LWN.net Weekly Edition for February 20, 2003
The trojaning of mICQ
The story, it seems, is this: Rüdiger Kuhlmann, the maintainer of mICQ, had a disagreement with Martin Loschwitz, the maintainer of the Debian mICQ package, on how that package should be built. Mr. Kuhlmann complained that an old version of mICQ was shipped, that it contained bugs which had been fixed upstream, and that his name had been removed from the copyright file. The disagreement had apparently been going on for a while.Mr. Kuhlmann decided that enough was enough, and he was going to take some action. As of mICQ 0.4.10.1, the code will, when built for the Debian distribution, print out a message which says some unflattering things about Mr. Loschwitz and encourages use of a different version; the program then exits. In other words, when built for Debian, mICQ thumbs its nose at the user and refuses to run. To help ensure that this code got into the official Debian version, it was written in an obfuscated manner, set to trigger only after February 11, and only if it was not being run by Mr. Loschwitz. For the curious, here is a posting containing the code in question.
In response, Mr. Loschwitz called for the removal of mICQ from the Debian distribution and started a generally impressive flamewar. After some time, the two parties actually started talking to each other; summaries from Mr. Kuhlmann and Mr. Loschwitz have been posted. The resolution involves fixing the packaging issues and the removal of the anti-Debian code. The mICQ package will also be removed from Debian until a security audit is performed and a new maintainer is found. The situation would appear to have been resolved.
The whole thing has, however, left a bad taste in the mouths of many Debian
developers.
According to some, Debian was subjected to a trojan horse/denial of service
attack, and they are not happy about it. Mr. Kuhlmann denies this, of
course ("In fact, I only added dead code. It was you who #ifdef'd it
in - not knowingly, but anyway.
"), but this code, even described in
more friendly terms ("easter egg," say), is the sort of thing that does not
often happen in the free software world. Free software users like to think
they have a bit more control over their systems than that.
(It's not completely unheard of, though - GNU emacs used to greet
Symbolics users with the message "In doing business with Symbolics, you are
rewarding a wrong.")
Much of the discussion was concerned with what Mr. Kuhlmann could have done with this piece of stealth code. Such speculation is a bit off-topic, given that, as far as anybody can tell, there are no evil or destructive trojans coded into mICQ. In the context of a wider discussion, however, this episode does raise a scary issue. The mICQ code was slipped into a major distribution, seemingly with great ease. The code was relatively harmless, but, next time, it might not be. Access to source code decreases our vulnerability to this sort of attack; proprietary software, after all, can have anything in it. It is hard to imagine anybody being able to hide a flight simulator inside a free spreadsheet application. But anybody who believes that having the source makes us invulnerable to this kind of trojan is clearly mistaken. With suitably clever coding, great nastiness can be hidden in seemingly innocuous code. The resources to audit all of our code at the level of detail required to find small trojans simply don't exist.
Perhaps, in the future, tools like the Stanford Checker can be turned to the task of finding suspicious code in source distributions. For now, though, we have to remain on our guard. This kind of thing will happen again, and, next time, the results may not be so benign.
The Embedded Linux Consortium Platform Specification
The Embedded Linux Consortium has announced the launch of the ELC Platform Specification (ELCPS). The ELCPS was developed with input from numerous companies including IBM, LynuxWorks, Panasonic, Samsung, MontaVista, K Computing, Red Hat, WiPro, Hacom, and FSM Labs; its purpose is to encourage interoperability across embedded Linux systems. Those wanting the details can grab a copy of the specification in PDF format; for everybody else, here is a quick summary of what the ELCPS is trying to do.The ELCPS is heavily influenced by the Linux Standard Base, POSIX, and the Single Unix Specification. However, it restricts itself to the programming environment (and, in particular, to which functions should be available) and is not concerned with the user experience side of things. It is assumed that the user of an embedded system will not be worried about which shells are available.
Of course, not all embedded systems are the same; the capabilities needed by a web-enabled phone handset or point of sale system will be different from, say, an elevator controller. So the ELCPS defines three levels of environment, each of which has different requirements.
- The minimal system environment is the bottom end; systems
running in this mode may not deal directly with users, and may not
even need a filesystem. ELCPS-compliant systems at this level should
provide the basic C environment, signals, basic locking, and threads -
but they do not necessarily have to be able to run more than one
process.
- The intermediate system environment adds several things,
including filesystem support, asynchronous I/O, dynamic libraries,
multiple processes, inter-process communication, wide character
support, and more.
- The full system environment is "essentially equivalent to a LSB 1.2 system," except that there is still no specification of which programs should be available. At this level, the environment should provide full floating-point math support, job control, networking, basic shell functions, system logging, password functions, and so on.
There are a couple of interesting omissions from the first version of the ELCPS. One is in the area of real-time programming. According to the specification, there is no clear standard for real-time programming in the Linux world. The LSB does not specify real-time functionality, and the POSIX real-time standards are still in flux. The specification makes no mention of the fact that serious real-time Linux programming tends to be done by way of RTLinux or RTAI, neither of which is standard in any way, but that situation has to have discouraged attempts to standardize real-time Linux functionality as well.
The specification also had to punt on thread support, since real POSIX threads implementations for Linux are still hard to come by. That situation should be rectified when the 2.6 kernel, with its greatly improved threading support, becomes available.
The Embedded Linux Consortium will eventually set up a certification program for ELCPS compliance.
The ELCPS is another sign that the embedded Linux community (and Linux in general) is growing up. Embedded Linux, in particular, has been subject to the sort of fragmentation that creates worry among technology pundits and corporate managers; the ELCPS should help those people to worry a bit less. By using embedded Linux, manufacturers are already able to free themselves from proprietary platforms and royalty payments. The ELCPS should make these manufacturers more confident that they will not find themselves locked into a single vendor. And that, of course, should be good for the Embedded Linux market as a whole.
Lindows sells virus protection
Lindows.com has announced a new offering for its distribution: for $29/year, Lindows users can run the new "VirusSafe" utility which protects the system from viruses. It seems like a reasonable product: other desktop systems have had anti-virus applications for years. And, apparently, virus protection is at the top of the list of features requested by Lindows users.There's only one problem: Linux viruses are rather hard to find. In fact, the list of "in the wild" Linux viruses that have actually infected systems is short - there are none. The case of SirCam infection via Wine is, if anything, the exception that proves the rule. It demonstrates how far one has to go to infect a Linux system - and, even then, the virus was not able to propagate.
A Linux-based virus is not impossible; one could imagine, say, a hostile email message which, taking advantage of a fetchmail buffer overflow, managed to spread itself over the net. But the fact is that this sort of thing simply does not happen. Linux systems are harder to break into, and they are better at containing the effects of breaches that do occur. When a program is found to allow unpleasant things like arbitrary command execution (as in the recent vim modeline vulnerability), it gets fixed in a hurry rather than being presented as a feature.
So we thought it might be worthwhile to ask Lindows exactly what it is defending its users against. What virus (or other) infections would have been presented by running VirusSafe on a target system? Unfortunately, Lindows did not respond to repeated inquiries, so we are left having to guess.
Lindows, perhaps, is defending its users against the fear of running systems without virus scanners installed. It is difficult to explain to users why they probably do not need explicit virus protection; and, besides, it seems they are willing to pay for that protection whether they need it or not. As a business plan, it may make some sense - as long as you don't mind selling your customers something they almost certainly do not need.
Security
Brief items
The National Strategy to Secure Cyberspace
[This article was contributed by Tom Owen]
The Friday release of the National Strategy to Secure Cyberspace may have been overshadowed by the recent departure of Richard Clarke, President Bush's Cybersecurity advisor. It certainly didn't get a big build up. But now we have the "final" version of what will doubtless be a continuously evolving strategy.The draft released in September generated apathy and dismissal after widespread unsourced reports of tech firms lobbying to remove references to insecure "out of the box" configurations and wireless hazards. The biggest change over the draft is external: the Department of Homeland Security (DHS) now exists, with a budget and a head, and by far the majority of the action items fall on it.
The strategic objective is clear:
as is the purpose of the document:
The core of the strategy is the five national priorities
- A security response system
- A threat & vulnerability reduction system
- A Security awareness and training program
- Security within government operations
- National and International security co-operation
Some consistent themes inform the discussion of all priorities:
- The threat is real: the US depends on the integrity of cyberspace, and that integrity can now be undone by enemies.
- Most of what's needed is outside the scope of Government: beyond protecting its own operations and the commons, the work has to be done by corporations, colleges and the public.
- Public and private can, must, work together
- Privacy and liberty must be protected. It's not that prominent, but it's a pleasant surprise to see it at all.
Regarding the called-for national security response system:
The plan appears to be mandating DHS to co-ordinate between Government agencies, and academic and private sector agents. Obvious candidates would include CERT, the AV vendors' labs, disaster recovery providers and perhaps operators like Bugtraq.
The challenge is twofold. Firstly, to co-ordinate their work on attacks and vulnerabilities, before and even -- using fax, conferencing and and voicemail -- during an attack, and secondly, to ensure that the private sector is using the resources created. It appears that there will be an effort to remove antitrust obstacles to this co-operation.
Responding to security incidents is important, but so is preventing those incidents before they happen. The strategy asks private and government agencies to communicate better to find and protect against potential problems. Even before the recent "Slammer" worm, others like Nimda and Code Red had made it clear that threats, once released, spread faster than fixes. So it is important to find and fix vulnerabilities before they are exploited.
One stand out point is a clear intention to use criminal justice more aggressively: this might be a good time to stop writing stupid viruses for fun. The strategy gets more specific here. Examples of the work planned include
- Improving infrastructure: the Commerce Deptartment's review of a national transition to IPv6 and the DHS's intention to bang heads together to get progress on securing DNS and BGP, together with longer term efforts to to add source address verification and secure out-of-band management to the Internet
- Securing plant and equipment control networks to exclude terrorists from air-traffic control, dams and chemical plants.
- Addressing software vulnerabilities: establishing a neutral clearinghouse, with, interestingly, a national policy defining appropriate vulnerability disclosure, central testing for patches to Government systems, and promotion of tools and best practice for patch distribution.
Then, there is the call for a national security awareness and training program. This priority addresses a slightly broader range than most. The traditional targets for security training: users, admins and developers, are there, but the plan goes further:
Getting these people trained is not going to be easy. School curricula, awareness programs and certification and the other plan items can reach professionals and users, but getting informed discussion between corporate policymakers at the country club will take something more -- there may be a role for the insurers here.
Of course, the government must also worry about cleaning up its own act, so it is not surprising to see internal security as an important part of this plan. The plan in this area is blandly conventional, revealing that government practice is no better than the private sector. One of the few mentions of a specific technology, wireless, occurs under this heading.
The last item (national and international security coordination) seems like a bland commitment to improve international co-operation, encouraging foreign countries to achieve effective criminal law and participate in information-sharing programs. But early on comes this jaw-dropper:
The strategy doesn't expand on this point, and responsibility for that action falls on no specific agency, but when it happens, it'll be on the evening news.
Given the source, the document as a whole is at least as good as could have been hoped. Part of the value comes from what's left out:
- Theres no hysteria about encryption or crackers
- No plan to wall off the US and unplug those nasty foreigners
- No dramatic legislative program
- No mandation or prohibition of specific technologies and vendors
High-level strategic planning can be used to hide a lot of vagueness and unreality, as the broad scope needed in the language and objectives makes it hard to visualise what is intended. This hasn't happened here. The Department of Homeland Security's interest in the network comes into clearer focus. Some of the organisations and networks which will protect cyberspace are making their first appearance here. And we can see that some people are asking the right questions.
February CRYPTO-GRAM Newsletter
Bruce Schneier's CRYPTO-GRAM newsletter for February is out. It looks at Matt Blaze's lock-picking disclosure (and the reaction to it), SQL Slammer worm notes, the importance of authentication, and more. "I'd rather have as much information as I can to make an informed decision about security. I'd rather have the information I need to pressure vendors to improve security. I don't want to live in a world where locksmiths can sell me a master key system that they know doesn't work or where the government can implement security measures without accountability."
New vulnerabilities
mailman: mailman 2.1 cross site scripting vulnerabilities
| Package(s): | mailman | CVE #(s): | |||||
| Created: | February 18, 2003 | Updated: | February 19, 2003 | ||||
| Description: | The email variable and the default error page in mailman 2.1 contains
cross site scripting vulnerabilities.
Read the the full advisory for the details. | ||||||
| Alerts: |
| ||||||
nethack: buffer overflow
| Package(s): | nethack, slashem, falconseye | CVE #(s): | CAN-2003-0358 CAN-2003-0359 | ||||||||||||||||||||
| Created: | February 18, 2003 | Updated: | July 15, 2003 | ||||||||||||||||||||
| Description: | Overflowing a buffer in nethack may lead to privilege escalation to games
uid.
Read the the full advisory for the details. Note that falconseye does not contain the file permission error CAN-2003-0359 which affected some other nethack packages. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
OpenSSL: plaintext exposure vulnerability
| Package(s): | openssl | CVE #(s): | CAN-2003-0078 | ||||||||||||||||||||||||||||||||||||
| Created: | February 19, 2003 | Updated: | March 6, 2003 | ||||||||||||||||||||||||||||||||||||
| Description: | A vulnerability has been found in OpenSSL that, given the right conditions, could lead to the exposure of transactions in plain text. This problem looks difficult to exploit (it requires a man-in-the-middle attack, among other things), but one can't be too sure, so the OpenSSL project has released versions 0.9.7a (with the fix and some new features) and 0.9.6i (with fixes only). See the announcement for details. | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
pam_xauth: root exploit
| Package(s): | pam_xauth | CVE #(s): | CAN-2002-1160 | ||||||||||||
| Created: | February 13, 2003 | Updated: | July 10, 2003 | ||||||||||||
| Description: | The pam_xauth module is used to forward xauth information from user to user
in applications such as 'su'.
Andreas Beck discovered that versions of pam_xauth supplied with Red Hat Linux since version 7.1 would forward authorization information from the root account to unprivileged users. This could be used by a local attacker to gain access to an administrator's X session. In order to exploit this vulnerability, the attacker would have to get the administrator, as root, to use su to the account belonging to the attacker. | ||||||||||||||
| Alerts: |
| ||||||||||||||
php: arbitrary file access and code execution
| Package(s): | php, mod_php | CVE #(s): | |||||||||
| Created: | February 18, 2003 | Updated: | February 19, 2003 | ||||||||
| Description: | Kosmas Skiadopoulos discovered a serious security vulnerability [0] in the
CGI SAPI of PHP version 4.3.0. PHP [1] contains code for preventing direct
access to the CGI binary with configure option
"--enable-force-cgi-redirect" and php.ini option "cgi.force_redirect". In
PHP 4.3.0 there is a bug which renders these options useless. Please note
that this bug does NOT affect any of the other SAPI modules such as the
Apache or ISAPI modules.
Anyone with access to websites hosted on a web server which employs the CGI module may exploit this vulnerability to gain access to any file readable by the user under which the webserver runs. A remote attacker could also trick PHP into executing arbitrary PHP code if attacker is able to inject the code into files accessible by the CGI. This could be for example the web server access-logs.
References: | ||||||||||
| Alerts: |
| ||||||||||
syslinux: security issues in installer
| Package(s): | syslinux | CVE #(s): | |||||
| Created: | February 18, 2003 | Updated: | February 19, 2003 | ||||
| Description: | From the syslinux changelog:
"Security flaws have been found in the SYSLINUX installer when running setuid root. Rewrite the SYSLINUX installer so it uses mtools instead. It therefore now requires mtools (specifically mcopy and mattrib) to exist on your system, but it will not require root privileges and SHOULD NOT be setuid." | ||||||
| Alerts: |
| ||||||
util-linux: predictable mcookie results
| Package(s): | util-linux | CVE #(s): | |||||
| Created: | February 14, 2003 | Updated: | February 19, 2003 | ||||
| Description: | The util-linux package provides the mcookie utility, a tool for generating random cookies that can be used for X authentication. The util-linux packages that were distributed with Mandrake Linux 8.2 and 9.0 had a patch that made it use /dev/urandom instead of /dev/random, which resulted in the mcookie being more predictable than it would otherwise be. This patch has been removed in these updates, giving mcookie a better source of entropy and making the generated cookies less predictable. Thanks to Dirk Mueller for pointing this out. | ||||||
| Alerts: |
| ||||||
Resources
Egress filtering for a healthier Internet.
This issue of "Linux Security: Tips, Tricks, and Hackery" looks at egress filtering as a way of protecting the net against mass attacks.
Events
The First Honeyd Challenge
The first Honeyd Challenge has been announced along with the 0.5 release of the Honeyd virtual honeypot system. "The goal of this challenge is to develop interesting feature additions to Honeyd. Possible improvements are forensic analysis tools for Honeyd log files, passive fingerprinting of connections, realistic routing topologies, etc."
ACNS 2003
The first MiAn International Conference on Applied Cryptography and Network Security will be held October 16 to 19 in Kunming, China. The submission deadline is May 1 for those who would like to present there.NSPW 2003 Call For Papers
The New Security Paradigms Workshop 2003 will be held August 18 to 21 in Ascona, Switzerland. The Call For Papers has gone out, with a submission deadline of April 4.
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current development kernel is 2.5.62, which was released by Linus on February 17. It included a new version of the dentry cache which uses read-copy-update for lockless file lookups, a number of architecture updates, some kbuild fixes (including module alias and device table support), more signal cleanup work, and (a classic sign that the freeze is progressing) lots of spelling fixes. The long-format changelog has the details.2.5.61 was released on February 14. Changes in this release include a number of SCSI driver fixes, an x86-64 merge, a new set of AGP changes, some ACPI work, an SCTP update, and, of course, numerous other fixes. Once again, see the long-format changelog for the details.
Linus's (pre-2.5.63) BitKeeper tree contains, as of this writing, the longstanding POSIX timers patch (but without the high-resolution timers), a new set of IDE changes (see below), updates for obscure architectures (Visual Workstation, v850, m68k-nommu), an ACPI update (including the license change to dual BSD/GPL), and another big set of spelling fixes.
The current stable kernel is 2.4.20; there have been no 2.4.21 prepatches issued over the last week.
Alan Cox has released the fourth 2.2.24 release candidate.
Kernel development news
Synchronous signal handling
While fixing various problems in the signal handling code of recent kernels, Linus evidently decided to take a stab at the issue of signal handling races. The result was this patch implementing a prototype of a new signal handling mechanism. The idea needs some fleshing out before it might be merged into the kernel, but it has attracted a certain amount of interest among the developers.The patch adds a new sigfd() system call:
int sigfd(sigset_t *mask, unsigned long flags);
The system call returns a file descriptor which will report on the set of signals found in the given mask (the flags argument is not used for now). A process reading from the file descriptor will receive a structure describing one signal which was delivered to the process; it will block if there are no outstanding signals.
This approach offers some advantages. Since signals are queued up and read one at a time, they can be dealt with in an orderly manner. The user-space application need not worry about races between signal handlers and other code. The signal file descriptor can also be used with the select() and poll() system calls, allowing signal handling to be folded into application event processing loops. An application can even pass the file descriptor to another process, should there be, for some reason, a desire to let that other process listen in on the first process's signals.
There was some immediate discussion of expanding this interface into a more generic event-handling mechanism. For example, timer events, asychronous I/O events, etc. could also be delivered via the same file descriptor. Linus stated that, to an extent, expanding the interface is what the flags argument was intended for. He doesn't want to put too much into this interface, however:
Looking at the patch, a few developers commented on how much of it is really just boilerplate filesystem and inode code. It has to be there to make the file descriptor work, but really has little to do with the task at hand. Much of that code is duplicated with other subsystems which have to make "virtual" file descriptors. Davide Libenzi responded to this observation with a patch implementing a new, shared, "virtual filesystem" capability. If some variant of that patch goes in, it has the potential of ridding the kernel of a fair amount of tedious and error-prone code duplication.
A new round of IDE patches
After a long pause, a new set of IDE patches has found its way into Linus's pre-2.5.63 BitKeeper tree. Most of these patches have been around for a while (in the 2.4-ac tree), but Alan Cox has not felt that 2.5.x was stable enough to attempt new IDE work. Now that things are working a little better, the patches are flowing again.
The new generation of IDE changes is rather more restrained than last
year's "cleanup" effort. Changes that have gone in this time around
include cleaning out some old data structures that were either unused or
did not suit the purpose to which they were being put. Some improved
locking has been put in place, and the handling of missing drives
(i.e. PCMCIA drives which are removed by the user) has been improved -
though work remains to be done in that area. There is also a new
ide_execute_command() function which is meant to be the way
commands are passed down to drives in the future. For now, though, it is
only used for CD drives ("As with 2.4 I want it to
run for a bit on read only media first
".)
The IDE work is one of the more prominent entries remaining on the "todo" list for 2.5. Given the need to proceed slowly (it really is no fun to ship a kernel with broken IDE), this work may take some time yet. So it's good to see the patches finding their way into Linus's tree again.
GFP_KERNEL or SLAB_KERNEL?
The low-level kernel memory allocation functions take a set of flags describing how that allocation is to be performed. Among other things, these GFP_ ("get free page") flags control whether the allocation process can sleep and wait for memory, whether high memory can be used, and so on. See this article for the full set.The kernel slab allocator is an additional layer built on top of the low-level code; it handles situations where numerous objects of the same size are frequently allocated and freed. The slab code, too, has a set of flags describing how memory allocation is to happen. They look suspiciously like the low-level flags, but they have different names; instead of GFP_KERNEL, for example, user of the slab code are expected to say SLAB_KERNEL.
Underneath it all, however, the two sets of flags are the same. As a result, many calls to the slab code just use the GFP_ flags, rather than the SLAB_ flags. William Lee Irwin decided it was time to fix that; he posted a patch converting several slab users over to the SLAB_ flags. It looked like a fairly standard, freeze-stage kernel cleanup.
The question came up, however: why bother? Not everybody, it seems, thinks that the separate SLAB_ flags are worth the trouble. William responded with another patch which gets rid of the SLAB_ flags altogether. So far, neither patch has been merged. But they do raise a worthwhile question: why do we need a separate set of flags if the callers have nothing different to say?
Driver porting
New additions to the driver porting series
The LWN.net series on porting drivers (and other kernel code) to the 2.5 kernel continues this week with three new articles. Two of them (on low-level memory allocation and per-CPU variables) appear below; the third (an updated description of the seqlock mechanism) is available but won't be included inline here. As always, the full series can be found at http://lwn.net/Articles/driver-porting/.Driver porting: low-level memory allocation
| This article is part of the LWN Porting Drivers to 2.6 series. |
Allocation flags
The old <linux/malloc.h> include file is gone; it is now necessary to include <linux/slab.h> instead.The GFP_BUFFER allocation flag is gone (it was actually removed in 2.4.6). That will bother few people, since almost nobody used it. There are two new flags which have replaced it: GFP_NOIO and GFP_NOFS. The GFP_NOIO flag allows sleeping, but no I/O operations will be started to help satisfy the request. GFP_NOFS is a bit less restrictive; some I/O operations can be started (writing to a swap area, for example), but no filesystem operations will be performed.
For reference, here is the full set of allocation flags, from the most restrictive to the least::
- GFP_ATOMIC: a high-priority allocation which will not sleep;
this is the flag to use in interrupt handlers and other non-blocking
situations.
- GFP_NOIO: blocking is possible, but no I/O will be
performed.
- GFP_NOFS: no filesystem operations will be performed.
- GFP_KERNEL: a regular, blocking allocation.
- GFP_USER: a blocking allocation for user-space pages.
- GFP_HIGHUSER: for allocating user-space pages where high memory may be used.
The __GFP_DMA and __GFP_HIGHMEM flags still exist and may be added to the above to direct an allocation to a particular memory zone. In addition, 2.5.69 added some new modifiers:
- __GFP_REPEAT
This flag tells the page allocater to "try harder," repeating failed
allocation attempts if need be. Allocations can still fail, but
failure should be less likely.
- __GFP_NOFAIL
Try even harder; allocations with this flag must not fail. Needless
to say, such an allocation could take a long time to satisfy.
- __GFP_NORETRY Failed allocations should not be retried; instead, a failure status will be returned to the caller immediately.
The __GFP_NOFAIL flag is sure to be tempting to programmers who would rather not code failure paths, but that temptation should be resisted most of the time. Only allocations which truly cannot be allowed to fail should use this flag.
Page-level allocation
For page-level allocations, the alloc_pages() and get_free_page() functions (and variants) exist as always. They are now defined in <linux/gfp.h>, however, and there are a few new ones as well. On NUMA systems, the allocator will do its best to allocate pages on the same node as the caller. To explicitly allocate pages on a different NUMA node, use:
struct page *alloc_pages_node(int node_id,
unsigned int gfp_mask,
unsigned int order);
The memory allocator now distinguishes between "hot" and "cold" pages. A hot page is one that is likely to be represented in the processor's cache; cold pages, instead, must be fetched from RAM. In general, it is preferable to use hot pages whenever possible, since they are already cached. Even if the page is to be overwritten immediately (usually the case with memory allocations, after all), hot pages are better - overwriting them will not push some other, perhaps useful, data from the cache. So alloc_pages() and friends will return hot pages when they are available.
On occasion, however, a cold page is preferable. In particular, pages which will be overwritten via a DMA read from a device might as well be cold, since their cache data will be invalidated anyway. In this sort of situation, the __GFP_COLD flag should be passed into the allocation.
Of course, this whole scheme depends on the memory allocator knowing which pages are likely to be hot. Normally, order-zero allocations (i.e. single pages) are assumed to be hot. If you know the state of a page you are freeing, you can tell the allocator explicitly with one of the following:
void free_hot_page(struct page *page);
void free_cold_page(struct page *page);
These functions only work with order-zero allocations; the hot/cold status of larger blocks is not tracked.
Memory pools
Memory pools were one of the very first changes in the 2.5 series - they were added to 2.5.1 to support the new block I/O layer. The purpose of mempools is to help out in situations where a memory allocation must succeed, but sleeping is not an option. To that end, mempools pre-allocate a pool of memory and reserve it until it is needed. Mempools make life easier in some situations, but they should be used with restraint; each mempool takes a chunk of kernel memory out of circulation and raises the minimum amount of memory the kernel needs to run effectively.To work with mempools, your code should include <linux/mempool.h>. A mempool is created with mempool_create():
mempool_t *mempool_create(int min_nr,
mempool_alloc_t *alloc_fn,
mempool_free_t *free_fn,
void *pool_data);
Here, min_nr is the minimum number of pre-allocated objects that
the mempool tries to keep around. The mempool defers the actual allocation
and deallocation of objects to user-supplied routines, which have the
following prototypes:
typedef void *(mempool_alloc_t)(int gfp_mask, void *pool_data);
typedef void (mempool_free_t)(void *element, void *pool_data);
The allocation function should take care not to sleep unless __GFP_WAIT is set in the given gfp_mask. In all of the above cases, pool_data is a private pointer that may be used by the allocation and deallocation functions.
Creators of mempools will often want to use the slab allocator to do the actual object allocation and deallocation. To do that, create the slab, pass it in to mempool_create() as the pool_data value, and give mempool_alloc_slab and mempool_free_slab as the allocation and deallocation functions.
A mempool may be returned to the system by passing it to mempool_destroy(). You must have returned all items to the pool before destroying it, or the mempool code will get upset and oops the system.
Allocating and freeing objects from the mempool is done with:
void *mempool_alloc(mempool_t *pool, int gfp_mask);
void mempool_free(void *element, mempool_t *pool);
mempool_alloc() will first call the pool's allocation function to satisfy the request; the pre-allocated pool will only be used if the allocation function fails. The allocation may sleep if the given gfp_mask allows it; it can also fail if memory is tight and the preallocated pool has been exhausted.
Finally, a pool can be resized, if necessary, with:
int mempool_resize(mempool_t *pool, int new_min_nr, int gfp_mask);
This function will change the size of the pre-allocated pool, using the given gfp_mask to allocate more memory if need be. Note that, as of 2.5.60, mempool_resize() is disabled in the source, since nobody is actually using it.
Driver porting: per-CPU variables
| This article is part of the LWN Porting Drivers to 2.6 series. |
- Per-CPU variables have fewer locking requirements since they are
(normally) only accessed by a single processor. There is nothing
other than convention that keeps processors from digging around in
other processors' per-CPU data, however, so the programmer must remain
aware of what is going on.
- Nothing destroys cache performance as quickly as accessing the same data from multiple processors. Restricting each processor to its own area eliminates cache line bouncing and improves performance.
Examples of per-CPU data in the 2.6 kernel include lists of buffer heads, lists of hot and cold pages, various kernel and networking statistics (which are occasionally summed together into the full system values), timer queues, and so on. There are currently no drivers using per-CPU values, but some applications (i.e. networking statistics for high-bandwidth adapters) might benefit from their use.
The normal way of creating per-CPU variables at compile time is with this macro (defined in <linux/percpu.h>):
DEFINE_PER_CPU(type, name);
This sort of definition will create name, which will hold one object of the given type for each processor on the system. If the variables are to be exported to modules, use:
EXPORT_PER_CPU_SYMBOL(name);
EXPORT_PER_CPU_SYMBOL_GPL(name);
If you need to link to a per-CPU variable defined elsewhere, a similar macro may be used:
DECLARE_PER_CPU(type, name);
Variables defined in this way are actually an array of values. To get at a particular processor's value, the per_cpu() macro may be used; it works as an lvalue, so so code like the following works:
DEFINE_PER_CPU(int, mypcint);
per_cpu(mypcint, smp_processor_id()) = 0;
The above code can be dangerous, however. Accessing per-CPU variables can often be done without locking, since each processor has its own private area to work in. The 2.6 kernel is preemptible, however, and that adds a couple of challenges. Since kernel code can be preempted, it is possible to encounter race conditions with other kernel threads running on the same processor. Also, accessing a per-CPU variable requires knowing which processor you are running on; it would not do to be preempted and moved to a different CPU between looking up the processor ID and accessing a per-CPU variable.
For both of the above reasons, kernel preemption usually must be disabled when working with per-CPU data. The usual way of doing this is with the get_cpu_var and put_cpu_var macros. get_cpu_var works as an lvalue, so it can be assigned to, have its address taken, etc. Perhaps the simplest example of the use of these macros can be found in net/socket.c:
get_cpu_var(sockets_in_use)++; put_cpu_var(sockets_in_use);
Of course, since preemption is disabled between the calls, the code should take care not to sleep. Note that there is no version of these macros for access to another CPU's data; cross-processor access to per-CPU data requires explicit locking arrangements.
It is also possible to allocate per-CPU variables dynamically. Simply use these functions:
void *alloc_percpu(type);
void free_percpu(const void *);
alloc_percpu() will allocate one object (of the given type) for each CPU on the system; the allocated storage will be zeroed before being returned to the caller.
There is another set of macros which may be used to access per-CPU data obtained with kmalloc_percpu(). At the lowest level, you may use:
per_cpu_ptr(void *ptr, int cpu)
which returns (without any concurrency control) a pointer to the per-CPU data for the given cpu. For access to a local processor's data, with preemption disabled, use:
get_cpu_ptr(ptr)
put_cpu_ptr(ptr)
With the usual proviso that you do not sleep between the two.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Janitorial
Memory management
Networking
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
A Knoppix for the masses FAQ
Karsten M. Self has burned a spool of CDs with the v3.1 1-2003-20-EN Knoppix release, and he's been passing them out to masses. Now he would like some input on packaging and especially on a FAQ to go with the CD. There is a version of the FAQ in the story below, and an updated FAQ here.
Distribution News
Debian GNU/Linux
Here is the Debian Weekly News for February 11, 2003. This issue covers GNOME and KDE participation in the Free Desktop Project, the Turbo Desktop Environment aimed at users with older computers who still want to run a proper desktop, and much more.Four candidates have been nominated for Debian Project Leader; Moshe Zadka, Bdale Garbee, Martin Michlmayr and Branden Robinson. Platforms for these candidates can be found here. The campaigning period will last until March 7, when voting will begin.
Here's a note about the Debian Project's participation in the Desktop Linux Summit, February 20 - 21, 2003.
The results of the Debian security survey (which tried to get a handle on how long Debian 'potato' users needed security updates) have been released. The end result seems to be that potato will continue to have security updates through the end of June.
The Debian Weekly News for February 17, 2003 is available. In addition to the FLOSS report sponsored by the European Commission, researchers at Stanford University's Institute for Economic Policy Research designed another survey and asked the community for its assistance. If you have ever wondered whether (GNU/)Linux was the only new and free operating system recently begun, take a look at ReactOS, which aims to implement a free version of NT.
Gentoo Linux
Here's the Gentoo Weekly Newsletter for February 17, 2003. This week: Catch Gentoo Zetagrid fever; New rsync mirrors; Gnome 2.2 now in Portage; and more.If you've had trouble installing the latest KDE packages you'll be interested in this fix (bug #15593).
Lycoris Linux available at Walmart
Lycoris has sent out an announcement stating that a boxed set with the Lycoris Desktop/LX distribution is now available via Walmart.com. The "ProductivityPak" and "GamePak" packages are also available.Red Hat Linux
Red Hat has released an updated version of Phoebe, the latest Red Hat Linux beta. The release updates the kernel and glibc. Phoebe also has GNOME 2.2, KDE 3.1 and "many many many many bugfixes".
Slackware Linux
The slackware-current change log shows an upgrade to linux-2.4.20, and a few installer changes, among many others.Trustix Secure Linux
Trustix has released Trustix Secure Linux 2.0 Techology Preview 2 nicknamed Forecast. "Being a technology preview it is not suitable for production use nor to be considered maintained regarding security. We release this distribution to give you a chance to test and comment on it before it evolves into TSL 2.0. We also wish to thank those who tested and gave us valuable feedback on the previous technology preview."
SCO Linux
The SCO Group has announced that SCO Linux 4.0, powered by UnitedLinux, has been certified with the latest edition of IBM DB2, Version 8.1.
New Distributions
Freeduc
The Organization for Free Software in Education and Teaching (OFSET) has produced Freeduc, a Knoppix/Debian-based Linux system with educational software, all on one bootable CD-ROM. Version 1.1 of the Freeduc CD-ROM was released November 5, 2002. Freeduc has joined the Education section of the Distributions list.
Minor distribution updates
2-Disk Xwindow embedded Linux
2-Disk Xwindow embedded Linux has released v1.0.0 (Source code). This is the first source release.Astaro Security Linux
Astaro Security Linux has released stable 4.000 with major feature enhancements. "Changes: The key features of this release are heuristic spam protection, PPPoE and PPPoA DSL dial-up, faster and enhanced WebAdmin, LDAP user authentication, NAT traversal for IPSec, dynamic filtering per VPN tunnel, a transparent POP3 Proxy with optional virus protection, VLAN (802.1q), and wireless LAN (802.11b)."
LEAF
LEAF (Linux Embedded Appliance Firewall) has released Bering 1.1 with minor feature enhancements. "Changes: Includes a 2.4.20 kernel patched with grsecurity 1.9.9c, the latest version of Shorewall (1.3.14), and a patched version of IPSec (Freeswan 1.99) with x509 support, NAT-Traversal, and Notify/delete. Shorewall output is now logged through the ulogd netfilter daemon."
Fli4l (Floppy ISDN/DSL)
Fli4l (Floppy ISDN/DSL) has released development version 2.1.2 with minor bugfixes. "Changes: The kernel is now compiled with GCC 2.95.4, removing the incompatibilities which resulted when it was compiled with GCC 2.96 (RedHat). Several minor bugfixes were also made."
floppyfw
floppyfw has released development version 2.9.1 with major feature enhancements. "Changes: This version now uses uClibc. Traffic shaping and bridging utilities are now in the base package, and the PPP(oE) version fits on a 1.44MB floppy."
LRs-Linux
LRs-Linux has released v0.3.1-rc2 with minor bugfixes.uClinux
uClinux has released v2.5.61-uc0 with minor feature enhancements. "Changes: Many small fixes to the latest development kernel."
Distribution reviews
Lindows at the Showdown (OfB.biz)
Open for Business continues the Penguin Shootout with a look at Lindows. "Lindows is a rather polarizing distribution in many ways. For the most part, people either love it or hate it, both for the company's attitude and the distribution itself. We'll consider that in a bit, but first comes the question of how it stacks up to other distributions technically."
Mandrake PPC 9.1 Beta 2 review (DistroWatch)
Distrowatch.com has a series of reviews of Mandrake 9.1 beta releases. Here is the review for Mandrake PPC 9.1 Beta 2. "The iMac did not feel slow at any time during my testing (this is a totally subjective opinion, but I have low tolerance for unresponsive systems). Sure, my 1.4GHz Athlon XP with DDR 333 SDRAM feels faster, but the difference in performance was much less than I expected. To me, this was a good surprise: I thought I had a computer destined to my private electronic cemetery, but I have changed my mind. I'll have a fully functional backup GNU/Linux workstation when Mandrake releases the final version of Mandrake PPC 9.1."
Page editor: Rebecca Sobol
Development
The Plone Information Management System
Version 1.0 of the Plone Information Management System has been announced, Version 1.0.1 was released on February 17, 2003.
![[Plone]](https://static.lwn.net/images/ns/plone.jpg)
Plone is built on top of the
Zope web application server
and Zope's content management system.
According to the Plone web site:
"Plone is ideal as an intranet server, as a document publishing system and as a groupware tool for collaboration between separately located entities. A versatile software product like Plone can be used in a myriad of ways.
" Plone works on top of Linux, Windows, Mac OSX, and
other Unix varients.
Plone has administrative workflow, multimedia, metadata, integrated search, and a standards-compliant templating system. Add-ons to plone provide integration with Microsoft Word, OpenOffice, PDF generation, and versioning.
One important emphasis in the design of Plone has been to achieve
a quick and easy installation experience.
Also, "the focus of Plone is to provide value at every level of an organization.
"
To see what people are doing with Plone, take a look at the
Plone Sites page. The main
Plone Site is also running under Plone.
Plone is being developed by the non-profit organization, Plone International. The software is dual-licensed, it is available under the GPL and a commercial license.
More information can be found on the Plone Documentation page, and in the The Plone Book. If you are interested in helping out with Plone, the Development Overview is a good place to start.
System Applications
Audio Projects
Ogg Traffic
The February 17, 2003 edition of Ogg Traffic is out with the latest Ogg Vorbis audio compression software news. Discussion topics include: Vorbis on Playstation 2, Speex ACM Codec, Recent Developments, Icecast Goodies, application/ogg blessed by IANA, and New Software.
Electronics
gEDA News
The latest new software from the gEDA project includes GTKWave 2.0.0pre3-20030217, Icarus Verilog 20030216, and Gerber Viewer 0.12.
Printing
OMNI version 0.7.3 released
Version 0.7.3 of the OMNI printer driver is available. Features include support for 461 printers, better CUPS integration, more XMLDevice fixes, unified jop properties specification on the command line, initial debian package building support, and more. See the Changelog file for details.PyKota 0.95 released
Version 0.95 of PyKota has been released. "PyKota is a complete Print Quota system for the Common UNIX Printing System (aka CUPS), which works by directly querying the printers for the number of pages they have printed."
LinuxPrinting.org news
The latest headlines on LinuxPrinting.org include: More than 1000 printers on linuxprinting.org!, HPIJS 1.3.1 is released!, and new support for the Epson Stylus Photo 900 and several Kyocera printers.
Web Site Development
Nemein.Net 1.8.4 released
Version 1.8.4 of Nemein.Net, a browser-based Professional Services Automation solution, is available. "The new release makes major functionality additions to the Project tracking system. These additions include automatic generation of reference lists based on project data, mileage and expense reporting and new configurable reporting engine."
Zope Corporation Releases Zope 2.6.1
Zope Corporation has announced the release of Zope 2.6.1, the latest version of the open source application server. The new release represents the successful global collaboration of community developers, as it is the first to contain a majority of enhancements from the Zope community.Zope Members News
The most recent headlines on the Zope Members News include: DocmaServer 0.2 released, ZAttachmentAttribute released - Word, PDF, files into your own type, Plone Minimal Product released, Group User Folder Released, ZCybermut 1.0 Release, The Plone Team Releases Plone 1.0 - Professional Open Source System For Managing Content, French Zope Hosting, FDFToolkit for Adobe e-forms released, Pholder 1.0 beta3 released, and NZO pre-alpha and Call for volunteers.
Miscellaneous
Twisted 1.0.3 released
Version 1.0.3 of the Twisted networking framework is available with a number of new features and bug fixes.Experienced-Based Language Acquisition
Brian E. Pangburn has announced an interesting open-source computer language acquisition project known as EBLA. "Experience-Based Language Acquisition (EBLA) is an open source software system that enables a computer to learn simple language from scratch based on visual perception. It is the first "grounded" language system capable of learning both nouns and verbs. Moreover, once EBLA has established a vocabulary, it can perform basic scene analysis to generate descriptions of novel videos."
Desktop Applications
Audio Applications
Ardour developments
The latest developments to the Ardour multi-track audio hard disk recorder include: support for multichannel regions, a much better BBT ruler, improvements to the internal selection mode code, pan automation, a greatly improved algorithm for automation curve display, and mostly-working automation line editing.ecasound 2.2.1 released
Version 2.2.1 of ecasound, a multi-track audio processor utility, has been released. "The JACK slave mode code has been completely rewritten. As a new feature it is now possible to use libsamplerate for resampling. Using JACK has been made more user-friendly as ecasound can now automatically configure the runtime parameters to match the current server settings. And thanks to build system and signal handling updates, it's now possible to compile ecasound for win32 under Cygwin."
JACK Rack 1.4.0 released
Version 1.4.0 of Jack Rack is out. This version adds the ability to right click on some of the controls.
Desktop Environments
FootNotes
Headlines on the GNOME desktop FootNotes site include: GNOME 2.2 backport for Debian Woody available for download, Announcing GU4DEC - June 16th-18th Dublin, Ireland., Bitstream Vera Fonts 1.0 beta released, An epiphany in browsing, MrProject 0.9 released, gNumExp 0.6 released, Drop shadow madness, GNOME 2.2 Desktop Accessibility Guide, GNOME Users And Developers Italian Conference, Last GFileRunner Release - v0.3.5, Gnome Remote Connection Manager, and more.KDE-CVS-Digest
The February 14, 2003 edition of the KDE-CVS-Digest is out with the following topic summary: "Many improvements in the development tools this week. In Kdevelop, work continues on code completion and new code templates. Quanta gets ktips and finishing polishes. Kate, Cervisia, KBabel and Umbrello continue to get better. Support for new XFree86 features are being implemented. And nothing like a gathering of developers to improve the games!"
Graphics
Gimp 1.3.12 released
Development version 1.3.12 of the Gimp, a powerful image editing package, has been released. "This release features lots of cleanups to GIMP internals such as the undo system and the tools framework. New plug-ins (psd-save and spheredesigner) have been added along with a display filter that simulates color-deficient vision. The text tool has been improved and support for large swap files (>2GB) was added."
GUI Packages
FLTK Developments
The latest new software for FLTK, the Fast, Light ToolKit includes: Fltk 1.1.XX utf-8 patch, flxine 0.6.1, fl_connect 1.0, and FLTK 1.1.3.
Interoperability
Wine Weekly News
Issue #157 of the Wine Weekly News is out. Topics include: News: Linux Desktop Consortium, Code to Test / Learn With, Clipboard Implementation, Smatch, and Testing for Unimplemented Functionality.
Office Applications
Kernel Cousin GNUe
Issue #68 of Kernel Cousin GNUe is out with the latest GNU Enterprise development news. Topics include: The eGovOS conference and Microsoft "Shared Source", Generating PDF output from GNUe Reports, Business Objects in Application Server, Getting started with GNUe Forms, GNUe and Double Chocco Latte, and Breaking CVS HEAD to add new UI support to Forms.AbiWord Weekly News
Issue #131 of the AbiWord Weekly News is out, with the latest AbiWord word processor development news. "Raphael Finkel pops in with a HowTo on translating AbiWord into other languages. Sam tells us a fix for people experiencing weird fonts where they weren't expected. The wrapper script used in POSIX compliant operating systems may finally be on its way to retirement. On a unixy note, Frank's put together a special package OS X users might be interested (you could help take over for Hub and his busted laptop if you prove your worth), and.... Johnny Lee whoops some buggy A*"
Web Browsers
Galeon 1.2.8 and 1.3.2 released!
Versions 1.2.8 and 1.3.2 of Galeon, a minimalist web browser, have been released. "They both support Mozilla 1.3b, the latest release (and Galeon 1.3.x requires at least Mozilla 1.3a) and feature bug fixes and 1.3.x also has some nice new features. In the interest of brevity, the release notes can be found with the files in our sourceforge area; just click on the stable and development links in the top right of the website. We currently have source tarballs up with rpms on the way. Enjoy!"
Netscape 7.02 released
Version 7.02 of Netscape is available. According to Mozilla.org: "Netscape Communications Corporation has released Netscape 7.02, a minor update with security and stability fixes. This new version, is based on Mozilla 1.0.2, also features updated Java and Flash plug-ins for Windows."
mozillaZine
The latest mozillaZine topics include: Former Galeon Maintainer Starts New Epiphany Browser Project, MozillaZine Readers Tell Us Which Mozilla Components They Use, Netscape 7.02 Released, Galeon 1.2.8 and 1.3.2 Released, Help Keep MozillaZine in Business, Geneva Tax Authorities Distribute Mozilla 1.2.1 to Taxpayers, Marc Andreessen Praises Mozilla, and Performance Comparison of Mozilla 1.3 Beta and Safari v60.
Miscellaneous
Bluefish 0.9 released
Version 0.9 of the Bluefish HTML editor has been released. "Many bugfixes are fixed; several segfaults, and many small annoying bugs. Major performance improvements; highlighting performance improvements up to 50X faster in some cases, file loading times are faster, and loading and closing of many documents is much faster (tested with 3500 documents opened simultaneously). Many improvements for the user interface; much more compliant to the Gnome usability guidelines. And new features! Finally line number support, a new spell checker, and many more."
Languages and Tools
Caml
Caml Weekly News
The February 11-18, 2003 edition of the Caml Weekly News is out. Topics include: CamlAgent 0.1, Optimizing false polymorphic local functions, and Any idea about Ocaml 3.07 release date?.
Java
Blackdown J2SE 1.4.1-01 for i386 and SPARC
The Blackdown Java-Linux Team has announced the availability of the Java 2 Standard Edition v1.4.1-01 for Linux on ix86 and SPARC.Static Analysis with PMD (O'Reilly)
Tom Copeland looks at PMD on O'Reilly. "PMD is a utility for finding problems in Java code. PMD does this using static analysis; that is, analyzing the source code without actually running the program. PMD comes with a number of ready-to-run rules that you can run on your own source code to find unused variables, unnecessary object creation, empty catch blocks, and so forth."
Lisp
Maxima 5.9.0 released
Version 5.9.0 of Maxima, a Common Lisp system for performing computer algebra, has been released: "this version provides ANSI Common Lisp compatibility, a new build system, a new user manual, an enhanced command line interface, improved (X)Emacs modes, enhanced numerical precision of some functions, several bug fixes, and more."
Perl
This Week on perl5-porters (use Perl)
The February 10-16, 2003 edition of This Week on perl5-porters is out. Topics include: lvalue length, Unexpected scientific notation, gzipped modules, The -C Unicode switch, and Namespace pollution.This week on Perl 6 (O'Reilly)
The February 6, 2003 edition of This week on Perl 6 is out with the latest Perl 6 news. Topics include: The 2004 Performance challenge, More Parrot Objects, Bytecode Metadata, Multi programming language questions, Random questions, A Scheme for extending core.ops, Week of the alternative runloops, Shortcut ?=, Language Discussion Summaries, Newline as a statement terminator, Arrays vs. Lists, and Announcements, Acknowledgements and Trip Planning.Module::Build (O'Reilly)
Dave Rolsky writes about Module::Build and ExtUtils::MakeMaker on O'Reilly. "If you've ever created a Perl module for distribution on CPAN, you've used the ExtUtils::MakeMaker module. This venerable module goes back to the dawn of modern Perl, which began with the release of Perl 5.000. Recently, Ken Williams has created a potential replacement for ExtUtils::MakeMaker called Module::Build, which was first released in August of 2002."
PHP
PHP Weekly Summary
Topics on this week's PHP Weekly Summary include: sybase_ct batch query, Full list of PHP functions, File IO with Solaris, Building from CVS, MySQL for PHP 5, Filterless Apache 2, and file() extended.
Python
Dr. Dobb's Python-URL! - weekly Python news and links (Feb 17)
The Dr. Dobb's Python-URL! for February 17, 2003 is out with the latest Python news.The Daily Python-URL
This week's Daily Python-URL article topics include: Python Package Index (PyPI) now on python.org, twander, FDFToolkit for Python, Qt and PyQt, Python - Scripting power for Java, Zope is a Jolt finalist, A conversation with Guido van Rossum, part VI: Designing with the Python community, xfmllib, Can Parrot run Python code faster than Python itself?, XML Matters: reStructuredText, and more.Qt and PyQt (IBM developerWorks)
Boudewijn Rempt and David Mertz write about Qt and PyQT. "The Qt toolkit is a widely-used cross-platform GUI toolkit, available for Windows, Linux, Mac OSX, and handheld platforms. QT has a well-structured, but flexible, object-oriented organization, clear documentation, and an intuitive API. In this article, David Mertz and Boudewijn Rempt look at the Qt library, with a focus on the PyQt bindings that let Python programmers access Qt functionality."
Ruby
The Ruby Weekly News
Topics on this week's Ruby Weekly News include: Supporting windows through C extensions, and Lexical scope and closures.New Ruby software includes: Ruby-freedb 0.5. FreeType2-Ruby 0.1.0, MusicBrainz-Ruby 0.1.0, FormValidator 0.1.0, Test::Unit 0.1.8, Flash and Ruby GUI prototype, DBD-Google-Ruby, PLRuby 0.3.3, Joystick-Ruby 0.1.0, sys-cpu 0.2.0, net-pingsimple 0.2.0, and REXML 2.5.4.
The Ruby Garden
New topics on the Ruby Garden include: Extension of thread scheduling in rb_thread_schedule(), and Require quirks.
Scheme
Scheme Weekly News
The February 17, 2003 edition of the Scheme Weekly News is out with lots of Scheme language news.
Tcl/Tk
Dr. Dobb's Tcl-URL! - weekly Tcl news and links (Feb 17)
The February 17, 2003 edition of Dr. Dobb's Tcl-URL! is out with the latest Tcl/Tk development news.
XML
Simple XML Processing With elementtree (O'Reilly)
Uche Ogbuji introduces elementree on O'Reilly. "Fredrik Lundh, well known in Python circles as "the effbot", has been an important contributor to Python and to PyXML. He has also developed a variety of useful tools, many of which involve Python and XML. One of these is elementtree, a collection of lightweight utilities for XML processing."
Building Metadata Applications with RDF (O'Reilly)
Bob DuCharme talks about the Python RDFlib on O'Reilly. "The first time I tried the RDFLib Python libraries, the lightbulb finally flashed on. RDFLib lets you generate, store, and query RDF triples without requiring you to ever deal directly with the dreaded RDF/XML syntax. And you can do all this with a minimal knowledge of Python."
XML at Five (O'Reilly)
Edd Dumbill writes about five years of XML development. "To celebrate this auspicious anniversary, I asked some XML old-hands and friends of XML.com to comment on their experience with XML over the last five years. Read on for their entertaining, illuminating and thought-provoking comments."
EXSLT by example
Uche Ogbuji explains EXSLT on IBM's developerWorks. "Community standards have had a very important role in XML technology, from SAX to RDDL. The most important community standard for XSLT is the EXSLT initiative for standard extension functions and elements. In this article, Uche Ogbuji uses practical examples to introduce and demonstrate some useful EXSLT functions."
Miscellaneous
Jext Linux Screenshots
A number of new screenshots showing the Jext programmer's editor running on Linux, are now available.
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Data Flood Feeds Need for Speed (Wired)
Wired covers an international team of physicists who set a world record for the amount and speed of data transferred over a broadband network. "Data was transmitted by packets called jumbo frames, which are 9,000 bytes -- six times as big as the packets normally sent over the Internet. The team used PCs running Debian GNU/Linux in Amsterdam and RedHat Linux in Sunnyvale."
Asian Open Source Centre launched (Bioinformatics.org)
Bioinformatics.org has an announcement for a new Asian open-source software site. "Asian Open Source Centre is promoting free software and open source use in Asia, especially related to the locale. The centre focuses on open source issues specific to Asia, such as localization of software, open source for creating local content, and the use of open source to bridge the 'digital divide'. AsiaOSC also has a Wiki on open source."
Xbox Linux group seeks Microsoft seal (News.com)
News.com reports on an open letter to Microsoft from the Xbox Linux Project. "'Because of Microsoft's deliberate design choices in terms of restricting the software that may run on an unmodified Xbox to 'Microsoft approved only,' coming to ask Microsoft, and presumably paying Microsoft, is currently the only way we can get our port of the GNU/Linux OS to interoperate with an unmodified box,' the letter says."
Trade Shows and Conferences
It's Time for CodeCon 2.0 (Linux Journal)
Linux Journal plugs CodeCon 2.0. "CodeCon is back. CodeCon 2.0, brought to you by San Francisco Bay Area technologists Bram Cohen and Len Sassaman, is a unique conference that showcases active, working software development projects, presented by the actual code developers at the very sensible hour of 12 noon."
About Fosdem (Linux Journal)
Here is Linux Journal's wrap-up of FOSDEM. "The event itself typically is developer-centric. People speak about the innerworkings of their software, offer a presentation on how to use it in other products or sit behind a table all day answering thousands of questions from the crowd. For this reason, I wouldn't recommend complete newbies come to Fosdem, as the technical level is quite high. Most of the sessions, though, are fairly comprehensible even by non-developers."
Companies
IBM taps suite for Linux PDA designs (News.com)
News.com reports that IBM has licensed Trolltech's Qtopia software suite for use in a new Linux PDA design kit due next month. "The design kit will include the blueprints and software necessary to help individuals or companies create several different kinds of personal digital assistants based on the Linux operating system. The kit can also be used by software makers interested in creating applications for the PDAs. It will be available for $1,000 from IBM Microelectronics and a few partners in March, the company has said."
Linux Backers To Put OS Through Security Certification (TechWeb)
TechWeb looks at security certification plans. "Oracle, Red Hat, and IBM have all announced plans to put Linux through its security paces -- specifically through the Common Criteria certification process -- in an effort to win approval for using Linux among both government and private-sector clients." Here is IBM's press release.
Linux Adoption
Ten Good Reasons for a DBMS Strategy Re-Think (Open)
Open gives ten good reasons to consider using open-source database systems. "In a go-slow economy, CIOs are under pressure to leave no old assumptions unexamined, including their choice of database systems. As ubiquitous, 24 x7 e-business and demand for instantly updated information only heighten the focus on good database planning, CEOs and CFOs are questioning if it's worth paying steep licensing fees and support costs."
Interviews
Grid guru: An interview with Argonne's Steve Tuecke (IBM developerWorks)
IBM's developerWorks features an interview with Steve Tuecke on the topic of grid computing. "Although scientists have been using Grid technologies since the Condor project began scavenging up idle computer cycles at the University of Wisconsin in the mid-1980s, the really exciting vision of Grid computing -- a set of open and ubiquitous standards that real world developers will use for distributed computing -- remains a vision of the future. One of the people most actively involved in making that vision a reality is Steve Tuecke, lead software architect in the Distributed Systems Laboratory at Argonne National Laboratory and lead architect of the Globus Toolkit, the popular implementation of the OGSA (Open Grid Services Architecture) middleware standards that are the basis of Grid computing."
Resources
Jay Beale - Linux Guru (Information Security Magazine)
Jay Beale has a new column called Linux Guru in Information Security Magazine. The first one attempts to answer the questions, "How can I determine if my Linux server has been hacked? How can I be sure that I haven't been hacked?" "Really, the secret is to avoid compromise. Harden systems before deployment, keep up with patches, and design a strong host and network architecture. Then start building your own digital and human baselines to make intrusion detection easier. It's a bit of upfront work, but it's less hassle than recovering from a bad compromise later."
BASIC programming with Unix (LinuxFocus)
Linux Focus looks at BASIC programming. "If we try to make an inventory of the number of BASIC available for Linux, we can find about half a dozen of projects, more or less advanced. There is a "Basic Foundry" in sourceforge to give a classification on the number of downloads..." Thanks to Ashwin N
Reviews
Colorful KDE 3.1 Performance On Low-End Hardware (LinuxPlanet)
LinuxPlanet reviews KDE 3.1, using a very old computer. "People have become accustomed to the convenience and beauty of the modern desktop. However, some people shy away from packages like KDE 3.1 because they think it's going to run like frozen molasses on their six-year-old Pentium machine. Let me put your fears at ease and tell you how it works on ancient iron."
Miscellaneous
Dave Stutz is a free man (Doc Searls' blog)
Doc Searls looks at the retirement of Microsoft employee Dave Stutz. "This is a serious development. Dave has been the bearded open source community insider at Microsoft for a long time: a good and honorable man who for years did an amazing job of bridging two worlds -- commercial and noncommercial, Microsoft and everybody else." Thanks to Jay R. Ashworth
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
Lisp guru makes awards finalist list
Bruno Haible was among the top three finalists for the 2002 Free Software Awards. Thanks to Paolo Amoroso.
Commercial announcements
Eridani Star Systems MailStripper Pro 0.93 released
Eridani Star Systems has announced a new version of MailStripper, an anti-spam mail scanner with anti-virus capability. MailStripper is intended to be Mail Transfer Agent (MTA) independent and aims to work with any SMTP-based MTA as it works by filtering the incoming SMTP stream.Motorola announces Linux handset
Motorola has announced what it claims is the first handset running Java and Linux. "The A760 is Motorola's first handset demonstrating the company's commitment to making the Linux operating system a key pillar of its handset software strategy. The strategy fosters innovative applications, which helps lead to increased revenue and differentiation opportunities for operators around the globe." Unless you live in the Asia/Pacific region, however, you will have to wait a while before you can get your hands on one.
Sourcefire gets $11 Million investment
Perhaps some money is slowly flowing back into the tech industry; SourceFire, which is selling a product built around the free Snort intrusion detection system, has announced the receipt of $11 million in venture funding.Sun Microsystems Laboratories Contributes XACML Security Standard
Sun Microsystems, Inc. has announced the release of its implementation of the new XACML OASIS Open Standard for security under an open source (BSD-style) license.The OASIS interoperability consortium has announced that its members have approved the Extensible Access Control Markup Language (XACML) as an OASIS Open Standard.
Resources
3-in-1: Mini Book Reviews (Linux Journal)
Linux Journal reviews three books: "Extending and Embedding Perl", "LDAP Programming, Management and Integration", and "An Introduction to Programming in Emacs Lisp, 2nd Edition".
Upcoming Events
Linux Summit 2003 and press conference
The Linux Summit 2003 happens February 27 - 28, 2003 in Espoo Finland. At the Summit, attendees will learn why Linux has become a hot topic within the IT industry. Using examples from real life, the Linux Summit 2003 will demonstrate why businesses are increasingly embracing Linux and Open Source software.PyCon 2003
PyCon 2003, a community-oriented Python conference, will be held in Washington, DC on March 26-28, 2003.First OpenOffice.org Conference
The First OpenOffice.org Conference will be held in Hamburgh, Germany on March 20-21, 2003.KDE at Paris Solutions Linux 2003
KDE.org reports on the KDE activity at the Solutions Linux 2003 show which was held in Paris.GUADEC 2003 to Attract Global Audience of GNOME Developers and Enthusiasts
Here is an announcement for the fourth annual GNOME User and Developer European Conference (GUADEC), to be held at Trinity College in Dublin, Ireland, June 16 - 18, 2003.CFP Stockholm Perl Mongers (use Perl)
Use Perl mentions the resurrection of the Stockholm Perl Mongers group.New Security Paradigms Workshop 2003 CFP
A Call For Papers has been sent out for the New Security Paradigms Workshop 2003, to be held in Ascona, Switzerland on August 18-21, 2003. Papers are due in by June 10.Events: February 20 - April 17, 2003
| Date | Event | Location |
|---|---|---|
| February 20 - 21, 2003 | Desktop Linux Summit | (Vivendi Universal Building)San Diego, CA |
| February 22 - 24, 2003 | CodeCon 2.0 | (Club NV)San Francisco CA, USA |
| February 27 - 28, 2003 | Linux Summit 2003 | (Dipoli Conference Center)Espoo, Finland |
| March 17 - 19, 2003 | Open Source for National and Local eGovernment Programs in the U.S. and EU | (The Marvin Center Grand Ballroom, George Washington University)Washington, DC |
| March 20 - 21, 2003 | First OpenOffice.org Conference(OOoCon2003) | (University of Hamburg)Hamburg, Germany |
| March 20 - 21, 2003 | Conference PHP 2003 | (École Polytechnique de Montréal)Montreal, Quebec, Canada |
| March 26 - 28, 2003 | PyCon DC 2003 | (George Washington University)Washington DC |
| March 31 - April 2, 2003 | 2nd USENIX Conference on File and Storage Technologies(FAST '03) | (Cathedral Hill Hotel)San Francisco, CA |
| April 2 - 3, 2003 | The UK Python Conference | (Holiday Inn Oxford)Oxford, England |
| April 10 - 12, 2003 | MySQL Users Conference & Expo 2003 | (Doubletree Hotel)San Jose, California |
| April 13 - 17, 2003 | RSA Conference 2003 | (Moscone Center)San Francisco, CA |
| April 14 - 15, 2003 | Samba eXPerience 2003 | (Hotel Freizeit)Göttingen, Germany |
| April 15 - 16, 2003 | LinuxUser & Developer Expo 2003 | Birmingham, UK |
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Miscellaneous
WiFi Caravan to Prove Extreme Mobile Connectivity
If you're interested in wireless, Linux, security, digital music, or the off-the-shelf hardware and software that enable the freedom of a mobile wireless network which can maintain an uninterrupted connection even at highway speeds, then read on...
Page editor: Forrest Cook