LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for September 21, 2006Updating the Creative Commons LicensesIt isn't just the GPL that is being updated. Creative Commons is working on changes to its licenses also, and for some of the same reasons. It was announced early in August that changes were in the works, and you can read the proposed draft language on that page, and while it was hoped that the license would be finished by the beginning of September, the discussions continue on the CC public discussion board. A major sticking point? What to do about DRM.There is already an anti-DRM clause in the Creative Commons licenses which reads like this:
You may not distribute,
publicly display, publicly perform, or publicly digitally perform the
Work with any technological measures that control access or use of
the Work in a manner inconsistent with the terms of this License
Agreement.
What is proposed are some amendments to clarify the language, but some, particularly in the Debian camp, worried that the language in the draft was inconsistent with the Debian Free Software Guidelines, and instead proposed a kind of parallel distribution clause, in order to give programmers freedom to code for both open and closed systems. Creative Commons project lead Mia Garlick opened the topic up for discussion. Some find it ridiculous to argue that the way to promote freedom is by allowing DRM, with its potential to take CC works and close them off. They see DRM as the fast track to destroying the share-alike community that Creative Commons authors are choosing to be a part of. The whole point of having such a license, after all, is precisely to avoid the sort of total freedom to do whatever you wish with the work, as would be possible by the author choosing to release into the public domain. As one comment put it, allowing DRM on CC'd works in the name of freedom is like saying the way to promote democracy is to vote in a dictator. And so the upgrading to CC version 3.0 is going through a similar discussion as the GPLv3. Because of the opposition, the dual license idea isn't currently in the draft, as Garlick explained:
Consequently, CC is currently not proposing to include this new
parallel distribution language as part of version 3.0; however,
because it is not clear whether the Debian community will declare the
CC licenses DFSG-free without it and because it represents an
interesting proposal, we felt that it was appropriate to circulate
the proposal as part of the public discussions of version
3.0.
It's a fascinating discussion, and polite. If you wish to join in, here's where you go. You must subscribe to post a comment. To get up to speed on what has already been discussed, here's a PDF that summarizes the discussion so far, along with Creative Commons' reactions to various suggestions, available here. The Debian point of view, as far as I can see, is being expressed by Evan Prodromou, and the contrary view by many, but outstandingly by Rob Meyers and Greg London. You can find the archives by author here. My best suggestion would be to start here, and just click on "next message" for a while to follow the discussion in a straight line. At that starting link, London suggests making sure "DRM can't be used to take a work private or set someone up as sole source for DRM-versions of works," and Meyers answers Prodromou's expressed concerns about "licensees being free to distribute works in their format of choice." Prodromou expresses this worry:
Sony's not going to change their platform for
us. They're just not. Millions of users aren't going to throw out their PS2's because they can't play Free Content games on them. It's not going to happen. So the question becomes whether we're going to hamstring Free Software developers who want to port to this kind of platform. What purpose does it serve, besides restricting the freedom of those developers? Again, I'll contrast to Free Software applications running on proprietary operating systems. If the GPL had forbidden running or developing a Free app on a propriety OS, there would be no Free Software today. Letting people make their own accommodations with the increasingly DRM'd world means we will see Free Content on more platforms, not less. Turning up our nose and saying that our content is too good for DRM'd platforms won't stop DRM; it'll just impede the distribution of Free Content. I don't like DRM. I think it sucks. But license provisions are the wrong place to fight it.
There are millions of people who have
game consoles, text readers, and music players that require some sort of
DRM. And even if it's just one person who can't use a work on one piece
of hardware, it's still wrong.
Of course, that's when the discussion gets really interesting. Meyers points out:
Embracing DRM will not move the movement
forward. Unless you spin it
180 degrees.
My son tells me that Sony are now allowing people to play vanilla MPEGs on PSPs. So problem solved. We don't need a blanket DRM permission to use free culture on PSPs. When one comment states, "That's why pleas for DRM are *not* pleas for user freedom," Prodromou argues,
Parallel distribution doesn't restrict freedom. It gives *at
least* the
same freedoms as distributing in an unencumbered format, *plus* the
freedom to run on a DRM-only platform. That's more freedom, not less.
To which London responds:
If it means you can put FLOSS work on an DRM-only
player, and you can't play non-DRM versions on the player,
and you cant even legally convert your works to a
DRM-compatible format without paying iSuck Corp a lot
of money, then the barn door is open and it's only
a question of when the wolves are coming in.
Another issue, and again this is identical to efforts in GPLv3, is to internationalize the license. The CC proposed solution is this, according to the August announcement:
Another big feature of version 3.0
is that we will be spinning off
what has been called the "generic" license to now be the US license
and have crafted a new "generic" license that is based on the
language of international IP treaties and takes effect according to
the national implementation of those treaties. This may only be
something that gets IP lawyers excited but I thought it might be good
to share this draft with the community as well in order to ensure
full transparency and in case people were interested and/or had any
comments.
And finally, there is discussion on just what the definition of "noncommercial" is. I would suggest that you take the time to read all the comments themselves in August and September, though, and not just rely on the PDF summary, as there is already a comment indicating the summary didn't get every point precisely as the commenter intended. Besides, figuring out the appropriate response to DRM is a very important task, one the community needs to get right.
WOS4: Lawrence Lessig on read/write cultureLawrence Lessig appeared at the third edition of the Wizards of OS to launch Creative Commons Germany. He returned at WOS4, instead, to talk about free culture. As it turns out, Mr. Lessig has![[Lawrence Lessig]](/images/conf/wos4/lessig1-sm.jpg)
recently moved to Berlin to spend the next year working on his next book,
so there may well be other opportunities for the locals to hear him speak.
For the rest of us, though, it was a rare treat.
He started by talking about the composer John Phillip Sousa, who had expressed frustration (to a Congressional committee) with the "talking machines" which were just becoming common in his time. These machines, he feared, would turn the public into mere listeners, rather than people who participated in the creation of music. Many years later, Mr. Lessig notes, this "read-only" approach to culture has indeed taken over, especially in the U.S. The talk then shifted to the founding of the U.S. Republican party, which was based, at that time, on the idea of "free labor." Working for others was seen as a form of indentured slavery - especially given the kind of labor contracts which were in use at that time. The idea motivating the Republicans was a vision of a country where people owned their own means of production and worked for themselves. Needless to say, things did not work out that way. Industrialization pushed the economy in a different direction, and, by the 1870's, 70% of the workers in the U.S. were employees. Free labor, he says, is a "fantasy" now. The idea is beginning to come back, however, as the net is enabling more people to own their own production equipment. We are also seeing similar trends in politics - the 20th century mode of being told what to think by politicians on the television is giving way to a blog-driven participatory democracy. It's becoming a read-write system. And that, Mr. Lessig says, is how things have been for most of our history; the 20th century was an aberration in this regard. Moving back to culture, Lessig noted that the Internet can enable both read-only and read-write culture. In the read-only mode, the net is a channel by which we can consume culture created elsewhere. The classic example here would be iTunes, which allows the purchase of music for specific devices, to be used in specific ways. The Internet can be a way of perfecting the control held by content owners. But it need not be that way. To demonstrate the read-write alternative, he showed a few videos taken from the net. These varied from silly works involving reworked anime clips set to music rather different from that used by the original creators through to highly political pieces. Something to offend everybody - but highly amusing. Text, says Lessig, is "the Latin of our time"; video is the way to communicate in this era. Unfortunately, many of the videos he showed have been subjected to takedown notices and other attacks from copyright holders. Lessig also mentioned a film which won a prize at Cannes; it was made for all of $218, but then the creator was faced with a $400,000 bill to clear the rights for the background music used. There are many differences between the read-only and read-write views of culture, starting with the way that the read-write view departs from the "couch potato" mode. Read-write culture is a participatory medium. The read-write culture is also far larger, by almost any measure. It certainly involves more people, but it can also be economically larger. Unfortunately, current copyright law heavily favors the read-only mode. It controls the right to make copies, but, in the digital world, any use of a work involves copying it. So every use requires permission. Content holders are making full use of this legal view, which, in the end, means they have control over how people use culture. Copyright law, in other words, conflicts with the read-write net. It smothers it. Jack Valenti described "piracy" as his own terrorist war. We are, it seems, fighting a war where the terrorists are our own children. And the tools which are being deployed in this war, in the name of stopping piracy, are also killing read-write culture. So what do we do about all this? The first step, says Lessig, is to enable free culture in any way we can. And that requires building free tools. The free software community, for all of its successes, has not yet succeeded in building a comprehensive set of friendly tools which can be used by artists. We need to fight DRM in any way we can, support free codecs and protocols to the greatest extent possible, and support free software everywhere. We must also build a legal platform for free culture. The Creative Commons license is aimed at that goal. It seems to be having some success; by one measure, there are now as many as 140 million CC-licensed works available on the net.
Finally, Lessig says, we must reach out and support the creation of free
culture on proprietary platforms. In particular, the estimated one million
Flash developers should be brought into the read-write world. That
involves encouraging them to share their code, putting "view source"
In summary, says Lessig, the 20th century is best described as the "weirdest century." But it's over. If we can grow the free culture movement, we will enter truly into the read-write world, and we'll all be richer for it. During the question period, Mr. Lessig was asked what he thought of Richard Stallman's refusal to support the Creative Commons licenses. The day of that announcement, he responded, was one of the most depressing of his life. He stands by the Creative Commons licenses, however. The artistic community still has not really had the discussion of what rights it needs to be truly free. There is no artistic equivalent to the "four freedoms" for software. Until that discussion has happened, the Creative Commons can only defer to the free-culture friendly musicians it is working with (Gilberto Gil was mentioned) and go with what they suggest. Mr. Lessig does not feel that he knows better, and will not try to force a particular vision of freedom on them - even if it means losing Richard Stallman's support. The question was asked: don't the Creative Commons licenses constitute an admission that many of the rights often claimed under fair use do not actually exist, since those rights must be codified separately in a license? That can be a problem, he responded, which is why these licenses have always been written as a grant of additional rights beyond all of those already permitted by law. In the end, it comes down to a choice of trying to build this legal platform, or doing nothing at all; they chose to act.
WOS4: Quality management in free contentOne problem which must be faced by any cooperative project is that of quality management. If anybody can contribute to a work, how can a project ensure that its output is up to the standards it has set for itself? A Wizards of OS 4 panel session on this topic highlighted three very different approaches to this issue.Ullrich Pöschl, a researcher at the Max Planck Institute for Chemistry, is trying to address a number of problems with the scientific publishing world. Publication is crucial to scientists - it is, in the end, the one concrete result from their work which matters. But the process to publication is long and frustrating, and can often be hampered by personal agendas and scientific conservatism. Your editor who, in a previous life, actually published a paper in a refereed journal can attest to what a painful process it can be. There are also problems with scientific fraud and (much more often) plain old carelessness. Scientists, in their rush to get their work out, will often not take the time to produce work of the needed quality. Quite a few papers are published which contribute little and actually dilute the pool of scientific knowledge. On the other side, scientific journals are tremendously expensive, and they publish last year's work. There are a lot of pressures for faster - and more open - access to scientific results. It seems that a more open approach would benefit everybody, but only if the quality level can be maintained. Ullrich is a founder of a relatively new journal (Atmospheric Chemistry and Physics) which has set out to demonstrate a new approach to scientific publication. This journal has retained much of the classic scientific publication process - every paper is still reviewed by anonymous referees whose questions must be answered to the editor's satisfaction. Where things differ is in the openness of the process. When a paper is submitted, as long as it's not complete junk, it will be immediately published as a "discussion paper" on the journal's web site. It is clearly marked as an unreviewed paper, not to be taken as definitive results at that time. While the referees are reviewing the paper, others can post comments and questions as well. These others are limited to "registered scientists," since the desire is to keep the conversation at a high level. The comments become part of the permanent record stored with the paper, and they can, at times, be cited by others in their own right. The editor will consider outside comments when deciding whether the paper is to be accepted and what revisions are to be required. After using this process for five years, Atmospheric Chemistry and Physics has the highest level of citations in the field. Citations are important in the scientific world: they are an indication that a given set of research results has helped and inspired discoveries elsewhere. The high level of citations here indicates that this publication process is succeeding in attracting high-level papers and filtering out the less useful submissions. Things are at an early stage - out of approximately 7,000 scientific journals, about five are currently publishing with this sort of technique. Others are interested, however, and that number can be expected to grow in the future. Martin Haase then took the podium to talk about quality management in Wikipedia. While Wikipedia is a useful resource, there have been a number of well-reported problems. Some articles can be flat-out wrong, or, sometimes, distorted to meet somebody's political goals. Maintaining and improving Wikipedia's reputation will require getting a handle on these problems. Some measures being taken by Wikipedia are:
While agreeing that improving the quality of Wikipedia articles will be a never-ending process, Martin seems to think that the measures being taken will move things in the right direction. He warned explicitly about "expertism" - requiring that articles be written by experts in the field. It can be hard for experts to write articles for people who are unfamiliar with the field - their work tends to be jargon-heavy and written at the wrong level. They also tend to run in schools, and expert-written articles tend to reflect the views of one school only. Limiting contributions to experts would, in Mr. Haase's view, rob Wikipedia of much of its usefulness. The third panelist, Larry Sanger, disagrees. Larry was a part of the creation of Wikipedia, but has since fallen out with that project. So, while claiming to be a "big fan of Wikipedia," he spent much time criticizing it. Wikipedia, he says, was meant to be the wild side of Nupedia, it was never supposed to be the whole thing. With only half of the original design, he says, it is not surprising that things have gone wrong. So what has gone wrong? According to Larry, the Wikipedia rules are not enforced uniformly, leading to lots of abuses. Anonymous editing attracts trolls and other people whose main purpose is not the creation of a top-quality encyclopedia. The Wikipedia community is insular and hard to join. And there is no place for academics, people who are experts in their field. Wikipedia people may fear expertism, but Larry, instead, is on a campaign against amateurism. This amateurism, he says, is behind many of the problems with Wikipedia, but the community will not recognize these problems, and, thus, he says, will never fix them. So Larry is going to fork Wikipedia. His project, called The Citizendium, will, he says, be very different. It will start out very much the same, however: the same software, and copies of all the Wikipedia articles. Those articles will track changes to their Wikipedia equivalents until they are changed locally, at which point they will become a hard fork. There are no plans to fork the software. In essence, the Citizendium intends to make full use of Wikipedia's free licensing (as is its right) to bootstrap the new site, and only move away from Wikipedia content when and where it feels it has something better to offer. There will be some distinct roles for members of the Citizendium project. People who are deemed to be sufficiently expert in a given field will be called "editors"; regular contributors will be expected to defer to the editors in their field of expertise. These editors will be self-selecting, but they must publicly state their credentials. Editors can mark an article as being "approved," indicating that, in their opinion, it has reached a certain level of quality. There will be no anonymous editing allowed in the Citizendium, and no pseudonyms either. All contributors must work under their own names. There will be a number of rules on how contributors and editors are supposed to work, with quick expulsion from the project for those who do not follow them. To that end, there will also be "constables," whose job is to enforce these rules. There are vague plans for a meeting to draft and approve the charter under which the project operates. For now, however, the Citizendium is very much Larry Sanger's project, with goals and processes set by him. Whether it will be able to build a community and maintain it while keeping quality high remains to be seen.
Security Fuzz testingProviding random or semi-random data to a program to see what happens is an excellent black-box testing technique known as fuzzing. Programs that generate this data are, unsurprisingly, called fuzzers and are a potent tool for folks doing penetration or other kinds of testing. After sitting through some interesting presentations at this summer's Black Hat Briefings, it seems like a good opportunity for an overview of fuzzing and some pointers to tools, techniques and research. Generating bad input for programs is a time-honored tradition for test engineers, but human generated test cases tend to contain fewer tests than a fuzzer can produce. In addition, test engineers may make implicit assumptions about the kind of data that can or will be fed into a program where an automated, brainless fuzzer will just try anything. The simplest fuzzer will just send random bytes of data to a program and see what, if anything, happens. It might also vary the length of the data that it sends to explore buffer length issues and the like. More sophisticated fuzzers extend those simple techniques with more domain specific data. A fuzzer targeted at web applications might generate GET and POST queries using (and abusing) the variables that the form or page submits as well as adding in some random variables and values. A fuzzer targeting a web browser might generate random input that conformed to HTML syntax, with random tags and attributes as well as abusing the defined tags. This domain specific approach tends to yield better results by limiting the search space but that can lead to some of the same implicit assumption problems that are prevalent in human generated tests. A combination of both simple and complex fuzzing is likely the best approach. Open source tools for fuzzing various applications and protocols are available; Jack Koziol provides a nice, but not exhaustive, list. While it is not specifically a fuzzer, one must mention Metasploit, the swiss army knife of penetration testing, which provides a framework for all kinds of exploit testing. It would appear that the Ruby language is gaining some traction for penetration testing as Metasploit has been rewritten in Ruby for its next version and RFuzz provides a nice library for web application fuzzing. Most other popular languages (C, Perl, Python, Java) are represented as well. Researchers at the University of Central Florida are trying to take fuzzing a step further by using information about what portions of the code were exercised by various inputs and whether they led to program crashes to drive a genetic algorithm that 'optimizes' for inputs that are likely to cause crashes. Obviously, this is no longer black-box testing, but it could be a fairly useful technique for projects that are looking for vulnerabilities in their own code. Slides from the Black Hat presentation are available here (PDF). An input source that is often overlooked is data files. Because these files are often generated by a program, it is easy to write code that blindly believes what a data file says; this mistake has led to many exploits. Dan Kaminsky briefly talked about data format fuzzing in his "Black Ops 2006" presentation. He presented some ideas from his research into automated recognition of formats for the purposes of fuzzing them. Just feeding a random stream of bytes into a program meant to read a specific format is less likely to cause it to fail. With some rudimentary understanding of the format and fuzzing within that framework, much more interesting program failures can be provoked. Dan's slides are available here, unfortunately in PowerPoint format, but readable by OpenOffice.org. Internationalization (i18n) is another potentially exploitable area for many applications. Scott Stender presented some ideas on fuzzing i18n data at Black Hat, in particular using Unicode representations to get bad data past validators when different levels of the application handle character encodings differently. He gave some explicit examples of input that might validate within a web application, but be interpreted differently by a database leading to various kinds of misbehavior. His slides are here (PDF). Fuzzing can be used to find all kinds of security issues with a program: buffer overflows, SQL injection, cross-site scripting, denial of service, etc. It is, of course, no silver bullet. It is just a powerful technique to help a developer or tester pinpoint areas where input validation and filtering are not working and to give some level of confidence that validation is working in other areas.
New vulnerabilities bomberclone: information disclosure and denial of service
dokuwiki: arbitrary command execution
firefox: multiple vulnerabilities
ffmpeg: buffer overflows
gdb: buffer overflow
gnutls: signature forge vulnerability
gzip: multiple vulnerabilities
kernel: denial of service
nss: signature forgery vulnerability
usermin: programming error
zope2.7: information disclosure
Updated vulnerabilities AlsaPlayer: multiple buffer overflows
apache: cross-site scripting
audacious: buffer overflow
bind: denial of service
binutils: buffer overflow
busybox: insecure password generation
bzip2: race condition and infinite loop
capi4hylafax: missing input sanitizing
cheesetracker: buffer overflow
cpio: arbitrary code execution
vixie-cron: privilege escalation
cscope: buffer overflows
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
mozilla: multiple vulnerabilities
flash-plugin: arbitrary code execution
freeradius: several vulnerabilities
freetype: integer overflows
gcc: file overwrite vulnerability
gdm: improper file permissions
gedit: format string vulnerability
grip: buffer overflow
gzip: arbitrary command execution
ImageMagick: buffer overflows
isakmpd: programming error
kdelibs: kate backup file permission leak
kernel: denial of service by memory consumption
kernel: denial of service
krb5: local privilege escalation
libgadu: memory alignment bug
libgd2: denial of service
libmms: buffer overflows
libmusicbrainz: buffer overflows
libpam-ldap: authentication bypass
libpng: buffer overflow
libpng: heap based buffer overflow
libtiff: buffer overflow
libvncserver: authentication bypass
libwmf: integer overflow
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
lynx: arbitrary command execution
mailman: several vulnerabilities
mutt: IMAP namespace buffer overflow
mysql: format string bug
MySQL: privilege violations
MySQL: logging bypass
nbd: arbitrary code execution
ncompress: buffer underflow
openoffice.org: several vulnerabilities
openssl: insufficient signature checking
php: several vulnerabilities
php: arbitrary code execution
phpbb2: missing input sanitizing
phpbb2: multiple vulnerabilities
phpMyAdmin: multiple vulnerabilities
postgresql: SQL injection
quake: buffer overflow
sendmail: denial of service
shadow-utils: mailbox creation vulnerability
squirrelmail: insecure permissions
texinfo: temporary file vulnerability
tin: buffer overflow
unzip: long file name buffer overflow
w3c-libwww: possible stack overflow
wireshark: several vulnerabilities
xine-lib: buffer overflow
xine-lib: buffer overflow
xine-ui: format string vulnerabilities
X.org: local privilege escalations
X.Org: buffer overflow
xorg-x11: privilege escalation
xpdf: buffer overflow
xpdf: integer overflows
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current stable kernel release is 2.6.18, released by Linus on September 19. Do read the announcement; it appears to have some changelog entries which did not come directly from git. There is a vast amount of new stuff in this release, including priority-inheriting futexes, a new generic interrupt handling layer, a new core time subsystem, the kernel locking validator, the SMPnice work, a bunch of virtual memory work, a huge serial ATA update, the removal of devfs, and much more. See the KernelNewbies LinuxChanges page for a much more detailed list, the LWN 2.6 kernel API changes page for information on internal programming interface changes, or the long-format changelog for thousands of patches' worth of detail.The current -mm release is 2.6.18-rc7-mm1. Says Andrew:
It took maybe ten hours solid work to get this dogpile vaguely
compiling and limping to a login prompt on x86, x86_64 and powerpc. I
guess it's worth briefly testing if you're keen.
He also notes that this kernel will not run on distributions with an older version of udev due to some driver core changes, a situation which was discussed here back in August. Other changes to -mm include a "probably wrong" change to the kmap() API to make it handle coherency issues, a new GFP_THISNODE memory allocation flag, the removal of the questionable HDAPS driver for unstated reasons (though it is worth noting that one of the last patches into 2.6.18 made it clear that anonymous code contributions cannot be accepted), the SLIM and integrity measurement security modules, and a number of fixes. For 2.6.16 users: Adrian Bunk released 2.6.16.29 with a number of fixes on September 13. The current 2.4 prepatch is 2.4.34-pre3, released on September 19. The main change this time around is the inclusion of the gcc 4.0 patches.
Kernel development news Tracing infrastructuresSometimes, things just do not go according to plan. Mathieu Desnoyers is the current maintainer of the Linux Trace Toolkit, a kernel event tracing package which has, despite a significant user base, remained outside of the mainline for many years. He recently posted a new LTT release with the following introduction:
Following an advice Christoph gave me this summer, submitting a
smaller, easier to review patch should make everybody happier.
What resulted was a thread of hundreds of messages, many of which could be considered to be impolite even by linux-kernel standards. Clearly, LTT has hit a nerve - especially surprising given that the points of real disagreement are minimal. At times, people have questioned whether the kernel needs any sort of tracing facility at all. That particular question would appear to have been resolved (affirmatively); the disagreement now would appear to be whether that tracing should be static or dynamic. Static tracing works by putting explicit tracepoints into the source code (they look like function calls); the tracing framework can then enable or disable those tracepoints at run time as desired. In a dynamic system, instead, tracepoints are injected into a running system, usually in the form of a breakpoint instruction. The kernel already has dynamic tracing in the form of KProbes; LTT, instead, uses (primarily) a static model. So the biggest question, at least on the surface, has been over whether Linux needs a static tracing package in addition to the dynamic mechanism it has now. This debate revolves around a few points:
Reading through the discussion, one could be forgiven for going into a state of complete despair. The interesting thing, though, is that the level of disagreement is lower than one might think. There is a near consensus among the participants that there is a place for both static and dynamic tracepoints. Static tracing of events of interest will help a lot of people - user-space developers and system administrators, not just kernel developers - understand what is going on in the system. Making all of these people figure out where to place, for example, a tracepoint to report scheduler changes in a specific kernel makes things a lot harder. The key point, however, is that the value of the static point is not really its static placement, but the fact that it is a clear indicator of where the tracepoint needs to be. So it has been suggested that an answer which might please everybody is to insert "markers" rather than tracepoints. These markers, which could live in a different section of the kernel image, are simply signs pointing out where a dynamic tracepoint should be inserted, should the need exist. To this end, Mathieu has posted a simple marker patch; it was promptly fired upon for implementation issues, but there are few people who are opposed to the idea. So markers may well be the way this work goes forward. If the LTT code could be reworked around the marker concept, then the way might be clear for a discussion of what else needs to happen before that code could be merged (there are a number of issues to talk about there which have been, thus far, overshadowed by the current debate). After suitable consideration, a carefully-selected set of markers/tracepoints could be added to the mainline kernel, enabling anybody to easily hook into and monitor well-known events. Once the smoke clears, there might just be a viable solution which will please almost everybody.
Another container implementationContainers have been an area of increased developer interest over the last year or so. The container concept offers many of the advantages of full paravirtualization, but at a much lower cost, allowing more virtual machines to be run on the same host. The only problem is getting everybody to agree about just what a container is. The recent container patch set from Rohit Seth is another attempt to flesh out this concept.Many approaches to containers are oriented around process trees - one process explicitly encloses itself within a container, and becomes the "init" process there; the container is then populated with the children of the initial process. Rohit's patch maintains part of that functionality - when a process calls fork(), the child will belong to the same container as the parent (if any), but the mechanism is a bit more flexible than that. Arbitrary processes can be added to - and removed from - a container at any time. Such changes are effected through a configfs interface. If configfs is mounted on /config, the system administrator can work with containers by moving into /config/containers. A new container is created by making a new directory there; containers, thus, are identified through a simple, flat namespace. A container's directory contains several files:
There are also a few informational files for getting statistics about how the container is operating. The memory limit works by adding a container pointer to each mm_struct and address_space structure on the system. As pages are used or freed, the container's total count is updated accordingly. Should the container go over its limit, a separate process (a workqueue) goes to work freeing up pages belonging to the container. If the limit is exceeded in a big way, processes within the container will (when they try to add pages) be put on hold briefly to let the reaper catch up. Rohit's containers are thus concerned with controlling aggregate resource usage. In this sense, they resemble the resource beancounters patch - but they do not use any of the beancounter code. These containers also lack one other feature found in most other implementations: any sort of namespace control. Processes placed into one of these containers will still see - and have access to - the entire system. So these containers are only a partial solution to the problem, at least at this point. Namespace control features could presumably be added later on, though how that control would interact with the ability to add and remove processes at arbitrary times would be interesting to see. Meanwhile we have another approach to (at least part of) the problem to look at.
nopage() and nopfn()The nopage() address space operation is charged with handling a major page fault within an address range. For address spaces backed by files, there is a generic nopage() method which causes the needed page to be read into memory. Device drivers also occasionally provide nopage() as part of their implementation of mmap(). In the driver case, a page fault is usually handled by finding the struct page corresponding to a memory-mapped buffer and passing that back to the kernel.There are a couple of errors which can be signaled by nopage(): NOPAGE_SIGBUS for truly bad addresses and NOPAGE_OOM for situations where an out-of-memory situation caused the attempt to handle the fault to fail. What is missing is the ability to indicate that nopage() was interrupted by a signal and the operation should be retried. That is not a situation which normally comes up in nopage() handlers which, if they must wait, usually do so in a non-interruptible manner. Benjamin Herrenschmidt has run into this issue, however, and has proposed a small change allowing a new NOPAGE_RETRY value. The response would be just as one would expect - the operation is retried later on, after the signal is handled. It turns out that Google has a similar patch which it applies internally, though the motivations are different. In Google's case, the patch exists to work around a performance problem that has been experienced there. This patch has not been submitted for merging because of potential denial of service problems and the fact that its author considers it to be a bit of a hack. Some form of this patch may well be merged eventually, but some more work seems called for first. The two patches make it clear that there are multiple reasons for returning NOPAGE_RETRY, so it might make sense to make that reason available to the higher levels of the page fault handler. That would allow some potential efficiency problems to be addressed, though the DOS scenario still presents potential problems. Meanwhile, one of the longstanding limitations of nopage() is that it can only handle situations where the relevant physical memory has a corresponding struct page. Those structures exist for main memory, but they do not exist when the memory is, for example, on a peripheral device and mapped into a PCI I/O memory region. Some architectures also do very strange things with special memory and multiple views of the same memory. In such cases, drivers must explicitly map the memory into user space with remap_pfn_range() instead of using nopage(). Jes Sorensen has, for some time, been carrying a patch which adds another address space operation called nopfn(). It is called in response to page faults only if there is no nopage() operation available; its job is to return a physical address (in the form of a page frame number) for the page which will satisfy the fault. That address will be stored directly into the process's page table, with no struct page required, and no reference counting performed. Jes has an IA-64 special memory driver which shows how this operation would be used. The idea has not been universally popular in the past - Linus has opposed it, as have others. To some it looks like a needless complication of the virtual memory subsystem; these people would rather see code use remap_pfn_range() or create special page structures as needed. There are a number of situations where the nopfn() is said to work better, however, and the pressures for its inclusion do not appear to be going away. So it will be interesting to see whether this one makes it into 2.6.19 or not.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Gentoo Seeds ProjectOne of the things that people like about Gentoo is that it is customizable. You can select the packages you want, in the versions you prefer, compile them with the options you select, and finally arrive at a system that is just the way you like it. What people don't like is that process is time-consuming and it can be difficult to duplicate the process for a number of machines. The comments attached to this article show exactly what LWN readers like and dislike about Gentoo.The initial announcement for the Gentoo Seeds project came out this week, aimed at taking some of the pain out of Gentoo installs. Gentoo does offer staged installation. A stage 3 install provides pre-compiled packages for a basic installation fairly quickly. The Seeds project just takes that concept a step further. The Gentoo Seeds Project is "currently exploring ways to quickly 'seed' fully-working copies of Gentoo onto boxes." That includes basic system configuration. Seeds are built using existing Gentoo tools such as catalyst, overlays, layman and custom profiles, so that each seed will provide a well-documented way of installing multiple servers with a similar setup. Different seeds will provide different setups. The project is still quite young and the first seed under construction is a basic Gentoo LAMP Server edition. Hopefully this will become just one seed of many that people can choose to more easily install the same Gentoo system on multiple boxes.
New Releases Fedora Core 6 Test3 releasedThe third test release for Fedora Core 6 is out, click below for the details. The final FC6 release is scheduled for October 11, so now would be a good time for interested people to test it out and find those last obnoxious bugs.
Slackware 11.0 rc5Slackware has released a fifth release candidate for Slackware 11.0. Click below for a look at the change log.
Ubuntu "Edgy" Knot 3 releasedUbuntu/Kubuntu/Xubuntu/Edubuntu Knot 3 is out. This is the third in a series of milestone CD images that will be released throughout the Edgy development cycle. "The primary changes from Knot 2 have been finalising of feature goals and bugfixing. The current state of features targetted for Edgy is at https://features.launchpad.net/distros/ubuntu/edgy/+specs . Common to all variants, we have changed the init system from the venerable sysvinit to upstart which is an event-driven init script system. In addition, all derivatives have new artwork, both for usplash as well as for login managers and default backgrounds. The keyboard layout handling on the console has been changed to use X keymaps."
Distribution News Announcement of Dunc-Tank.orgDunc-Tank.org has announced its first fund-raising experiment: collecting donations to help Debian GNU/Linux 4.0, codenamed etch, be released on schedule on the 4th of December, 2006. "Dunc-Tank.org aims to support Debian's efforts to meet its release schedule for etch by financially supporting the volunteers working on managing the release process, allowing them to devote their full attention to that task. The experiment's initial goal is to be able to raise enough funds to pay both release managers enough to work exclusively on the release of etch for a month each, having Steve Langasek available full-time during October and Andreas Barth available full-time during November, with the release expected to follow soon after in the first week of December."
Debian newsHere's a report on the first Debian internationalization meeting, which took place earlier this month in Extremadura, Spain. "23 people from all over the world, representing various different scope in the Debian internationalisation and localisation effort, as well as representative from related projects participated to this meeting."The second call for votes has been issued for the general resolution to address the procedures related to handling assets for the project.
Unofficial Fedora FAQThe Unofficial Fedora FAQ has been updated. Click below for a list of the most recent changes.
Ubuntu 6.10 beta freeze imminentThe beta freeze for Ubuntu 6.10 is in effect according to the release schedule. "During this time, uploads should be made only for changes which are critical for the beta release, and must be approved by the release team. As we work to prepare the release, further information about these restrictions may be announced."
Distribution Newsletters Debian Weekly NewsThe Debian Weekly News for September 19, 2006 looks at various etch topics, GNOME 2.16 in experimental soon, a report from Come 2 Linux, moving toward DebConf7, the Hurd with WLAN and PCMCIA, and several other topics.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for September 18, 2006 covers some openssl options, portage 2.1.1 released, cleanup of autotools wrappers, and more.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for September 11, 2006 covers Gentoo Council election results, a donation from Cloanto, support dropped for monolithic X, developer of the week Joshua Nichols, and several other topics.
Ubuntu Weekly News #14The Ubuntu Weekly Newsletter for September 16, 2006 covers the release of Edgy Eft Knot 3, the passing of Rob Levin of Freenode, announcement of the next development summit for Ubuntu, changes in Edgy, Ubuntu in the news and much more.
DistroWatch Weekly, Issue 169The DistroWatch Weekly for September 18, 2006 is out. "It's a Mandriva week, no doubt. With the imminent release of its brand new version 2007, all eyes of the Linux community are now on the French distribution maker whose new product is likely to raise the usability and eye candy bar for desktop Linux distributions significantly. Can Mandriva regain its former glory? We'll find out soon. In other news: the development of the venerable RPM Package Manager is in deep trouble, Terra Soft announces Yellow Dog Linux 5.0, NetBSD continues its round of negative publicity, and a trial edition of Xandros Desktop 4 is now available for free download. In our "Tips and tricks" section we'll let you on some secrets about extracting package lists from various distributions, while the "Statistics" feature looks at the DistroWatch visitor numbers from the Middle East. A couple of site updates follow before the usual database summary concludes this issue."
Package updates Fedora updatesUpdates for Fedora Core 5: kernel (bug fixes), pinfo (update to 0.6.9), dump (bug fixes), cups (bug fixes), tar (upgrade), nspr (update to 4.6.3), krb5-auth-dialog (bug fix), glibc (bug fixes), vixie-cron (bug fixes), frysk (new upstream version), kdelibs (bug fixes), perl-DBI (upgrade to 1.52), sed (bug fix), system-config-securitylevel (bug fixes), sane-backends (clean up), ORBit2 (bug fix), bridge-utils (bug fix), kdebase (bug fixes), openssh (sync with FC6 version), jessie (bug fix), anacron (bug fixes).
Mandriva updatesUpdates for Mandriva Linux 2006.0: ipsec-tools (update to 0.6.6).
rPath updatesUpdates for rPath Linux 1: conary, conary-build, conary-repository, conary-policy (Conary 1.0.31 maintenance release).
Trustix updatesUpdates for Trustix Secure Linux 2.2 and 3.0: openswan, perl-dbd-mysql, php, php4 (various bug fixes).
Ubuntu updatesUpdates for Ubuntu 6.06 LTS: flashplugin-nonfree_7.0.68~ubuntu1~dapper1, amarok_1.4.3-0ubuntu6~dapper1, openoffice.org 2.0.3-6dapper3, k3b_0.12.17-1ubuntu3~dapper1.
Newsletters and articles of interest Debian Network Utilities and tools With Examples (DebianHelp)Debian Help covers Debian network utilities and tools for administrators and users, including tools to check the network related traffic and monitor the network. The article is in two parts. Here is part 1 and part 2.
Distribution reviews Going Live With Apodio And Dynebolic (Linux Journal)Dave Phillips tests the Apodio and Dynebolic live CD audio distributions in a Linux Journal article. "In this entry I'm going to introduce two audio-optimized Linux distributions, Apodio and Dynebolic. Both systems can be run in "live" mode, i.e. you put the distribution disc in your CD drive, you reboot, and voila, you're booted into the system. Basically the live mode runs itself from a RAM disk and the distribution CD. The process is transparent, except for the occasional disc reads. The systems can be installed to a hard-drive, but to keep things simple for myself I've tested them only in live mode."
Mandriva's new server Linux does virtualization treble (ZDNet)ZDNet looks at Mandriva Corporate Server 4.0. "Corporate Server 4.0 uses the 2.6.12 Linux kernel and includes MySQL 5.0, PostgreSQL 8.1, Apache 2.2 and Samba 3.0.22. It also features the newest version of Mandriva Pulse, a provisioning ad configuration management tool that can manage both Linux and Windows systems. It is fully compliant with the Linux Standard Base, meaning it's interoperable with other LSB-compliant operating systems."
Page editor: Rebecca Sobol Development Perl 6? Yeah, right.There are a lot of terms that a project does not wish to be associated with: "bloated", "slow", "insecure", and "archaic" come to mind. Perhaps one of the worst labels a project can receive, though, is "vaporware", a term reserved for projects that consist of nothing but hot air. If you had composed a histogram of the adjectives used by commentators to color Perl 6 whenever it made a news appearance, you might have worried that the developer community believed that the language was either dying, dead, or would be dead on arrival. Beyond the resulting disagreements over predictions of where this language is headed, there were also disagreements over whether the predicted doomsday scenarios would amount to a tragedy. And who could blame many of these commentators? Perl 5 is now almost 12 years old. In the years that have passed, developers have been wooed by other languages such as PHP, Python, Ruby and Java. Perl 6 has not yet gone gold, despite the fact that it has been on the minds of Perl developers for years. If Perl 6 is going to win back hearts and minds, it's going to need to be all that Perl 5 was, and more. It must still be the swiss-army chainsaw of UNIX programming. It must remain the glue that holds the Internet together, and it must keep the ability to mow down entire rainforests in 4 seconds. That's a very tall order, but Perl is famous for making hard things easy and impossible things doable. Radically Different but Radically the SameLarry Wall, the creator of Perl, intends for Perl 6 to be the community's rewrite of Perl. When the design phase of Perl 6 began, he asked the community for a series of RFCs. Each RFC proposed a new feature or change to the Perl language. When the dust settled, 361 RFCs had been submitted. Larry then began a process of responding to the RFCs in a series of Apocalypses (think "a Revealing"). Each Apocalypse addressed a series of RFCs, rating the presented problem, suggested solution, and finally casting a decision on whether the RFC as a whole was accepted. The Apocalypse documents formed the first official Perl 6 spec. Perl programmers might worry that a rewrite would create a language incomparable to the one they grew up on; fortunately, that is not the case. In responding to RFC 28 (Perl should stay Perl), Larry agreed not to go raving mad but reminded that Perl is intentionally multi-paradigmatic. I am happy to report that Perl 6 isn't the work of a madman. It's much more of the things some language purists hate, but with half the calories, none of the hacks and a 16-cylinder turbocharged engine. Here are some of the new concepts developers can look forward to using:
In addition to introducing new features, the overhaul has corrected many shortcomings:
But what is perhaps most interesting is what is happening to Perl 6's bread and butter: regular expressions and text handling. It will be possible to use Perl 5 regular expressions in Perl 6, but the system's new syntax features radical renovation. Regular expressions are now called Rules. This system provides named regular expressions with named captures, both of which can be represented and used in object form. Incremental regex matching can be combined with the system's new ability to write LL and LR Grammars directly in Perl 6 to create advanced parsers even more capable and easy to create than those made with the revolutionary lex and yacc tools of yesteryear. And for the fans of the C programming language, Perl 6 provides macro support, in the form of the ability to alter the Perl 6 grammar itself from within your Perl 6 code.
A Tall Order, ToppledThe promise of Perl 6 is not one that everyone expects will be kept. Surveying the extent of the Perl 6 blueprints, many armchair implementors might rate the requisite development effort as one in need of the infinite number of monkeys currently busy at their typewriters with the reproduction of the works of Shakespeare. The good news is that the insurmountable task of developing Perl 6 is already well underway. Pugs is a project to implement Perl 6 using the functional programming language Haskell. Written by Audrey Tang, the Pugs compiler implements the Perl 6 language specification, giving programmers an opportunity to write real Perl 6 code today. This also allows the language designers to catch and fix any problems with the Perl 6 specification. The Pugs Subversion repository, currently tracking in excess of 12,000 revisions, is also home to a vast collection of example code and nearly 12,000 unit tests. Backends exist to run Perl 6 code natively, inside a JavaScript runtime, inside a Perl 5 runtime, or inside a Parrot runtime. The Parrot runtime came to life as an April Fools joke in the form of a press release in 2001 that promised to merge desirable properties of Python and Perl. But whatever the original intention of the Parrot announcement may have been, Parrot is a very real software project whose most recent 0.4.6 release offers a common, free software virtual machine that aims not only to support the Perl 6 and Python languages, but also TCL, Ruby, JavaScript and others. Pugs and Parrot are not complete projects. Neither claim to be the final, standalone implementation of Perl 6. But what we are looking at is clear. One of the most defining characteristics of Perl is that "There's More than One Way to Do It". It is a belief that choice is good and that flexibility is essential. Pugs and Parrot both represent powerful embraces of this ideal. Where Pugs demonstrates the possibility of running Perl 6 code in multiple programming language containers, Parrot demonstrates the possibility of running multiple programming languages in one container. This flexibility means that programmers most comfortable using Python, Ruby or other languages capable of being compiled to Parrot bytecode can share functions, objects and modules. The famous Perl DBI and many other excellent CPAN modules can be shared amongst these other languages, rather than reproducing similar but incompatible systems time and time again. Programmer portability is just as important as program portability. Parrot aims to run on as many of the 50 systems supported by Perl 5 as possible. This ensures bytecode produced by Parrot-enabled programming languages will achieve the kind of portability normally reserved for languages with a long and diverse history. Additionally, by providing a free software implementation of a true common language runtime, software projects like Apache that traditionally offered rich access to their internal APIs through projects like mod_perl can do so with an embedded Parrot runtime rather than a specific language interpreter. It Starts TodayAs mentioned, there is no official, production-ready Perl 6 implementation. But interested programmers need not wait for the future. Pugs provides the ability to run real Perl 6 code today. A number of CPAN modules provide Perl 6 technology inside the Perl 5 language. An experimental Perl 6 compiler written in Perl 5 is under development and currently passes about 10% of the Perl 6 test suite. Part of Perl 6 is already written in Perl 6. And an O'Reilly book, Perl 6 and Parrot Essentials, has already been on shelves for two years (during which time the language has, as you might expect, evolved considerably). These projects won't stop concerned readers from asking "Would the real Perl 6 please stand up?" In truth, the concept of an "official" Perl 6 implementation misses the point. This is best explained by Larry Wall in Synopsis 1 under the "Project Plan" section: What we can say here is that, unlike how it was
with Perl 5, none of these projects is designed to be the Official
Perl. Perl 6 is anything that
passes the official test suite. This test suite was initially developed
under the Pugs project because that project is the furthest along in
exploring the high-level semantics of Perl 6. (Other projects are better at
other things, such as speed or interoperability.) However, the Pugs project
views the test suite as community property, and is working towards platform
neutrality, so that Perl 6 is defined primarily by its desired semantics,
not by accidents of history.
Lastly, it is expected that Perl 6 will be self-hosting. The compiler for Perl 6 will be written in Perl 6 itself. This implementation effort is already underway in the Pugs v6 repository.
System Applications Audio Projects Rivendell v0.9.74 announcedVersion 0.9.74 of the Rivendell radio automation system is out with bug and security fixes. "Rivendell is a full-featured radio automation system targeted for use in professional broadcast environments. It is available under the GNU General Public License."
Mail Software Mailman 2.1.9 announcedVersion 2.1.9 of Mailman, a mailing list manager, has been announced. "This is primarily a security and bug fix release and it is highly recommended that all sites upgrade to this version. Mailman 2.1.9 also contains support for two new languages: Arabic and Vietnamese."
Web Site Development Zope NewsThe September 1-15, 2006 edition of Zope News is available with the latest Zope web development platform news.
Desktop Applications Audio Applications SND-ls 0.9.7.0 announcedVersion 0.9.7.0 of SND-ls, a distribution of the sound editor SND, is out with several bug fixes.
Data Visualization The first public release of PyXPlotThe first public release of PyXPlot has been announced. "PyXPlot is a commandline graphing package, which, for ease of use, has an interface based heavily upon that of gnuplot -- perhaps UNIX's most widely-used plotting package. Despite the shared interface, however, PyXPlot is intended to significantly improve upon the quality of gnuplot's output, producing publication-quality figures. The commandline interface has also been extended, providing a wealth of new features, and short-cuts for some operations which were felt to be excessively cumbersome in the original. The motivation behind PyXPlot's creation was the apparent lack of a free plotting package which combined both high-quality output and a simple interface."
Desktop Environments GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Software AnnouncementsThe following new KDE software has been announced this week:
KDE Commit-Digest (KDE.News)The September 17, 2006 edition of the KDE Commit-Digest has been announced. The content summary says: "Amarok gets the roots of support for the Magnatune music store. Work begins on a LiveUI Designer application. Mass import of KBoard code, a lightweight canvas intended for games. Work on supporting the XML Paper Specification format in okular. Support for multiple galleries in kipiplugins, on which Digikam and KPhotoAlbum depend. Support for compressed Scalable Vector Graphics (SVGZ) in kdelibs. Solid gets Network Management and CPU Monitoring capabilities. Continued improvements in KArchiver."
KDE 4 Krash Packages on Mac OS X, SuSE and Kubuntu (KDE.News)KDE.News covers the progress of KDE 4. "Packages for the first KDE 4 developers snapshot "Krash" have started appearing. Most exciting is packages for a whole new platform, Mac OS X. More details are on Benjamin Reed's blog. For the traditionalists packages are available from openSUSE and Kubuntu. If you are a KDE application developer, this is the easiest way to start porting your application to KDE 4. Meanwhile work is continuing on KDE on Windows where developers have successfully got all of kdelibs compiling. Finally the KDE Women project has a new tutorial to get you started in KDE4 development."
Financial Applications SQL-Ledger 2.6.19 releasedVersion 2.6.19 of SQL-Ledger, a web-based accounting system, has been announced, it features several bug fixes and other improvements.
Graphics Inkscape 0.44.1 UnleashedVersion 0.44.1 of Inkscape, an SVG-based drawing tool, is out. "This bugfix version fixes several weeks of work by the community in order to fix some crashes on windows, Mac OS X, and other packaging issues which have come up from our last successfule release, 0.44 which introduced substantial features like graphical layers, clipping and masking support, and native PDF export with transparency."
Interoperability Wine 0.9.21 releasedVersion 0.9.21 of Wine has been announced. Changes include: OpenGL restructurations, The usual assortment of MSI improvements, Several Richedit fixes, WCMD Winelib app renamed to CMD for compatibility, Many improvements to the Wintrust DLL, Some code cleanups and Lots of bug fixes.
Wine Weekly NewsletterThe September 19, 2006 edition of the Wine Weekly Newsletter has been published. This edition features a WineConf 2006 Summary. "The goal is to make MacOS a first-class citizen. Alexandre mentioned a couple of times that we need a good OS X package available on WineHQ. It would also be nice to have a Quartz driver, but everyone agrees that would be a lot of work. Things are shaping up pretty nicely for a Wine 1.0 release. The configuration mechanisms have been in place for a while and the initial registry set up works pretty good."
Mail Clients Mozilla Thunderbird 1.5.0.7 released (MozillaZine)Version 1.5.0.7 of the Mozilla Thunderbird email client has been announced. "This release fixes several critical security vulnerabilities. See the Mozilla Thunderbird 1.5.0.7 Release Notes for more information."
RSS Software RSS and AJAX: A Simple News Reader (O'Reilly)Paul Sobocinski shows how to make an Ajax RSS Parser on O'Reilly's XML.com. "Ajax (Asynchronous JavaScript And XML) and RSS (Really Simple Syndication) are two technologies that have taken the Web by storm. Most commonly, RSS is used to provide news to either people or other organizations. This is done by serving an "RSS feed" from a website. An RSS feed is simply a link to an XML file that is structured in a certain way. The RSS specification tells us the expected structure of the XML file. For example, the title, author, and description tags are required, and so all RSS XML files will have at least these three tags."
Web Browsers Mozilla Firefox 1.5.0.7 released (MozillaZine)Version 1.5.0.7 of the Mozilla Firefox web browser has been announced. "Mozilla Firefox 1.5.0.7 is now available for download from the Mozilla Firefox product page. Users of previous version will be offered the upgrade through the Firefox software update system. This release fixes several critical security vulnerabilities. See the Mozilla Firefox 1.5.0.7 Release Notes for more information."
SeaMonkey 1.0.5 Security ReleaseVersion 1.0.5 of Seamonkey, an internet application suite with a web browser, email and newsgroup clients, IRC chat client, and HTML editor, is out with security fixes. "This release contains important fixes for several security vulnerabilities and various stability improvements. The SeaMonkey Council recommends that all users upgrade."
Languages and Tools Caml Caml Weekly NewsThe September 19, 2006 edition of the Caml Weekly News is out with new Caml language articles.
Perl Weekly Perl 6 mailing list summaryThe Weekly Perl 6 mailing list summary for September 10-16, 2006 is out with the latest Perl discussion topics.
Python Python 2.5 releasedThe final Python 2.5 release is now available. "Python 2.5 is probably the most significant new release of Python since 2.2, way back in the dark ages of 2001. There's been a wide variety of changes and additions, both user-visible and underneath the hood." Click below for details and download information.
Dr. Dobb's Python-URL!The September 14, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.
XML Amara XML Toolkit 1.1.9 announcedVersion 1.1.9 of the Amara XML Toolkit has been announced, it adds new capabilities and bug fixes. "Amara XML Toolkit is a collection of Python tools for XML processing-- not just tools that happen to be written in Python, but tools built from the ground up to use Python's conventions and take advantage of the many advantages of teh language. Amara builds on 4Suite [http://4Suite.org], but whereas 4Suite offers more on literal implementation of XML standards in Python, Amara focuses on Pythonic idiom."
Profilers Valgrind 3.2.1 is availableVersion 3.2.1 of Valgrind has been announced. "Valgrind is an open-source suite of simulation based debugging and profiling tools. 3.2.1 fixes a bunch of bugs in 3.2.0, adds support for SSE3 instructions, and supports recent GNU binutils releases." See the release notes for details.
Version Control monotone 0.30 releasedVersion 0.30 of monotone, a distributed version control system, is out. Changes include: "Speed improvements, bug fixes, and improved infrastructure. Several internal data formats have changed with this release; migration is straight-forward, but slightly more complicated than usual".
Page editor: Forrest Cook Linux in the news Recommended Reading Prior art won't solve the software patent problem (NewsForge)Richard Stallman criticizes the OSDL prior art project. "Such a project cannot really protect programmers from software patents, because it focuses only on absurd software patents -- those that could be legally denied or invalidated based on prior art. However, the greatest danger comes from patents that are not absurd, those for which we have no prior art."
Open source unlocks options for many small-to-medium sized businesses (LinuxWorld)LinuxWorld looks at the increasing use of Linux and open-source software in a number of small companies. "Lamonica deployed an open source monitoring system from GroundWork and says that moving forward hell weigh open source options along with commercial software packages in any buying decision. Were past the point in time where we have to say, Well, I wont get fired if I buy Cisco, or I wont get fired if I buy Microsoft. I think that fear has gone away and open source has matured a great deal so that now people are no longer afraid of it, he says."
Companies Linspire tempts white-box vendors with CNR royalties (Linux-Watch)Linux-Watch looks at Linspire's partner program. "Linspire Inc. launched a revamped partner program on September 14 that will pay system builders a percentage on all commercial Linux software and services purchased by users of either Linspire or Freespire pre-installed desktop and laptop computers using the company's CNR (Click N' Run) technology."
Novell to launch quick-response Linux (ZDNet)ZDNet reports on Novell's plan to release a real-time version of SUSE Enterprise Linux. "The product won't be purchased the same way as Novell's other Linux versions, however. 'Setting it up does require a consulting engagement' from Novell, which installs and tunes the software, [marketing director Justin] Steinman said. 'It isn't something you can take off the shelf and get up and running.'"
Business Who are the Hacker Bloggers? (Linux Journal)Linux Journal looks at the business of blogging. "If you look at the font of all wisdom - no, I don't mean Wikipedia, but Amazon - you will find stacks of books with titles like The Corporate Blogging Book, Blogging for Business, Blog Marketing and the rest. Whatever the title, the basic message is the same: if you're in business, you've got to be blogging. Because if you aren't, you're not "having the conversation" with your customers, which means, in turn, that you're not getting your message out or valuable comments back."
Linux Adoption University dumps Cisco VoIP for open-source Asterisk (LinuxWorld)LinuxWorld covers the switch to an open-source telephone PBX by Sam Houston State University. "Some organizations consider taking the plunge off of big iron PBX platforms into IP telephony as being pretty daring, but that's nothing compared to what Sam Houston State University (SHSU) is doing. The south Texas school is boldly moving thousands of users off a Cisco VoIP platform to an open-source VoIP network based on Asterisk. SHSU is in the process of moving its 6,000 students, faculty and staff off of Cisco CallManager IP PBXs and a legacy Nortel Meridian PBX over to Linux servers running Asterisk, which includes call processing, voicemail and PSTN gateway functionality. The driver for this project was cost, says Aaron Daniel, senior voice analyst at Sam Houston State University."
Linux at Work NASA tests Linux-based planetary surface exploration robots (Linux Devices)Linux Devices covers NASA's test of its Linux-based K-10 lunar rover. "The K-10 robot is being exercised this week by a NASA working group called "D-RATS" (desert research and technology studies). Comprised of both NASA and non-NASA scientists, D-RATS aims to give next-generation engineers, scientists, technicians, and astronauts hands-on experience expected to be of use in realizing the goals of NASA's Constellation Program, which is tasked with creating Crew Exploration Vehicles (CEV), Crew Launch Vehicles (CLV), and related exploration architecture systems for manned and unmanned planetary exploration."
Interviews Confessions of a Recovering NetBSD Zealot (O'ReillyNet)O'ReillyNet talks with Charles M. Hannum about NetBSD. "Charles M. Hannum: I'm one of the creators of the NetBSD Project, and served as its de facto technical lead for a long time. I was also involved in creating the NetBSD Foundation, and served as its president and chairman of the board. (Note: I was never the Foundation's secretary or treasurer.)"
Daniel Holbach (Behind Ubuntu)Behind Ubuntu interviews Daniel Holbach. "In what way are you involved in Ubuntu? I'm currently spending most of my Ubuntu time in Ubuntu's DesktopTeam, doing package maintenance, working on Desktop bugs and geting on Sebastien's nerves. Apart from that I'm involved in a lot of Ubuntu's teams: the MOTU team, the Bug Squad, the Accessibility team, I got started helping out the Art team. Let's see which team is next. It's amazing to see the Ubuntu community growing and to be part of that all."
People Behind KDE: Allan Sandfeld Jensen (KDE.News)KDE.News has announced the latest interview in the People Behind KDE series. "Tonight in the two-weekly People Behind KDE series we are featuring Allan Sandfeld Jensen. He is a KDE core developer, mostly active for KHTML and KDE multimedia. After reading the interview you will know what his personal "carewolf" looks like, together with all other personal things you have to know about this developer."
Resources Scalable anonymity with I2P (Linux.com)Linux.com looks at the Invisible Internet Project (I2P). "In I2P, each participating peer keeps a secret pool of inbound, or data-receiving, and outbound, or data-transmitting, tunnels it chooses itself. A tunnel consists of a configurable number of routers in sequence, where longer tunnels mean more anonymity, at the expense of performance. When a peer sends data, it is passed through one of its outbound tunnels, at the end of which it enters an inbound tunnel of the recipient. For each router that is part of the chosen tunnel, a layer of encryption based on the router's key is added. This technique, the main feature of "onion routing," prevents compromised routers from eavesdropping."
Create your own Planet (Linux.com)Joe 'Zonker' Brockmeier shows how to set up Planet in a Linux.com article. "Major open source projects like GNOME, KDE, Ubuntu, Fedora, Debian, and Apache all have something in common -- they all have Planet feed reader sites set up to aggregate developer blog feeds. The Planet software was developed to power Planet GNOME and Planet Debian, but now it's being used by dozens of open source projects. With just a few simple steps, you can set up a Planet aggregator to watch your favorite blogs or to help publicize your favorite project."
Animate the Desktop with Xgl and Compiz (Linux Journal)Linux Journal presents a book excerpt from Using SUSE Linux on Your Desktop by Chris Brown PhD. "Given the rapid pace of software development in the Linux world, it is inevitable that some topics that are bleeding-edge as this book goes into production will be mainstream technology by the time you get to read it. One such is the Xgl X server and the compositing window manager compiz. Together with a modern graphics card, these components (which are shipped with SUSE Linux 10.1) offer some stunning visual desktop effects comparable (dare I say this?) to the best that the Mac has to offer. These effects include transparent windows, fade-in/fade-out of windows and menus, animated window minimization, and the ability to put four desktops onto four faces of a cube and spin the cube (in 3-D) to switch desktops. The overall result is to give the desktop a more fluid, organic feel."
Reviews Alacarte: GNOME's long overdue menu editor (Linux.com)Linux.com looks at the Alacarte menu editor in GNOME 2.16. "The Alacarte menu editor is one of the major additions in GNOME 2.16. Already previously available in Ubuntu and other distributions, Alacarte adds a degree of customization that has been generally lacking since GNOME dropped its previous menu editor more than five years ago during the early 2.x releases."
FreeDOS 1.0 born after 12-year gestation (NewsForge)NewsForge covers the release of FreeDOS 1.0. "FreeDOS was originally slated for release at the end of July, but Hall says he decided to take a few extra weeks to make sure everything was just right before making 1.0 available for download. "Nothing very unusual came up in the last weeks, except a tiny problem in our preliminary FreeDOS 1.0 distros where we could make your hard drive unbootable if you happened to have Win32 on it," said Hall. "We figured it would be bad to make a 1.0 release until we fixed that. Based on all the downloads we've gotten since the announcement, I'm really glad we decided to give it a few more weeks to get things right.""
My Gentoo odyssey (Linux.com)Joe Barr concludes that Gentoo is not for everyone. "Gentoo is a popular, powerful, well-crafted distribution that panders to your geek side to the nth degree. You want control? Gentoo hands you the reins and wishes you good luck. How much luck you need depends on how much you know. But it's simply not for me. Like a good programmer, I'm lazy. While it was once fun to compile the kernel and mention it the next morning while grabbing a cup of coffee, these days I want to use my machine for things other the care and feeding of the operating system."
Helicopter Simulator: Really Real-time Linux (Dr. Dobb's Portal)Dr. Dobb's Portal takes a look at a Linux-powered helicopter simulator. "Every now and then, you stumble across a software system that you never think about. Such is the case with a Linux-powered helicopter simulator being developed by Mitsubishi Heavy Industries. And no, you can't run it on your PlayStation 2."
KToon: Simple 2D animation (Linux.com)Ben McGrath looks at KToon in a Linux.com article. "If you are running Mac OS X or Microsoft Windows, you have access to many different animation applications, ranging from Adobe Flash to Anime Studio. That is not so for Linux. While many think of animation in Linux as a lost cause, there are alternatives. The relatively new KToon calls itself "the open source animation revolution." KToon has a small learning curve and an intuitive interface, making it an excellent choice for simple animation within Linux."
Red Hat expands 'stack' with JBoss (ZDNet)ZDNet takes a look at the Red Hat Application Stack. "The bundle includes Red Hat Enterprise Linux, the JBoss Application Server, database-access software called Hibernate, and the Tomcat Web application server. The stack is certified to run with open-source database PostgreSQL and includes MySQL, another popular open-source database."
DIY document management system with Simple Groupware (Linux.com)Linux.com looks at the Simple Groupware package. "But what sets Simple Groupware apart from similar applications, is its own XML-based language called sgsML, which allows you to customize the existing modules and create new ones even if you don't have any prior programming experience. For example, the default file manager is fine as it is, but you can also turn it into a simple document management system using the tools provided by sgsML."
Miscellaneous Growing pains for Google's Summer of Code (Linux.com)Linux.com looks at some lessons learned from the second Summer of Code. "As the second Google Summer of Code (SOC) winds down, most participants agree: the program, which pays selected students to work on a free or open source software (FOSS) project for three months, is a unique and exciting opportunity, but needs to continue efforts to become more organized. Those who were previously involved tend to agree that this year was less chaotic than last year. However, whether they are organizers at Google or students or members of mentoring organizations (the projects accepting students), most participants this year also see the need for more structure. Many of them also offer concrete advice about how participants can get more out of the program if it happens next year."
Page editor: Forrest Cook Announcements Non-Commercial announcements EFF Battles to Save Critical Ohio E-Voting CaseThe Electronic Frontier Foundation has sent out a press release concerning an Ohio E-voting case. "The Electronic Frontier Foundation (EFF) has asked the 6th U.S. Circuit Court of Appeals to reject Ohio's latest attempt to dismiss a critical electronic voting case -- the final legal hurdle in the path to a thorough investigation of the state's widely criticized 2004 election and much needed reform. "Ohio's procedures, like many used elsewhere across the country, simply don't do enough to protect voters from the serious vulnerabilities in the current generation of electronic voting equipment," said EFF Staff Attorney Matt Zimmerman."
KDE Thanks Rob Levin (KDE.News)KDE.News commemorates Rob Levin. "We knew him as lilo. He was the founder of the Freenode IRC network, a place where many open source projects established a real-time meeting ground. Freenode is where we work, play, and share. It is where many a small idea has grown into a large project. It is where we are all enriched by the experience and diversity of a group of people from many cultures who all have in common a love of open source."
Mercurial Joins Software Freedom ConservancyThe Software Freedom Conservancy has announced its newest member, Mercurial. "The Software Freedom Conservancy, home of Free and Open Source Software (FOSS) projects, today announced that it welcomes as its newest member Mercurial, a distributed source management program which can be used to track revisions of software during development. By joining the Conservancy, Mercurial is entitled to all of the benefits of being a corporate entity. In particular, the Conservancy's corporate form limits the personal liability of individual developers and allows member projects to receive donations."
Munich migration moves forwardThe city of Munich, Germany has put out a press release (in German, English translation here) on the status of its migration to Linux. The early pilot phase has been completed, and the core system (built on Debian 3.1, KDE 3.5, and OpenOffice.org 2) has been approved. While this system is expected to continue to evolve somewhat, it seems that the deployment phase is beginning.
A trademark cease-and-desist for Rockbox's TetroxRockbox developer Björn Stenberg has let it be known that the project received a cease-and-desist letter from the Tetris company, which objected to the name of the "Tetrox" game distributed as a Rockbox plugin. In response, the project has renamed the game "Rockblox." "In addition to the trademark claim, they also claim copyright on "features" of the game. However, the lawyers agree with me that those claims are nonsense so we can safely ignore them."
X.Org Foundation membership system runningX.Org has a board election coming up, with membership in the X.Org Foundation required to vote. It has, however, been difficult to actually become a member of the Foundation. That has now changed with the establishment of the new X.Org membership site. If you are interested in the direction of the X Window System, and have contributions to X that you can point to, you may wish to set up your membership now so that you can be part of the upcoming election. (Click below for the announcement).
Commercial announcements GroundWork Launches Version 5 of GroundWork Monitor Product FamilyGroundWork Open Source, Inc. has announced version 5 of the GroundWork Monitor product line, including GroundWork Monitor Professional, a major upgrade to the company's flagship solution for monitoring the most demanding IT infrastructures, including servers, applications, and networked devices.
Intel announces Linux-ready firmware developer kitThe Intel Open Source Technology Center has announced the Linux-ready Firmware Developer Kit, which is aimed at BIOS writers. "The Linux-ready Firmware Developer Kit is an open source tool to test how well Linux works together with the firmware (BIOS) of your machine. The kit consists of a bootable CD that runs a series of tests and then presents the results on the screen for interactive inspection. The tests all check an aspect of the firmware that Linux uses or depends on for optimal operation."
Novell Honors Top Global Training PartnersNovell, Inc. has announced that it is honoring its training partners. "Reflecting the importance of training in promoting Linux* adoption worldwide, Novell(R) is honoring its top Linux training partners for their success in driving Linux education, designating them Linux Centers of Excellence. These partners, which include companies across Novell's major geographic markets, delivered rapid growth in students trained, top ratings for the quality of their Linux instructors, and high marks for customer satisfaction."
OpenSceneGraph 1.2 releasedVersion 1.2 of OpenSceneGraph, a cross-platform scene graph platform, is out. "OpenSceneGraph Professional Services announces the release of OpenSceneGraph 1.2, the industry's leading open source scene graph technology, designed to accelerate application development and improve 3D graphics performance. OpenSceneGraph 1.2, written entirely in Standard C++ and built upon OpenGL, offers developers working in the visual simulation, game development, virtual reality, scientific visualization and modeling markets a real time visualization tool which rivals established commercial scene graph toolkits in functionality and performance."
Sun announces NetBeans IDE/BlueJ editionSun Microsystems, Inc. has announced the NetBeans IDE/BlueJ Edition. "Sun Microsystems, Inc. (Nasdaq: SUNW) the creator and leading advocate of Java(TM) technology, together with the NetBeans(TM) community and the University of Kent today announced the general availability of a new version of the open source NetBeans Integrated Development Environment (IDE), the NetBeans IDE/BlueJ Edition. This freely available edition of NetBeans offers a seamless migration path for students transitioning from educational tools to a full-featured, professional IDE."
Contests and Awards aKademy Awards 2006 (KDE.News)KDE.News covers plans for the upcoming aKademy Awards. "This year aKademy will continue with tradition created at aKademy 2005 of awarding the people that made an outstanding contribution to KDE in the last year. The award ceremony will be on Sunday, September 24th at 17:50-18:00."
Fedora Open Video Winner AnnouncementThe winner of the Fedora Open Video contest has been announced. "I would like to congratulate Maurizio Bertoldi who has won the first prize for his video "Fly your mind." The prize -- a digital Sony DVD camcorder -- will be soon on its way to Maurizio."
Calls for Presentations FOSS.IN/2006 - Call for ParticipationA call for participation has gone out for FOSS.IN/2006. The event takes place on November 24-26, 2006 in Bangalore, India, submissions are due by October 8.
Hackers to Hackers Conference III - Call for PapersA call for papers has gone out for the Hackers to Hackers Conference III. "The H2HC have as mainly objective offer a national and internation conference for Brazilians Hackers, strongly the ethical of hacking. We have as mission change and desmistify the word hacker from the pejoractive sense to show the hacker as who works in software research and security, possing a professional ethic to protect the organizations. Who destroy systems? Crackers!." The event takes place during November, 2006, submissions are due by September, 30.
Upcoming Events One Week Until Akademy 2006 (KDE.News)KDE.News previews the Akademy 2006 conference, which will take place in Dublin, Ireland on September 23 and 24. "There is now less than one week to go until KDE developers meet with our users and industry supporters at Trinity College Dublin for our annual KDE World Summit, aKademy 2006. We are pleased to announce a further two sponsors to our long list. Office automation equipment manufacturer Ricoh and mobile phone company Nokia are now both silver supporters. Read on for the keynote speakers and some more useful information."Also, the final version of the aKademy 2006 Schedule has been posted.
PAKCON III: Announce (2006)PAKCON III, the underground hacking convention, will be held during December, 2006 at the Pearl Continental Hotel in Karachi, Pakistan. "PAKCON is an underground hacking convention, the first initiative of its kind in the history of the Pakistan IT scene. PAKCON is the brainchild of a group of capable security professionals who have employed their genius and aptitude to provide their extensive and comprehensive experience of information security in the form of a wide-ranging convention on information security."
Events: September 28, 2006 to November 27, 2006The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it. Web sites Musical MIDI Accompaniment forum startedA new forum for the discussion of MMA, the Musical MIDI Accompaniment software, has been created. "Our good friends at Kara Moon Productions have added a forum and will be adding some "power user tutorials" and other examples on their web site. These folks have been giving the development of your program a ig boast in the last weeks, so I encourage your support."
Audio and Video programs Linux clients in Active Directory, News from Support (Novell)Novell presents an audio interview with Lars Mueller and Guenther Deschner. "Samba hacker Lars Mueller explains new capabilities that he and Guenther Deschner team have been working on, allowing SUSE Linux Enterprise Desktop 10 to integrate into an Active Directory environment. From joining the Active Directory domain to initial login and Kerberos provisioning, this stuff is too cool. And Dave Mair and Randy Goddard are back for News from Support, so cue the bagpipes!"
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Lawrence Lessig]](/images/conf/wos4/lessig2-sm.jpg)