LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for December 21, 2006A 2006 retrospectiveThis is the last LWN.net Weekly Edition for 2006; following our longstanding tradition we will take the last week of the year off and dedicate it to cleaning all of this year's unanswered mail out of our inboxes. We wish you all a pleasant holiday season; LWN will be back on its regular schedule on January 4.Another LWN tradition is to review our predictions made at the beginning of the year to see just how badly wrong your editor was this time around. Those predictions were published in the January 4, 2006 edition, for those who wish to follow along from the source. Some of the comments posted to the article can also be interesting to read with a year's perspective. We'll not review every prediction made in that article. Some of them are sufficiently obvious ("Perl 6 will not be released," "the SCO case will drag on") or general ("the pace of kernel development will not slow") that little review is called for. Some of the others, however, offer some insights into how perspectives have changed over the last year (or, perhaps, how blind your editor was back then). The very first prediction made was that the GPLv3 process would dominate the news. Your editor was not able to foresee, however, that the FSF would take the license revision as an opportunity to attack DRM head-on. What has happened over the last year, as evidenced by GPLv3 and in other places, is that many in the community now think that we have enough weight to throw around in support of goals beyond the simple creation of free software. Whether the exercise of this weight will lead to a more free society, or whether it will just make us more like the entertainment industry (which also thinks it has plenty of weight to use in pursuing power under copyright law) remains to be seen. Some commenters doubted your editor's prediction that the non-free kernel module issue would come to a head this year. But, over the course of this year, a number of distributors swore off shipping such modules, those which continue to embrace proprietary modules have taken a fair amount of criticism, and the kernel developers seriously considered banning them outright. Whether all that constitutes "coming to a head" can be debated, but the fact remains: there is a great deal of resentment over proprietary kernel modules and this issue will not go away anytime soon. Your editor predicted the return of European software patents. There were some stirrings over the year, but software patents have, for the most part, laid low. It would be foolish to believe that they will do so forever, though. With regard to desktop Linux, your editor's advice was to not expect amazing advances, but that there would be steady progress. The movement of 3D technologies onto the Linux desktop may not qualify as an "amazing advance," but they are a big step regardless; Linux need defer to no other system in the eye candy department. A prediction that alternatives to OpenOffice.org would gain prominence did not really come through - but it is worth noting that the OLPC project has gone with a lightweight version of AbiWord. One of the more controversial predictions said that the Fedora Project would have to make changes to maintain its position. Over the course of the year, Fedora abandoned the "Fedora Foundation" idea, gave up (belatedly) on Fedora Legacy, decided to lengthen its support period, and merged the Core and Extras distributions. The project has picked up a new energy, renewed its longstanding dedication to free software, and looks well poised to move forward with a stronger community focus. Predicting that a Debian release would happen on schedule is always a daring thing to do. Things clearly did not work out that way, but substantial progress has been made. Debian Etch might not be that late, in the end. Predicting Emacs releases is equally risky, and Emacs 22 did not come out this year - but a couple of pretest releases did. Your editor thought that Novell would "get its act together and become a truly successful Linux-based company." Oh well. That could yet happen, but, after the events of 2006, few people would see it as a foregone conclusion. So what did your editor miss entirely? Big company moves were at the top of the list. The idea that Novell would make a deal with Microsoft - paying patent royalties in the process - was beyond your editor's imagination at the time. Similarly, the notion that Oracle would try to muscle into Linux support by repackaging Red Hat Enterprise Linux was a surprise. Free software has reached such a level of importance that the largest companies out there are paying attention. Also missed was the open-sourcing of Java, though one could certainly quibble that we have not actually seen the code yet. Perhaps your editor should simply predict this event for 2007 and be dead-on. Seriously, however, this event has been delayed for so long that many of us had despaired of it ever happening. It does appear, however, that Jonathan Schwartz has brought a new emphasis on free software to Sun's top position; the planned release of Java under the GNU General Public License suggests that he is serious. In the end, the easiest prediction to make was that our community would remain healthy, and that our software would continue to get better. Despite our disagreements and our mistakes we are going from one strength to the next. That helps make 2006 another pleasant year to look back on.
The 2006 Linux and free software timelineFor the ninth year in a row, the editors at LWN.net have put together a timeline highlighting the most important events of the last twelve months.It has been an active and interesting year - just like the ones before. The GPLv3 process was launched - and threatened to split our community over differing views of freedom. Software patent issues came and went. The Linux desktop went 3D. Large companies became more involved with Linux and free software - and not everybody is pleased with the result. Distributors reevaluated and reworked their dealings with the community. And, while all this was happening, the community continued to produce great code which made all of our systems better. This is version 1.0 of the 2006 timeline. If you find any errors or remaining major omissions, please send them to us at timeline@lwn.net; please do not post errors or omissions as comments until after we have had a chance to address them. The development of the LWN.net Linux Timeline was supported by LWN subscribers; if you like what you see, please consider subscribing to LWN.
For the historically minded, the timelines for the previous eight years remain available:
Second Life and Open SourceWhen Larry Lessig proclaimed that "code is law" he was talking metaphorically. But for a virtual world, constructed entirely out of bits, it is literally true: the laws regarding what you can and cannot do there, both legally and even physically, are inscribed in the lines of code that implement it. In this space, then, open source has an added significance in that it not only lays bare the engines of creation, but it potentially allows them to be hacked. What some of the consequences of this openness might be was shown recently in Second Life, when the open source project libsecondlife released a program called CopyBot. As its name suggests, this tool allowed copies to be made of in-world objects - including the "avatars" that are used to represent the residents of Second Life. This was deeply problematic, since one of the attractions of Second Life is that creators of digital content retain ownership, unlike in most other virtual worlds. Many now make a good living from this in-world activity selling virtual items, with some earning tens of thousands of dollars per year. However, CopyBot raised the spectre of people replicating content for free, rendering digital objects valueless, and undermining the entire Second Life economy. The person leading the libsecondlife project is Jonathan Freedman. He took over recently after John Hurliman, the previous lead, and still the main contributor of code to the project, decided he didn't want to deal with the public relations issues that CopyBot threw up. Freeman recalls: "he said to me: 'I just want to code, I don't want to deal with this.'" The libsecondlife project began six months ago, and was started by a group of coders who "were interested in seeing a little more flexibility in what they could do with Second Life," as Freedman explains. The idea was to create an open source library that third parties could employ to create new Second Life applications. To do that, the libsecondlife group started reverse-engineering the Second Life protocols. One by-product of this work was that they turned up security issues - "and believe you me, they found quite a few," Freedman says - which they reported to Linden Lab, the company behind Second Life. Partly as a result, "the way the project had been run impressed Linden Lab, who were very happy with it," Freedman explains. "Back in the Second Life Community Convention in August, they gave their unofficial endorsement of the libsecondlife project." And then along came the CopyBot incident. "It was a debugging tool," Freedman says of CopyBot. "The developer was working on the part of the Second Life protocol that was responsible for drawing avatars. He needed a way to verify that the data was coming correctly: what better way to verify that than just mirroring it back" down the connection to the system and observing the result? Freedman emphasizes that there were safeguards built into ensure that this "mirroring" - copying of virtual objects - was kept within the terms of service at the time. "You'd actually have to ask it before it would copy you, and it would then give you a lengthy disclaimer explaining what was going on so people could make sure that that was what they wanted. And generally people were agreeing with that, and they'd be there for five or ten minutes dancing with themselves." There the story might have ended, were it not for the fact that CopyBot was free software. "Anybody could get a copy and make use of it, and that's what we saw happening: other people were modifying it to take out the disclaimer, and generally shout stuff like 'I'm stealing your textures'" - the surface elements of virtual objects. As well as taunting victims in this way, a few of these "griefers" started selling the modified, no-holds-barred version of CopyBot within Second Life. Panic spread in some quarters of Second Life. Shop owners closed hundreds of virtual stores, afraid that their inventory would be copied endlessly and rendered worthless. But in practice, the damage was minor, and the economy of Second Life continues to grow - not least because CopyBot itself had important limitations that were consequences of the way Second Life operates. Each "sim" or simulator of a portion of the virtual world in Second Life is created on a server running Debian GNU/Linux, Apache, Squid and MySQL; currently there are several thousand of these PC boxes. To allow for fast response times, the virtual world is sent not as pixels or even as a mesh, but as a series of 3D primitives - "prims". The Second Life client creates the world by converting the stream of information about prims and their position into a visual representation. This means that the client has all the structural information about any object visible to it; CopyBot works by taking that information, and replicating it. However, in addition to the prims and the textures applied to them, more complex objects add scripting to provide interactive behaviour that endows Second Life with much of its richness. These scripts are run server-side, and are not passed to the client, so CopyBot is unable to intercept them. Nonetheless, the residents of Second Life who made money from their virtual creations were understandably perturbed by the appearance of a piece of software with the provocative name of CopyBot - "in retrospect it probably could have been named something else," Freedman concedes. At a November meeting held in-world, Second Life's creator and CEO, Philip Rosedale, explained that nothing could be done about CopyBot using technical means: Second Life's client-server architecture implied that CopyBot was not just possible but in some sense inevitable. But he did promise other measures, including more metadata, such as attribution and creation time-stamps, for virtual objects. Since these would be stored server-side, and hence immutable, they would provide clear proof of whether an object had been copied. To give this approach some teeth, Linden Lab made clear that anyone who used CopyBot or something similar in a malicious manner faced the prospect of expulsion from Second Life. Some remain unhappy with Rosedale's response, and also see the CopyBot incident as part of a deeper malaise involving cynical hackers exploiting loopholes in the Second Life code to grief other residents. They accuse Linden Lab of a certain complicity because of its encouragement of the external libsecondlife project. Perhaps that encouragement is not so surprising given Linden Lab's stated intention [PDF - look at final slides] to make elements of Second Life open source. "Without speaking to specific timing or plans - and we've thought and are thinking lots and lots where there might be exceptions to this - it seems like the best way to allow [Second Life] to become reliable and scalable and grow," Rosedale said recently on the subject of opening up the code. "We've got a lot of smart people here thinking about that." It's obviously useful to have smart people thinking about it on the outside too - provided things don't get out of hand. Freedman has instituted one important change in the libsecondlife project to try to ensure that another CopyBot does not happen. "Previously, the way the libsecondlife source tree was done was basically anybody who wants an account can have one. That's the first thing I changed: just the core developers can have the accounts." Freedman also has some clear-cut goals for the project, which will be releasing all its code under the BSD license. "Short-term, the aim is to have a workable third-party library that other people can make use of to interface with Second Life. I believe that by the middle to end of December we'll have a fairly decent third-party viewer that's comparable to the Second Life [client] application. Longer term, ideally we'd like to see a completely open implementation of Second Life, from the client, to the sims, to the assets - everything." Freedman believes "the use of open standards, if not open source, will go a long way in the propagation of Second Life as an actual platform." This seems to explain Linden Lab's enthusiasm for libsecondlife and patience with things like CopyBot. At stake is the chance to help create the next online platform - the 3D Web, sometimes known as Web 3.D. Opening up the platform will also take some of the strain off Linden Lab: currently, Second Life is growing at an unsustainable rate, with over a million new members joining in the last couple of months. If users could host their own virtual land, then Second Life could scale more gracefully. Beyond that, open protocols would allow distinct but interconnected virtual worlds to be created. The technical aspects of this are the easy part; more difficult are working out social and economic issues like making reputation and money portable between those worlds, and legal ones - as the CopyBot episode made all-too clear. Glyn Moody writes about open source and virtual worlds at opendotdotdot.
Security The state of PHP securityPHP security has been much in the news lately, mostly centered around the resignation of Stefan Esser from the PHP Security Response Team. His stated reasons for leaving are rather alarming, and he indicates a pattern of slow responses to security holes within the language itself. Others, including Zend co-CTO Zeev Suraski, disagree and chalk it up to a personality conflict between Esser and the rest of the team. A recent look at the National Vulnerability Database (NVD) specifically for PHP related security issues also highlights some of the problems with PHP. It is time, it seems, to take a look at the state of PHP security. PHP is touted as an easy language to use to write web applications, particularly those that use a database for storage. There are no end of PHP tutorials available on the web that will help readers to get a web application up and running in short order. Unfortunately, many of these tutorials completely ignore security and invite their readers to create applications that suffer from SQL injection and other security flaws. This example (from the top ten results of a Google search for 'php tutorial') explains how to update a record in a MySQL database using single quotes around the values that come in from a web form. It also describes how to display data in ways that allow for cross-site scripting. As described in another security page article, the proper way to handle database queries with user supplied data is by using placeholders. PHP does provide ways to do that, using the PEAR database API, but finding information about it is non-trivial. It certainly is not promoted by the PHP homepage, which tends to push the included, easily abused, MySQL interface. Because PHP strives to be easy to use, its developers have added features that have caused all manner of security problems. The worst offender is the register_globals 'feature' which automatically instantiates PHP variables from the CGI variables that are passed in a GET or POST. While it does make it easier for programmers to access these values, it also allows attackers to set the value for any uninitialized variable in the PHP program. Because PHP is a dynamic language, variables do not necessarily need to be initialized before they are used and many programs relied on that feature. When combined with register_globals, this practice leads to easy exploits. register_globals has long been turned off by default in PHP, but there are a huge number of applications that still rely on it. Many PHP web hosting companies have it turned on because their customers demand it, but it is very difficult to use the feature correctly. There are PHP modes that warn of using uninitialized variables, but those warnings typically end up in a log file somewhere which may not be examined frequently. It is an extremely dubious feature, but one that PHP creator, Rasmus Lerdorf, seems to think should have been left on by default. Other poor design choices include the 'magic quotes' feature that gives the illusion of removing SQL injection issues without actually providing that protection. Another is the ability of the PHP include directive to take URL arguments; this has been abused by attackers to pick up their scripts and have them run on the victim's server. Unfortunately, these features get into the language and are used making it difficult to remove them later. There are various projects to improve upon PHP security, including Esser's Hardened-PHP, as well as efforts, such as the PHP Security Consortium, that seek to educate people about writing secure PHP code. Unfortunately, many of the open source PHP projects do not provide good examples for budding PHP programmers to emulate; they either rely upon various PHP misfeatures and/or they were written by programmers without the requisite secure coding skills. The existence of these projects (and other similar ones) certainly provides an indication that the security problem with PHP is acknowledged by some. PHP proponents tend to take a 'blame the user' approach that is reasonable in some ways, but fails to recognize some of the inherent issues with PHP itself. If you target inexperienced web application programmers, you can hardly be surprised that they do not have fundamental security skills. Security seems to fall somewhere below simplicity in the minds of the PHP language developers; that makes it more difficult to have secure PHP applications. Security is a hard problem and any attempt to 'dumb down' a language is likely to run into security issues. Encouraging amateur programmers to write web applications is unlikely to produce secure code in any language, but by providing tutorials and examples that have glaring security issues and by not concentrating on teaching secure coding, PHP makes it that much worse. A great deal of useful code has been written on the PHP platform; it would be nice to find a way to keep that code coming while simultaneously making it more secure.
New vulnerabilities clamav: stack overflow
dbus: denial of service
flash-player: CRLF injection vulnerability
gdm: format string vulnerability
gnuradius: format string vulnerability
Mozilla stuff: multiple vulnerabilities
proftpd: stack-based buffer overflow
sql-ledger: several remote vulnerabilities
Updated vulnerabilities apache: cross-site scripting
apache-mod_auth_kerb: off-by-one error
avahi: sender id check
bind: denial of service
bugzilla: multiple vulnerabilities
busybox: insecure password generation
bzip2: race condition and infinite loop
clamav: missing sanity checks
cpio: arbitrary code execution
vixie-cron: privilege escalation
cscope: buffer overflows
cscope: buffer overflows
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
dovecot: index cache file handling error
elinks: arbitrary file access
enemies-of-carlotta: input sanitizing
ffmpeg: buffer overflows
freeradius: several vulnerabilities
freetype: integer overflows
ftpd: privilege escalation
gcc: file overwrite vulnerability
gdb: buffer overflow
gdm: improper file permissions
gedit: format string vulnerability
gnupg: stack overwrite
grip: buffer overflow
gv: stack-based buffer overflow
gzip: multiple vulnerabilities
gzip: arbitrary command execution
imagemagick: buffer overflows
ImageMagick: buffer overflows
imlib2: arbitrary code execution
kdegraphics: stack overflow
kdelibs: integer overflow
kdelibs: kate backup file permission leak
kernel: denial of service
kernel: bridging code buffer overflow
kernel: denial of service
kernel: denial of service
kernel: denial of service by memory consumption
kernel: denial of service
kernel: denial of service
koffice: integer overflow
krb5: local privilege escalation
l2tpns: buffer overflow
libgadu: memory alignment bug
libgd2: denial of service
libgsf: heap buffer overflow
libmms: buffer overflows
libmodplug: boundary errors
libpam-ldap: insecure password control
libpng: buffer overflow
libpng: heap based buffer overflow
libtiff: buffer overflow
libvncserver: authentication bypass
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
linux-restricted-modules: nVidia driver vulnerability
lynx: arbitrary command execution
madwifi-ng: buffer overflow
mysql: format string bug
MySQL: privilege violations
MySQL: logging bypass
nbd: arbitrary code execution
ncompress: buffer underflow
openldap: security bypass
openoffice.org: several vulnerabilities
OpenSSH: denial of service
openssh: privilege separation issue
openssh: remote denial of service
php: several vulnerabilities
php: buffer overflows
phpbb2: missing input sanitizing
phpbb2: multiple vulnerabilities
postgresql: SQL injection
proftpd: denial of service
quake: buffer overflow
rpm: arbitrary code execution
ruby: denial of service
ruby: denial of service
shadow-utils: mailbox creation vulnerability
squirrelmail: multiple cross-site scripting vulnerabilities
tar: symlink vulnerability
trac: cross-site request forgery
unzip: long file name buffer overflow
virusscan: DT_RPATH vulnerability
w3c-libwww: possible stack overflow
xine-lib: buffer overflow
xine-lib: buffer overflow
xine-ui: format string vulnerabilities
xinit: race condition
X.org: local privilege escalations
X.Org: buffer overflow
xorg-x11: privilege escalation
xpdf: buffer overflow
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch is 2.6.20-rc1, released by Linus just after LWN came out on December 13. See the short-form changelog for a (long) list of patches merged for 2.6.20.Several dozen patches (a relatively small number) have been merged into the mainline git repository since -rc1 came out. The current -mm tree is 2.6.20-rc1-mm1. Recent changes to -mm include a new version of the user-space device driver feature, an idle notification facility for x86-64, the lumpy reclaim patch, and a new version of the dynamic tick patch. For older kernels: 2.6.18.6 was released on December 18; it contains a fair number of fixes (including one which is security-related). Adrian Bunk has released 2.6.16.36 with several patches and 2.6.16.37-rc1 with a few dozen more. Willy Tarreau has been busy, having released 2.4.33.5 (two security patches), 2.4.33.6 (one more), and 2.4.34-rc3 (perhaps the last before the 2.4.34 final release).
Kernel development news Quote of the week
Whilst Red Hat's medical coverage fully covers "mental health"
issues, I'd really rather not proceed down this avenue. We can't
support *one* kernel properly. On what planet does it make sense to
throw more variants in the mix ?
-- Dave Jones
Why binary-only modules were not bannedFor a moment, it seemed like things could happen pretty quickly. Martin Bligh suggested that, rather than trying to nickel-and-dime binary modules to death, it would be more honest to just ban them outright. Andrew Morton spoke out in favor of the idea as long as a one-year warning was provided. Greg Kroah-Hartman hacked up a patch to insert the warning. And Linus, at the outset, restricted himself to commenting on Greg's poetry.The tide turned just as quickly, however. Linus spoke out against the change, and Greg withdrew it. It would appear that binary-only modules will continue to be loadable into the kernel for the foreseeable future - though other hazards may await those who distribute them. The loading of proprietary modules was not banned for a few reasons, the first of which being that there is, in fact, nothing wrong with doing so. The GPL is quite clear in its statement that somebody who is in possession of GPL-licensed code can use it in any way they wish. If they want to combine their nice free kernel with a big, proprietary binary blob, they are fully within their rights to do so. So banning proprietary modules in the kernel source attacks the problem in the wrong place and attempts to forbid an activity which is allowed by the license. Even if the GPL could be interpreted as forbidding the loading of binary-only modules, there is the fair use issue to consider. As a community, we tend to be generally in favor of a broad interpretation of fair-use rights. But fair use cuts both ways. A number of people in the discussion warned against adopting the tactics favored by the entertainment industry and taking an overly broad view of what the law allows copyright owners to do. As Ben Collins put it:
The gradual changes to lock down kernel modules to a particular
license(s) tends to mirror the slow lock down of content
(music/movies) that people complain about so loudly. It's basically
becoming DRM for code.
The fact that some people were willing to discuss making use of the DMCA to make sure that nobody could patch a proprietary module ban out of the code tends to reinforce this view. Alan Cox noted that people tend to become that which they fight. Most people in the community would probably agree that the entertainment industry is not something we wish to become; this realization has, arguably, done a lot to erode support for the idea of banning proprietary modules. What the GPL does cover is distribution; anybody who distributes something derived from GPL-licensed code must do so under the terms of the GPL. So it is the act of distributing proprietary modules which enters legally questionable territory. But, as Linus points out, the fact that a module can be loaded into the kernel does not imply that the module is necessarily a derived work of the kernel. The determination of derived work status is a complicated business, and can often require a court to provide the definitive word. But banning all proprietary modules on the idea that they are all illegal derived works is a hard action to defend. The end result is that there will be no technical measures for the blocking of binary modules added to the kernel anytime soon. Unhappiness with these modules remains, however, as can be seen in Greg's message withdrawing the patch:
It's just that I'm so damn tired of this whole thing. I'm tired of
people thinking they have a right to violate my copyright all the
time. I'm tired of people and companies somehow treating our
license in ways that are blatantly wrong and feeling fine about it.
Because we are a loose band of a lot of individuals, and not a
company or legal entity, it seems to give companies the chutzpah to
feel that they can get away with violating our license.
It seems clear that the issue will not go away, even though this particular approach to addressing it has been rejected. The course which appears to be open to disgruntled kernel developers is legal action: if the distribution of a specific binary module can be shown to be a copyright violation, then the copyright owners have the right to go to court to put a stop to it. GPL enforcement efforts have, so far, tended to be successful. So it would not be surprising to see one or more developers decide to bring a suit against a binary module distributor in the next year or so. The discontent which is so visibly out there is unlikely to just fade away.
A gnarly 2.6.19 file corruption bugWhen Linus released 2.6.19, he expressed a certain degree of confidence about its quality:
It's one of those rare "perfect" kernels. So if it doesn't happen
to compile with your config (or it does compile, but then does
unspeakable acts of perversion with your pet dachshund), you can
rest easy knowing that it's all your own d*mn fault, and you should
just fix your evil ways.
While this kernel may have lived up to expectations in a number of ways, it would appear that somebody's evil ways have messed things up - and dachshunds would be well advised to keep a low profile. It seems that this kernel can corrupt ext3 filesystems - behavior which was not in the original set of design goals. The good news (for users) is that the bug is hard to trigger, and that most access patterns work just fine. The bulk of the trouble seems to come with a certain Bittorrent client, which has an unusual access pattern at best. On occasion, parts of a page will end up being written as zeroes, through to the end of the page. Please do not expect your editor to explain why this is happening; it seems that nobody really understands that yet. The solution, however, may involve some relatively serious low-level memory management surgery. The apparent origin of the problem is a change in how dirty pages are tracked in the kernel. Prior to 2.6.19, this information lived in the page tables; the 2.6.19 kernel, however, moves some of this information into the page structure. This change enables better tracking of dirty pages in the system, which is a good thing, but it could also be bringing some old bugs out to play. Not all of those bugs are necessarily in the kernel; at one point, Linus went off and wrote a demonstration program showing how a buggy program would work with older kernels but get surprising results in 2.6.19. What it comes down to is that if a program maps a file into memory, it cannot put data into that memory beyond the current length of the file and expect that data to make it to disk. It was a nice demonstration, but this behavioral change does not appear to be behind the problem reports. Confusion surrounding the propagation and management of the page dirty bits is at the top of the suspect list, as of this writing. Nobody seems to be able to point at anything specific, however, beyond the fact that the code appears to be rather badly messed up. Says Linus:
A lot of this is actually historical cruft. Some of it may even be
code that was never supposed to work, but because we maintained
_other_ dirty bits in the PTE's, and never touched them before, we
never even realized that the code that played with PG_dirty was
totally insane.
So the approach being taken by Linus is to rework the dirty page accounting code into something a little more reasonable. To that end, test_clear_page_dirty() is no more, having been pronounced "insane" by Linus. Instead, the new code tries for a better defined sense of when the dirty bit on a page can be cleared; it comes down to either (1) the page is being written to backing store, or (2) the page is no longer relevant (when a file is truncated, for example). In typical fashion, Linus fixed enough to make his own configuration work, leaving the rest as an exercise for the reader. He makes no claims that this rework will have solved the problem, only that it makes the code more sane than it was before. As of this writing, there have been no responses from the people who are able to reproduce this problem. If the problem goes away - and the developers can convince themselves that it has not just been papered over - then some version of this fix will likely need to be prepared for a 2.6.19 update. Then, maybe, the dachshunds can come out of hiding.
Reworking NAPINAPI ("new API," though it is not so new anymore) is an interrupt mitigation mechanism used with network devices. When network traffic is heavy, the kernel can safely predict that incoming packets will be available anytime it gets around to looking, so there is no need to have the adapter interrupting it (possibly thousands of times per second) to tell it about those packets. So a NAPI-compliant driver will turn off the packet receive interrupt and provide a poll() method to the kernel. When the kernel is ready to deal with more packets, poll() will be called with a maximum number of packets it is allowed to feed into the kernel; it should process up to that many packets and quit.With NAPI in place, the kernel can process significantly higher packet loads. The reduction in interrupt load helps, but there are a couple of other advantages as well. The way NAPI works makes it less likely that packets will be reordered in the kernel. And if traffic reaches the point where the kernel is forced to drop packets, those packets can be dumped before they are ever fed into the network stack. For more information on NAPI, see this old LWN article or this page at OSDL, which is newer and more complete. That page may require some updating soon, however, as Stephen Hemminger has proposed a newer NAPI (NNAPI?) which changes the driver API somewhat. In the current mainline, there are two NAPI-related fields in the net_device structure: poll(), being the function called to collect packets from the adapter, and weight, which is essentially the driver writer's best guess as to how important the interface is relative to any others which might be on the system. Stephen's patch moves these parameters into a separate structure (struct napi_struct), aggregating them with a few other NAPI-related structures. The napi_struct structure is then put back into struct net_device, but drivers need not use that one. The whole purpose of this patch would appear to be to separate the NAPI-related information from specific network devices. There are some adapters which provide multiple ports, all of which have a single receive interrupt. The separated NAPI information allows all of those ports to share a single NAPI state and a single poll() function; this organization better fits the reality of the hardware. This patch won't hit mainline before 2.6.21, so authors have some time to react. The changes are relatively simple to make. The first is to find a napi_struct structure for the device; in the absence of a reason to do otherwise, the best solution would be to use the new napi field in the net_device structure. So, if the current code initializes itself with something like:
dev->weight = MY_WEIGHT;
dev->poll = my_poll;
The new version would look like this:
dev->napi.weight = MY_WEIGHT;
dev->napi.poll = my_poll;
The prototype of the poll() function has changed a bit, however; it now looks like:
int (*poll)(struct napi_struct *napi, int budget);
The pointer to the net_device structure has been replaced with a pointer to the napi_struct structure. In most cases, the net_device pointer can be had with a call like:
struct net_device *dev = container_of(napi, struct net_device, napi);
The meaning of the budget parameter has changed slightly as well; it is now the only indicator of how many packets the poll() function may feed into the kernel. There is no longer any need to check the quota field separately. Finally, the return value should be the number of packets which were actually processed. The other NAPI-related functions in the network system have been modified in fairly predictable ways. NAPI polling is started with either of:
void napi_schedule(struct napi_struct *napi);
/* or */
int napi_schedule_prep(struct napi_struct *napi);
void __napi_schedule(struct napi_struct *napi);
Polling is turned off with:
void napi_complete(struct napi_struct *napi);
The current patch is in an early state, so the interfaces could change over the next few months. Nobody has spoken out against it, though, so chances are good that it will be merged in some form.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Networking
Architecture-specific
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Plans for Fedora 7Bill Nottingham has posted a draft plan for Fedora 7. It includes a generally-available release date of April 24 date. It also has a list of 25 objectives for this release, some objectives are more serious than others.
LobbyBuddy
Given your locale and timezone, determine where you are, and who your elected representative is. Allow you to easily send them information about how the laws should be changed with respect to patents and other important issues. If it determines you do not have a duly elected representative, offer a special initiative to lobby foreign representative to install a new regime. (I'M KIDDING!) Naturally there are some milestones that will need to be met; three test releases scheduled for January 30, February 27 and March 26. Things that aren't ready by Test2 are not likely to be included in F7. The number one objective is to merge the core and extras build system. Merging core and extras code in source control comes next. Once these tasks are completed it should be easier for the greater Fedora community to be involved in the process, and it looks like the Fedora team will need their help to achieve the remaining objectives. Jesse Keating's name shows up quite a bit on this list and he has already requested a few clones. What else can we expect from Fedora 7? A desktop version (with GNOME), a server version, a KDE desktop version, faster user switching, rock solid wireless support and improved boot and shutdown speed, RPM/yum enhancements, RandR 1.2, and much more.
RandR 1.2 is the new black. Even if you don't know you want it, you
want it. Potential exists for a backport to the code we will be using,
but there are no guarantees.
Some items on the list will not be achieved unless someone volunteers their time to do the work. Init system changes will not happen until someone manages to evaluate the current options; like upstart, launchd and initng and presents the advisory board with some options for Fedora. Encrypted filesystems and syslog-ng remain much requested items in search of a maintainer (or two). What do you want in your Fedora?
New Releases Announcing Foresight Linux 0.9.9 (GnomeDesktop)GnomeDesktop covers the release of Foresight Linux 0.9.9. "What is new in this release? Compiz is now included. Also included GnuCash, GnomeScan, and the synaptics driver. There have also been lots of version updates..."
LFS LiveCDs 6.2-4 and 6.3-pre1 releasedThe Linux From Scratch LiveCD Team has announced the release of x86-6.2-4 and x86-6.3-pre1 versions of the LFS LiveCD. Both versions should be treated as betas, the stable release is still x86-6.2-3.
Distribution News Bits from the debian-cd team; more CD/DVDs being built regularlyThe Debian CD team has lots of CD and DVD builds available. Some with "etch" packages, some with "sid" packages for different architectures and desktop choices. Click below to see what's available.
RPM -- plans, goals, etc.Red Hat's Max Spevack answers questions about the future of the RedHat Package Manager (RPM). "The Fedora Project is leading the creation of a new community around RPM. One in which the leaders can come from Fedora, from Red Hat, from Novell, from Mandriva, or from anywhere. Job #1 is to take the current RPM codebase and clean it up, and in doing so work with all the other people and groups who rely on RPM to build a first-rate upstream project."
Fedora kernel-fuFedora users, especially those running Rawhide, may be interested in this posting by Dave Jones on what's happening with the Fedora kernel. "I spent lots of time last week beating the rawhide kernel into a shape where it may actually boot for some people. It's been a bit of a challenge. First, the big change is the migration away from the crusty old parallel ATA drivers to shiny new ones that use the same libata infrastructure as the SATA drivers. A side effect of this is that /dev/hda becomes /dev/sda. This isn't a problem if you're using 'mount by label' (which has been the default in Fedora since forever). If you aren't, well, it's going to be fun."
FUDCon Boston 2007The next Fedora Users and Developers Conference has been scheduled. "On Friday, February 2nd, Fedora enthusiasts will gather at Boston University for the annual appearance of the world-famous groundhog Fedora Phil. According to legend, if Fedora Phil sees his shadow, there will be six more weeks of Fedora test releases."
"Lessons for Lizards" Start Today"Lessons for Lizards" is a new way to learn about openSUSE. It is a documentation project for and by the community (licensed under GFDL) that will be released on an equal footing with the internally produced documentation. Lessons are written in a cook book style and cover more specific or exotic topics than the traditional manuals.
Xandros alert: Red Hat Server System Administrators Needed for Beta TestXandros has put out a call to Red Hat Enterprise Server system administrators to sign-up for the beta testing of a new Xandros product. Xandros has new monitoring tools that will allow administrators to manage multiple Red Hat Enterprise servers on various hardware architectures.
Distribution Newsletters Fedora Weekly News Issue 71This week in the Fedora Weekly News; RPM -- plans, goals, etc., Important Fixes in flash-plugin-7.0.69-2, Firefox Flicks on TV, Southern California Linux Expo ramps up registration, Fedora's Legacy Wanes, OpenOffice.org 2.1 Is Here, and much more.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for December 11, 2006 covers EFIKA board shipping, dbus news, CFLAGS for Core/Core 2 and several other topics.
Ubuntu Weekly News #25The Ubuntu Weekly Newsletter for December 11, 2006 covers upcoming meetings, the Kubuntu Community Council Meeting, improvements to gdm accessibility, the Ubuntu bug squad, updates to Feisty, Mark's letter to OpenSUSE, Ubuntu Canada's first meeting, and much more.
DistroWatch Weekly, Issue 182The DistroWatch Weekly for December 18, 2006 is out. "With the year 2006 closing down on us rapidly, this seems like a good time to take a look at the world of Linux distributions and their evolution during the past year. Who has done the best job of bringing Linux to the desktops of new users? And which distributions are the losers of the increased competition among the different projects, all vying for our attention? As always, opinions are likely to vary, but some trends aren't difficult to spot. In the news section: Fedora looks to regain control over the RPM Package Manager, KNOPPIX promises a new version of its live CD, Debian publishes a release update, and Arch Linux announces an easy-to-install CD for desktop users. Finally, warm wishes of a Merry Christmas and a prosperous New Year to all DistroWatch readers! See you again in 2007!"
Package updates Fedora updatesUpdates for Fedora Core 6: coreutils (bug fixes), mutt (bug fixes), ORBit2 (bug fix), desktop-printing (bug fix), poppler (add subpackages for poppler Qt bindings), bouncycastle (update to 1.34), libnotify (fix dependencies and typos), rsh (loads pam_env.conf file correctly), gdb (bug fix), vnc (bug fixes), irqbalance (bug fix), nfs-utils (stopped v4 umounts from ping rpc.mountd), libiec61883 (update to 1.1.0), checkpolicy (rebuild for new libraries), libselinux (fix matchpathcon to lstat files), policycoreutils (update po files), selinux-policy (bug fixes), cpuspeed (bug fixes), mkinitrd (update needed for kernel-2.6.19), autofs (bug fixes), util-linux (bug fixes), perl-PDL (fix release tag)scim (bug fixes), am-utils (bug fixes), gnome-vfs2 (fix crash on smb authentication), e2fsprogs (bug fix), iproute (upgrade to 2.6.19), php (bug fixes and packaging enhancements), libdrm (update to 2.3.0).Updates for Fedora Core 5: java-1.4.2-gcj-compat (import Bouncy Castle 1.34), cpuspeed (fix latest acpi-cpufreq bugs), libiec61883 (update to 1.1.0), fontconfig (add -ppc64 patch).
Mandriva updatesMandriva has updated sendmail (bug fix) for ML 2006.0, Corporate Server 3.0 & 4.0 and Multi Network Firewall 2.0.Updates for Mandriva Linux 2007.0: evolution-sharp (bug fix), hal (bug fix).
Trustix updatesUpdates for Trustix Secure Linux 2.2 & 3.0: mrtg, openssh (various bug fixes).
Ubuntu updatesUpdates for Ubuntu 6.10: gnome-system-tools (bug fixes), gnome-panel (bug fixes), gnome-applets (bug fixes), gnome-netstatus (bug fixes), system-tools-backends (bug fixes), synaptic (bug fixes), k3d (bug fixes), openoffice.org (bug fixes).
Newsletters and articles of interest Learning Ubuntu made easy (Linux.com)Linux.com looks at UbuntuClips.org. "Good documentation has helped keep the two-year-old Ubuntu project among the most popular Linux distributions. To complement the traditional venues for help, such as FAQs, HOWTOs, bulletin boards, and mailing lists, Ubuntu uses interactive forums such as Internet Relay Chat to conduct training classes for new users. Now add UbuntuClips.org to the list of helpful sites. This project, not associated with Ubuntu, combines the best of Linux screencasting tools and video-sharing portals to offer audio/video clips that lead new users through common tasks."
Debian Networking for Basic and Advanced Users (Debian Admin)Debian Admin has a tutorial on networking. "If you are new to networking the graphical configuration tool is your best method for configuring new hardware in Debian.We are going to use GUI tool "network-admin" to configure networking. Remember, you must be root to run network-admin."
The Perfect Setup - OpenSuSE 10.2 (HowtoForge)HowtoForge sets up a server with OpenSUSE 10.2. "This is a detailed description about how to set up an OpenSuSE 10.2 based server that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3/IMAP, Quota, Firewall, etc.)."
Setting Up A PXE Install Server For Multiple Linux Distributions With Ubuntu Edgy Eft (HowtoForge)HowtoForge sets up a PXE install server. "This tutorial shows how to set up a PXE (short for preboot execution environment) install server with Ubuntu 6.10 (Edgy Eft). A PXE install server allows your client computers to boot and install a Linux distribution over the network, without the need of burning Linux iso images onto a CD/DVD, boot floppy images, etc. This is handy if your client computers don't have CD or floppy drives, or if you want to set up multiple computers at the same time (e.g. in a large enterprise), or simply because you want to save the money for the CDs/DVDs. In this article I show how to configure a PXE server that allows you to boot multiple distributions: Ubuntu Edgy/Dapper, Debian Etch/Sarge, Fedora Core 6, CentOS 4.4, OpenSuSE 10.2, and Mandriva 2007."
Distribution reviews Xubuntu Gets Edgy (O'ReillyNet)Here's a review on O'ReillyNet of the Edgy Eft release of Xubuntu. "Edgy Eft (version 6.10), the second release of Xubuntu, a variant of Ubuntu Linux built around the Xfce4 desktop and designed to be lightweight, was released in October. I've been using it since then and I've been impressed. The bugs and rough edges seen in the first release, Dapper Drake (6.06) are gone and the end result is a solid, reliable distribution that's a pleasure to use."
Review: Xandros Desktop OS 4.1 Professional (Linux.com)Linux.com reviews Xandros Desktop OS 4.1 Professional. "A few weeks ago, Xandros released an update of its Business Desktop OS with a number of new features, including 3-D effects and desktop search. The 3-D effects fell flat in my tests, but I found the distro to be a pretty good OS if you're looking for a Windows replacement."
Page editor: Rebecca Sobol Development Release 6.6 of the GNU Project DebuggerRelease 6.6 of the GNU Project Debugger (GDB) has been announced. GDB is one of the classic GNU software projects, it has been around for a full two decades. GDB even comes with its own song. The release note explains GDB:
GDB is a source-level debugger for Ada, C, C++, Objective-C,
Pascal and many other languages. GDB can target (i.e., debug programs
running on) more than a dozen different processor architectures, and GDB
itself can run on most popular GNU/Linux, Unix and Microsoft Windows
variants.
GDB 6.6 is available for download here. It is advisable to look over the list of known problems before installing the software. Your editor tried a test build of GDB 6.6 on a machine running the Ubuntu Breezy Badger distribution. The build/install process involved the standard configure, make and make install steps, it worked without any problems. The newly built GDB installed itself in /usr/local/bin and works alongside the already installed (version 6.3) /usr/bin/gdb from the Ubuntu package. A test run of GDB 6.6 on a simple C program worked as expected. For more information on GDB, take a look at the extensive online documentation, a good place to start is Debugging with GDB. Unlike many new open-source software releases, the documentation has been kept up to date with the newest release.
System Applications Database Software PostgreSQL Weekly NewsThe December 17, 2006 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
Embedded Systems BusyBox 1.3.0 is availableVersion 1.3.0 of BusyBox, a collection of command line tools for embedded systems, is out. "This release has CONFIG_DESKTOP option which enables features needed for busybox usage on desktop machine. For example, find, chmod and chown get several less frequently used options, od is significantly bigger but matches GNU coreutils, etc. Intended to eventually make busybox a viable alternative for "standard" utilities for slightly adventurous desktop users."
Mail Software Postfix 2.4 experimental releaseSnapshot 20061217 of experimental version 2.4 of Postfix, a mail transfer agent, has been announced. See the release notes for change information.
Desktop Applications Audio Applications Ecasound 2.4.5 releasedVersion 2.4.5 of Ecasound, a multi-track audio processing utility, is out. Changes include: "Native support for FLAC files has been added using the sndfile library. New debugging tools for ecasound scripting and ECI applicati[o]n development have been added. Bugs related to ecasound process return values, memory corruption in ECI apps, handling of 24/32bit big-endian audio files, robustness of mp3/ogg/flac/aac support, managing loop devices, parsing user input, and build errors on cygwin, have been fixed. A set of new processing ops for channel routing and mixing has been added."
Business Applications Liferay Portal 4.2 releasedVersion 4.2 of Liferay Portal has been announced, it adds integration with the ServiceMix Java Business Integration engine. "Liferay Portal is an open source portal that helps organizations collaborate more efficiently by providing a consolidated view of disparate applications. It is used by large and small organizations all over the world. Liferay has an extensive list of features that compares with most commercial portals but without the high license fees."
CAD Thirty-fifth release of PythonCAD announcedRelease 35 of PythonCAD, a scriptable drafting program, has been announced. "The thirty-fifth release contains several improvements dealing with the storage and adjustment of user preferences and image settings. The global user preferences are now saved into a file kept in the user home directory, so the settings are now preserved between PythonCAD sessions. Individual drawing settings can be examined and adjusted via a new set of menus and dialogs. These new dialogs are more complete than the single dialog previously used as well as easier to use. In addition to the preference and setting changes, a variety of bug fixes and miscellaneous code improvements are also present in this new release." The PythonCAD web site has also undergone a makeover.
Desktop Environments GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
GNOME subversion migrationThe GNOME desktop environment project is undergoing a migration of version control systems from CVS to Subversion. "I'm happy with the latest test results and would like to propose a new migration cut-off date: Friday December 29th 2006 at 23:59UTC. This is much shorter notice than I would really like to have given (I was hoping to announce this last week), but this is the best date I can come up with, given the holes in GNOME's schedule and my own."
KDE Software AnnouncementsThe following new KDE software has been announced this week:
KDE Commit-Digest (KDE.News)The December 17, 2006 edition of the KDE Commit-Digest has been announced. The content summary says: "A new interface element, the 'viewbar', makes its debut; continued work on Flake and Kross-based scripting within KOffice. Continued refinements in KSysGuard. Much work to improve support for VPN connections in KNetworkManager, with KNetworkManager being moved from playground/ to extragear/. Kaffeine begins porting to GStreamer 0.10. KGeography extends its global coverage with a handful of new country maps. KWin4 and Kolf begin their transition towards improved and scalable (SVG) graphics. Commits start to flow in the Student Mentoring program. Support for bullet-aliased passwords across KDE."
Xorg Software AnnouncementsThe following new Xorg software has been announced this week:
Mail Clients Mozilla Thunderbird 2 Beta 1 Released (MozillaZine)MozillaZine has announced version 2 beta 1 of the Mozilla Thunderbird email client. "Features new to Thunderbird 2 include message tags, folder views, session navigation history, a visual refresh of the theme, and improved new mail notification alerts. Mozilla Thunderbird 2 Beta 1 is available for Windows, Mac OS X, and Linux. Localized builds will be offered for beta 2, currently scheduled for January." See the release notes for more information.
Medical Applications GNUmed 0.2.3 released (LinuxMedNews)Version 0.2.3 of GNUmed, an open-source medical practice software system, has been announced. "Version is up to 0.2.3 Version features and bug fixes are explained in our Wiki".
Miscellaneous Gnofract 4D 3.2 releasedVersion 3.2 of Gnofract 4D is out with bug fixes. "Gnofract 4D is a free, open source program which allows anyone to create beautiful images called fractals. The images are automatically created by the computer based on mathematical principles. These include the Mandelbrot and Julia sets and many more. You don't need to do any math: you can explore a universe of images just using a mouse."
Languages and Tools Caml Caml Weekly NewsThe December 19, 2006 edition of the Caml Weekly News is out with new Caml language articles.
Haskell Haskell Weekly NewsThe December 20, 2006 edition of the Haskell Weekly News is online. This week sees a new release of the Edison data structures library, along with several other new libraries, and some new Haskell articles in the blogspace.
Java Apache Harmony Board Report, December 2006The December, 2006 Board Report from the Apache Harmony open-source Java project is online. "The project continues to make progress towards it's primary goal of a complete implementation of Java SE 5. We have over 96% of the Java SE 5 class library complete, and the virtual machine continues to make substantial progress. We look forward to securing the JCK for Java SE 6 to start integrating it into our build/test frameworks as to immediately begin testing the portions of the classlibrary that we believe are spec complete."
GNU Classpath 0.93 releasedVersion 0.93 of GNU Classpath, a set of essential libraries for Java, is out. Release highlights include: "NIO Selector epoll (linux 2.6 kernel) and kio (BSD and Darwin) notification mechanisms added. Fast, direct call, support for in runtime CORBA objects. Support for user JNDI context factories (plus corbaname: and rmi: jndi urls). New javah tool included. JSSE SSLEngine support including TLSv1.1 and pre-shared key ciphersuites. Full lang.management MX Beans ManagementFactory implementation. 99.95% api coverage for 1.4, 95.5% api coverage for 1.5. Much better swing HTML support (aka JGecko). Graphics2D on cairo speedups and make it respects interpolation hints, better gradient support and custom Composites and Paints."
OVal 0.8 released (SourceForge)Version 0.8 of OVal is available with several new features and some bug fixes. "OVal is a generic Java 5 based object validation framework for any kind of Java objects (not only JavaBeans). Constraints can be expressed with annotations or in XML. OVal supports validation of class fields, method return values, as well as constructor/method parameters. Automatic validation (programming by contract) can be achieved by using pre-built AspectJ aspects."
Migrating to Spring (O'ReillyNet)Ethan McCallum writes about migration to Spring on O'Reilly. "Sure, everyone's been talking up Spring for the last year or so, but what if your app already uses some other framework, or if you didn't even use a framework and instead rolled your own JDBC and DAOs? Ethan McCallum has a case study showing how he took a web application written for another article and converted it to Spring, highlighting what he gained in the process."
Lisp CMUCL 19d releasedVersion 19d of CMU Common Lisp (CMUCL) has been released. "This version improves debugging functionality, adds support for the EXT:DOUBLE-DOUBLE-FLOAT type, fixes several ANSI compliance issue, and includes several more enhancements."
SBCL 1.0 releasedVersion 1.0 of Steel Bank Common Lisp (SBCL) has been announced. "Besides bug fixes, it features several improvements such as experimental support for threading on FreeBSD/x86, support for files larger than 2GB for CL streams and SB-POSIX on Linux/x86, better introspection functionality, better support for Windows, and more."
Perl Weekly Perl 6 mailing list summary (O'Reilly)The December 17, 2006 edition of the Weekly Perl 6 mailing list summary is out with coverage of the latest Perl 6 developments.
Python Guido van Rossum on the Python 3000 processFor those who are interested in Python 3000: Guido van Rossum has posted a note to the mailing list expressing his concerns about where this project is going. "With few exceptions, the discussions on the python-3000 list seem more about radical redesign of the language than about the relatively modest tweaks that I had in mind when I started the project." He would like to pull together a smaller set of well-defined objectives which would allow an initial alpha release by next June.
new Python-Ideas mailing listThe Python-Ideas mailing list has been announced. "At Guido's suggestion, a new mailing list has been created named Python-Ideas. This list is meant as a place for speculative, pie-in-the-sky language design ideas to be discussed and honed to the point of practically being a PEP before being presented to python-dev or python-3000. This allows both python-dev and python-3000 to focus more on implementation work or final approval/denial of ideas instead of being flooded with long threads where people discuss ideas that are too nebulous to be considered for inclusion into Python."
Python-URL!The December 18, 2006 edition of the Python-URL! is online with a new collection of Python article links.
Tcl/Tk Dr. Dobb's Tcl-URL!The December 19, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.
Page editor: Forrest Cook Linux in the news Recommended Reading What Can't Open Source Achieve in the Next 10 Years? (Linux Journal)Glyn Moody ponders the possibilities for the next ten years of open-software development. "Against this background, then, I'd like to pose a question: what can't open source achieve in the next ten years? I phrase it this way, because it emphasises the fact that free software is likely to achieve much more than we might think. After all, who ten years ago would have been bold enough to predict that IBM - the archetypal conservative corporation - would place GNU/Linux at the heart of its strategy, or that the then-new Java would one day be released under the GNU GPL?"
Disgruntled Debian developers delay Etch (Linux-Watch)Linux-Watch looks at delays in the Debian Etch release. "Debian GNU/Linux 4.0, codenamed Etch, had been due to arrive by December 4, 2006, but it's been delayed because some developers have deliberately slowed down their work."
Trade Shows and Conferences Linux desktop architects map out plans for 2007 (Linux.com)Joe 'Zonker' Brockmeier covers the Desktop Architecture Meeting in Portland, Ore. "One of the priorities coming out of DAM3 is fixing the sound experience on the Linux desktop. Sound is a mess on the Linux desktop, and developers are finally starting to turn their attention to clearing up the muddle. McQuillan says, "By far, the most important thing coming out of DAM3 was the understanding that we need the audio/multimedia system to finally settle down and adopt a single robust API.""
Companies MySQL is NOT abandoning Debian (Linux-Watch)Linux-Watch quashes rumors about losing support for the MySQL dbms on the Debian distribution. "In a note from MySQL AB public relations, a MySQL representative said, "MySQL AB apologizes for any miscommunication that may have implied that the MySQL database does not run on the popular Debian Linux operating system, or that the company does not offer technical support for MySQL Enterprise subscribers using Debian." She continued, "We have a strong commitment to Debian and other forms of Linux - for both open source community developers and corporate enterprises." Further, "The Debian Linux operating system is an active, growing and successful platform for the MySQL database to run on.""
SUSE co-founder returns to Novell (Linux-Watch)Linux-Watch reports that Hubert Mantel has returned to Novell. "Mantel rejoined Novell in the beginning of December. And, according to Novell spokesperson Kevan Barney, he's already hard at work. Mantel is now the team leader of the kernel QA team and he's "back in the swing of things with a full workload.""
Linux at Work CRYPTOCard Protects Linux Network for Over 2000 Schools in the North of England (SYS-CON)SYS-CON Brasil reports on a deal between CRYPTOCard and the Yorkshire & Humber Grid for Learning in which two-factor authentication tokens have been provided for more than 500 people. "The YHGfL network, which runs on a Linux environment to help the not-for-profit organization keep costs down, opted for CRYPTOCards KT-1 two-factor authentication keychain token solution because it was cheaper than other products and could run on open source software."
Interviews Scribus Team in the Spotlight (KDE.News)KDE.News presents an interview with members of the Scribus WYSIWYG page layout application core team. "Q:What do you think about Microsoft's initiative to replace PDF with XPS, the XPS itself and its strategy of semi-opening specs? Is import of OpenXML documents planned to be implemented in Scribus using existing specs? PL:XPS has some interesting features, but as yet, we will have to see what the uptake is. PDF is not going away any time soon, there is too much serious investment at least in the printing industry in PDF. It solves many problems which were painful and expensive to overcome in the past."
Interview: syslog-ng 2.0 developer (Linux.com)Linux.com talks with syslog-ng 2.0 developer Balázs Scheidler. "syslog-ng is an alternative system logging tool, a replacement for the standard Unix syslogd system-event logging application. Featuring reliable logging to remote servers via the TCP network protocol, availability on many platforms and architectures, and high-level message filtering capabilities, syslog-ng is part of several Linux distributions. We discussed the highlights of last month's version 2.0 release with the developer, Balázs Scheidler."
Resources Introduction to NIS, the Network Information Service (Linux.com)Linux.com presents an excerpt from the book Linux Administration Handbook, Second Edition by Evi Nemeth, Garth Snyder, and Trent Hein on the topic of NIS. "NIS, released by Sun in the 1980s, was the first "prime time" administrative database. It was originally called the Sun Yellow Pages, but eventually had to be renamed for legal reasons. NIS commands still begin with the letters yp, so it's hard to forget the original name. NIS was widely adopted among Unix vendors and is supported by every Linux distribution."
Semantic Wikis and Disaster Relief Operations (XML.com)O'Reilly's XML.com has an article on the use of semantic wikis for support disaster response and humanitarian efforts. "Access to timely information is critical for relief operations in emergency situations. Over the last years social-networking web systems, such as wikis, have become more and more sophisticated and can also be applied fruitfully in humanitarian information management. However, a major drawback of the Web currently is that its content is not machine-readable, a shortcoming that is addressed by the Semantic Web approach."
Reviews A survey of Linux file managers (Linux.com)Linux.com takes a look at file managers. "Linux file manager ontogeny encapsulates the history of GNU/Linux. File managers began as command-line and generic graphical tools and progressed to desktop-specific ones, gaining sophistication along the way, with mouse controls, for example, replacing buttons. Today, the more than a dozen options highlighted here will suit users with widely varied interests."
Pepper Pad offers Linux Web tablet for sofa surfing (Buffalo News)The Buffalo News reviews the Linux-based Pepper Pad 3. "Even if the universal remote function had worked, its usefulness would be limited by the Pad's battery life of about two and a half hours. The sleep mode would extend this, but you wouldn't want to wait even 9 seconds for your remote to boot up every time you wanted to pause a DVD. The battery life issue isn't unique to the Pad - it's something that bedevils the whole field. 'Wireless' Web tablets just don't seem that useful if have to keep them plugged in."
KDE 4: the ultimate business desktop? (Computerworld)ComputerWorld takes a look at KDE4. "Since beginning as a one-person project over ten years ago, the fourth generation of the K Desktop Environment (KDE) is poised to be the most business-friendly open source desktop to date with a host of new features ideal for enterprises. KDE 4 is now in rapid development and is scheduled for release sometime next year, with the final date still to be decided."
Top Linux photo managers side-by-side (Linux.com)Linux.com compares the DigiKam, F-Spot, GQview, imgSeek and Picasa photo management applications. "While a full-fledged image editor may be the best way to repair digital photos, most of the time users need only to make minor touch-ups; it is organizing, sorting, and finding a specific photo that eat up all the time. For that task, as is often the case with Linux, you have several options to choose from. Let's take a look at the major photo management applications, and compare them side by side."
Miscellaneous Education, information access top Mellon Foundation award winners (NewsForge)NewsForge looks at the Mellon Foundation award winners. "The Andrew W. Mellon Foundation earlier this month announced the first winners in its planned annual Mellon Awards for Technology Collaboration (MATC), granting 10 recipients cash prizes of $50,000 to $100,000. The awards recognize contributions to open source software that benefit higher education and nonprofit organizations."
SPI to transfer domain names to OSI (NewsForge)NewsForge covers the transfer of the opensource.org domain name to the Open Source Initiative. "However, the issue dates back to 1998, when Bruce Perens left SPI to help found OSI and failed to transfer rights to the domain. The issue has been contentious ever since, with OSI regularly requesting the transfer and many SPI supporters arguing against it on the grounds that OSI was not suitably governed for a non-profit society -- an argument that often seems to have been a front for hostility left over from the original split between the two organizations. Opposition to the transfer seems to be especially strong among Debian developers, the largest and oldest project supported by SPI."
Page editor: Forrest Cook Announcements Non-Commercial announcements Ed Felten joins the EFF boardThe Electronic Frontier Foundation has announced that Ed Felten has joined its board of directors. "My research and EFF's work have often intersected over the years, and I'm very pleased to take the next step and join the board as we strive to keep the digital world innovative, free, and secure."
Free Standards Group picks up accessibility interfaceThe Free Standards Group has announced that it will be maintaining an accessibility interface donated by IBM. "The standardized interfaces, IAccessible2, make it far easier for application developers to provide accessible applications to computer users with disabilities, regardless of their OS platform. IAccessible2 will become a crucial part of the FSG AccessibilityWorkgroup and is available immediately."
GNOME Foundation Elections - Preliminary resultsThe preliminary results for the GNOME Foundation board election are now available. It looks like the winners are Quim Gil, Dave Neary, Jeff Waugh, Glynn Foster, Vincent Untz, Anne Østergaard, and Behdad Esfahbod.
IBM, Top Universities Continue Software Intellectual Property ReformIBM and seven U.S. universities have announced several new open software research projects under a program designed in conformance with the Open Collaboration Research Principles, a set of guidelines announced previously to help promote an open approach to overcome university-industry intellectual property challenges.
Call for Nominations of PSF DirectorsA Call for Nominations has gone out for the Python Software Foundation board of directors. "The Board of Directors of the Python Software Foundation is issuing this call for nominations of new Directors. Self-nominations are the norm, so don't wait for somebody else to nominate you. If you are interested in serving as a Director, please write to psf@python.org. Directors need not be PSF members."
A heads-up to users of relays.ordb.orgEridani Star System has sent an announcement to users of the ORDB.org Open Relay Database that the site is shutting down. "We recommend that, if you have an /etc/mailstripper/badips entry that reads DNS:relays.ordb.org. that it be removed. Although not an open relay database, we've found DNS:zen.spamhaus.org. to be pretty good."
SFLC argues against software patents in the Supreme CourtThe Software Freedom Law Center has sent out a press release describing a brief it has just filed in the U.S. Supreme Court. The relevant case is Microsoft v. AT&T, which may decide whether U.S. patents can be applied overseas. "In its brief, SFLC argues that software copied and distributed outside the United States cannot infringe U.S. patents. The brief also argues that the Federal Circuit's decisions declaring software to be patentable subject matter conflict with Supreme Court precedent and, as such, should be overruled."
Commercial announcements db4objects 6.0 released as a production releasedb4o version 6.0 has been announced. "db4object, creator of the open source object database, announced the production-ready release of db4o Version6.0 which is up to 10x faster and 90% leaner (less memory consumption) than Version 5. Version 6 also supports a new server side cursor technology for deterministic response times when querying in C/S multi-user environments, which allows even more Java and .NET developers to now take advantage of db4os ultra-easy object storage capabilities."
Mandriva to target the Mexican marketMandriva has sent out a press release stating its intent to go after the Mexican software market in a partnership with Datacomms-Genesys. "Recent studies show that about 34% of servers in Mexico will be Linux-based in 2009 and annual usage growth is estimated to be over 10% for upcoming years."
Novell Appoints Volker Smid as President, Novell EMEANovell, Inc. has announced the appointment of Volker Smid as president of Novell EMEA. "With a long career in the software industry, including serving as general manager for Central Europe for Novell since May 2005, Smid brings to the new role strong experience in enterprise software sales. Smid will oversee the full range of Novell's sales and consulting business across Europe, the Middle East and Africa, a key region for Novell. He succeeds Tom Francese, who was promoted to executive vice president of worldwide sales for Novell in October 2006."
Nuts and Scrap available for Linux nowDevilish Games has released Nuts & Scrap for Linux. "It's a commercial/arcade game aimed at casual gamers."
Sillysoft releases Ancient Empires Lux casual strategy gameSillysoft Games has announced the release of the cross-platform game Ancient Empires Lux. "The game lets players take control of the greatest early civilizations of mankind, including Egypt, Greece and Rome. Ancient Empires Lux is a strategy game, but also fits into the "casual games" segment of PC games. It's distributed exclusively online, with a small download size, no load times, and a $20 price."
Digital Media Management: What Developers Should KnowUniversal Electronics has announced their SimpleCenter media management system. "Universal Electronics (UEI) is at the forefront helping developers provide the best possible experience for seamlessly accessing, managing and enjoying all digital media assets from anywhere with its recently unveiled SimpleCenter -- the open alternative to proprietary media management applications. SimpleCenter was designed to help developers deliver the future of digital media management for acquiring, organizing, experiencing, distributing, and sharing music, photos, movies, podcasts, and more. SimpleCenter combines complete multimedia management and wireless device connectivity in a single software program to help developers deliver digital media solutions for automotive, home, and mobile electronics markets."
Solera Networks announces open-source license for DataEcho Web ForensicsSolera Networks, Inc. has announced the release of DataEcho, a web session reconstruction application, under the GNU GPL. "DataEcho reconstructs historical web browsing and email traffic from captured network packets, for monitoring insider security threats and policy compliance. It is a useful adjunct to network protocol analyzers such as Sniffer(TM) or WireShark."
The Turbolinux "wizpy"Turbolinux has announced the upcoming availability (in Japan) of the "wizpy," which appears to be a digital audio player with a USB plug which can be used as a bootable Linux system. "The idea behind this product is that everyone thinks that the operating system has to come with computers. On the other hand, Turbolinux separated the operating system and computers, and created OS portability. By connecting this 60g small device to any computer, wherever you want, you can use 'your own' operating system and 'your own' desktop."
New Books Essential Computer Security - New from Syngress PublishingSyngress has published the book Essential Computer Security by Tony Bradley.
Java and XML, Third Edition - New from O'ReillyO'Reilly has published the book Java & XML, Third Edition by Brett D. McLaughlin and Justin Edelson.
Linux Kernel in a Nutshell - O'Reilly's Latest ReleaseO'Reilly has published the book Linux Kernel in a Nutshell by Greg Kroah-Hartman.
Sams Publishing Releases Red Hat Fedora Core 6 UnleashedSams has published the book Red Hat Fedora Core 6 Unleashed by Andrew Hudson and Paul Hudson.
Resources "BadVista.org": FSF launches campaign against Microsoft VistaThe Free Software Foundation has launched BadVista.org, a campaign with a twofold mission of exposing the harms inflicted on computer users by the new Microsoft Windows Vista and promoting free software alternatives that respect users' security and privacy rights.
Bruce Momjian on how companies can contribute to open sourcePostgreSQL hacker Bruce Momjian has posted an article on how companies can better work with the free software community. "Employees usually circulate their proposal inside their companies first before sharing it with the community. Unfortunately, many employees never take the additional step of sharing the proposal with the community. This means the employee is not benefiting from community oversight and suggestions, often leading to a major rewrite when a patch is submitted to the community."
Contests and Awards VMware Server Named a Top Product of 2006VMware, Inc. has announced the winning of an eWEEK Labs top products of 2006 award. ""It's tough to find much to dislike about VMware's server virtualization product: VMware Server 1.0 makes it very easy to turn a single physical machine into several virtual ones-each capable of running pretty much any x86-based operating system out there," said Jason Brooks of eWEEK Labs. "VMware Server also is a great example of how a piece of software can run very well on both Linux and Windows hosts. What's more, the product is available with optional support from VMware, and it boasts a graceful path for scaling upward -- to VMware ESX Server -- or downward -- to VMware Player. Oh, and it's free.""
Education and Certification Python training in ColoradoA Python training class will be held in Colorado. "Python author and trainer Mark Lutz will be teaching another 3-day Python class at a conference center in Longmont, Colorado, on January 23-25, 2007. This is a public training session open to individual enrollments, and covers the same topics as the 3-day onsite sessions that Mark teaches, with hands-on lab work."
Calls for Presentations FISL 8.0 CFPA call for papers has gone out for the 8th International Free Software Forum (FISL). The event will take place in Porto Alegre, Rio Grande do Sul, Brazil on April 12-14, 2007, submissions are due by December 31.
HITBSecConf2007 - Dubai - Call for Papers now open!The call for papers for the upcoming Hack in The Box Security Conference 2007 - Dubai is now open. HITBSecConf2007 - Dubai will take place at The Sheraton Creek hotel and will run from the 2nd till the 5th of April 2007. The call for papers is open until February 1, 2007.
sambaXP - call for papersA call for papers has gone out for the sixth international SAMBA conference, sambaXP 2007. The event will take place in Goettingen, Germany on April 23-25, 2007, submissions are due by February 5.
Where 2.0 Conference call for participation is openA call for participation has gone out for the O'Reilly Where 2.0 Conference. The event will be held at the Fairmont in San Jose, California on May 29-30, 2007. Proposals are due by January 5. "The O'Reilly Where 2.0 Conference brings together the people, projects, and issues building the new technological foundations and creating value in the location industry. The Where 2.0 call for participation is now open and the program committee is seeking speakers to debate and discuss what's viable in the location space now, and what's lurking just below the radar."
Upcoming Events Events: December 28, 2006 to February 26, 2007The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it. Audio and Video programs Video: Lars Knoll and George Staikos on KHTML and WebKit (KDE.News)KDE.News mentions the availability of a video interview with Lars Knoll and George Staikos. "Yahoo! user interface blog hosts an interview video with Lars Knoll and George Staikos on KHTML and WebKit. The video features the history of Konqueror (first 10 minutes) as well as the current development situation (next 10 minutes), an outlook about the possible future and of course a short demo presenting Qt4-WebKit accessing the Yahoo! page and rendering it nicely (last 10 minutes). You need Flash to view the page".
Page editor: Forrest Cook
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[GDB]](/images/ns/gdbfish.png)
One of the more powerful capabilities of GDB is the ability to debug
programs running on a