LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for February 20, 2003The trojaning of mICQThe story, it seems, is this: Rüdiger Kuhlmann, the maintainer of mICQ, had a disagreement with Martin Loschwitz, the maintainer of the Debian mICQ package, on how that package should be built. Mr. Kuhlmann complained that an old version of mICQ was shipped, that it contained bugs which had been fixed upstream, and that his name had been removed from the copyright file. The disagreement had apparently been going on for a while.Mr. Kuhlmann decided that enough was enough, and he was going to take some action. As of mICQ 0.4.10.1, the code will, when built for the Debian distribution, print out a message which says some unflattering things about Mr. Loschwitz and encourages use of a different version; the program then exits. In other words, when built for Debian, mICQ thumbs its nose at the user and refuses to run. To help ensure that this code got into the official Debian version, it was written in an obfuscated manner, set to trigger only after February 11, and only if it was not being run by Mr. Loschwitz. For the curious, here is a posting containing the code in question. In response, Mr. Loschwitz called for the removal of mICQ from the Debian distribution and started a generally impressive flamewar. After some time, the two parties actually started talking to each other; summaries from Mr. Kuhlmann and Mr. Loschwitz have been posted. The resolution involves fixing the packaging issues and the removal of the anti-Debian code. The mICQ package will also be removed from Debian until a security audit is performed and a new maintainer is found. The situation would appear to have been resolved. The whole thing has, however, left a bad taste in the mouths of many Debian developers. According to some, Debian was subjected to a trojan horse/denial of service attack, and they are not happy about it. Mr. Kuhlmann denies this, of course ("In fact, I only added dead code. It was you who #ifdef'd it in - not knowingly, but anyway."), but this code, even described in more friendly terms ("easter egg," say), is the sort of thing that does not often happen in the free software world. Free software users like to think they have a bit more control over their systems than that. (It's not completely unheard of, though - GNU emacs used to greet Symbolics users with the message "In doing business with Symbolics, you are rewarding a wrong.") Much of the discussion was concerned with what Mr. Kuhlmann could have done with this piece of stealth code. Such speculation is a bit off-topic, given that, as far as anybody can tell, there are no evil or destructive trojans coded into mICQ. In the context of a wider discussion, however, this episode does raise a scary issue. The mICQ code was slipped into a major distribution, seemingly with great ease. The code was relatively harmless, but, next time, it might not be. Access to source code decreases our vulnerability to this sort of attack; proprietary software, after all, can have anything in it. It is hard to imagine anybody being able to hide a flight simulator inside a free spreadsheet application. But anybody who believes that having the source makes us invulnerable to this kind of trojan is clearly mistaken. With suitably clever coding, great nastiness can be hidden in seemingly innocuous code. The resources to audit all of our code at the level of detail required to find small trojans simply don't exist. Perhaps, in the future, tools like the Stanford Checker can be turned to the task of finding suspicious code in source distributions. For now, though, we have to remain on our guard. This kind of thing will happen again, and, next time, the results may not be so benign.
The Embedded Linux Consortium Platform SpecificationThe Embedded Linux Consortium has announced the launch of the ELC Platform Specification (ELCPS). The ELCPS was developed with input from numerous companies including IBM, LynuxWorks, Panasonic, Samsung, MontaVista, K Computing, Red Hat, WiPro, Hacom, and FSM Labs; its purpose is to encourage interoperability across embedded Linux systems. Those wanting the details can grab a copy of the specification in PDF format; for everybody else, here is a quick summary of what the ELCPS is trying to do.The ELCPS is heavily influenced by the Linux Standard Base, POSIX, and the Single Unix Specification. However, it restricts itself to the programming environment (and, in particular, to which functions should be available) and is not concerned with the user experience side of things. It is assumed that the user of an embedded system will not be worried about which shells are available. Of course, not all embedded systems are the same; the capabilities needed by a web-enabled phone handset or point of sale system will be different from, say, an elevator controller. So the ELCPS defines three levels of environment, each of which has different requirements.
There are a couple of interesting omissions from the first version of the ELCPS. One is in the area of real-time programming. According to the specification, there is no clear standard for real-time programming in the Linux world. The LSB does not specify real-time functionality, and the POSIX real-time standards are still in flux. The specification makes no mention of the fact that serious real-time Linux programming tends to be done by way of RTLinux or RTAI, neither of which is standard in any way, but that situation has to have discouraged attempts to standardize real-time Linux functionality as well. The specification also had to punt on thread support, since real POSIX threads implementations for Linux are still hard to come by. That situation should be rectified when the 2.6 kernel, with its greatly improved threading support, becomes available. The Embedded Linux Consortium will eventually set up a certification program for ELCPS compliance. The ELCPS is another sign that the embedded Linux community (and Linux in general) is growing up. Embedded Linux, in particular, has been subject to the sort of fragmentation that creates worry among technology pundits and corporate managers; the ELCPS should help those people to worry a bit less. By using embedded Linux, manufacturers are already able to free themselves from proprietary platforms and royalty payments. The ELCPS should make these manufacturers more confident that they will not find themselves locked into a single vendor. And that, of course, should be good for the Embedded Linux market as a whole.
Lindows sells virus protectionLindows.com has announced a new offering for its distribution: for $29/year, Lindows users can run the new "VirusSafe" utility which protects the system from viruses. It seems like a reasonable product: other desktop systems have had anti-virus applications for years. And, apparently, virus protection is at the top of the list of features requested by Lindows users.There's only one problem: Linux viruses are rather hard to find. In fact, the list of "in the wild" Linux viruses that have actually infected systems is short - there are none. The case of SirCam infection via Wine is, if anything, the exception that proves the rule. It demonstrates how far one has to go to infect a Linux system - and, even then, the virus was not able to propagate. A Linux-based virus is not impossible; one could imagine, say, a hostile email message which, taking advantage of a fetchmail buffer overflow, managed to spread itself over the net. But the fact is that this sort of thing simply does not happen. Linux systems are harder to break into, and they are better at containing the effects of breaches that do occur. When a program is found to allow unpleasant things like arbitrary command execution (as in the recent vim modeline vulnerability), it gets fixed in a hurry rather than being presented as a feature. So we thought it might be worthwhile to ask Lindows exactly what it is defending its users against. What virus (or other) infections would have been presented by running VirusSafe on a target system? Unfortunately, Lindows did not respond to repeated inquiries, so we are left having to guess. Lindows, perhaps, is defending its users against the fear of running systems without virus scanners installed. It is difficult to explain to users why they probably do not need explicit virus protection; and, besides, it seems they are willing to pay for that protection whether they need it or not. As a business plan, it may make some sense - as long as you don't mind selling your customers something they almost certainly do not need.
Security Brief items The National Strategy to Secure Cyberspace[This article was contributed by Tom Owen] The Friday release of the National Strategy to Secure Cyberspace may have been overshadowed by the recent departure of Richard Clarke, President Bush's Cybersecurity advisor. It certainly didn't get a big build up. But now we have the "final" version of what will doubtless be a continuously evolving strategy.The draft released in September generated apathy and dismissal after widespread unsourced reports of tech firms lobbying to remove references to insecure "out of the box" configurations and wireless hazards. The biggest change over the draft is external: the Department of Homeland Security (DHS) now exists, with a budget and a head, and by far the majority of the action items fall on it. The strategic objective is clear:
It is the policy of the United States to
prevent or minimize disruptions to critical information infrastructures and
thereby protect
the people,
the economy,
the essential human and government services,
and the national security of the United States.
as is the purpose of the document:
The purpose of this document is to engage and empower Americans to secure the
portions of cyberspace that they own, operate, control, or with which they
interact.
The core of the strategy is the five national priorities
Some consistent themes inform the discussion of all priorities:
Regarding the called-for national security response system:
The National Cyberspace Security Response System will
involve public and private institutions and cyber centers
to perform analysis,
conduct watch and warning activities,
enable information exchange,
and facilitate restoration efforts.
The plan appears to be mandating DHS to co-ordinate between Government agencies, and academic and private sector agents. Obvious candidates would include CERT, the AV vendors' labs, disaster recovery providers and perhaps operators like Bugtraq. The challenge is twofold. Firstly, to co-ordinate their work on attacks and vulnerabilities, before and even -- using fax, conferencing and and voicemail -- during an attack, and secondly, to ensure that the private sector is using the resources created. It appears that there will be an effort to remove antitrust obstacles to this co-operation. Responding to security incidents is important, but so is preventing those incidents before they happen. The strategy asks private and government agencies to communicate better to find and protect against potential problems. Even before the recent "Slammer" worm, others like Nimda and Code Red had made it clear that threats, once released, spread faster than fixes. So it is important to find and fix vulnerabilities before they are exploited. One stand out point is a clear intention to use criminal justice more aggressively: this might be a good time to stop writing stupid viruses for fun. The strategy gets more specific here. Examples of the work planned include
Then, there is the call for a national security awareness and training program. This priority addresses a slightly broader range than most. The traditional targets for security training: users, admins and developers, are there, but the plan goes further:
Many information-system vulnerabilities exist
because of a lack of cyberspace security
awareness on the part of ...
procurement officials, auditors, chief information
officers, chief executive officers, and
corporate boards.
Getting these people trained is not going to be easy. School curricula, awareness programs and certification and the other plan items can reach professionals and users, but getting informed discussion between corporate policymakers at the country club will take something more -- there may be a role for the insurers here. Of course, the government must also worry about cleaning up its own act, so it is not surprising to see internal security as an important part of this plan. The plan in this area is blandly conventional, revealing that government practice is no better than the private sector. One of the few mentions of a specific technology, wireless, occurs under this heading. The last item (national and international security coordination) seems like a bland commitment to improve international co-operation, encouraging foreign countries to achieve effective criminal law and participate in information-sharing programs. But early on comes this jaw-dropper:
When a nation, terrorist group, or other adversary
attacks the United States through cyberspace, the
U.S. response need not be limited to criminal prosecution.
The United States reserves the right to
respond in an appropriate manner.
The strategy doesn't expand on this point, and responsibility for that action falls on no specific agency, but when it happens, it'll be on the evening news. Given the source, the document as a whole is at least as good as could have been hoped. Part of the value comes from what's left out:
High-level strategic planning can be used to hide a lot of vagueness and unreality, as the broad scope needed in the language and objectives makes it hard to visualise what is intended. This hasn't happened here. The Department of Homeland Security's interest in the network comes into clearer focus. Some of the organisations and networks which will protect cyberspace are making their first appearance here. And we can see that some people are asking the right questions.
February CRYPTO-GRAM NewsletterBruce Schneier's CRYPTO-GRAM newsletter for February is out. It looks at Matt Blaze's lock-picking disclosure (and the reaction to it), SQL Slammer worm notes, the importance of authentication, and more. "I'd rather have as much information as I can to make an informed decision about security. I'd rather have the information I need to pressure vendors to improve security. I don't want to live in a world where locksmiths can sell me a master key system that they know doesn't work or where the government can implement security measures without accountability."
New vulnerabilities mailman: mailman 2.1 cross site scripting vulnerabilities
nethack: buffer overflow
OpenSSL: plaintext exposure vulnerability
pam_xauth: root exploit
php: arbitrary file access and code execution
syslinux: security issues in installer
util-linux: predictable mcookie results
Updated vulnerabilities Heap corruption vulnerability in at
BIND8: Multiple vulnerabilities
bind buffer overflow vulnerability in DNS resolver libraries
Canna server: exploitable buffer overrun
cups - multiple vulnerabilities
CVS - exploitable double-free bug in the CVS server
dhcp3 - ignored counter boundary
dvips: command execution vulnerability
Filename disclosure vulnerability in fam
fetchmail: buffer overflow
GNU fileutils race condition
Potential remote root exploit in glibc
glibc: DNS stub resolvers contain buffer overflow vulnerability
hypermail - buffer overflows
IM: creates temporary files insecurely
IMP - SQL injection vulnerability
KDE - command parameter quoting problems
kdelibs: Vulnerabilities in KIO subsystem support
kernel-utils: setuid vulnerability
krb5 - vulnerability in Kerberos ftp client
libmcrypt: buffer overflows and memory exhaustion
libpng, libpng3: buffer overflow
lynx: CRLF injection vulnerability
perl-MailTools: remote command execution
micq: Denial of service
mod_dav: Apache mod_dav module format string vulnerability
PHP Remote Compromise/DOS Vulnerability
mod_php - buffer overflow
Mozilla: Privacy leak and other vulnerabilities
MySQL - double free vulnerability
MySQL: multiple vulnerabilities
net-snmp: denial of service vulnerability
OpenLDAP2: remote command execution
PHP: vulnerability in mail function
PostgreSQL - more buffer overflows
Local arbitrary code execution vulnerability in Python
Multiple-use vulnerability in Safe.pm
slocate - buffer overflow
File overwrite vulnerability in tar and unzip
Multiple vendor telnetd vulnerability
traceroute-nanog: buffer overflow and root exploit
typespeed: buffer overflow
vim - modeline vulnerability
w3m - cross-site scripting vulnerabilities
wget:directory traversal bug
Problems with libgtop_daemon
Wwwoffle remote privilege escalation vulnerability
Resources Egress filtering for a healthier Internet.This issue of "Linux Security: Tips, Tricks, and Hackery" looks at egress filtering as a way of protecting the net against mass attacks.
Events The First Honeyd ChallengeThe first Honeyd Challenge has been announced along with the 0.5 release of the Honeyd virtual honeypot system. "The goal of this challenge is to develop interesting feature additions to Honeyd. Possible improvements are forensic analysis tools for Honeyd log files, passive fingerprinting of connections, realistic routing topologies, etc."
ACNS 2003The first MiAn International Conference on Applied Cryptography and Network Security will be held October 16 to 19 in Kunming, China. The submission deadline is May 1 for those who would like to present there.
NSPW 2003 Call For PapersThe New Security Paradigms Workshop 2003 will be held August 18 to 21 in Ascona, Switzerland. The Call For Papers has gone out, with a submission deadline of April 4.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current development kernel is 2.5.62, which was released by Linus on February 17. It included a new version of the dentry cache which uses read-copy-update for lockless file lookups, a number of architecture updates, some kbuild fixes (including module alias and device table support), more signal cleanup work, and (a classic sign that the freeze is progressing) lots of spelling fixes. The long-format changelog has the details.2.5.61 was released on February 14. Changes in this release include a number of SCSI driver fixes, an x86-64 merge, a new set of AGP changes, some ACPI work, an SCTP update, and, of course, numerous other fixes. Once again, see the long-format changelog for the details. Linus's (pre-2.5.63) BitKeeper tree contains, as of this writing, the longstanding POSIX timers patch (but without the high-resolution timers), a new set of IDE changes (see below), updates for obscure architectures (Visual Workstation, v850, m68k-nommu), an ACPI update (including the license change to dual BSD/GPL), and another big set of spelling fixes. The current stable kernel is 2.4.20; there have been no 2.4.21 prepatches issued over the last week. Alan Cox has released the fourth 2.2.24 release candidate.
Kernel development news Synchronous signal handlingWhile fixing various problems in the signal handling code of recent kernels, Linus evidently decided to take a stab at the issue of signal handling races. The result was this patch implementing a prototype of a new signal handling mechanism. The idea needs some fleshing out before it might be merged into the kernel, but it has attracted a certain amount of interest among the developers.The patch adds a new sigfd() system call:
int sigfd(sigset_t *mask, unsigned long flags);
The system call returns a file descriptor which will report on the set of signals found in the given mask (the flags argument is not used for now). A process reading from the file descriptor will receive a structure describing one signal which was delivered to the process; it will block if there are no outstanding signals. This approach offers some advantages. Since signals are queued up and read one at a time, they can be dealt with in an orderly manner. The user-space application need not worry about races between signal handlers and other code. The signal file descriptor can also be used with the select() and poll() system calls, allowing signal handling to be folded into application event processing loops. An application can even pass the file descriptor to another process, should there be, for some reason, a desire to let that other process listen in on the first process's signals. There was some immediate discussion of expanding this interface into a more generic event-handling mechanism. For example, timer events, asychronous I/O events, etc. could also be delivered via the same file descriptor. Linus stated that, to an extent, expanding the interface is what the flags argument was intended for. He doesn't want to put too much into this interface, however:
I'm not in the least interested in some "generic event" mechanism,
and it's not where I think this should even go. This was very much
about signals, and while I can see the potential to extend the
notion of signals to things like timers, I don't think it's
necessarily a good idea to extend it too far
Looking at the patch, a few developers commented on how much of it is really just boilerplate filesystem and inode code. It has to be there to make the file descriptor work, but really has little to do with the task at hand. Much of that code is duplicated with other subsystems which have to make "virtual" file descriptors. Davide Libenzi responded to this observation with a patch implementing a new, shared, "virtual filesystem" capability. If some variant of that patch goes in, it has the potential of ridding the kernel of a fair amount of tedious and error-prone code duplication.
A new round of IDE patchesAfter a long pause, a new set of IDE patches has found its way into Linus's pre-2.5.63 BitKeeper tree. Most of these patches have been around for a while (in the 2.4-ac tree), but Alan Cox has not felt that 2.5.x was stable enough to attempt new IDE work. Now that things are working a little better, the patches are flowing again.The new generation of IDE changes is rather more restrained than last year's "cleanup" effort. Changes that have gone in this time around include cleaning out some old data structures that were either unused or did not suit the purpose to which they were being put. Some improved locking has been put in place, and the handling of missing drives (i.e. PCMCIA drives which are removed by the user) has been improved - though work remains to be done in that area. There is also a new ide_execute_command() function which is meant to be the way commands are passed down to drives in the future. For now, though, it is only used for CD drives ("As with 2.4 I want it to run for a bit on read only media first.") The IDE work is one of the more prominent entries remaining on the "todo" list for 2.5. Given the need to proceed slowly (it really is no fun to ship a kernel with broken IDE), this work may take some time yet. So it's good to see the patches finding their way into Linus's tree again.
GFP_KERNEL or SLAB_KERNEL?The low-level kernel memory allocation functions take a set of flags describing how that allocation is to be performed. Among other things, these GFP_ ("get free page") flags control whether the allocation process can sleep and wait for memory, whether high memory can be used, and so on. See this article for the full set.The kernel slab allocator is an additional layer built on top of the low-level code; it handles situations where numerous objects of the same size are frequently allocated and freed. The slab code, too, has a set of flags describing how memory allocation is to happen. They look suspiciously like the low-level flags, but they have different names; instead of GFP_KERNEL, for example, user of the slab code are expected to say SLAB_KERNEL. Underneath it all, however, the two sets of flags are the same. As a result, many calls to the slab code just use the GFP_ flags, rather than the SLAB_ flags. William Lee Irwin decided it was time to fix that; he posted a patch converting several slab users over to the SLAB_ flags. It looked like a fairly standard, freeze-stage kernel cleanup. The question came up, however: why bother? Not everybody, it seems, thinks that the separate SLAB_ flags are worth the trouble. William responded with another patch which gets rid of the SLAB_ flags altogether. So far, neither patch has been merged. But they do raise a worthwhile question: why do we need a separate set of flags if the callers have nothing different to say?
Driver porting New additions to the driver porting seriesThe LWN.net series on porting drivers (and other kernel code) to the 2.5 kernel continues this week with three new articles. Two of them (on low-level memory allocation and per-CPU variables) appear below; the third (an updated description of the seqlock mechanism) is available but won't be included inline here. As always, the full series can be found at http://lwn.net/Articles/driver-porting/.
Driver porting: low-level memory allocation
Allocation flagsThe old <linux/malloc.h> include file is gone; it is now necessary to include <linux/slab.h> instead.The GFP_BUFFER allocation flag is gone (it was actually removed in 2.4.6). That will bother few people, since almost nobody used it. There are two new flags which have replaced it: GFP_NOIO and GFP_NOFS. The GFP_NOIO flag allows sleeping, but no I/O operations will be started to help satisfy the request. GFP_NOFS is a bit less restrictive; some I/O operations can be started (writing to a swap area, for example), but no filesystem operations will be performed. For reference, here is the full set of allocation flags, from the most restrictive to the least::
The __GFP_DMA and __GFP_HIGHMEM flags still exist and may be added to the above to direct an allocation to a particular memory zone. In addition, 2.5.69 added some new modifiers:
The __GFP_NOFAIL flag is sure to be tempting to programmers who would rather not code failure paths, but that temptation should be resisted most of the time. Only allocations which truly cannot be allowed to fail should use this flag.
Page-level allocationFor page-level allocations, the alloc_pages() and get_free_page() functions (and variants) exist as always. They are now defined in <linux/gfp.h>, however, and there are a few new ones as well. On NUMA systems, the allocator will do its best to allocate pages on the same node as the caller. To explicitly allocate pages on a different NUMA node, use:
struct page *alloc_pages_node(int node_id,
unsigned int gfp_mask,
unsigned int order);
The memory allocator now distinguishes between "hot" and "cold" pages. A hot page is one that is likely to be represented in the processor's cache; cold pages, instead, must be fetched from RAM. In general, it is preferable to use hot pages whenever possible, since they are already cached. Even if the page is to be overwritten immediately (usually the case with memory allocations, after all), hot pages are better - overwriting them will not push some other, perhaps useful, data from the cache. So alloc_pages() and friends will return hot pages when they are available. On occasion, however, a cold page is preferable. In particular, pages which will be overwritten via a DMA read from a device might as well be cold, since their cache data will be invalidated anyway. In this sort of situation, the __GFP_COLD flag should be passed into the allocation. Of course, this whole scheme depends on the memory allocator knowing which pages are likely to be hot. Normally, order-zero allocations (i.e. single pages) are assumed to be hot. If you know the state of a page you are freeing, you can tell the allocator explicitly with one of the following:
void free_hot_page(struct page *page);
void free_cold_page(struct page *page);
These functions only work with order-zero allocations; the hot/cold status of larger blocks is not tracked.
Memory poolsMemory pools were one of the very first changes in the 2.5 series - they were added to 2.5.1 to support the new block I/O layer. The purpose of mempools is to help out in situations where a memory allocation must succeed, but sleeping is not an option. To that end, mempools pre-allocate a pool of memory and reserve it until it is needed. Mempools make life easier in some situations, but they should be used with restraint; each mempool takes a chunk of kernel memory out of circulation and raises the minimum amount of memory the kernel needs to run effectively.To work with mempools, your code should include <linux/mempool.h>. A mempool is created with mempool_create():
mempool_t *mempool_create(int min_nr,
mempool_alloc_t *alloc_fn,
mempool_free_t *free_fn,
void *pool_data);
Here, min_nr is the minimum number of pre-allocated objects that
the mempool tries to keep around. The mempool defers the actual allocation
and deallocation of objects to user-supplied routines, which have the
following prototypes:
typedef void *(mempool_alloc_t)(int gfp_mask, void *pool_data);
typedef void (mempool_free_t)(void *element, void *pool_data);
The allocation function should take care not to sleep unless __GFP_WAIT is set in the given gfp_mask. In all of the above cases, pool_data is a private pointer that may be used by the allocation and deallocation functions. Creators of mempools will often want to use the slab allocator to do the actual object allocation and deallocation. To do that, create the slab, pass it in to mempool_create() as the pool_data value, and give mempool_alloc_slab and mempool_free_slab as the allocation and deallocation functions. A mempool may be returned to the system by passing it to mempool_destroy(). You must have returned all items to the pool before destroying it, or the mempool code will get upset and oops the system. Allocating and freeing objects from the mempool is done with:
void *mempool_alloc(mempool_t *pool, int gfp_mask);
void mempool_free(void *element, mempool_t *pool);
mempool_alloc() will first call the pool's allocation function to satisfy the request; the pre-allocated pool will only be used if the allocation function fails. The allocation may sleep if the given gfp_mask allows it; it can also fail if memory is tight and the preallocated pool has been exhausted. Finally, a pool can be resized, if necessary, with:
int mempool_resize(mempool_t *pool, int new_min_nr, int gfp_mask);
This function will change the size of the pre-allocated pool, using the given gfp_mask to allocate more memory if need be. Note that, as of 2.5.60, mempool_resize() is disabled in the source, since nobody is actually using it.
Driver porting: per-CPU variables
Examples of per-CPU data in the 2.6 kernel include lists of buffer heads, lists of hot and cold pages, various kernel and networking statistics (which are occasionally summed together into the full system values), timer queues, and so on. There are currently no drivers using per-CPU values, but some applications (i.e. networking statistics for high-bandwidth adapters) might benefit from their use. The normal way of creating per-CPU variables at compile time is with this macro (defined in <linux/percpu.h>):
DEFINE_PER_CPU(type, name);
This sort of definition will create name, which will hold one object of the given type for each processor on the system. If the variables are to be exported to modules, use:
EXPORT_PER_CPU_SYMBOL(name);
EXPORT_PER_CPU_SYMBOL_GPL(name);
If you need to link to a per-CPU variable defined elsewhere, a similar macro may be used:
DECLARE_PER_CPU(type, name);
Variables defined in this way are actually an array of values. To get at a particular processor's value, the per_cpu() macro may be used; it works as an lvalue, so so code like the following works:
DEFINE_PER_CPU(int, mypcint);
per_cpu(mypcint, smp_processor_id()) = 0;
The above code can be dangerous, however. Accessing per-CPU variables can often be done without locking, since each processor has its own private area to work in. The 2.6 kernel is preemptible, however, and that adds a couple of challenges. Since kernel code can be preempted, it is possible to encounter race conditions with other kernel threads running on the same processor. Also, accessing a per-CPU variable requires knowing which processor you are running on; it would not do to be preempted and moved to a different CPU between looking up the processor ID and accessing a per-CPU variable. For both of the above reasons, kernel preemption usually must be disabled when working with per-CPU data. The usual way of doing this is with the get_cpu_var and put_cpu_var macros. get_cpu_var works as an lvalue, so it can be assigned to, have its address taken, etc. Perhaps the simplest example of the use of these macros can be found in net/socket.c:
get_cpu_var(sockets_in_use)++; put_cpu_var(sockets_in_use); Of course, since preemption is disabled between the calls, the code should take care not to sleep. Note that there is no version of these macros for access to another CPU's data; cross-processor access to per-CPU data requires explicit locking arrangements. It is also possible to allocate per-CPU variables dynamically. Simply use these functions:
void *alloc_percpu(type);
void free_percpu(const void *);
alloc_percpu() will allocate one object (of the given type) for each CPU on the system; the allocated storage will be zeroed before being returned to the caller. There is another set of macros which may be used to access per-CPU data obtained with kmalloc_percpu(). At the lowest level, you may use:
per_cpu_ptr(void *ptr, int cpu)
which returns (without any concurrency control) a pointer to the per-CPU data for the given cpu. For access to a local processor's data, with preemption disabled, use:
get_cpu_ptr(ptr)
put_cpu_ptr(ptr)
With the usual proviso that you do not sleep between the two.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Janitorial
Memory management
Networking
Architecture-specific
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials A Knoppix for the masses FAQKarsten M. Self has burned a spool of CDs with the v3.1 1-2003-20-EN Knoppix release, and he's been passing them out to masses. Now he would like some input on packaging and especially on a FAQ to go with the CD. There is a version of the FAQ in the story below, and an updated FAQ here.
Distribution News Debian GNU/LinuxHere is the Debian Weekly News for February 11, 2003. This issue covers GNOME and KDE participation in the Free Desktop Project, the Turbo Desktop Environment aimed at users with older computers who still want to run a proper desktop, and much more.Four candidates have been nominated for Debian Project Leader; Moshe Zadka, Bdale Garbee, Martin Michlmayr and Branden Robinson. Platforms for these candidates can be found here. The campaigning period will last until March 7, when voting will begin. Here's a note about the Debian Project's participation in the Desktop Linux Summit, February 20 - 21, 2003. The results of the Debian security survey (which tried to get a handle on how long Debian 'potato' users needed security updates) have been released. The end result seems to be that potato will continue to have security updates through the end of June. The Debian Weekly News for February 17, 2003 is available. In addition to the FLOSS report sponsored by the European Commission, researchers at Stanford University's Institute for Economic Policy Research designed another survey and asked the community for its assistance. If you have ever wondered whether (GNU/)Linux was the only new and free operating system recently begun, take a look at ReactOS, which aims to implement a free version of NT.
Gentoo LinuxHere's the Gentoo Weekly Newsletter for February 17, 2003. This week: Catch Gentoo Zetagrid fever; New rsync mirrors; Gnome 2.2 now in Portage; and more.If you've had trouble installing the latest KDE packages you'll be interested in this fix (bug #15593).
Lycoris Linux available at WalmartLycoris has sent out an announcement stating that a boxed set with the Lycoris Desktop/LX distribution is now available via Walmart.com. The "ProductivityPak" and "GamePak" packages are also available.
Red Hat LinuxRed Hat has released an updated version of Phoebe, the latest Red Hat Linux beta. The release updates the kernel and glibc. Phoebe also has GNOME 2.2, KDE 3.1 and "many many many many bugfixes".
Slackware LinuxThe slackware-current change log shows an upgrade to linux-2.4.20, and a few installer changes, among many others.
Trustix Secure LinuxTrustix has released Trustix Secure Linux 2.0 Techology Preview 2 nicknamed Forecast. "Being a technology preview it is not suitable for production use nor to be considered maintained regarding security. We release this distribution to give you a chance to test and comment on it before it evolves into TSL 2.0. We also wish to thank those who tested and gave us valuable feedback on the previous technology preview."
SCO LinuxThe SCO Group has announced that SCO Linux 4.0, powered by UnitedLinux, has been certified with the latest edition of IBM DB2, Version 8.1.
New Distributions FreeducThe Organization for Free Software in Education and Teaching (OFSET) has produced Freeduc, a Knoppix/Debian-based Linux system with educational software, all on one bootable CD-ROM. Version 1.1 of the Freeduc CD-ROM was released November 5, 2002. Freeduc has joined the Education section of the Distributions list.
Minor distribution updates 2-Disk Xwindow embedded Linux2-Disk Xwindow embedded Linux has released v1.0.0 (Source code). This is the first source release.
Astaro Security LinuxAstaro Security Linux has released stable 4.000 with major feature enhancements. "Changes: The key features of this release are heuristic spam protection, PPPoE and PPPoA DSL dial-up, faster and enhanced WebAdmin, LDAP user authentication, NAT traversal for IPSec, dynamic filtering per VPN tunnel, a transparent POP3 Proxy with optional virus protection, VLAN (802.1q), and wireless LAN (802.11b)."
LEAFLEAF (Linux Embedded Appliance Firewall) has released Bering 1.1 with minor feature enhancements. "Changes: Includes a 2.4.20 kernel patched with grsecurity 1.9.9c, the latest version of Shorewall (1.3.14), and a patched version of IPSec (Freeswan 1.99) with x509 support, NAT-Traversal, and Notify/delete. Shorewall output is now logged through the ulogd netfilter daemon."
Fli4l (Floppy ISDN/DSL)Fli4l (Floppy ISDN/DSL) has released development version 2.1.2 with minor bugfixes. "Changes: The kernel is now compiled with GCC 2.95.4, removing the incompatibilities which resulted when it was compiled with GCC 2.96 (RedHat). Several minor bugfixes were also made."
floppyfwfloppyfw has released development version 2.9.1 with major feature enhancements. "Changes: This version now uses uClibc. Traffic shaping and bridging utilities are now in the base package, and the PPP(oE) version fits on a 1.44MB floppy."
LRs-LinuxLRs-Linux has released v0.3.1-rc2 with minor bugfixes.
uClinuxuClinux has released v2.5.61-uc0 with minor feature enhancements. "Changes: Many small fixes to the latest development kernel."
Distribution reviews Lindows at the Showdown (OfB.biz)Open for Business continues the Penguin Shootout with a look at Lindows. "Lindows is a rather polarizing distribution in many ways. For the most part, people either love it or hate it, both for the company's attitude and the distribution itself. We'll consider that in a bit, but first comes the question of how it stacks up to other distributions technically."
Mandrake PPC 9.1 Beta 2 review (DistroWatch)Distrowatch.com has a series of reviews of Mandrake 9.1 beta releases. Here is the review for Mandrake PPC 9.1 Beta 2. "The iMac did not feel slow at any time during my testing (this is a totally subjective opinion, but I have low tolerance for unresponsive systems). Sure, my 1.4GHz Athlon XP with DDR 333 SDRAM feels faster, but the difference in performance was much less than I expected. To me, this was a good surprise: I thought I had a computer destined to my private electronic cemetery, but I have changed my mind. I'll have a fully functional backup GNU/Linux workstation when Mandrake releases the final version of Mandrake PPC 9.1."
Page editor: Rebecca Sobol Development The Plone Information Management SystemVersion 1.0 of the Plone Information Management System has been announced, Version 1.0.1 was released on February 17, 2003.
At the SolutionsLinux 2003 conference, the Plone Team
released Plone 1.0, bringing open source into the world of professional
systems for managing content. Plone is an open source information
management system available in 22 languages, and has a large and active
community supporting it.
Plone has administrative workflow, multimedia, metadata, integrated search, and a standards-compliant templating system. Add-ons to plone provide integration with Microsoft Word, OpenOffice, PDF generation, and versioning. One important emphasis in the design of Plone has been to achieve a quick and easy installation experience. Also, "the focus of Plone is to provide value at every level of an organization." To see what people are doing with Plone, take a look at the Plone Sites page. The main Plone Site is also running under Plone. Plone is being developed by the non-profit organization, Plone International. The software is dual-licensed, it is available under the GPL and a commercial license. More information can be found on the Plone Documentation page, and in the The Plone Book. If you are interested in helping out with Plone, the Development Overview is a good place to start.
System Applications Audio Projects Ogg TrafficThe February 17, 2003 edition of Ogg Traffic is out with the latest Ogg Vorbis audio compression software news. Discussion topics include: Vorbis on Playstation 2, Speex ACM Codec, Recent Developments, Icecast Goodies, application/ogg blessed by IANA, and New Software.
Electronics gEDA NewsThe latest new software from the gEDA project includes GTKWave 2.0.0pre3-20030217, Icarus Verilog 20030216, and Gerber Viewer 0.12.
Printing OMNI version 0.7.3 releasedVersion 0.7.3 of the OMNI printer driver is available. Features include support for 461 printers, better CUPS integration, more XMLDevice fixes, unified jop properties specification on the command line, initial debian package building support, and more. See the Changelog file for details.
PyKota 0.95 releasedVersion 0.95 of PyKota has been released. "PyKota is a complete Print Quota system for the Common UNIX Printing System (aka CUPS), which works by directly querying the printers for the number of pages they have printed."
LinuxPrinting.org newsThe latest headlines on LinuxPrinting.org include: More than 1000 printers on linuxprinting.org!, HPIJS 1.3.1 is released!, and new support for the Epson Stylus Photo 900 and several Kyocera printers.
Web Site Development Nemein.Net 1.8.4 releasedVersion 1.8.4 of Nemein.Net, a browser-based Professional Services Automation solution, is available. "The new release makes major functionality additions to the Project tracking system. These additions include automatic generation of reference lists based on project data, mileage and expense reporting and new configurable reporting engine."
Zope Corporation Releases Zope 2.6.1Zope Corporation has announced the release of Zope 2.6.1, the latest version of the open source application server. The new release represents the successful global collaboration of community developers, as it is the first to contain a majority of enhancements from the Zope community.
Zope Members NewsThe most recent headlines on the Zope Members News include: DocmaServer 0.2 released, ZAttachmentAttribute released - Word, PDF, files into your own type, Plone Minimal Product released, Group User Folder Released, ZCybermut 1.0 Release, The Plone Team Releases Plone 1.0 - Professional Open Source System For Managing Content, French Zope Hosting, FDFToolkit for Adobe e-forms released, Pholder 1.0 beta3 released, and NZO pre-alpha and Call for volunteers.
Miscellaneous Twisted 1.0.3 releasedVersion 1.0.3 of the Twisted networking framework is available with a number of new features and bug fixes.
Experienced-Based Language AcquisitionBrian E. Pangburn has announced an interesting open-source computer language acquisition project known as EBLA. "Experience-Based Language Acquisition (EBLA) is an open source software system that enables a computer to learn simple language from scratch based on visual perception. It is the first "grounded" language system capable of learning both nouns and verbs. Moreover, once EBLA has established a vocabulary, it can perform basic scene analysis to generate descriptions of novel videos."
Desktop Applications Audio Applications Ardour developmentsThe latest developments to the Ardour multi-track audio hard disk recorder include: support for multichannel regions, a much better BBT ruler, improvements to the internal selection mode code, pan automation, a greatly improved algorithm for automation curve display, and mostly-working automation line editing.
ecasound 2.2.1 releasedVersion 2.2.1 of ecasound, a multi-track audio processor utility, has been released. "The JACK slave mode code has been completely rewritten. As a new feature it is now possible to use libsamplerate for resampling. Using JACK has been made more user-friendly as ecasound can now automatically configure the runtime parameters to match the current server settings. And thanks to build system and signal handling updates, it's now possible to compile ecasound for win32 under Cygwin."
JACK Rack 1.4.0 releasedVersion 1.4.0 of Jack Rack is out. This version adds the ability to right click on some of the controls.
Desktop Environments FootNotesHeadlines on the GNOME desktop FootNotes site include: GNOME 2.2 backport for Debian Woody available for download, Announcing GU4DEC - June 16th-18th Dublin, Ireland., Bitstream Vera Fonts 1.0 beta released, An epiphany in browsing, MrProject 0.9 released, gNumExp 0.6 released, Drop shadow madness, GNOME 2.2 Desktop Accessibility Guide, GNOME Users And Developers Italian Conference, Last GFileRunner Release - v0.3.5, Gnome Remote Connection Manager, and more.
KDE-CVS-DigestThe February 14, 2003 edition of the KDE-CVS-Digest is out with the following topic summary: "Many improvements in the development tools this week. In Kdevelop, work continues on code completion and new code templates. Quanta gets ktips and finishing polishes. Kate, Cervisia, KBabel and Umbrello continue to get better. Support for new XFree86 features are being implemented. And nothing like a gathering of developers to improve the games!"
Graphics Gimp 1.3.12 releasedDevelopment version 1.3.12 of the Gimp, a powerful image editing package, has been released. "This release features lots of cleanups to GIMP internals such as the undo system and the tools framework. New plug-ins (psd-save and spheredesigner) have been added along with a display filter that simulates color-deficient vision. The text tool has been improved and support for large swap files (>2GB) was added."
GUI Packages FLTK DevelopmentsThe latest new software for FLTK, the Fast, Light ToolKit includes: Fltk 1.1.XX utf-8 patch, flxine 0.6.1, fl_connect 1.0, and FLTK 1.1.3.
Interoperability Wine Weekly NewsIssue #157 of the Wine Weekly News is out. Topics include: News: Linux Desktop Consortium, Code to Test / Learn With, Clipboard Implementation, Smatch, and Testing for Unimplemented Functionality.
Office Applications Kernel Cousin GNUeIssue #68 of Kernel Cousin GNUe is out with the latest GNU Enterprise development news. Topics include: The eGovOS conference and Microsoft "Shared Source", Generating PDF output from GNUe Reports, Business Objects in Application Server, Getting started with GNUe Forms, GNUe and Double Chocco Latte, and Breaking CVS HEAD to add new UI support to Forms.
AbiWord Weekly NewsIssue #131 of the AbiWord Weekly News is out, with the latest AbiWord word processor development news. "Raphael Finkel pops in with a HowTo on translating AbiWord into other languages. Sam tells us a fix for people experiencing weird fonts where they weren't expected. The wrapper script used in POSIX compliant operating systems may finally be on its way to retirement. On a unixy note, Frank's put together a special package OS X users might be interested (you could help take over for Hub and his busted laptop if you prove your worth), and.... Johnny Lee whoops some buggy A*"
Web Browsers Galeon 1.2.8 and 1.3.2 released!Versions 1.2.8 and 1.3.2 of Galeon, a minimalist web browser, have been released. "They both support Mozilla 1.3b, the latest release (and Galeon 1.3.x requires at least Mozilla 1.3a) and feature bug fixes and 1.3.x also has some nice new features. In the interest of brevity, the release notes can be found with the files in our sourceforge area; just click on the stable and development links in the top right of the website. We currently have source tarballs up with rpms on the way. Enjoy!"
Netscape 7.02 releasedVersion 7.02 of Netscape is available. According to Mozilla.org: "Netscape Communications Corporation has released Netscape 7.02, a minor update with security and stability fixes. This new version, is based on Mozilla 1.0.2, also features updated Java and Flash plug-ins for Windows."
mozillaZineThe latest mozillaZine topics include: Former Galeon Maintainer Starts New Epiphany Browser Project, MozillaZine Readers Tell Us Which Mozilla Components They Use, Netscape 7.02 Released, Galeon 1.2.8 and 1.3.2 Released, Help Keep MozillaZine in Business, Geneva Tax Authorities Distribute Mozilla 1.2.1 to Taxpayers, Marc Andreessen Praises Mozilla, and Performance Comparison of Mozilla 1.3 Beta and Safari v60.
Miscellaneous Bluefish 0.9 releasedVersion 0.9 of the Bluefish HTML editor has been released. "Many bugfixes are fixed; several segfaults, and many small annoying bugs. Major performance improvements; highlighting performance improvements up to 50X faster in some cases, file loading times are faster, and loading and closing of many documents is much faster (tested with 3500 documents opened simultaneously). Many improvements for the user interface; much more compliant to the Gnome usability guidelines. And new features! Finally line number support, a new spell checker, and many more."
Languages and Tools Caml Caml Weekly NewsThe February 11-18, 2003 edition of the Caml Weekly News is out. Topics include: CamlAgent 0.1, Optimizing false polymorphic local functions, and Any idea about Ocaml 3.07 release date?.
Java Blackdown J2SE 1.4.1-01 for i386 and SPARCThe Blackdown Java-Linux Team has announced the availability of the Java 2 Standard Edition v1.4.1-01 for Linux on ix86 and SPARC.
Static Analysis with PMD (O'Reilly)Tom Copeland looks at PMD on O'Reilly. "PMD is a utility for finding problems in Java code. PMD does this using static analysis; that is, analyzing the source code without actually running the program. PMD comes with a number of ready-to-run rules that you can run on your own source code to find unused variables, unnecessary object creation, empty catch blocks, and so forth."
Lisp Maxima 5.9.0 releasedVersion 5.9.0 of Maxima, a Common Lisp system for performing computer algebra, has been released: "this version provides ANSI Common Lisp compatibility, a new build system, a new user manual, an enhanced command line interface, improved (X)Emacs modes, enhanced numerical precision of some functions, several bug fixes, and more."
Perl This Week on perl5-porters (use Perl)The February 10-16, 2003 edition of This Week on perl5-porters is out. Topics include: lvalue length, Unexpected scientific notation, gzipped modules, The -C Unicode switch, and Namespace pollution.
This week on Perl 6 (O'Reilly)The February 6, 2003 edition of This week on Perl 6 is out with the latest Perl 6 news. Topics include: The 2004 Performance challenge, More Parrot Objects, Bytecode Metadata, Multi programming language questions, Random questions, A Scheme for extending core.ops, Week of the alternative runloops, Shortcut ?=, Language Discussion Summaries, Newline as a statement terminator, Arrays vs. Lists, and Announcements, Acknowledgements and Trip Planning.
Module::Build (O'Reilly)Dave Rolsky writes about Module::Build and ExtUtils::MakeMaker on O'Reilly. "If you've ever created a Perl module for distribution on CPAN, you've used the ExtUtils::MakeMaker module. This venerable module goes back to the dawn of modern Perl, which began with the release of Perl 5.000. Recently, Ken Williams has created a potential replacement for ExtUtils::MakeMaker called Module::Build, which was first released in August of 2002."
PHP PHP Weekly SummaryTopics on this week's PHP Weekly Summary include: sybase_ct batch query, Full list of PHP functions, File IO with Solaris, Building from CVS, MySQL for PHP 5, Filterless Apache 2, and file() extended.
Python Dr. Dobb's Python-URL! - weekly Python news and links (Feb 17)The Dr. Dobb's Python-URL! for February 17, 2003 is out with the latest Python news.
The Daily Python-URLThis week's Daily Python-URL article topics include: Python Package Index (PyPI) now on python.org, twander, FDFToolkit for Python, Qt and PyQt, Python - Scripting power for Java, Zope is a Jolt finalist, A conversation with Guido van Rossum, part VI: Designing with the Python community, xfmllib, Can Parrot run Python code faster than Python itself?, XML Matters: reStructuredText, and more.
Qt and PyQt (IBM developerWorks)Boudewijn Rempt and David Mertz write about Qt and PyQT. "The Qt toolkit is a widely-used cross-platform GUI toolkit, available for Windows, Linux, Mac OSX, and handheld platforms. QT has a well-structured, but flexible, object-oriented organization, clear documentation, and an intuitive API. In this article, David Mertz and Boudewijn Rempt look at the Qt library, with a focus on the PyQt bindings that let Python programmers access Qt functionality."
Ruby The Ruby Weekly NewsTopics on this week's Ruby Weekly News include: Supporting windows through C extensions, and Lexical scope and closures.New Ruby software includes: Ruby-freedb 0.5. FreeType2-Ruby 0.1.0, MusicBrainz-Ruby 0.1.0, FormValidator 0.1.0, Test::Unit 0.1.8, Flash and Ruby GUI prototype, DBD-Google-Ruby, PLRuby 0.3.3, Joystick-Ruby 0.1.0, sys-cpu 0.2.0, net-pingsimple 0.2.0, and REXML 2.5.4.
The Ruby GardenNew topics on the Ruby Garden include: Extension of thread scheduling in rb_thread_schedule(), and Require quirks.
Scheme Scheme Weekly NewsThe February 17, 2003 edition of the Scheme Weekly News is out with lots of Scheme language news.
Tcl/Tk Dr. Dobb's Tcl-URL! - weekly Tcl news and links (Feb 17)The February 17, 2003 edition of Dr. Dobb's Tcl-URL! is out with the latest Tcl/Tk development news.
XML Simple XML Processing With elementtree (O'Reilly)Uche Ogbuji introduces elementree on O'Reilly. "Fredrik Lundh, well known in Python circles as "the effbot", has been an important contributor to Python and to PyXML. He has also developed a variety of useful tools, many of which involve Python and XML. One of these is elementtree, a collection of lightweight utilities for XML processing."
Building Metadata Applications with RDF (O'Reilly)Bob DuCharme talks about the Python RDFlib on O'Reilly. "The first time I tried the RDFLib Python libraries, the lightbulb finally flashed on. RDFLib lets you generate, store, and query RDF triples without requiring you to ever deal directly with the dreaded RDF/XML syntax. And you can do all this with a minimal knowledge of Python."
XML at Five (O'Reilly)Edd Dumbill writes about five years of XML development. "To celebrate this auspicious anniversary, I asked some XML old-hands and friends of XML.com to comment on their experience with XML over the last five years. Read on for their entertaining, illuminating and thought-provoking comments."
EXSLT by exampleUche Ogbuji explains EXSLT on IBM's developerWorks. "Community standards have had a very important role in XML technology, from SAX to RDDL. The most important community standard for XSLT is the EXSLT initiative for standard extension functions and elements. In this article, Uche Ogbuji uses practical examples to introduce and demonstrate some useful EXSLT functions."
Miscellaneous Jext Linux ScreenshotsA number of new screenshots showing the Jext programmer's editor running on Linux, are now available.
Page editor: Forrest Cook Linux in the news Recommended Reading Data Flood Feeds Need for Speed (Wired)Wired covers an international team of physicists who set a world record for the amount and speed of data transferred over a broadband network. "Data was transmitted by packets called jumbo frames, which are 9,000 bytes -- six times as big as the packets normally sent over the Internet. The team used PCs running Debian GNU/Linux in Amsterdam and RedHat Linux in Sunnyvale."
Asian Open Source Centre launched (Bioinformatics.org)Bioinformatics.org has an announcement for a new Asian open-source software site. "Asian Open Source Centre is promoting free software and open source use in Asia, especially related to the locale. The centre focuses on open source issues specific to Asia, such as localization of software, open source for creating local content, and the use of open source to bridge the 'digital divide'. AsiaOSC also has a Wiki on open source."
Xbox Linux group seeks Microsoft seal (News.com)News.com reports on an open letter to Microsoft from the Xbox Linux Project. "'Because of Microsoft's deliberate design choices in terms of restricting the software that may run on an unmodified Xbox to 'Microsoft approved only,' coming to ask Microsoft, and presumably paying Microsoft, is currently the only way we can get our port of the GNU/Linux OS to interoperate with an unmodified box,' the letter says."
Trade Shows and Conferences It's Time for CodeCon 2.0 (Linux Journal)Linux Journal plugs CodeCon 2.0. "CodeCon is back. CodeCon 2.0, brought to you by San Francisco Bay Area technologists Bram Cohen and Len Sassaman, is a unique conference that showcases active, working software development projects, presented by the actual code developers at the very sensible hour of 12 noon."
About Fosdem (Linux Journal)Here is Linux Journal's wrap-up of FOSDEM. "The event itself typically is developer-centric. People speak about the innerworkings of their software, offer a presentation on how to use it in other products or sit behind a table all day answering thousands of questions from the crowd. For this reason, I wouldn't recommend complete newbies come to Fosdem, as the technical level is quite high. Most of the sessions, though, are fairly comprehensible even by non-developers."
Companies IBM taps suite for Linux PDA designs (News.com)News.com reports that IBM has licensed Trolltech's Qtopia software suite for use in a new Linux PDA design kit due next month. "The design kit will include the blueprints and software necessary to help individuals or companies create several different kinds of personal digital assistants based on the Linux operating system. The kit can also be used by software makers interested in creating applications for the PDAs. It will be available for $1,000 from IBM Microelectronics and a few partners in March, the company has said."
Linux Backers To Put OS Through Security Certification (TechWeb)TechWeb looks at security certification plans. "Oracle, Red Hat, and IBM have all announced plans to put Linux through its security paces -- specifically through the Common Criteria certification process -- in an effort to win approval for using Linux among both government and private-sector clients." Here is IBM's press release.
Linux Adoption Ten Good Reasons for a DBMS Strategy Re-Think (Open)Open gives ten good reasons to consider using open-source database systems. "In a go-slow economy, CIOs are under pressure to leave no old assumptions unexamined, including their choice of database systems. As ubiquitous, 24 x7 e-business and demand for instantly updated information only heighten the focus on good database planning, CEOs and CFOs are questioning if it's worth paying steep licensing fees and support costs."
Interviews Grid guru: An interview with Argonne's Steve Tuecke (IBM developerWorks)IBM's developerWorks features an interview with Steve Tuecke on the topic of grid computing. "Although scientists have been using Grid technologies since the Condor project began scavenging up idle computer cycles at the University of Wisconsin in the mid-1980s, the really exciting vision of Grid computing -- a set of open and ubiquitous standards that real world developers will use for distributed computing -- remains a vision of the future. One of the people most actively involved in making that vision a reality is Steve Tuecke, lead software architect in the Distributed Systems Laboratory at Argonne National Laboratory and lead architect of the Globus Toolkit, the popular implementation of the OGSA (Open Grid Services Architecture) middleware standards that are the basis of Grid computing."
Resources Jay Beale - Linux Guru (Information Security Magazine)Jay Beale has a new column called Linux Guru in Information Security Magazine. The first one attempts to answer the questions, "How can I determine if my Linux server has been hacked? How can I be sure that I haven't been hacked?" "Really, the secret is to avoid compromise. Harden systems before deployment, keep up with patches, and design a strong host and network architecture. Then start building your own digital and human baselines to make intrusion detection easier. It's a bit of upfront work, but it's less hassle than recovering from a bad compromise later."
BASIC programming with Unix (LinuxFocus)Linux Focus looks at BASIC programming. "If we try to make an inventory of the number of BASIC available for Linux, we can find about half a dozen of projects, more or less advanced. There is a "Basic Foundry" in sourceforge to give a classification on the number of downloads..." Thanks to Ashwin N
Reviews Colorful KDE 3.1 Performance On Low-End Hardware (LinuxPlanet)LinuxPlanet reviews KDE 3.1, using a very old computer. "People have become accustomed to the convenience and beauty of the modern desktop. However, some people shy away from packages like KDE 3.1 because they think it's going to run like frozen molasses on their six-year-old Pentium machine. Let me put your fears at ease and tell you how it works on ancient iron."
Miscellaneous Dave Stutz is a free man (Doc Searls' blog)Doc Searls looks at the retirement of Microsoft employee Dave Stutz. "This is a serious development. Dave has been the bearded open source community insider at Microsoft for a long time: a good and honorable man who for years did an amazing job of bridging two worlds -- commercial and noncommercial, Microsoft and everybody else." Thanks to Jay R. Ashworth
Page editor: Forrest Cook Announcements Non-Commercial announcements Lisp guru makes awards finalist listBruno Haible was among the top three finalists for the 2002 Free Software Awards. Thanks to Paolo Amoroso.
Commercial announcements Eridani Star Systems MailStripper Pro 0.93 releasedEridani Star Systems has announced a new version of MailStripper, an anti-spam mail scanner with anti-virus capability. MailStripper is intended to be Mail Transfer Agent (MTA) independent and aims to work with any SMTP-based MTA as it works by filtering the incoming SMTP stream.
Motorola announces Linux handsetMotorola has announced what it claims is the first handset running Java and Linux. "The A760 is Motorola's first handset demonstrating the company's commitment to making the Linux operating system a key pillar of its handset software strategy. The strategy fosters innovative applications, which helps lead to increased revenue and differentiation opportunities for operators around the globe." Unless you live in the Asia/Pacific region, however, you will have to wait a while before you can get your hands on one.
Sourcefire gets $11 Million investmentPerhaps some money is slowly flowing back into the tech industry; SourceFire, which is selling a product built around the free Snort intrusion detection system, has announced the receipt of $11 million in venture funding.
Sun Microsystems Laboratories Contributes XACML Security StandardSun Microsystems, Inc. has announced the release of its implementation of the new XACML OASIS Open Standard for security under an open source (BSD-style) license.The OASIS interoperability consortium has announced that its members have approved the Extensible Access Control Markup Language (XACML) as an OASIS Open Standard.
Resources 3-in-1: Mini Book Reviews (Linux Journal)Linux Journal reviews three books: "Extending and Embedding Perl", "LDAP Programming, Management and Integration", and "An Introduction to Programming in Emacs Lisp, 2nd Edition".
Upcoming Events Linux Summit 2003 and press conferenceThe Linux Summit 2003 happens February 27 - 28, 2003 in Espoo Finland. At the Summit, attendees will learn why Linux has become a hot topic within the IT industry. Using examples from real life, the Linux Summit 2003 will demonstrate why businesses are increasingly embracing Linux and Open Source software.
PyCon 2003PyCon 2003, a community-oriented Python conference, will be held in Washington, DC on March 26-28, 2003.
First OpenOffice.org ConferenceThe First OpenOffice.org Conference will be held in Hamburgh, Germany on March 20-21, 2003.
KDE at Paris Solutions Linux 2003KDE.org reports on the KDE activity at the Solutions Linux 2003 show which was held in Paris.
GUADEC 2003 to Attract Global Audience of GNOME Developers and EnthusiastsHere is an announcement for the fourth annual GNOME User and Developer European Conference (GUADEC), to be held at Trinity College in Dublin, Ireland, June 16 - 18, 2003.
CFP Stockholm Perl Mongers (use Perl)Use Perl mentions the resurrection of the Stockholm Perl Mongers group.
New Security Paradigms Workshop 2003 CFPA Call For Papers has been sent out for the New Security Paradigms Workshop 2003, to be held in Ascona, Switzerland on August 18-21, 2003. Papers are due in by June 10.
Events: February 20 - April 17, 2003
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Miscellaneous WiFi Caravan to Prove Extreme Mobile ConnectivityIf you're interested in wireless, Linux, security, digital music, or the off-the-shelf hardware and software that enable the freedom of a mobile wireless network which can maintain an uninterrupted connection even at highway speeds, then read on...
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Plone]](/images/ns/plone.jpg)
Plone is built on top of the