LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for May 10, 2007Episodes from the evolution of FedoraThe Fedora 7 release, due on May 24 (though it appears that schedule may slip a bit), marks the beginning of a new era for this distribution. As that release approaches, a number of issues have come up which merit some attention. Here's a review of some events in Fedora land.One of the core developments in Fedora 7, so to speak, is the merging of the "Core" and "Extras" distributions. As of the next release, it is all simply "Fedora." Given the nearness of the release, one would have thought that this merger would have happened some time ago. As it happens, that merger is just being finished up now. Much of the ground work was done over the preceding months, leading up to the actual joining of the repositories, source management subsystems, and build systems happening now. As of this writing, the new source archives and build systems are up, but the flow of packages into the Rawhide distribution has not resumed. There has been a small amount of concern voiced by a few maintainers of packages formerly found in Extras. In the good old days, they could post an updated package at any time and have it go right into the repository. Now that there is only one repository, the whole thing is currently frozen in the run-up to the release. How to work in the new, unified environment is still not entirely clear to all Extras package maintainers. Overall, though, the number of glitches from the merger appears to be small - so far. More information can be found in the draft post-merge FAQ. Red Hat's distributions have long been known for including software which is not necessarily completely mature. Over the years, this company has pushed in bleeding-edge technologies like ELF binaries, glibc2, SELinux, and more; the end result has often been a combination of user pain and accelerated development of the code in question. Fedora is in many ways the true descendant of Red Hat Linux, and it continues the practice of packaging very new technologies. Some users are beginning to wonder if that practice has gone just a little too far this time, though. The software in question is the Nouveau driver. This reverse-engineered code is an eventual replacement for the binary-only drivers supplied by NVIDIA. Someday, Nouveau will be the driver of choice for people with NVIDIA hardware, but today is not that day. The Nouveau driver is still in heavy development with a lot of problems to solve before it is ready for production use. But Fedora 7 includes it anyway so that people with an interest in trying out the new driver can do so. Fedora 7 does not enable Nouveau for any system unless explicitly told to. In theory, anybody who turns it on should know what they are getting into; in practice, at least one user has already been burned by trying Nouveau in a situation where it did not work. So some voices have been heard to say that Nouveau has been included ahead of its time and should be removed. Fedora developers still want to include it, though:
It is turned off by default just like the new Intel xorg driver in
FC6. That did help in users providing feedback when they turn it on
manually. It fits our mission of progressing Free software. This is
a important project. Anything that we can do to help is worth the
effort.
Others say that a project as important as Nouveau should not be subjected to a tide of disappointed users who were lulled into trying the code before its time by their distributor. Chances are that Nouveau will remain. There is one remaining issue, though: Nouveau is currently co-packaged with the stable "nv" driver that people are actually expected to use. So Nouveau cannot be updated without pushing out a new nv package. Given that Nouveau can be expected to evolve considerably over the life of Fedora 7, impediments to the packaging of updated versions seem like a bad idea. There is talk of splitting Nouveau into its own package, which seems like a more than reasonable way of solving this problem. Finally, there is the issue of Python 2.5. That is the current version of the language, and the version which will be shipped with Fedora 7. The only problem is that the Zope content management system, which serves as the base for Plone (and others), does not work with this version of Python. So the current plan is for Fedora 7 to ship without Zope or the packages which depend on Zope. Back in the days when Red Hat Linux fit on a single CD, a core component like Python would not have been updated until everything which depended on it was ready for the change. In fact, Red Hat Linux was glacially slow to move to Python 2 for just this reason. Fedora is a much larger distribution which lacks the same sort of firm central control, so it has become much harder to delay an update like this. And, unlike Debian, Fedora is unwilling to delay a distribution release until all such issues are worked out. Some Zope users would like to see Fedora ship a "compat-python24" package so that Zope will continue to work. There is some opposition to this idea, though:
As the python maintainer, I am *STRONGLY* opposed to a
compat-python24 package. Because at the end of the day, bug
reports will get filed against the wrong python package (because
end-users aren't going to know or case). Security problems are
still going to end up having to be dealt with and likely through me
because the CVE will originally get filed against python and no one
will think about compat-python.
Jeremy Katz, the maintainer quoted above, would like to see a rule allowing a package maintainer to veto the addition of older "compat" packages so that they could avoid having to deal with these sorts of problems. He seems likely to win this particular argument, meaning that there will probably be no Python 2.4 in Fedora 7. The implication is that interested people will end up creating a set of Zope and Python 2.4 packages for Fedora 7 and hosting them on a third-party server somewhere. It will be a small amount of extra hassle for affected users, but that can be worked around. The issue of security support (crucially important for a complex, network-facing system like Zope) should be considered by anybody wanting to run this code, however. There have been suggestions that the maintainer of the Zope package should undertake the task of making it work with the version of Python found in Fedora 7:
I believe very strongly that it _is_ the package maintainer's job
to work with upstream code to make it work with Fedora, and this
kind of thing _is_ a packaging issue.
There's a reason we have Fedora package maintainers instead of just automatically pulling in upstream tarballs and building them with rpmbuild -ta. It's because the role of the package maintainer is to make the package a _part_ of Fedora -- that's what makes Fedora a coherent distribution and not just a semi-random collection of packages. In this view, making Zope work with Fedora's version of Python is much like making it work with SELinux or Fedora's init scripts setup - just part of the job of making a package for the distribution. Once again, this role was probably easier to carry out back in the single-disk days. In any case, the current Fedora Zope maintainer is not going to port Zope to Python 2.5 - that is apparently a rather large job. This, too, will pass, and Fedora 8 may well be able to welcome Zope back into the fold. In the mean time, though, the Fedora developers are trying to figure out just how their distribution should react to issues like this. As Fedora evolves and becomes more open to the community, it will have to better define its policies and set them down so that developers know what to expect.
A think tank's view of free softwareBack in early March, a company called the Olliance Group held a gathering of about 100 corporate manager types at a resort in California's wine country. This "Open Source think tank" has now produced a 16-page report [PDF]. It is, indeed, an interesting look at how a certain part of the corporate world views free software - though, perhaps, not entirely in the ways its authors intended.When a self-appointed "think tank" gets together to talk about free software, one is right to be cautious. When one of that event's top-level sponsors is Microsoft, an extra degree of nervousness seems appropriate. The other top-level sponsor, naturally, is Novell; the remainder of the list is NEC, Unisys, Jasper Soft, OpenLogic, and SugarCRM. Not the most community-oriented bunch one could have come up with. LWN readers will be glad to know that "Overall, the CIOs unanimously agreed that open source is viewed as a viable option in software procurement decisions for their companies." Once they made that admission, however, this group started to raise its complaints about open source, many of which could have come from the 1990's. The first was lack of support - evidently there still is not enough commercial support for open source software. The report notes that "this is something the open source industry will have to address to increase adoption by companies." One would think that if there is truly a need for more support these companies would see that need as a business opportunity rather than an obligation. Another problem, it seems, is interoperability:
CIOs desire greater interoperability built directly into open
source products. This is an area where proprietary solutions
maintain an advantage over open source, as it is far easier to
integrate and use a suite of proprietary applications that are
guaranteed to interoperate and that have common interfaces that
make it easier for end-users to learn and use the suite.
This is a surprising claim, given that free software developers generally work toward interoperability with everything. The next claim is just as surprising:
Open source lacks compliance with many standards when compared with
proprietary solutions. These standards include universal standards
such as ISO, and industry-specific standards (financial industry
standards, health care industry standards, etc.). It was
acknowledged however, that open source offers some advantages in
the area of technology standards through its openness and
transparency and its ability to facilitate the creation of de facto
standards such as Eclipse and ODF.
The description of OpenDocument as a "de facto standard" borders on the dishonest. The various reasons why certain "industry standards" may not be supported as well as others are not examined. Think tank attendees bemoaned the fact that monetizing open source remains challenging. Then, there is this problem:
Open source generally
depends on a corps of motivated volunteer developers to develop
features. Often, the features that developers are interested in
working on are different then features that customers are
requesting. For example, Openoffice customers want more Visual
Basic macros to ensure interoperability with Microsoft Office, but
OO developers have not been all that interested in building VB
macros.
The idea that a company whose business model depends on better VB support could devote resources to the creation of that support is not mentioned anywhere in the report. Licensing is an issue which is mentioned several times in the report:
Open source licensing is a big source of confusion due to the
number of open source licenses, and a lack of understanding on how
licenses impact business, as well as how licenses interact with one
another. Some licenses require technology to be shared with the
community, other licenses require attribution, and numerous
licenses have different ways of dealing with software
patents. Furthermore, many licenses are incompatible. License
proliferation, confusion and incompatibility are barriers to the
continued growth and adoption of open source.
Clearly, we would be better off with the simplicity, compatibility, and fairness found in proprietary software licenses. Beyond that:
Think Tank participants bemoaned the lack of a business-friendly
license that adequately addresses issues such as copyright,
patents, attribution and indemnification. While nobody was
suggesting "yet another license" as the solution, the
dissatisfaction by commercial vendors and customers with the
existing licenses was clear.
It would be most enlightening to see what this "business-friendly license" would involve, but the attendees apparently ran out of time before they could elaborate on that point. The GPLv3 draft was also discussed, with a generally negative response. Another problem:
These issues also point to the need for better governance of open
source contributions. Currently, projects have many different
standards governing code contributions - some communities
vet the code, some require contribution agreements to be signed and
others have no such requirements. The lack of standards and
governance on contributions raises concerns on the source and
legitimacy of code that is incorporated into projects.
This is a claim that needs to be backed up: despite the intense attention which has been given to the provenance of code in a number of high-profile projects, the number of real problems has been exceedingly small. If the attendees of this think tank wish to claim that the code found in free software projects is less likely to be legitimate than proprietary code, they need to come up with some evidence to that effect. Sadly, space constraints appear to have prevented this evidence from being included in the report. Other worries include a lack of open source developers - their numbers are not keeping up with the growth of the industry. The fact that quite a few developers are coming out of universities is considered to be a good thing, but not without reservations: "However a concern was expressed that due to the popularity of open source development at universities, graduates may be lacking key skills such as sound architecture, defining customer needs and product management." We also hear that open source "tends to fragment easily," presenting problems for vendors. "Commercial open source tends to be less fragmented, while 'pure' open source tends to be more fragmented." All is not bad, though. Open source offers "flexibility in procurement" and "flexibility in deployment" where "companies can mix and match open source software as they please" - despite all of those interoperability and standards compliance problems we heard about earlier. Faster product cycles are seen to be good, as are faster bug fixes. Plus:
In addition, there is "perceived" value in the ability to fix or
enhance open source code at the CIOs pleasure even if the vast
majority of user organizations do not .
This "perceived" value is as close as this report ever gets to any sort of freedom-related issue. There is plenty more to look at in this report, but perhaps it is best to finish with this observation:
Finally, OSS and proprietary models continue to converge.
Proprietary companies are taking elements of the open source model,
including faster development cycles, and free, downloadable trial
versions. OSS companies are taking elements of the proprietary
model, by offering support, updates and indemnification.
This report gives no space to the developers of all this software, beyond complaining that both their numbers and their motivation to implement Visual Basic macros are insufficient. There is no thought toward maintaining healthy development and user communities, addressing problematic legal issues, or contributing back to the community in any way. These are people who see free software as a well from which they can draw resources for their businesses, but that software is just a raw material. They want to repackage and sell that material in as proprietary a manner as possible. If this group represents the future of the open source business community, we could be in real trouble. A look at the list of sponsors given at the top of this article is cause for comfort, however, as most of the companies which have found real success with free software chose not to support this event. So there is reason to believe that this "think tank" is not representative of the wider business community, that, instead, it's a group of leaders of businesses who wish they were doing better at "monetizing" free software.
The Grumpy Editor's next project
Chances are, however, that many of those companies share the one exception which can be found here at LWN: our business accounting is done using a well-known, proprietary, small business bookkeeping tool. It has all the problems associated with such tools: it holds our company data in an opaque, proprietary format, it does not interoperate with the rest of our operation, it does not work as reliably as we would like, and it occasionally forces an expensive upgrade to a new version for no clear reason. Plus there's that proprietary operating system that the bookkeeping application depends on. Various attempts to replace this application have failed to take off. It's hard to replace a functioning, important business subsystem, and, frankly, free alternatives in the business accounting area have been slow to reach a mature state. Your editor has recently become determined to change this situation, though. Enough is enough. A new accounting system will have to meet a number of needs. To begin with, it must be able to import accounts and historical data from the proprietary application. It should operate in a multi-user, network-friendly manner. We need all of the usual accounting functions, from double-entry bookkeeping to easy export of data to our accountant to the creation of the occasional pie chart. And we would really like the ability to integrate it with the LWN site code, since so much of our commerce goes through that code. There are numerous projects in this space. Your editor's list of candidates at the moment includes (in no particular order):
As one can see, there is no shortage of alternatives to look at; no doubt LWN readers will know of a few which your editor missed. Working through this list will be more than enough to keep an editor busy for some time; since your editor has no particular passion for accounting, it's also likely to make him somewhat grumpier than usual. It's clearly not a topic which can be covered in a single article. So expect a series of installments as your editor heads into the accounting jungle and tries to figure out whether it's possible to run a business completely on free software or not.
Security Stability v. security fixesA whole pile of security fixes for Red Hat Enterprise Linux 4 (RHEL4) was released at the beginning of May; this event might not be noteworthy except that some of the vulnerabilities were nearly two years old. This stands in contrast to a recent Red Hat article describing the security track record of RHEL4, which was covered on this page, and made no mention of delays of this sort. Digging in a bit deeper to try and understand why seems logical. Of the thirteen fixes listed by LWN for that day, eleven are categorized as having low severity by Red Hat, one is moderate and one is important. The latter is a recently reported vulnerability in xscreensaver that was given a CVE number less than a month ago. Of the dozen others, eight had CVE numbers from 2006 and four from 2005. Red Hat classifies security issues based on their analysis of their impact; both "low" and "moderate" vulnerabilities are unlikely to be exploitable, with "moderate" vulnerabilities having worse consequences if it does happen. Under those definitions, it would certainly seem less important to get those fixes out, but it would also seem like a headache to keep track of them. Fedora Core released fixes for these issues ages ago and those seem to have worked out, why did Red Hat sit on them for RHEL4 for so long? Mark Cox, from the Red Hat Security Response Team explains:
So for example CVE-2005-4268 relies on an attacker giving a victim a
carefully crafted rather large cpio file, and getting the victim to open
it using the cpio command on a 64-bit platform. Even if the attacker
manages that, the ability to lead to code execution is unlikely. So we
defer these issues; customers don't want to go through an update and test
cycle just to fix such an issue. Then, when other issues of a higher
severity come up in the same package, or if we are to release an update
to that package for any other reason, we also pick up any fixes we
previously deferred.
Red Hat Enterprise Linux errata are batched into periodic 'updates'; what was released this week was Update 5 for Red Hat Enterprise Linux 4. So, for low and some moderate impact bugs, RHEL4 users must wait for patches until some other issue with that package requires attention and then await the next batch of fixes as an update release. An intervening update cycle is not necessarily enough to push these fixes out as there have been several update releases to RHEL4 since they were reported. RHEL customers prize stability, and delayed security updates is part of Red Hat's process for delivering that stability. Security issues (and bugs in general) are funny beasts and sometimes their implications do not become clear for a long time. Something that seems to have a low impact is suddenly used in an unexpected way by a worm or some other exploit and the impact needs to be recalculated. By holding back these fixes for seemingly trivial security issues, Red Hat could be setting itself up for an unpleasant security surprise someday. Some customers may also feel that they are more at risk for a particular issue than Red Hat thinks they are. Perhaps they use cpio frequently on possibly untrusted data on their 64-bit machines. As things currently stand, they had no fix available to them (at least via the normal Red Hat update means) for more than a year; there was no easy way for them to even know there is a problem. Red Hat tracks these bugs via bugzilla which is open for anyone to use, but they only put out announcements when they release a fix. It is hard to argue that customers should be trolling security lists and/or bugzilla looking for security issues that might affect them; this is, after all, what they pay Red Hat for. As with seemingly everything in the world of computers, there is a trade-off here; very few customers would want to be upgrading their production systems frequently for low impact bugs. On the other hand, they may not want to be exposed forever to those same low impact bugs. Batching these kinds of fixes up into security updates once or twice a year seems like a reasonable plan, but holding on to updates for over a year may be just a bit more stability than some customers were looking for.
New vulnerabilities dovecot: directory traversal
elinks: code execution
gimp: symlink issue
ldap-account-manager: privilege escalation, possible cross-site scripting
lftp: shell command execution
moin: arbitrary JavaScript execution
php: several vulnerabilities
pop mail man-in-the-middle attacks
pptpd: denial of service
python: information disclosure
tetex: buffer overflow
Updated vulnerabilities acroread: multiple vulnerabilities
aircrack-ng: remote execution of arbitrary code
apache: cross-site scripting
Asterisk: two SIP denial of service vulnerabilities
bluez-utils: hidd vulnerability
bugzilla: multiple vulnerabilities
busybox: insecure password generation
capi4k-utils: buffer overflow
clamav: several vulnerabilities
cpio: arbitrary code execution
vixie-cron: privilege escalation
cscope: buffer overflows
cscope: buffer overflows
cups: denial of service
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
dovecot: index cache file handling error
elinks: arbitrary file access
evolution: format string error
fail2ban: denial of service
ffmpeg: buffer overflows
file: denial of service
file: arbitrary code execution
firefox: FTP PASV port-scanning
freeradius: memory leak
freetype: integer overflows
gcc: file overwrite vulnerability
gd: buffer overflow
gdb: buffer overflow
gdm: improper file permissions
gedit: format string vulnerability
gimp: arbitrary code execution
grip: buffer overflow
gzip: multiple vulnerabilities
horde-kronolith: local file inclusion
ImageMagick: integer overflows
imlib2: arbitrary code execution
ipsec-tools: denial of service
java: multiple vulnerabilities
kdelibs: kate backup file permission leak
kdelibs: cross-site scripting
kernel: denial of service
kernel: denial of service
kernel: multiple vulnerabilities
kernel: denial of service
kernel: denial of service
kernel: denial of service
kernel: denial of service by memory consumption
kernel: denial of service
kernel: denial of service
kernel: denial of service
kernel: multiple vulnerabilities
krb5: uninitialized pointers
krb5: local privilege escalation
krb5: multiple vulnerabilities
ktorrent: incorrect validation
libgadu: memory alignment bug
libgtop2: buffer overflow
libmodplug: boundary errors
libpng: buffer overflow
libpng: heap based buffer overflow
libtiff: buffer overflow
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
lighttpd: denial of service
lookup-el: insecure temporary file
lynx: arbitrary command execution
mod_jk: stack overflow
mod_perl: denial of service
mplayer: buffer overflow
mysql: denial of service
mysql: format string bug
MySQL: privilege violations
MySQL: logging bypass
nbd: arbitrary code execution
ncompress: buffer underflow
net-snmp: denial of service
openldap: security bypass
OpenSSH: denial of service
openssh: remote denial of service
php: multiple vulnerabilities
php: several vulnerabilities
php: buffer overflows
phpbb2: missing input sanitizing
phpbb2: multiple vulnerabilities
postgresql: SQL injection
postgresql: privilege escalation
qemu: multiple vulnerabilities
qt: "/../" injection
quagga: denial of service
quake: buffer overflow
rpm: arbitrary code execution
Mozilla: multiple vulnerabilities
shadow-utils: mailbox creation vulnerability
slocate: information disclosure
snort: remote arbitrary code execution
tcpdump: denial of service
tomcat: directory traversal
unzip: long file name buffer overflow
util-linux: access restriction bypass
vim: arbitrary shell code execution
vixie-cron: weak permissions may cause errors
w3c-libwww: possible stack overflow
wordpress: another pile of vulnerabilities
XFree86 X.org: integer overflows
xine: format string vulnerabilities
xine-lib: arbitrary code execution
xine-lib: buffer overflow
xine-lib: buffer overflow
xinit: race condition
xmms: BMP handling vulnerability
xscreensaver: password check bypass
zziplib: buffer overflow
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThere is still no 2.6 prepatch as the merge window remains open. Patches continue to pour into the mainline git repository; see the article below for details.The current -mm tree is 2.6.21-mm2. Recent changes to -mm include the removal of the adaptive readahead patches (in anticipation of a newer, simpler version), a kernel-based mechanism for unprivileged user mounts, and the removal of the staircase deadline scheduler. Mostly -mm is shedding weight as patches move into the mainline. For older kernels: 2.6.16.50 was released on May 4, followed by 2.6.16.51 on May 9. Each update contains a handful of important fixes.
Kernel development news Quotes of the week
Really, we are likely be better off by risking the merge of _bad_
code (which in the swap-prefetch case is the exact opposite of the
truth), than to let code stagnate. People are clearly unhappy about
certain desktop aspects of swapping, and the only way out of that
is to let more people hack that code. Merging code involves more
people. It will cause 'noise' and could cause regressions, but at
least in this case the only impact is 'performance' and the feature
is trivial to disable.
-- Ingo Molnar pushes for swap prefetch
Open source is about release early, release often. Not "hide code
in a dark corner until Christoph thinks it is perfect." We have
high standards for upstream merged code, but that standard is not
perfection. Perfect is the enemy of good.
-- Jeff Garzik for Libertas
If your mission to another star *depends* on every single piece of
complex equipment staying up with zero reboots for 200+ years, you
have some serious technology problems.
-- Linus Torvalds
More stuff for 2.6.22As of this writing, the 2.6.22 merge window remains open, with quite a bit of code still expected to be merged. User-visible changes which have gone in include:
Changes visible to kernel developers include:
The merging process is not yet done, so expect another big set of patches to go into 2.6.22 before the window closes.
The return of kevent?The last time this page looked at the kevent interface, it seemed to have reached the end of its run. The eventfd patches had stolen the thunder, providing a way for applications to wait on many types of events using the standard polling interfaces. The kevent developer has shelved the work on the assumption that it would not get in. That assumption appeared to be justified, given that Andrew Morton, in his 2.6.22 merge plans document said that the eventfd patches would be included.As was mentioned last week, one obstacle came up in the form of pollfs, an implementation of a very similar idea. There were a couple of relatively harsh reviews of the pollfs code, and its profile appears to have lowered considerably. It is possible that a new, improved version of pollfs could show up in the near future, but it would have to be a lot better to grab a significant amount of attention. The pollfs code has probably shown up too late to the game. There's another late arrival who will have to be listened to, however: glibc maintainer Ulrich Drepper. Having sat out the discussion of eventfd, he is now back and opposing its inclusion into the mainline:
It's Linus decision whether he wants to add yet more code, yet more
possible problems, yet more maintenance overhead/nightmare for an
interim solution which isn't necessary, which cannot solve all the
problems, and which is not as scalable as other proposed methods.
I can only say that I would be trickly [sic] against it. It makes just no sense. Ulrich has a number of complaints about the eventfd approach:
The end result of this is that Ulrich opposes the merging of eventfd; he would rather see the effort go into making kevent (or a replacement with similar functionality) ready for the mainline. A kevent-like interface, he says, will eventually become necessary in any case:
I think we ultimately have to have something like kevent and then
all this *fd() work is unnecessary and just adds code to the kernel
which has to be kept around and which might hinder further work in
this area.
How this issue will be resolved is entirely unclear. There's not been a flood of developers lining up to support Ulrich's position - but they are not opposing him either. Nobody has dusted off the kevent patches for another round of discussion - yet. But one thing that does seem likely is that this whole discussion may delay the merging of eventfd past the 2.6.22 merge window. User-space interfaces are important and, once they are added to the kernel, they are almost impossible to remove. Waiting another development cycle seems like a small price to pay if it helps the developers to get this decision right. Update: the eventfd code was merged into the mainline on May 11.
The trouble with volatileYour editor's copy of The C Programming Language, Second Edition (copyright 1988, still known as "the new C book") has the following to say about the volatile keyword:
The purpose of volatile is to force an implementation to suppress
optimization that could otherwise occur. For example, for a
machine with memory-mapped input/output, a pointer to a device
register might be declared as a pointer to volatile, in
order to prevent the compiler from removing apparently redundant
references through the pointer.
C programmers have often taken volatile to mean that the variable could be changed outside of the current thread of execution; as a result, they are sometimes tempted to use it in kernel code when shared data structures are being used. Andrew Morton recently called out use of volatile in a submitted patch, saying:
The volatiles are a worry - volatile is said to be
basically-always-wrong in-kernel, although we've never managed to
document why, and i386 cheerfully uses it in readb() and friends.
In response, Randy Dunlap pulled together some email from Linus on the topic and suggested to your editor that he could maybe help "document why." Here is the result. The point that Linus often makes with regard to volatile is that its purpose is to suppress optimization, which is almost never what one really wants to do. In the kernel, one must protect accesses to data against race conditions, which is very much a different task. Like volatile, the kernel primitives which make concurrent access to data safe (spinlocks, mutexes, memory barriers, etc.) are designed to prevent unwanted optimization. If they are being used properly, there will be no need to use volatile as well. If volatile is still necessary, there is almost certainly a bug in the code somewhere. In properly-written kernel code, volatile can only serve to slow things down. Consider a typical block of kernel code:
spin_lock(&the_lock);
do_something_on(&shared_data);
do_something_else_with(&shared_data);
spin_unlock(&the_lock);
If all the code follows the locking rules, the value of shared_data cannot change unexpectedly while the_lock is held. Any other code which might want to play with that data will be waiting on the lock. The spinlock primitives act as memory barriers - they are explicitly written to do so - meaning that data accesses will not be optimized across them. So the compiler might think it knows what will be in shared_data, but the spin_lock() call will force it to forget anything it knows. There will be no optimization problems with accesses to that data. If shared_data were declared volatile, the locking would still be necessary. But the compiler would also be prevented from optimizing access to shared within the critical section, when we know that nobody else can be working with it. While the lock is held, shared_data is not volatile. This is why Linus says:
Also, more importantly, "volatile" is on the wrong _part_ of the
whole system. In C, it's "data" that is volatile, but that is
insane. Data isn't volatile - _accesses_ are volatile. So it may
make sense to say "make this particular _access_ be careful", but
not "make all accesses to this data use some random strategy".
When dealing with shared data, proper locking makes volatile unnecessary - and potentially harmful. The volatile storage class was originally meant for memory-mapped I/O registers. Within the kernel, register accesses, too, should be protected by locks, but one also does not want the compiler "optimizing" register accesses within a critical section. But, within the kernel, I/O memory accesses are always done through accessor functions; accessing I/O memory directly through pointers is frowned upon and does not work on all architectures. Those accessors are written to prevent unwanted optimization, so, once again, volatile is unnecessary. Another situation where one might be tempted to use volatile is when the processor is busy-waiting on the value of a variable. The right way to perform a busy wait is:
while (my_variable != what_i_want)
cpu_relax();
The cpu_relax() call can lower CPU power consumption or yield to a hyperthreaded twin processor; it also happens to serve as a memory barrier, so, once again, volatile is unnecessary. Of course, busy-waiting is generally an anti-social act to begin with. There are still a few rare situations where volatile makes sense in the kernel:
For most code, none of the above justifications for volatile apply. As a result, the use of volatile is likely to be seen as a bug and will bring additional scrutiny to the code. Developers who are tempted to use volatile should take a step back and think about what they are truly trying to accomplish. (Thanks to Randy Dunlap for getting things started and researching the issue, and to Satyam Sharma, and Johannes Stezenbach for comments on the first draft of this article).
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions How Debian packages a numberDebian developer Josselin Mouette recently posted an intent to package notification for a useful-seeming library package:
This package contains the "09F911029D74E35BD84156C5635688C0"
number. It is a very cool number, which, among other things, can be
used by a wide range of HD-DVD deciphering applications.
A small library is provided to access this number in applications. The get_09F911029D74E35BD84156C5635688C0 C function returns a pointer to a 16-byte structure containing this number. Now, it's hard to argue with centralizing access to useful resources, and one would think that the creation of such a package would be a simple task. The response from the Debian community makes it clear that even simple-seeming tasks can be difficult, though. For starters, what happens when upstream releases a new version of the number? It appears necessary to add a separate version number to the library name. Another helpful developer pointed out the need for a command-line utility to obtain the number from scripts and such. Then there's the matter of bindings for Ruby, Perl, Python, and Lua, each of which would need a separate package. Even that's not enough, though, since the number in question is seen to be architecture-independent, and thus requiring a package separate from the library which uses it. Others pointed out that, now that Java is free, a Java binding will be required as well. Then there's the matter of GUI tools for GNOME, KDE, and XFCE. As of this writing, the Debian developers were beginning to grapple with the need for a full set of translations and setting up a special internationalization mailing list for this package. All of this attention to detail and universal support demonstrates how Debian has become such a comprehensive, well-integrated distribution. Look for the upcoming "Lenny" release to have the best l33t h4x0r numb3r of any distributor out there.
New Releases 64 Studio 1.3.0 releasedRelease 1.3.0 "Let Me Take You to the Beach" of 64 Studio is out. "64 Studio is a GNU/Linux distribution tailor-made for digital content creation, including audio, video, graphics and publishing tools. A remix of Debian testing, it comes in both AMD64/Intel64 and 32-bit flavours, to run on nearly all PC hardware. Our latest development release (1.3.0) is the very first to be based on a stable release of Debian, the recent Etch release." The release also includes the final Beta of the recently released Ardour 2 digital audio workstation software.
EnGarde Secure Linux, Community EditionEnGarde Secure Linux, Community Edition has been released. "EnGarde is the only enterprise-class, Linux-based secure platform for managing a complete Internet presence featuring Web-based management flexibility and SELinux functionality." Download information, a feature list, and screen shots can be found on the EnGarde web page; note that registration and explicit mailing list opt-out are required to download the distribution.
Gentoo Linux 2007.0 releasedGentoo Linux 2007.0 ("Secret Sauce") has been announced. "This release includes a completely rewritten version of the Gentoo Linux Installer on the AMD64 and x86 LiveCD and LiveDVD images. It also includes GNOME 2.16.2, KDE 3.5.5, Xfce 4.4, Mozilla Firefox 2.0.0.3, OpenOffice.org 2.1.0, and the 2.6.19 Linux kernel." Download information is over here.
Gentoo debuts a new installerThe Gentoo Linux installer team has launched version 0.5 of GLI, which promises to change the way Gentoo systems are set up. "The major change is that the installer is now interactive, so instead of configuring everything and then letting the install go, it acts more like every other installer that has ever existed."
Slax Tools 070501Slax Tools has released v070501. Slax Tools are graphical applications that simplify the process of generating custom versions of the live distribution Slax.
Distribution News Fedora Core 5 end of life is 2007-06-29The Fedora Project has announced the end of support for Fedora Core 5 as of June 29, 2007. Fedora 7 is due to be released on May 24, 2007, so FC5 users may upgrade to FC6 or F7 for continued security and critical bug fix support.
Fedora 7 -- what, when, and whyFedora 7 is due to be released on May 24, 2007. Max Spevack takes a look how Fedora 7 is different from previous Fedora releases. "In one sentence: "Fedora 7 has been about improving the manner in which all future Fedora releases will be made.""
Seth Vidal and Toshio Kuratomi joining Red HatSeth Vidal and Toshio Kuratomi have accepted jobs at Red Hat. Both are well-established Fedora contributors who will now work for Fedora full time, with a Red Hat paycheck. Congratulations.
openSUSE survey results now onlineThe results of the openSUSE survey are available (PDF). "The survey was live for almost 3 months and more than 27,000 user participated. Thank you all for your participation. With your input we all are able to make openSUSE better and better." DesktopLinux also takes a look at the results.
openSUSE 10.3 RoadmapThe final openSUSE 10.3 roadmap has been posted. Planned features include a single-CD installation process, external repository integration, GNOME 2.20, a KDE4 preview, and more. The next alpha release is due on May 16, with the final 10.3 release happening on October 4.
Ubuntu Mobile and Embedded EditionThe Ubuntu Mobile and Embedded project has been announced. "We will start more detailed planning at the Ubuntu Developer Summit next week in Seville and the first release of this edition will be in October with Ubuntu 7.10. If you are interested in the project, please get involved. We will be working through our normal development processes on Launchpad, the developer mailing lists and IRC."
Distribution Newsletters Fedora Weekly News Issue 86Fedora Weekly News for May 5, 2007 looks at Fedora Core 5 End of Life, CD Bootloader Change, Status of the merge, Rawhide 20070502 Live Images, Fedora 7 Test 4 ISOs for IA64 Available, Announcing New Fedora-php-devel-list, highlights from Planet Fedora and much more.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for April 23, 2007 covers a thank you note from the GWN staff, Developer of the Week (jokey), and more.The Gentoo Weekly Newsletter for April 30, 2007 covers Ant 1.7.0 going stable, Apache 1.x being removed, Italian translation team seeking help and other topics.
Ubuntu Weekly News: Issue #39The Ubuntu Weekly Newsletter for May 5, 2007 covers the new Mobile and Embedded Initiative, Launchpad's new mentoring framework, and Lo``Cos involved in conferences and installfests, and several other topics.
DistroWatch Weekly, Issue 201The DistroWatch Weekly for May 7, 2007 is out. "The biggest news of the past week was the joint announcement by Dell and Canonical which promises to usher in a new era in the way we choose our systems in online computer stores - a brief analysis of the announcement and what it means for us follows. In other news, the Fedora project finally merges its two package repositories, Ian Murdock announces the end of Progeny, and NimbleX offers a never-seen-before web-based way of generating a custom Slackware-based live CD. Also in this issue: a featured article that presents two excellent resources for those who are interested in becoming more proficient in Linux and open source software. Finally, we are pleased to announce that the recipient of the April 2007 DistroWatch donation is the LyX project."
Distribution meetings Call for keys for keysigning in Edinburgh during DebConf7Here's some necessary information for people who wish to participate in DebConf7 keysignings in Edinburgh.
Newsletters and articles of interest Whats new in SELinux for Red Hat Enterprise Linux 5? (Red Hat Magazine)Red Hat Magazine is running an article about SELinux improvements in RHEL5. "In Red Hat Enterprise Linux 4, 15 services in system space had confined SELinux domains defined. In Red Hat Enterprise Linux 5, over 200 processes are confined by SELinux. The improved SELinux policy is much more precise in how it governs the operation of these services. Its far less likely that a Red Hat Enterprise Linux 5 system space process will be compromised or encounter an error caused by an SELinux policy not handling the specific requirements (e.g., file or directory access) of a service." In addition, the "setroubleshoot" tool looks like a big improvement.
What's what with openSUSE, ZENworks, YaST (Linux-Watch)Linux-Watch looks at package management in openSUSE 10.3 and for Novell's enterprise SUSE Linux operating systems. "SUSE Linux Enterprise 11 will also include the well-known graphical interfaces [YAST] for software management," concluded [Novell PR director Bruce] Lowry. The result will be that the current ZENworks components will be changed by Novell's engineers to work better in the commercial versions of Linux. In the meantime, openSUSE will continue its work with Zypper, openSUSE-updater, and YaST. Zypp will stay in both, as the core package update component."
Impi Linux 7.05 released (Tectonic)Tectonic covers the release of Impi Linux 7.05 and talks with Impi Linux MD, Gary Fortuin. "Tectonic: Can you give us an idea of some of the features and capabilities that make up this release of Impi? GF: It is based on Ubuntu 7.04, which is modern, user-friendly and "just works". Secondly it is focused on business. File and email encryption, desktop search, groupware-enabled email and directory (LDAP) authentication work out of the box. We have enhanced support for iPods as well as support for NTFS. It also has support for all 11 official languages. Thanks to Translate.org.za for this."
Comodo Releases Zero Touch Linux (Webhosting.info)Webhosting.info covers the release of Zero Touch Linux. "Comodo, a provider of Identity and Trust Assurance Management solutions, today announced the launch of Red Hat and CentOS-based versions of their back office server suite, Zero Touch Linux. According to the company an installation of ZTL brings in file server, print server, domain controller, dns, mail server, web mail, database server, web server, proxy server, DHCP server, content filtering server and a firewall. The package overcomes the difficulties of deploying a Linux infrastructure by reducing the setup of multiple server types to a one time installation and configuration."
The Perfect Desktop (HowtoForge)HowtoForge sets up a desktop computer with Ubuntu 7.04 - Feisty Fawn and Debian 4.0 - Etch. "In this tutorial I will show people who are willing to switch to Linux how they can set up a Linux desktop that fully replaces their Windows desktop, i.e. that has all software that people need to do the things they do on their Windows desktops."
Distribution reviews Digipup: A Linux live CD for amateur radio (Linux.com)Linux.com reviews Digipup, a derivation of the Puppy Linux live CD that is geared toward amateur radio applications. "Digipup contains three of Dave Freese's (W1HKJ) most popular free software offerings for amateur radio: Fldigi, which does a great job on digital sound card modes like PSK, RTTY, MFSK, and others; Fl_logbook, a small, fast, efficient logging program to record your contacts; and Geoid, which computes the bearing and distance between sites using either latitude and longitude or Maidenhead grid locators."
Mandriva 2007 Spring packs a punch (Linux.com)Linux.com reviews Mandriva 2007 Spring. "Mandriva recently released its first distro of the year, dubbed Mandriva Linux 2007 Spring. Like previous releases, Spring is available in five editions, two of which can be freely downloaded. I installed and worked with the $76 Powerpack edition, which includes support and several gigabytes of packages. Not only does Powerpack score over other multiple CD/DVD free-of-cost distros, it also makes competing non-free distros eat dust."
Lastest Xandros Linux server targets Windows admins (Linux-Watch)Linux-Watch looks at Xandros Server Standard Edition 2. "The latest Xandros server is meant for use by small and midsize businesses. In particular, the company is aiming it at Windows administrators who want to minimize down-time and cut support costs, according to the company. The new Xandros Linux server is compatible with existing Windows domain and networking topologies. It provides an alternative for Windows administrators looking to replace older versions of Windows server, and it offers the ability to remotely manage Linux servers even from a Windows desktop, through the all-graphical xMC (Xandros Management Console)."
Page editor: Rebecca Sobol Development DOSEMU reaches version 1.4.0The DOSEMU project allows MS-DOS applications to be run under Linux:
DOSEMU stands for DOS Emulation, and allows you to run DOS and many DOS programs, including many DPMI applications such as DOOM and Windows 3.1, under Linux.
DOSEMU runs under Linux, NetBSD and (possibly) FreeBSD according to the HOWTO document. DOSEMU only works on X86 compatible hardware. It is able to access the host system's graphics display, mouse, serial ports, parallel ports, game port, network port, removable drives, and sound card via a Sound Blaster 16 emulator. DOSEMU also includes DPMI (DOS Protected Mode Interface) support. In short, DOSEMU encapsulates a 1980s vintage DOS machine inside of a modern operating system running on modern hardware. DOSEMU can run an authentic version of Microsoft DOS, the commercial DR-DOS or an open-source DOS equivalent such as FreeDOS, which is packaged with DOSEMU:
FreeDOS is a free DOS-compatible operating system for IBM-PC compatible systems. FreeDOS is made of up many different, separate programs that act as "packages" to the overall FreeDOS Project.
DOSEMU has been around for a long time, it can be considered a mature project. Releases have been infrequent in recent years. This has changed with the announcement of version 1.4.0. The DOSEMU developers have apparently been very busy adding new capabilities to the software. A few highlights of this release include:
Just for fun, your author downloaded the new versions of DOSEMU and FreeDOS, dusted off some old floppies and tried out some old DOS applications. A few simple text-mode .exe applications were run without any trouble. Getting more adventurous, your author decided to try running the old Z80mu CP/M (8080 architecture) emulator under DOSEMU. The example screen shows one emulator running another, Z80mu was able to assemble an old macro assembly language file with no troubles. On a 3 Ghz Athlon 64 processor, the double emulation process ran quite a bit faster than it used to on a native 4 Mhz Z80 system. The test of the graphics and sound capabilities was not as successful, an early version of Leisure Suit Larry in the Land of the Lounge Lizards crashed DOSEMU with: ERROR: EMU86: error 103. No fun was to be had for Larry. The official DOSEMU screenshots page shows that it is possible to run more advanced graphical applications, but your author had no other titles handy for testing. If you have some old DOS applications that you just can't live without, DOSEMU can be a useful tool. An entire 1980s DOS system can easily be encapsulated and stored in a small part of a modern computer's disk system. Binaries and source code for DOSEMU and FreeDOS are available for download here.
System Applications Database Software PostgreSQL Weekly NewsThe May 6, 2007 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
Interoperability Test version of Samba clustering availableAndrew Tridgell has announced that the first test version of CTDB, a scalable clustered Samba implementation, is available. Those who would like to test the software, but don't happen to have a spare cluster sitting around, can still emulate a cluster using loopback interfaces. See the CTDB setup page or the slides from a recent talk [PDF] by Andrew for more information. (Thanks to Nick Piggin).
Web Site Development mnoGoSearch 3.3.3 releasedVersion 3.3.3 of mnoGoSearch, a web site search engine, is out with performance improvements and bug fixes. See the change log for release details.
Plone 3.0-beta2 is outVersion 3.0-beta2 of the Plone web content management system is out for testing. "I'm happy to be able to announce the Plone 3.0-beta2 release. This is the second beta release and hopefully the last beta release before we move to release candidate status."
Web Services Secure, Reliable Web Services with Apache (O'Reilly)Kyle Gabhart introduces WSO2 on O'Reilly's XML.com. "Open source computing has gained a tremendous degree of momentum in the last few years. Nowhere is this more evident than in the area of web services and Service-Oriented Architecture (SOA). The Apache Foundation alone has more than 20 SOA/WS projects. One of the common obstacles for large enterprises to adopt open source solutions for key systems is the lack of administrative infrastructure and standardized glue for pulling together complementary projects. Essentially, the lack of a true open source "platform" (along with professional consulting and training services) limits more extensive adoption of open source technology. One group that has successfully addressed this open source platform gap is the JBoss Group. Until recently, however, no such group existed to establish a platform around Apache SOA projects. Enter WSO2 (WS "Oh" 2)."
Desktop Applications Audio Applications eSpeak 1.24 releasedVersion 1.24 of eSpeak, a text to speech synthesis converter, is out with new Czech and Greek language support.
Business Applications ADempiere ERP 3.2 releasedVersion 3.2 of ADempiere, an Enterprise Resource and Planning application, is out. "ADempiere becomes first true open source production grade ERP With the release of ADempiere MayDay (ADempiere 3.2) today, ADempiere is now the first true open source ERP with production grade quality."
project-open 3.2 releasedVersion 3.2 of Project Open, a project management and collaboration application, is out. "The main feature of the new version is an integration with GanttProject, the no. #1 open-source project management application. Together, the two applications form an integrated open-source based application stack covering the complete project cycle for IT departments and IT companies from definition and planning to execution, tracking and invoicing."
Desktop Environments GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Games Taking Shape for KDE 4.0 (KDE.News)KDE.News covers the plans for KDE games in KDE version 4. "On May 1st, the KDE games developer community held its monthly IRC meeting. This time the major topic was discussing which games would stay in the kdegames module for KDE 4 and which ones would have to be removed because they don't meet our self-imposed quality standards. Read on for a discussion of this decision."
KDE Commit-Digest for 6th May 2007 (KDE.News)The May 6, 2007 edition of the KDE Commit-Digest has been announced. The content summary says: "Atlantik, KFouleggs, Klickety, KPoker, Kenolaba, KAsteroids, KSnake, KSokoban, KJumpingCube and KTron move to playground/games. KDE 3.90.1 (KDE Alpha 1) is tagged to be released. General improvements in KTorrent. Progress in the generic music store support in Amarok. KFTPGrabber begins the port to KDE 4. The phonon-solid-sprint branch is merged back into trunk. BluRay and HD-DVD support in Solid...."
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Xorg Software AnnouncementsThe following new Xorg software has been announced this week:
Encryption Software GnuPG 2.0.4 releasedStable version 2.0.4 of GnuPG is out with minor enhancements. "The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards."
Fonts and Images Linux Libertine 2.5.9 releasedVersion 2.5.9 of the Linux Libertine font family is out. "And we are proud to announce our first LaTex-package of the family. You'll find all information at our website http://linuxlibertine.sf.net."
Games Cyphesis 0.5.12 releasedVersion 0.5.12 of Cyphesis has been announced on the WorldForge game site. Some of the changes include: "The server now warns if the character needs food. The weather has been enhanced to provide more varied rain, and variable visibility. Dependency failures are now reported much more clearly. More tool types are now available for sale at the too merchant. Database functionality is now handled more dynamically, and the server will run when no database is available."
GUI Packages Qt Jambi Released Under GPL (KDE.News)KDE.News reports on the GPL release of Qt Jambi. "Yesterday Trolltech released the second beta of Qt Jambi, the Qt API for Java. With this release we also released the source code including the Generator under GPL, opening the option for making KDE libs accessible to Java. Though it does not work together with gcj, it does work together with the open source Harmony Virtual machine and runtime."
Mail Clients Claws Mail 2.9.2 releasedVersion 2.9.2 of Claws Mail has been announced, it features a new printer icon and lots of bug fixes.
Music Applications buzztard 0.2.0 releasedVersion 0.2.0 of buzztard has been released. "The buzztard team has release version 0.2 "sunrise" of its buzz-alike music composer. This version has lots of UI usability improvements, bug fixes, more instant apply settings and introduces some interactivity features (interaction controller and upnp playback controller)."
PHASEX 0.10.1 releasedVersion 0.10.1 of PHASEX, an experimental softsynth for Linux/ALSA/JACK systems, is out. "PHASEX-0.10.1 is a buildfix and bugfix release, highly recommended for anyone who currently has 0.10.0."
Video Applications Boxtream 0.996 is outVersion 0.996 of Boxtream is out, this release works with "Boxtream is both an audio and video encoder and streamer and an assembly of audio and video hardware, forming a mobile video streaming studio. It is designed to easily record and stream live presentations including a presenter and synchronized slides, or slides only, or presenter only, and was built to stream live courses over the Internet for distance learning students." This version now works with a single firewire device, eliminating the need for expensive video hardware.
DJV Imaging 0.6.1 beta announcedVersion 0.6.1 beta of DJV Imaging is available. The project description states: "Digital imaging software for movie playback, image processing, and monitor calibration."
Languages and Tools Caml Caml Weekly NewsThe May 8, 2007 edition of the Caml Weekly News is out with new Caml language articles.
Haskell Haskell Weekly NewsThe May 7, 2007 edition of the Haskell Weekly News is online. This week sees the release of Atom, a hardware description language embedded in Haskell, along with the usual suite of new libraries and tools. In addition, The Monad.Reader Issue 7 was released, and the Hackage upload festival continues unabated.
Java Sun makes Java SE development kit availableSun Microsystems has announced that the Java SE development kit has now been released under version 2 of the GPL. "This announcement represents one of the largest source code contributions to the free software community and the open source release of one of the industry's most significant and pervasive software platforms. Available immediately at the OpenJDK project on java.net (http://openjdk.java.net), is all the unencumbered source code for Sun's future implementation of Java SE 7, as well as binary plugs for the remaining few instances of encumbered code."
PHP PHP 5.2.2 and PHP 4.4.7 releasedVersions 5.2.2 and 4.4.7 of PHP have been announced. "These releases are major stability and security enhancements of the 5.x and 4.4.x branches, and all users are strongly encouraged to upgrade to it as soon as possible."
Python Python-URL! - weekly Python news and linksThe May 7, 2007 edition of the Python-URL! is online with a new collection of Python article links.
Tcl/Tk Tcl-URL! - weekly Tcl news and linksThe May 7, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.
UML Introduction to UML (IT Manager's Journal)Chad Files introduces UML in an IT Manager's Journal article. "When you're designing and developing new software systems, it is often hard to see how all the pieces are suppose to fit together. Unified Modeling Language (UML) is one tool that allow developers and architects to ease the process and create a big picture before committing to a particular technology. UML is simply a language, as its name suggests. It can be used, along with a working development methodology, to aid in designing and describing a software system."
Version Control monotone 0.35 releasedVersion 0.35 of monotone, a distributed version control system, is out. "The set of changes since last release is fairly small, but contains needed fixes."
Page editor: Forrest Cook Linux in the news Recommended Reading Linux and The Indianapolis 500 (LXer)Scott Ruecker looks at the Tux500 campaign. "The idea to have the Open Source community sponsor a car in the Indianapolis 500 put forth recently has more than just the Open Source Press taking notice. Here is my take on it. First a disclaimer: I am in not in any way, shape or form involved with the Tux500 campaign. I happen to know several of the people involved but other than that I have no connection to it whatsoever. With that said I am free to express any opinions I may have on the subject, which I plan on doing right now.."
Blizzard: OLPC and open sourceWorth a glance: Christopher Blizzard's posting on the OLPC project and Microsoft. "For once Microsoft is getting the reverse Linux laptop experience: little support and little documentation for the hardware. The result will be a platform that doesnt include any of the really novel features that were building in, bad power management, no systems management via the firmware and apps that will randomly crash because they cant fix the virtual memory problem in the same way were approaching it. A second class citizen, to be sure."
Companies Novell Linux desktop architect goes to Google (DesktopLinux)DesktopLinux reports that Robert Love has resigned as chief architect of Novell's Linux desktop efforts. "Before serving as Novell's Linux desktop architect, Love worked -- and still does -- as a Linux kernel and GNOME developer. He also worked with MontaVista, the well-known embedded Linux company. While working for MontaVista, Love spearheaded the project of improving Linux's real-time capabilities via a "preemptible kernel patch" that is now a standard feature in the mainstream kernel." Robert Love will be working at Google's Open Source Program Office.
Oracle, IBM, NEC to market Linux in Japan: Nikkei (KPLC-TV)KPLC-TV reports on a commercial consortium that plans to promote Linux in Japan. "Major information technology firms, including Oracle Corp. (ORCL.O), IBM Corp. (IBM.N) and NEC Corp. (6701.T), will set up a consortium to sell servers and systems running the Linux operating system in Japan, a financial daily said on Thursday. It would be the first time in the world that major IT firms join hands to market equipment running the free software, the Nikkei newspaper said."
What's a Linux Guy Doing at Sun? (eWeek)eWeek takes a look at what Ian Murdock is doing at Sun. "What's a Linux guy doing at Sun? That's the question Ian Murdock, chief open source platform strategist at Sun Microsystems Inc., posed in a session he chaired at Sun's CommunityOne Day on May 7 prior to the opening of the JavaOne conference. "Why am I here? 'What's a Linux guy doing at Sun? Have you changed sides?'" Murdock said people constantly ask him. "No, that's not how I look at it.""
Sysgo tops embedded Linux survey (Electronicstalk.com)Electronicstalk.com looks at the rise of Sysgo, a commercial embedded Linux supplier. "Sysgo has received top ranking among commercial Embedded Linux suppliers in the recently published LinuxDevices.com seventh annual Embedded Linux Market Survey. This survey also showed Linux continuing to grow as the dominant embedded OS for 32 and 64bit designs (approaching 50%), and that over 60% of developers surveyed look to commercial suppliers for support and service."
Interviews OpenBSD 4.1: Puffy Strikes Again (O'ReillyNet)O'ReillyNet has an interview with several OpenBSD developers. "OpenBSD 4.1 has just been released. Federico Biancuzzi interviewed several developers to discuss some of the new features for networking, active porting efforts (landisk and UltraSPARC III), work on SMP, and the improvements in spam fighting."
Daniel James interview (Linux Format)Linux Format has an interview with Daniel James. "Daniel James is the project directory of the audio distro 64 Studio. He set up 64 Studio Ltd to provide development services to hardware OEMs, and support to users in studios. James also runs a Linux-based recording studio near his home on the Isle of Wight."
Mozilla CEO speaks out on future of Firefox (APC)APC (Australian Personal Computer) has an interview with Mozilla CEO Mitchell Baker. "According to Mozilla Foundation CEO Mitchell Baker, Firefox is just at the beginning of its life cycle. In this one-on-one interview with APCMag.com, she talks about where Firefox came from and where it's going."
Interview with Simon Phipps (Linux Journal)Glyn Moody talks with Simon Phipps about the open-source roots of Sun and the GPL-ization of Java. "Before joining Sun in 2001, Simon Phipps spent ten years at IBM, where he was Chief Java and XML Evangelist. He first came across free software in the late 1980s, when he was selling freeware from home as a sideline while working at Unisys. Today, Phipps is Sun's Chief Open Source Officer, and he plays a key role as the company moves its entire software portfolio to open source."
Interview with Flavio Castelli, A Strigi Developer (KDE.News)KDE.News talks with Flavio Castelli. "We are here today to talk about the Strigi project - the indexing and search technology of KDE 4 - and to interview Flavio Castelli, a key developer of Strigi. Read on for the interview."
Interview with Tim Bray: Atom, JRuby, and the Ecumenical Sun (O'Reilly)O'Reilly's ONJava.com has an interview with Tim Bray. "If you've ever written a system to parse or generate XML, you owe something of a debt to Tim Bray, he co-authored the initial specification XML 1.0 published in 1998. And, nearly a decade after the introduction of XML, it is a concept familiar to all programmers and many non-programmers. Given this achievement, one might be content to rest on one's laurels, but in talking to Bray you get the sense that, while he might be best known for his contribution to XML, he is singularly focused on the development of the next generation of participatory technologies. Bray is focused on the Atom publishing protocol, contributing to open source, and helping to push Sun toward a more "ecumenical" approach to web development. Most importantly, you get the sense that Bray is trying to use technology to create an Internet that is more transparent and inclusive Internet."
Resources Real-time Java, Part 4: Real-time garbage collection (developerWorks)IBM developerWorks continues a series on real-time Java with a look at garbage collection. "RT applications must be able to respond to real-world stimuli within deterministic time intervals. A traditional GC can't meet this requirement because the application must halt for the GC to reclaim any unused memory. The time taken for reclamation is unbounded and subject to fluctuations. Furthermore, the time when the GC will interrupt the application is traditionally unpredictable. The time during which the application is halted is referred to as pause time because application progress is paused for the GC to reclaim free space. Low pause times are a requirement for RT applications because they usually represent the upper timing bound for application responsiveness."
Top 7 Things System Administrators Forget to Do (O'ReillyNet)Tom Adelstein presents seven tips for system administrators in an O'Reilly article. "Do system administrators really forget to do basic tasks because they're lazy or do the pressures of the job keep them from getting everything done? Tom Adelstein explores the top seven tasks system administrators forget to do."
Reviews Metasploit 3.0 doesn't pwn systems, black hats pwn systems (Linux.com)Linux.com reviews the Metasploit Framework v3.0. "Metasploit LLC released version 3.0 of the Metasploit Framework (MSF), the popular penetration testing project, late last month. Version 3.0 is a complete rewrite of the previous tools using primarily the Ruby programming language; versions 1 and 2 were written primarily in Perl. Also new are an experimental GUI, and perhaps the crowning jewel of the release, the db_autopwn module, which automates exploit discovery and execution."
Mono developers to bring Silverlight to Linux (Ars Technica)Ars Technica looks at the Mono Project's plans for a Silverlight browser plug-in. "Mono project lead developer Miguel de Icaza says that the Mono development community plans to have an experimental Linux-based Silverlight browser plug-in ready for testing by the end of the year. Silverlight, Microsoft's new .NET-based technology for rapid development of interactive rich media applications, is currently only supported on Windows and Mac OS X. The Mono developers intend to use the documentation published by Microsoft to create a plug-in that is compatible with Silverlight 1.1, which is currently still in early stages of development."
Miscellaneous Certification on the upswing again (Linux.com)Linux.com reports on the upswing in Linux certification. "After several years of decline, the demand for certification and training in GNU/Linux and other free software areas is stronger than ever. That's the general opinion of experts in the field, as they discuss where certification has been, current course offerings, customer services, and trends for the future. GNU/Linux certification emerged in the late 1990s as recognition of the operating system first became widespread. However, Jim Lacey, CEO of the Linux Professional Institute (LPI), notes that certification was "overmarketed and oversold," and its demand declined in the first years of the millennium."
Page editor: Forrest Cook Announcements Non-Commercial announcements EFF: 09 f9: A Legal PrimerThe EFF has published 09 f9: A legal primer on the counterproductive attempts to suppress the spread of an HD-DVD decryption key. "Is the key copyrightable? It doesn't matter. The AACS-LA takedown letter is not claiming that the key is copyrightable, but rather that it is (or is a component of) a circumvention technology. The DMCA does not require that a circumvention technology be, itself, copyrightable to enjoy protection."
Volunteer opportunity: OLPC NepalFor those who haven't made their plans for the summer yet: the One Laptop Per Child Nepal organization is looking for people to head over to the country and help get the project going. "Right now we have three full-time volunteer developers, all of them Nepali. We would love four (4) foreign volunteers to come work with us this summer in Kathmandu. We will pair each foreign volunteer with a Nepali intern. That should bring our content strike force to 11 people. That would really help us to advance OLPC in Nepal." When they say "volunteer" they mean it, though.
Commercial announcements Allmydata, Inc. releases open-source distributed storage gridAllmydata, Inc. has announced the first public release of their Tahoe secure, an open-source distributed storage grid system. "The source code that we are releasing is the current working prototype for Allmydata's next-generation product. This release is targeted at hackers who are willing to use a minimal, text-oriented web user interface."
Dell Joins Microsoft and Novell CollaborationMicrosoft Corp. and Novell Inc. have announced that Dell Inc. is the first major systems provider to join the business collaboration that was formed by Microsoft and Novell. As part of the agreement, Dell will purchase SUSE Linux* Enterprise Server certificates from Microsoft and establish a services and marketing program to migrate existing Linux users who are not Dell Linux customers to SUSE Linux Enterprise Server.
JasperSoft partners with SugarCRMJasperSoft Corporation has announced a partnership with SugarCRM. "JasperSoft Corporation, the market leader in open source business intelligence (BI), today announced Jasper4SugarCRM, a high- performance reporting and analysis BI solution optimized for use with the SugarCRM Sugar Suite. Jasper4SugarCRM delivers a set of standard prebuilt reports and dashboards, ad hoc query and report creation, OLAP analysis, a secure report management repository, report scheduling, report distribution, and integration interfaces for PHP, Web Services, Java, and C/C++."
Koobox.com celebrates 3 years selling pre-installed Linux PCsLinspire, Inc. has announced three years of selling Linux PCs on Koobox.com. "Linspire, Inc., developer of the Linspire commercial and developer of CNR, a one-click digital software delivery service for desktop Linux programs, along with Mirus Innovations Inc., a leading North America PC manufacturer that brings innovative digital lifestyle products to consumer and small business customers with a focus on high-value and low-cost, today celebrate the Three Year Anniversary of Koobox.com selling Linux-only pre-installed desktop PCs to the mainstream consumer marketplace. An authorized Linspire system builder, Mirus pre-installed desktop Linux systems have been sold through various other mass merchant online retail stores over the years including Sears.com, Kmart.com, and HomeDepot.com."
Public Meetings on Future of Mozilla Customer Support Announced (MozillaZine)MozillaZine looks at the topic of Mozilla customer support. "Starting next week, the Mozilla Corporation will be hosting twice-weekly meetings to discuss the future of customer support for Mozilla products. Several different support mediums will be discussed in the conferences, including knowledge bases, forums and real-time chat. The meetings, which are open to all, will be held on Tuesdays and Thursdays during the next three weeks. Notes will be published afterwards for those unable to make it."
Mozilla and eBay Launch Firefox Companion for eBay (MozillaZine)MozillaZine covers the launch of the Firefox Companion for eBay, at this point, no Linux versions appear to exist. "Mozilla Europe has announced the release of the first beta of the Firefox Companion for eBay in France, Germany and the United Kingdom. The add-on for Firefox 2 offers a range of features to make it easier for users to participate in eBay auctions while browsing the Web. The most visible feature of the Firefox Companion for eBay is the eBay Sidebar, which lets users monitor items that they are bidding on, selling or watching, with details updated in real time."
NETGEAR(R) to Acquire Infrant TechnologiesNETGEAR, Inc. has announced an agreement to acquire Infrant Technologies, Inc. "Founded in March 2001 and based in Fremont, California, Infrant is dedicated to bringing enterprise-level storage technology to small businesses and professional home users at affordable prices. Its ReadyNAS(TM) family of network attached storage (NAS) products implements redundant array of independent disks (RAID) data protection, enabling users to store and protect critical data easily, efficiently and intelligently. The ReadyNAS lineup is powered by Infrant's proprietary network storage processor, Linux-based RAIDiator(TM) operating system and patent-pending Expandable Protection (X- RAID(TM)) technology, which allows for automatic RAID volume expansion as additional drives are added."
Netscape Revives Navigator Brand for Netscape Navigator 9 (MozillaZine)MozillaZine reports on the revival of the Netscape Navigator brand name. "The official Netscape Blog has announced that the next Netscape browser release will be called Netscape Navigator 9, reviving the name used for Netscape's earliest browser releases at the height of its popularity. Though many users have always referred to both the company and its flagship product as Netscape, the browser was officially called Netscape Navigator for its first three releases."
Sun Java Real-Time System 2.0 announcedSun Microsystems, Inc. has announced the release of Sun Java Real-Time System 2.0 (Java RTS). "... a standards-based extension of the Java platform designed to help developers gain precise control over their Java software. This new release combines the power and scalability of the Solaris(TM) 10 Operating System (OS) with the flexibility of the Java platform to address a growing demand for predictable computing in industries such as aerospace, financial services and scientific research."
Sun Microsystems announces OpenID ProgramSun Microsystems, Inc. has announced a new OpenID Program. "Expanding its commitment to deliver secure web-scale identity management solutions, Sun Microsystems, Inc. today announced a new initiative around support for OpenID, a decentralized, web-friendly single sign-on mechanism that allows consumers to reuse a single login across different websites, tackling the "login explosion" problem. OpenID is currently limited to facilitating low-risk transactions such as blog comments."
Sun announces GlassFish Communications Application ServerSun Microsystems, Inc. has announced a new communications application server project. "Sun Microsystems, Inc., today announced a multi-faceted collaboration agreement with Ericsson to jointly develop an open source, Java(TM) technology-based communications application server as part of the GlassFish(TM) community. This open source contribution means Java software developers, Independent Software Vendors (ISV), System Integrators and individuals will have access to telecommunications technologies and resources to help accelerate the development of multimedia, VOIP, IM and next generation applications."
Sun Unleashes Java Technology InnovationsSun Microsystems, Inc. has announced a preview of their JavaFX Java technology-based products. "The first of these, JavaFX Mobile, is a complete mobile phone software system available via OEM license to carriers, content owners and consumer electronics manufacturers. JavaFX leverages the security and ubiquity of the Java platform and will support all content and applications currently available across the billions of Java technology-based devices in the world today. Sun today also previewed JavaFX Script, a new scripting language targeted at creative professionals, which will help to radically simplify the process of creating and distributing interactive content that spans all Java technology enabled platforms, from handsets to set tops, laptops to dashboards."
NetBeans IDE 6.0 preview release announcedSun Microsystems, Inc. has announced the release of version 6.0 (preview release) of the NetBeans IDE. "etBeans 6.0 IDE extends support beyond Java and C/C++ by providing a rich set of features for the Ruby and JavaScript dynamic scripting languages, and continues to enable developer productivity with ease-of-use and support for the latest Java Standards. Today we are also announcing further enhancements to the NetBeans GUI Builder which include full support for new desktop technologies, such as Beans Binding (JSR 295) and the Swing Application Framework (JSR 296)."
Unicon Systems announces Linux mobile development kitUnicon Systems has announced the availability of its Mobile Linux Development Kit. "MKitTM ($599) is the first and only unique mobile Linux development kit on the market. It gives professional developers and manufacturers the ability to create new handheld devices for industrial, security, educational and medical applications, as well as for various consumer electronics products. Unicon's patented, wireless, and mobile chip-on-film Linux computer is based on an ARM9 embedded CPU running full blown Linux 2.6 and attached to the back of a 3.5" touch screen. It is equipped with multiple connectivity options, including two 2.0 high-speed USB host ports and WiFi."
New Books The Myths of Innovation--New from O'ReillyO'Reilly has published the book The Myths of Innovation by Scott Berkun.
Programming Firefox - O'Reilly's Latest ReleaseO'Reilly has published the book Programming Firefox by Kenneth C. Feldt.
Resources Global summit of open source leaders releases free online reportThe Organizers of Open Source Think Tank 2007 have announced a new paper on trends in commercial open source software. "The report [PDF], available online at no charge from Think Tank organizers Olliance Group and DLA Piper looks at how the fast-moving commercial open source industry has dramatically impacted business models, licensing and intellectual property issues, and adoption and usage models for open source software. Think Tank 2007 was supported by JasperSoft, Microsoft, NEC, Novell, OpenLogic, SugarCRM and Unisys. The summit was hosted by the Olliance Group, a leading open source management consulting firm, and DLA Piper, a global law firm with 3,200 lawyers in 24 countries and a leading advisor to the open source industry."
Contests and Awards Novell Technical Support wins praiseNovell, Inc. has announced the winning of awards by its technical support program. "Novell technical support has recently been recognized by both customers and leading industry groups for its quality, scope, and timeliness. The Association of Support Professionals has just named Novell as a "Best Web Support" winner for 2007, while the Help Desk Institute has honored Novell with its "Team Excellence Award for External Support." In addition, an independent customer study indicates that Novell support for Linux bests Red Hat and Oracle in overall quality, timeliness, and addressing the needs of mixed-source IT environments."
Calls for Presentations Netfilter Workshop 2007 in Karlsruhe, GermanyThe Netfilter Workshop 2007 will take place in Karlsruhe, Germany on September 11-14, 2007. "The attendance is free but requires an invitation. You may consider attending if you are involved in any aspect of the Netfilter development. Please, send us an email to coreteam@netfilter.org before July 7th, 2007 (strict deadline). We have a very limited number of invitations!" A call for papers has also gone out for the event, submissions are due by July 7.
Upcoming Events LinuxConf Europe 2007LinuxConf Europe is a new development-oriented conference put together as a joint effort by the folks who did the UKUUG and Linux-Kongress events. It will be happening September 2 to 4 in Cambridge, UK, immediately prior to the kernel summit. The call for papers is out now, with proposals due by May 20.
The O'Reilly Tools of Change for Publishing ConferenceThe O'Reilly Tools of Change for Publishing Conference will be held in San Jose, California on June 18-20, 2007. "Among the keynotes are presentations from John Ingram, vice chairman of Ingram Industries, Jimmy Wales, founder of Wikipedia; Chris Anderson, editor-in-chief of Wired magazine; Brian Murray, group publisher of HarperCollins Publishers; Erin McKean, editor-in-chief of United States Dictionaries for Oxford University Press; Bruce Chizen, CEO of Adobe Systems, Manolis Kelaidis, Designer, Royal College of Art, and Tim O'Reilly, CEO and founder of O'Reilly Media."
Linux Installfest workshop in Davis, CAThe next Linux Users' Group of Davis Linux Installfest workshop will take place in Davis, California on Saturday, May 19.
Events: May 17, 2007 to July 16, 2007The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it. Web sites Mozilla Japan's Foxkeh Mascot launches English website (MozillaZine)MozillaZine notes the launch of the new Foxkeh web site. "Mozilla Foundation international affiliate Mozilla Japan has launched an English language website for Foxkeh, its cartoon mascot for promoting Mozilla Firefox. The site has English translations of some of the content already available on Foxkeh's Japanese website, including introductory Firefox videos, monthly calendar desktop wallpapers and an amazingly detailed flowchart illustrating the history of Firefox."
quality.mozilla.org launches (MozillaZine)MozillaZine has announced the launch of the alpha version of the quality.mozilla.org site. "The Mozilla Quality weblog has announced that an initial version of the quality.mozilla.org site has launched. Described as "pre-alpha", the quality.mozilla.org site (QMO for short) is intended to become a central portal for the Mozilla quality assurance community."
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||