to use the popular cross-platform development framework. This release incorporates the feedback of over 1700 beta testers, and features new additions like Web Start functionality, improved integration with Eclipse and single JAR file deployment for Qt Jambi-based applications."
Music Applications MMA Beta 0.23 now availableThe Beta 0.23 release of MMA, Musical MIDI Accompaniment, is out. "Included in this release: A number of minor bugfixes; new RNDSEED command; a number of new and improved library files."
Office Suites OpenOffice.org NewsletterThe August, 2006 edition of the OpenOffice.org Newsletter is out with the latest OO.o office suite articles and events.
Languages and Tools Caml Caml Weekly NewsThe September 5, 2006 edition of the Caml Weekly News is out with new Caml language articles.
Python Dr. Dobb's Python-URL!The August 30, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.
Dr. Dobb's Python-URL!The September 6, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.
Tcl/Tk Dr. Dobb's Tcl-URL!The September 5, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.
XML XML Schemas 1.1 (Structures) new working draft (O'Reilly)Rick Jelliffe looks at XML Schemas 1.1 on O'Reilly. "Of course, I am most interested in the new assert element. It is based on the assert element from my Schematron schema language; Eddie Robertsson created some XSLT stylesheets for embedding assertions in XML Schemas, and it has proved quite popular and useful. And certainly the ability to constrain types rather than names is useful, for XML Schemas. They have done the right thing by defining a larger version of XPath that can be used, though the draft seems quite fuzzy about whether to use XPath 1 or XPath 2: I cannot image that will not get sorted out though. As with key/keyref and uniqueness, I think their assertions could be translated in Schematron readily enough."
Miscellaneous Catching up with Unicode 5.0 (O'Reilly)Rick Jelliffe in Articles discusses the release of Unicode 5.0 on O'Reilly. "Unicode 5.0 was released a week ago: congratulations to all concerned. Unicode now has about 99,000 characters defined, though many of the improvements in Unicode 5.0 are related to how to use characters (their properties or display algorithms) rather than additions. There are only 1369 new characters compared to Unicode 4.1; and no milestone for implementations such as Unicode 3.1 in 2001 when the number of characters broke the 16-bit range."
Page editor: Forrest Cook Linux in the news Recommended Reading Changing the Report, After the Vote (Inside Higher Ed)Inside Higher Ed has a detailed story on the politics behind the creation of the American Council on Education's report on the future of higher education. "That agreement was nearly imperiled last weekend, though. Gerri Elliott, corporate vice president at Microsoft's Worldwide Public Sector division, sent an e-mail message to fellow commissioners Friday evening saying that she 'vigorously' objected to a paragraph in which the panel embraced and encouraged the development of open source software and open content projects in higher education." Read the article for the relevant text before and after Microsoft's intervention.
A first look at GNOME 2.16 (ars technica)ars technica looks forward to the GNOME 2.16 release. "In addition to new icons and an updated GTK theme, GNOME got an infusion of compositing goodness, including support for toggling compositor support at runtime, support for wobbling and exploding affects, magnification, configurable transparency for windows and menus, fading effects, and shrinking effects for minimization."
Trade Shows and Conferences Report on the Fourth International GPLv3 Conference (Linux.com)Linux.com has a report on the GPLv3 conference in Bangalore. "Last month the Free Software Foundation (FSF) held its Fourth International Conference on GPLv3 at the Indian Institute of Management in Bangalore. Around 150 participants from all over India and abroad, including Japan, France, and Germany, attended. Since this was the first conference after the second draft of GPLv3, which saw several extensive revisions, both Richard Stallman and Eben Moglen painstakingly explained the new draft, and took many questions from attendees."
YAPC::EU 2006 coverage (O'Reilly)O'Reilly covers day 1 and day 2 of the YAPC::EU 2006 Perl conference.
Companies MySQL to drop Berkeley DB storage engine, add memcache plugin (Linux.com)Joe 'Zonker' Brockmeier covers a DBMS change from MySQL AB on Linux.com. "With the 5.1.12 release, MySQL will be dropping the Berkeley DB (BDB) storage engine from its list of supported database engines. Some observers have suggested that this move is connected to Oracle's purchase of Sleepycat, and that InnoDB may be next. However, Brian Aker, MySQL's director of architecture, says that they're unlikely to drop InnoDB, and the Berkeley engine is being dropped for technical reasons. Aker also announced the first release of a memcache storage engine plugin for MySQL."
Really Free Software (Forbes)Forbes is running a look at Ubuntu and its founder. "Canonical has burned through $15 million of Shuttleworth's money in two and a half years. He says that it will take him at least another two years to even know whether it has a chance to become profitable, and that it may never return his investment. But that doesn't matter. He's paying all the bills either way, along with setting up a $10 million endowment for the Ubuntu Foundation that's earning interest for a day when his attentions may drift elsewhere."
Wind River claims embedded Linux dominance (LinuxDevices)LinuxDevices looks at Wind River's quarterly report, with an emphasis on the company's apparent success in transitioning to Linux. "In terms of specific Linux design wins, [CEO Ken] Klein cited high-end Swedish stereo equipment vendor Bang & Olufsen, which reportedly licensed Wind River's Platform for Consumer Electronics, Linux Edition (PCE-LE), in part because of PCD-LE's interesting remote management capabilities."
Business The New Barbarians (Forbes)Forbes is running a series of articles called The New Barbarians. It seems that Daniel Lyons has finally figured out that commodity hardware and free software might offer some value. "Linux today has less than 2% market share on the desktop. That's because with past versions of Linux only hackers could get Linux installed and running right. But a new batch of easier-to-use versions is putting Linux within reach of regular folks." There is also a rather confused article about the GPLv3 process.
Linux Adoption India state to dump Windows for Linux (Seattle pi)Seattle pi has published an Associated Press article on the upcoming switch to Linux at all of the high schools in the Indian state of Kerala. "The decision to switch to Linux came after free software guru Richard Stallman, founder of the open-source GNU software project, visited Kerala two weeks ago, and persuaded officials to discard proprietary software, such as Microsoft, at state-run schools, Baby said. Despite the denials that Microsoft was the target, opposition leader M.A. Shahnawaz, of the Congress party, said he believed the decision was based on the communists' opposition to the software giant's products."
Legal SanDisk faces MP3 licence dispute (BBC)The BBC covers a dispute between SanDisk and Sisvel over the MP3 patent. "Sisvel's founder Roberto Dini told the website DigitalLifestyles.info that SanDisk could gain an unfair edge over competitors and could potentially offer trade customers at the high-profile German show a lower price for its MP3 players. This is unfair competition,' Mr Dini told DigitalLifestyles.info." The interesting thing - beyond the notion of license fees as necessary for fair competition - is that SanDisk claims to have come up with a non-infringing MP3 decoder. DigitalLifestyles has posted the interview with Mr. Dini, in MP3 format, of course.
Some Quick Comments on Australia's Exposure Draft TPM Measures Bill, by Brendan Scott (Groklaw)Groklaw looks at DMCA-like draft legislation in Australia. "As a result of the Australia-US Free Trade Agreement (AUSFTA), Australia is required to augment its existing DMCA style provisions in the Australian Copyright Act. The AUSFTA requires that these changes be in place by the end of 2006. Following a number of reviews, draft legislation which aims at implementing the relevant provisions of the AUSFTA (i.e. paragraph 17.4.7) has been released."
Interviews Author Interviews: Hal Fulton - The Ruby Way (On Ruby)Pat Eyler interviews Hal Fulton. "Hal Fulton is a longtime Ruby hacker and the author of one of my favorite Ruby books, The Ruby Way. Recently, he's been hard at work on a second edition (due out in November). The second edition will come with a change in publishers, The Ruby Way will now be an Addison-Wesley book. When he's not working on his book, Hal is active on the ruby-talk mailing list and in the Ruby community at large."
PC-BSD Interview (KDE.News)KDE.News talks with Kris Moore founder and lead developer of PC-BSD. "PC-BSD was initially released as 0.5 Beta about a year ago, April 2005. I chose to begin development with the goal of making a FreeBSD-based desktop OS, with a custom software installation method called PBI or PC-BSD Installer. Instead of a true "distro" with numerous ports or programs being apart of the base system, PC-BSD is by default a Operating System only. Software packages live independent of the operating system, self-contained in their own directories, where they do no harm or cause dependency issues."
People Behind KDE: Celeste Lyn Paul (KDE.News)KDE.News has announced the latest interview in its People Behind KDE series. "Today's People Behind KDE features the American lass who is forging the KDE 4 Human Interface Guidelines. Find out the advantage of a hobby against job, what is wrong with Fruit Salad plus the good fortune of one KDE convert as we interview Celeste Lyn Paul."
Linspire Founder on Linux, iPod, Zune (Red Herring)Red Herring interviews Michael Robertson. "Is Michael Robertson afraid of anything? The entrepreneur has a made a career--and a fortune--playing rough with giants. Now, though, he's turning up the volume: predicting an end to Apple's hold on digital music, shaking up the Linux community by looking to marry open source smarts with proprietary know how, and talking trash about Microsoft's new Zune."
Opening Up: Laurie Tolson on Open Source Strategy for the Java PlatformThe Sun Developer Network has an interview with Laurie Tolson, VP of Developer Products and Programs at Sun. "Jim: Where is Sun in the process of open sourcing the code for Sun's Java platform implementations? When can developers expect to see the code released? Laurie: Sun will release several significant components of Java SE by the end of 2006. We don't know exactly which ones yet, but the javac bytecode compiler and the HotSpot Virtual Machine --among other things-- are on the table. The rest of a buildable JDK will be released in early 2007. In addition, Sun plans to open source implementations of the Java ME platform (both CLDC and CDC). We intend to roll this out by the end of 2006. Most importantly, we're not doing this in isolation. We want to learn from successful open source projects how best to go about this." (Thanks to Drew Daniels)
Resources It's not just Linux: Open Source has arrived (Linux-Watch)Linux-Watch reports on the results of an IDC study. "Open-source true believers have been saying forever that open source is the way to develop software. It turns out they've convinced most programmers that they're right. According to a newly released IDC study, open source isn't just hype; it's now the way most developers make software."
Linux Gazette #130 is outThe September 2006 edition of Linux Gazette is out. Articles include EclipseCon Conference 2006: The Way of Eclipse, DNS techniques, The Geekword Puzzle, Vancouver Python Workshop 2006, Custom OpenLDAP Schemas, Interview: Timothy Miller, Open Graphics Project and more.
Reviews Cold War makes for intriguing gaming (Linux.com)Linux.com plays around with a new game. "It's been a long time since I've played a commercial game on Linux, probably since the fall of Loki, but the long dry spell is over now. I've been spending a lot of time playing Cold War lately, and I've missed this kind of gaming."
Hail the Konqueror (Linux.com)Linux.com has a look at Konqueror. "Tabbed browsing support is great for viewing multiple sites one at a time, but Konqueror kicks it up a notch with split windows. Its window can be split horizontally or vertically (or both), and you can browse different sites in each pane. This is useful if you're composing a blog post and want to refer to someone else's post on the other side, or if you just have a site that you want visible all the time, such as a Nagios window, where you can keep an eye out for any alerts."
Can Linux-based Collax Replace Microsoft Small Business Server? (CRN)CRN reviews Collax Business Server. "With the release of Collax Business Server (CBS), Microsoft's Small Business Server 2003 (SBS) is starting to look a little like France in 1940, with Germany amassing troops on the border, readying invasion. Collax has made it no secret that it intends to battle Microsoft for the small business server market and is aggressively seeking soldiers in the form of solution providers. And with the recall and delay of the R2 upgrade to SBS, Microsoft now lacks the re-enforcements it needs to strengthen its line, creating an even more tempting target for Collax."
Taking an OpenReports test drive (Linux.com)Michael Stutz takes a look at OpenReports on Linux.com. "Business Intelligence (BI) software, those tools and suites that take the raw minings of your databases and turn them into comprehensible signposts and mappings that lead toward profits, is a hot market today. One of the more talked-about open source solutions is OpenReports, a GPLed, Web-based BI report generation system whose first stable, milestone release of its 2.0 series has just come out. A lot of bugginess has been cleaned up from earlier versions. This 2.0 milestone release also brings with it a better report scheduling method".
Review: The Linux-based Motorola ROKR-E2 (OS News)OS News reviews Motorola's ROKR-E2 Linux-based feature phone. "In the box (arrived in just two days from Hong Kong) we found the cellphone, an 850 mAh battery, 128 MB transflash-in-SD card, the manual, software CDs, a USB cable, a 3.5mm handsfree and a travel charger. The battery was almost full when the box arrived, but we fully charged it for an extra hour or so too. This feature phone (not a smartphone) features triband GSM, 1.3 MP camera with flash, 11 MBs internal storage, full SD slot, 2.2" QVGA screen, stereo sound, FM radio, 3.5mm audio jack, USB 2.0 charging & file transfer and Bluetooth."
Personal wikis: Three small, simple alternatives (Linux.com)Linux.com looks at some lightweight wikis. "Wikis aren't just great tools for sharing information and collaborating on projects. They also make excellent personal information managers. With a personal wiki, all of your to-do lists, notes, and appointments are at your fingertips in form that's easy to use and maintain."
Miscellaneous FSF reaches out to social activists (NewsForge)NewsForge covers the Free Software Foundation. "2006 may be remembered as the year that the Free Software Foundation (FSF) reached out to the community. The FSF has already undertaken an unprecedented year-long consultation process about the revisions to the GNU General Public License, and the Defective By Design campaign against digital rights management technologies. Now, the FSF is planning a third campaign to deliver its message about ethical software to social activists outside the technical communities. "We think that social groups taking on policies about free software can act as a huge lever within schools, trade unions, local governments, and churches," says Peter Brown, executive director of the FSF."
Page editor: Forrest Cook Announcements Non-Commercial announcements EFF: California Lawmakers Pass Safeguards for Privacy-Leaking RFID ChipsThe Electronic Frontier Foundation has sent out a Media Release concerning California legislation over RFID chips. "The California State Senate passed tough new privacy safeguards late yesterday for use of "tag and track" devices known as Radio Frequency Identification (RFID) chips embedded in state identification cards. The bill helps ensure that Californians can control the personal information contained on their drivers' licenses, library cards and other important ID documents."
Planning For 10 Years of Free Desktop (KDE.News)KDE.News looks at 10 years of KDE. "10 years ago, on October 14th 1996, Matthias Ettrich announced a project to create a complete and consistent GUI for the prospering Linux operating system. The project grew and matured and now it is 2006 and KDE is one of the largest Free Software projects."
Nominations for X.Org Foundation Board of Directors are OPENX.Org Foundation Board nominations are being accepted. "We are seeking nominations for candidates for election to the X.Org Foundation Board of Directors. All X.Org Foundation members are eligible for election to the board. Nominations for the 2006 election are now open and will remain open until 23.59 GMT on 24 September 2006."
Commercial announcements Sun launches the Sun Studio Express ProgramSun Microsystems, Inc. has announced the launch of the Sun Studio Express Program for its Sun Studio 11 development tool. "Sun has launched the Sun Studio Express Program that enables C, C++, and Fortran developers to preview features intended for future releases. With more than 50,000 registered downloads in the past 6 months, this program was created in response to the rapid adoption and interest in Sun Studio 11 software."
Team ASA announces NPWR-LCX Single Board ComputerTeam ASA has announced the NPWR-LCX single board computer. "The NPWR-LCX is one of two new single board networking computers released by Team ASA this week. The NPWR-LCX is based on the recently released Intel 80219 XScale CPU, running at 600 MHz. The NPWR-LCX I/O suite consists of Dual Gigabit Ethernet ports, four Serial ATA ports, a USB 2.0 Device port and a Serial port. The NPWR-LCX Memory configuration supports 64 to 512 Megabytes of 266 MHz, DDR SDRAM and 8-16 Megabytes of FLASH ROM. The NPWR-LCX comes configured with a 2.6.13 Linux OS version on FLASH ROM Disk and a Linux Binary Distribution CD-ROM."Team ASA also announced their NPWR-SAI board, which uses the Intel 80219 XScale CPU.
Terra Soft announces the Y-Bio JS21 ClusterTerra Soft has announced the Y-Bio JS21 Cluster, which is aimed at biological supercomputing applications. "The Terra Soft Y-Bio gene sequence analysis suite offers a single, database driven interface to the most common gene sequence analysis programs: Probcons, T-Coffee, mpiBLAST, MrBayes, Modeltest, NCBI BLAST, EMBOSS, Glimmer, ClustalW, HMMER, Wise, and FastA. The Y-Bio JS21 Cluster is comprised of Y-Bio pre-installed on each of 14 IBM JS21 blades in a single BladeCenter chassis. Each blade boasts four 2.5GHz cores for 56 cores in just 7U for a compelling 4x performance-density improvement over the former Apple G5 Xserve product line."
New Books Open Life publishes The Philosophy of Open SourceOpen Life has published the book The Philosophy of Open Source by Henrik Ingo.
The Relational Database Dictionary - O'Reilly's Latest ReleaseO'Reilly has published the book The Relational Database Dictionary by C. J. Date.
Contests and Awards Rackspace Named Leader in Gartner Magic QuadrantRackspace Managed Hosting has announced that the company was positioned in the "Leader's" Quadrant in Gartner Inc.'s annual North American Web Hosting Magic Quadrant* published August 25, 2006 and authored by Gartner analysts Ted Chamberlin and Lydia Leong.
Event Reports Transcript of Richard Stallman at the 4th international GPLv3 conferenceA transcript of Richard Stallman at the 4th international GPLv3 conference is available. This page links to audio and video recordings as well as text. "The overall topic of this speech is what we've changed in the GNU GPL. In order to speak about this, I need to remind people what the point of it is. The reason we change the GPL is to make it do it's job better, so what is that job? That job is protecting the freedom of all users of our software." (Thanks to Ciaran O'Riordan)
Minutes from the OSDL DTL meeting on fonts and LinuxWaldo Bastian has posted minutes from the August 31 OSDL desktop Linux "tech board" meeting on fonts and Linux. There is quite a bit of work going on to improve the current situation. "[The Bitstream Vera license] requires renaming in order to extend. This may cause problems, e.g. somewhile back SUSE renamed Bitstream Vera to SUSE Sans. Websites/documents specifying SUSE Sans will not work correctly with other Linux distributions."
Calls for Presentations CFP, IT Underground, Warsaw, Poland 2006A call for papers has gone out for the IT Underground 2006 conference. The event will take place in Warsaw, Poland on October 26-27, 2006.
PyCon 2007 Calls for Proposals/TutorialsA Call for Proposals has gone out for PyCon 2007. "Want to share your expertise? PyCon 2007 is looking for proposals to fill the formal presentation tracks. PyCon 2007 will take place February 23-25 2007 in Addison, Texas." Submissions are due by October 31.
Upcoming Events The Ohio LinuxFest 2006The Ohio LinuxFest 2006 will take place in Columbus, Ohio on September 30, 2006. "The Ohio LinuxFest 2006 will feature 19 exciting presentations this year by speakers such as Jon 'maddog' Hall, Jeff Waugh, Chris DiBona, Jay Pipes, Michael Johnson, and Jorge Castro -- as well as a guest appearance by live penguins!"
Invitation to OSDL's Conference on Software Tagging (Groklaw)Groklaw mentions an upcoming software tagging workshop in Portland, Oregon. "Kees Cook of OSDL would like to pick your brain some more, on the topic of software tagging. He also would like to hear from you, if you host an OSS software repository, and he has an invitation for Groklaw folks. Here's the request, along with the invitation: "I'm helping to host the OSDL-sponsored Software Tagging Workshop September 14 - 15 and am working with a number of folks to research best practices for manual software tagging and recording stamps. We'd like to create a list of who is currently hosting OSS repositories and the best way to contact them.""
Software Development Best Practices India 2007 announcedCMP Technology has announced the Software Development Best Practices Conference & Expo series. The event will take place in Hyderabad, Chennai and Bangalore, India on January 16-18, 2007.
Events: September 14, 2006 to November 13, 2006The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it.
Page editor: Forrest Cook Letters to the editor Corrections to Dan Shearer's summary of qmail
Greetings,
The New Dependency Hell
Dear Editor,
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||