LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for May 17, 2007On Microsoft's patent claimsBy now, most LWN readers will have seen this Fortune article in which a Microsoft representative makes the claim that Linux distributions violate 235 of its patents. This article has caused a fair amount of concern in the community, with some people seeing it as the beginning of some sort of Final Battle between Microsoft and free software. That might even be the case, but the true nature of the situation is far from clear. Here's a few thoughts on Microsoft's claims.To begin, these claims are not exactly new. Consider what the BBC was reporting in November, 2004:
Reuters said chief executive Steve Ballmer told Asian leaders Linux
violated at least 228 patents. The Linux community disputes these
claims. Mr Ballmer said countries using Linux which entered the
World Trade Organisation would be at risk.
So this is not the first time we have heard this sort of charge from Microsoft; perhaps the only real difference is that we have somehow managed to find another seven patents to infringe upon in the last 2-1/2 years. The possibility exists that we may not hear any more about this "violation" for another two years or so - but one shouldn't necessarily count on that. As companies go, Microsoft is relatively uninclined to pursue patent infringement suits. There was an interesting quote from the Open Source Think Tank report (covered here last week):
Sam [Ramji] defended Microsoft from the accusation that its deal with
Novell will lead to Microsoft suing other Linux distributors for
patent infringement. Sam described Microsoft's patent portfolio as
primarily defensive--at any given moment, Microsoft is the
defendant in 25-35 patent lawsuits, and that Microsoft has
offensively sued another party for patent infringement only twice
in its history.
Microsoft has, indeed, spent more time being the victim of patent trolls than a patent aggressor itself - and it has lost vast amounts of money to patent judgments in the process. This company has little to gain by heating up the patent litigation scene even more. That said, one should see the remainder of the quote above:
Sam emphasized that Microsoft has robust patent licensing programs,
and would much rather license its patents than sue.
Even if we believe that Microsoft will take a relatively enlightened approach as a result of its time at the defendant's table, we should not lose track of an important fact: companies whose core business goes away have a disturbing tendency to turn to their "intellectual property" portfolios as a way to keep the revenue flowing. Should Microsoft someday decide that Linux world domination really is inevitable, it could react in any of a number of unpleasant ways. The SCO Group's attack on Linux holds a number of lessons which can be applied to any future Microsoft attack - but those lessons only go so far. There is no doubt that interesting things will happen if you anger our community, especially if you attempt to lay claim to our work. There would be a massive outcry, publicity campaigns, boycotts, and an extended effort to invalidate as many of the patents as possible. Microsoft clearly fears the capabilities of the wider community; the Fortune article notes that Microsoft is not disclosing its specific patents "lest FOSS advocates start filing challenges to them." But invalidating even a single patent is hard; invalidating 235 would certainly tax even the capabilities of our extended community. On the other hand, Microsoft would have to name specific patents in any legal action, and, presumably, it would not base a suit on all 235 patents. There is also the unknown effect of the recent U.S. Supreme Court ruling in KSR International v. Teleflex; this ruling has raised the bar on the amount of innovation a patent must contain. Some have speculated that this ruling could lead to the end of software patents altogether. That seems like wishful thinking, but it should help those who seek to invalidate many of the software patents currently on the books. In the SCO case, a weak and incompetent company took on the strongest target it could find, and that target chose to stand its ground. There are no guarantees that things would go the same way this time around. Microsoft is strong financially and has a large, seasoned legal operation. It may well choose to attack smaller companies which cannot afford to put up an extended fight. In theory, a patent attack against Linux should evoke a strong response from the companies working with Linux, many of which hold considerable patent portfolios of their own. In practice, we will never know who would jump into that fight until they make their move. In particular, a defense which challenges the validity of software patents in general could be seen by a number of potential allies as being against their interests. We should, at least, be able to count on the intervention of the Open Invention Network, which was formed for just this purpose. If OIN's patents are as strong as some believe, the resulting fireworks should be worth watching - from a safe distance. There are a few other interesting things to keep in mind. Software patents are a U.S. problem, primarily; a successful patent attack against Linux could have the effect of driving its developers and users out of the country. Linux is now sufficiently firmly entrenched that attacking its users or developers could cause extended chaos - it might even upset more people than threatening to shut down the Blackberry network. That, in turn, could inspire more thought on the true costs and benefits of the current patent regime in the U.S. Some people believe that, by selling Novell's coupons, Microsoft has become a Linux distributor and is now subject to the terms of the GPL. Any serious attempt by Microsoft to bring down Linux would bring renewed attention from the world's anti-trust authorities. Clearly, there are quite a few unknowns here. What it all comes down to is that, sooner or later, this may well be a battle we cannot avoid fighting. Once it hits, there is no telling where things will go. About the only guarantee is that it is certain to be interesting.
The sincerest form of flatterySun Microsystems has made a big show of its open source Solaris release and its attempts to build a working development community around that system. So a number of members of the OpenSolaris community were rather surprised when the press started running articles stating that Sun had decided to embark upon a project to make Solaris look more like Linux. This community was of the opinion that, if it was expected to endorse and participate in "Project Indiana," it might have been nice to know before Sun employees started talking to the media about it.The person behind this effort, of course, is Ian Murdock, formerly of the Linux community. His position now can be understood from this interview:
When people say they want Linux, they don't actually mean they want
Linux. What they want is the Linux userland user environment and
the Linux business model. They want choice. They want the Linux
distribution and I'm the Linux distribution guy.
Project Indiana, it seems, is Sun's attempt to win over all of those people who only think they want Linux, but who really want a version of Solaris that looks likes Linux. Many of the goals of this project, as far as they can be determined at this early stage, would seem to make sense. Better package management, for example. More device drivers. Easier installation. A more Linux-like user space with our (relatively) bleeding-edge 1990's shell. And, says Ian, a switch to timed release cycles:
The big feature from my point of view though is the 6 mo. timed
release cycle. Timed release cycles have done wonders to introduce
predictability into other open source projects (e.g., Gnome,
Ubuntu). And 6 mos. is the clear winner in terms of frequency among
Linux community/developer distros--it's just enough time to do
interesting work AND have a reasonably long hardening period so the
thing is stable.
Ubuntu comes up frequently in the discussion; it's clear that some people at Sun see Ubuntu as a model worth emulating. For those of us who have been working with free software for a while, there is a certain irony in this whole plan. A Linux-like Solaris is not a particularly new concept; for many years, that's how much of the community experienced free software. Before there was a Linux system in a reasonably usable state, the best system to have on one's desk usually came from Sun. As soon as it came in the door, however, it would be loaded up with crucial packages like the X Window System, gcc, netrek, emacs, and so on. Many years ago, we all had systems which, in some ways, looked like what Project Indiana is trying to build now. Those systems did not keep an awful lot of us from jumping to Linux, though, and their cost was only part of the reason for switching. We switched to Linux because it was free, alive, fun, and clearly going places. There was always something new and interesting happening, especially in those days when running development kernels on production systems was a necessary part of making things work. All these years later, there is still always something new and interesting, and, often, it even comes nicely packaged on a regular schedule. Not many of us are looking back to the systems we used to run. So it is no surprise that the folks at Sun are putting such a big emphasis on trying to duplicate the things that Linux does right. A similar user space, timely releases, easy upgrades, and, especially, the creation of a vibrant community around Solaris. The thinking seems to be that, if they make a system which looks like Linux but which contains their kernel (which they feel to be superior - a view which is not universally shared in the Linux community), the world will flock to their door. There have been no real (public) decisions on how this project will proceed; the process for creating an official OpenSolaris project has not yet begun. There has been some initial discussion where it has been suggested that the project start by adopting the work of either BeleniX or Nexenta. This idea drew an immediate complaint from our old friend Jörg Schilling, creator of SchilliX, but it appears that the OpenSolaris community listens to Jörg about as much as the Linux community does. Regardless, it will take some time before the real shape of Project Indiana emerges. It will take even more time before we see if this project has any real impact. Certainly it should make life easier for Solaris users. But "a better Linux than Linux" is not a particularly compelling sales message. It might just turn out that people who say they want Linux actually want Linux, not another system dressed up in similar clothes. Imitation may be the sincerest form of flattery, but it is usually a poor way to regain one's past prominence.
ATI starts to come around?A fair number of LWN readers have wondered: why hasn't LWN posted anything about the statements by ATI at the Red Hat Summit to the effect that it would be changing its relationship with the open source community? Certainly this is a relationship which could use some reworking; ATI has been one of the most stubborn vendors in its refusal to release free drivers or the programming information needed to let us create those drivers ourselves. As a result, free support for ATI's older hardware has required reverse engineering efforts - and the current chipsets have no free support at all. So, one would think, a statement from ATI that it plans to change its approach would be a welcome change.As it happens, the developers in charge of making graphics work on Linux systems are pretty much unanimous in their lack of enthusiasm. This is not the first time that ATI has made promising sounds, but, so far, the corresponding actions have not been forthcoming. Graphics hacker Dave Airlie is particularly unimpressed, noting that ATI has not yet bothered to communicate its intentions to the developers:
As for working with the community I'd expect they'd at least try
talking to the ppl who maintain the ATI open source driver if they
intend on doing something with it...
Dave is particularly annoyed because he has been sitting on the code which implements 2D support for the R500 chipset for many months while waiting for ATI to give him permission to distribute it. There is no ATI code in this driver; Dave is asking permission because he signed a non-disclosure agreement with the company. So far, that permission has not been granted. Until that changes, it's hard to believe that ATI is interested in free support for its hardware. There is one thing which has changed: ATI is now part of AMD. Historically, AMD has been much more friendly toward the free software community. It could well be that this approach is now filtering down through ATI and could result in some real changes. But we should not celebrate too much until ATI follows its words with some concrete actions.
Waiting for Emacs 22 (and looking forward to Emacs 23)The much-delayed Emacs 22 release has been covered here a couple of times recently. Since the last article, it would appear that the Emacs process has hit its lowest point, and things should be getting better from here. In the long term, though, the Emacs developers may have to take a hard look at their release management process if they want to keep the project healthy.The low point was probably sometime around when Richard Stallman got tired of people asking when a release might happen:
I have been insulted and abused many times here lately. I did not
respond to most of these insults, but I did take offense.
A number of developers responded that they had no intent to insult or abuse, but that they do have real concerns about how the process works. A couple of examples:
The current feature freeze has now lasted for more than 3 years,
during which Emacs _development_ has practically been at a
stand-still, so it is no wonder your team of _loyal_ developers is
getting frustrated and starts to question your principles, and may
start looking for other (more productive) projects to work on.
(Kim Storm).
I learned a bit of lisp, applied some basic color scaling theory,
and produced a patch which added great new functionality.... That
was Summer, 2001. Six years later, and the fruits of my early toil
still aren't available in any released version of Emacs. So, while
I continue to maintain a personally relevant programming mode, and
contribute bug fixes where they impact that mode, I have not taken
on any other "feature improvements" to Emacs. To me, the value
equation just doesn't compute.
(JD Smith). Clearly, the extended Emacs development cycle is proving frustrating for developers. The situation with the Linux kernel was once similar; changes merged at the beginning of a development cycle could take years to make it to a stable release. In that case, distributors responded by backporting changes into older releases, but that doesn't happen with Emacs. The good news is that the biggest blocker - some questions about whether the Python mode code could be distributed by the FSF - appears to have resolved itself in the best possible way: the code has been cleared. Inevitably, there's another bug or two in need of squashing before the release can happen, but the remaining wait should be relatively short. Hopefully. Some of the Emacs developers are already looking forward to the Emacs 23 development cycle. One of the first things that may go in is multi-tty support, which allows a single emacs instance to drive multiple terminals or X connections. This code apparently still does not work on all architectures, though, meaning it needs some work before it is truly ready. The other big change is a complete rework of character set handling; only Emacs would come with a news item reading "The Emacs character set is now a superset of Unicode. (It has about four times the code space, which should be plenty)." There's a lot of other work waiting to be merged, but getting the unicode-2 branch and multi-tty working together looks like it should be enough to keep the developers busy for a little while. Happily, they are starting to think about this sort of challenge rather than wondering if their previous work will ever be released.
The Open Source Business ConferenceThe Open Source Business Conference is happening on May 22 and 23. For the first time, LWN will be present at this event. Look next week for coverage on what's happening on the business side of Linux.Beyond that, your editor somehow got talked into sitting on a panel dedicated to the question "is the Novell-Microsoft deal good for open source?". Given recent events, one might expect interest in this topic to be high. It should be a memorable experience; your editor can only hope that there is a pub within quick walking distance of the venue for the post-event recovery process.
Security Critical Vulnerabilities in SambaThe three vulnerabilities in Samba reported this week should have network administrators scrambling to patch vulnerable servers. Most distributors have already done their scrambling to pick up and apply the fixes so they could release updated samba packages. Each of the vulnerabilities could lead to root privileges; two of them are remotely exploitable - just the kinds of security holes that give administrators nightmares. No exploits have yet been reported, but it is probably only a matter of time; unless they run a completely trusted environment, Samba users need to patch these holes. The Samba project provides a free implementation of the SMB/CIFS protocols that allow file and print sharing on Windows networks. With Samba, Linux (and other free operating systems) can participate as either a client or server in a mixed OS environment. As Microsoft is not known for its ability (or, perhaps more accurately, willingness) to play well with others, the Samba team has reverse engineered the protocols and the way they are used by Windows so that Samba can bridge that gap. Somewhat surprisingly, the project was not singled out in the latest patent saber rattling by Microsoft; it is probably just an oversight as Samba is precisely the kind of package that Microsoft would want to spread patent FUD about. The vulnerabilities themselves are fairly straightforward bugs, but it is instructive to look at them; understanding security holes helps avoid them in future code. The first is the shortest lived of the three, only affecting versions 3.0.23d through 3.0.25pre2, whereas the other two affected all versions from 3.0.0. An attempt to simplify the handling of transitions to and from root privileges in the smbd server process is the cause. When looking up System Identifiers (SIDs) in a local list of users and groups, it may transition to rather than from the root user allowing a local attacker to perform some operations as root. The second reported vulnerability appears to be the most serious as it is remotely exploitable without requiring authentication with the Samba server. By sending specifically crafted packets to the server, an attacker could cause the heap to be overwritten, leading to execution of code provided by the attacker. The underlying cause, as shown by this patch, is not checking for NULL as the return value from a memory allocation routine. The final report concerns unsanitized user input that is passed to /bin/sh to be executed. By using shell metacharacters in the data sent, an attacker could execute code on the server. If the 'username map script' option has been enabled in smb.conf (it is off by default), the remote attacker need not be authenticated with the server to execute the code. In the standard install, a remote user would be required to authenticate to gain access to the file and print sharing management features before being able to exploit this vulnerability. With the exception of the SID lookup botch, these kinds of bugs are not new and not specific to Samba. Some variant of the user input filtering problem is the root cause of the majority of web-based security problems and forgetting to check for NULL in allocations is as old as the C language itself. It is probably a bit embarrassing to the team, but it is not surprising that these kinds of problems creep in. Programming securely is difficult and there are a lot of ways to go wrong. Based on the timelines, the Samba team responded promptly in getting fixes out and made sure the word got out. This is the right response in the face of these inevitable bugs.
New vulnerabilities bind: denial of service
samba: several vulnerabilities
squirrelmail: missing input sanitizing
Updated vulnerabilities acroread: multiple vulnerabilities
aircrack-ng: remote execution of arbitrary code
apache: cross-site scripting
Asterisk: two SIP denial of service vulnerabilities
bluez-utils: hidd vulnerability
bugzilla: multiple vulnerabilities
clamav: several vulnerabilities
cpio: arbitrary code execution
vixie-cron: privilege escalation
cscope: buffer overflows
cscope: buffer overflows
cups: denial of service
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
dovecot: directory traversal
elinks: code execution
elinks: arbitrary file access
evolution: format string error
pop mail man-in-the-middle attacks
fail2ban: denial of service
ffmpeg: buffer overflows
file: denial of service
file: arbitrary code execution
firefox: FTP PASV port-scanning
freeradius: memory leak
freetype: integer overflows
gcc: file overwrite vulnerability
gd: buffer overflow
gdb: buffer overflow
gedit: format string vulnerability
gimp: arbitrary code execution
gimp: symlink issue
grip: buffer overflow
gzip: multiple vulnerabilities
horde-kronolith: local file inclusion
ImageMagick: integer overflows
imlib2: arbitrary code execution
ipsec-tools: denial of service
java: multiple vulnerabilities
kdelibs: kate backup file permission leak
kdelibs: cross-site scripting
kernel: denial of service
kernel: denial of service
kernel: multiple vulnerabilities
kernel: denial of service
kernel: denial of service
kernel: denial of service
kernel: denial of service by memory consumption
kernel: denial of service
kernel: denial of service
kernel: denial of service
kernel: multiple vulnerabilities
krb5: uninitialized pointers
krb5: local privilege escalation
krb5: multiple vulnerabilities
ktorrent: incorrect validation
ldap-account-manager: privilege escalation, possible cross-site scripting
lftp: shell command execution
libgadu: memory alignment bug
libgtop2: buffer overflow
libmodplug: boundary errors
libpng: buffer overflow
libpng: heap based buffer overflow
libtiff: buffer overflow
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
lighttpd: denial of service
lookup-el: insecure temporary file
lynx: arbitrary command execution
mod_jk: stack overflow
mod_perl: denial of service
moin: arbitrary JavaScript execution
mplayer: buffer overflow
mysql: denial of service
mysql: format string bug
MySQL: privilege violations
MySQL: logging bypass
nbd: arbitrary code execution
ncompress: buffer underflow
openldap: security bypass
OpenSSH: denial of service
openssh: remote denial of service
php: multiple vulnerabilities
php: several vulnerabilities
php: buffer overflows
php: several vulnerabilities
phpbb2: missing input sanitizing
phpbb2: multiple vulnerabilities
postgresql: SQL injection
postgresql: privilege escalation
pptpd: denial of service
python: information disclosure
qemu: multiple vulnerabilities
qt: "/../" injection
quagga: denial of service
quake: buffer overflow
rpm: arbitrary code execution
Mozilla: multiple vulnerabilities
shadow-utils: mailbox creation vulnerability
slocate: information disclosure
snort: remote arbitrary code execution
tcpdump: denial of service
tetex: buffer overflow
tomcat: directory traversal
util-linux: access restriction bypass
vim: arbitrary shell code execution
vixie-cron: weak permissions may cause errors
wordpress: another pile of vulnerabilities
XFree86 X.org: integer overflows
xine: format string vulnerabilities
xine-lib: arbitrary code execution
xine-lib: buffer overflow
xine-lib: buffer overflow
xinit: race condition
xmms: BMP handling vulnerability
xscreensaver: password check bypass
zziplib: buffer overflow
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch is 2.6.22-rc1, released by Linus on May 12. Features added to 2.6.22 since last week's Kernel Page include the eventfd system calls, a new IEEE 1394 ("Firewire") stack "designed for robustness and simplicity," drivers for KingSun DS-620 USB-IrDA dongles, Native Instruments USB audio devices, and WM8753 audio codecs (as found in the OpenMoko phone), a large set of fixes to the "libertas" wireless driver, and support for a number of new ARM processors. See the short-form changelog for the details, or the log-format log for vast amounts of detail.As of this writing, about 100 changesets (almost all fixes) have been added to the mainline repository since 2.6.22-rc1. The current -mm tree is 2.6.22-rc1-mm1. Recent changes to -mm include a number of filesystem writeback fixes, a CRC7 implementation, an improved version of the swap prefetch code, and an early startup development tree for the i386 architecture.
Kernel development news Quote of the week
It's quite amazing really at the same time as people are posting
crypto keys everywhere in defiance of USSA law, we've got free
software people trying to remove references to a piece of out of
tree software, and one that is free software.
-- Alan Cox
2.6 and the user-space ABIThe 2.6.22-rc1 kernel is out, and the reports of regressions are beginning to trickle in. A couple of those involve user-space binary interface changes: one in the video4linux2 interface and one in the i2c code (which affects hardware monitoring utilities). The V4L2 regression involves a change made to a structure passed to and from user space; chances are good that it will be reverted before the final 2.6.22 kernel comes out. For the time being, the i2c problem is "fixed" by upgrading to version 2.10.3 of the lm_sensors package.Linus isn't happy about the forced lm_sensors upgrade; he has asked for a way to avoid that requirement. In response, i2c maintainer Jean Delvare raised some misgivings about the stable ABI policy:
While I'm all for keeping things relatively stable and not asking
the user to constantly upgrade user-space, I believe that we just
can't promise to never break user-level interfaces while keeping
the development pace we have right now. We can promise to grant
people significant delay before we drop compatibility options, but
"forever" doesn't scale.
Those comments notwithstanding, Linux has managed to maintain user-space ABI compatibility quite nicely for many years. There are certainly exceptions, but they are few enough and far enough between that each one stands out. But, as Christoph Hellwig points out, the situation is not perfect:
Except for very rare case (modules support comes to mine) syscall
compatibility works perfectly. But that's because syscalls are a
very visible ABI and people don't break them by accident. They
also don't decide they have a cool new scheme all syscalls need to
follow now.
Now compare that to sysfs.. The user-space ABI now goes well beyond system calls. The huge sysfs interface (4800 files on your editor's desktop) is a big piece of user space's view of the system, and it is a piece which is difficult to avoid breaking. Directories in sysfs correspond directly to data structures within the kernel; changes to those structures will often have consequences in sysfs. So kernel developers may think that they are operating far away from the user-space interface, but end up breaking it anyway. Netlink, /proc, and ioctl() also make up part of the ABI, and they, too, can be easy to break. The V4L2 regression is the result of an attempt to extend one ioctl() call breaking others. The new development model can also make it harder to maintain compatibility. Four or five major releases per year, each with a full load of new major features, adds up to a lot of code changes. There is also no clear point where whatever changes do prove to be unavoidable can be made without surprising users. If the kernel developers were to disappear for a year or two and return with a 3.0 release, nobody would be surprised if it required a small amount of adaptation on the user-space side. But a 2.6.22 release - which contains needed fixes and new drivers along with new features - is not expected to break working systems. Arguments for returning to the older development model are hard to find, though. Despite occasional glitches, things are generally working far better than they did before 2.6 came out. The pace of development is unlikely to slow. So the problem of occasional ABI regressions is likely to remain with us. As is often the case, the best way to avoid such problems - after a high degree of attention by the developers - is extensive testing. User-space ABI changes caught during the development cycle will almost certainly not survive into the final release, but it is hard to fix problems that nobody knows about. As is also often the case, automating this testing is hard; nobody can put together all of the hardware and software combinations that the kernel will face. So the worthy cause of maintaining a stable user-space interface is likely to require a fair amount of human attention for the foreseeable future.
LogFSRotating magnetic storage technology has served us well for a long time. It offers high capacities (for an ever-increasing value of "high"), relatively fast and relatively uniform access times, and relatively good reliability. It is generally accepted that rotating disks will be part of our systems for some time yet. For smaller sizes, however, disks are increasingly being pushed aside by solid state flash memory - and "smaller" is an ever-increasing value as well. Flash is more compact, requires less power, and offers truly random access, so it's not surprising to see it being deployed in more situations.Flash is not without its drawbacks. Its relatively high cost limits its applications and it brings its own set of quirks which must be understood and addressed by filesystem developers. Even so, some special-purpose laptops rely on flash for their persistent storage needs now, and there are rumors of more flash-based systems in the near future. The most significant of the "quirks" mentioned above are:
These hardware features have some interesting implications. What, for example, happens when the operating system decides to rewrite a single block within a larger flash erase block? A naive implementation would read the entire erase block, perform the erase operation, then write the data back with the new portion included. Should the system go down in the middle of this operation, however, all of the data within the erase block may be lost forever. If the operating system ignores the block lifetime issues, it is likely to cycle some erase blocks much more frequently than others, significantly shortening the overall life of the device. When one is dealing with a low-duty-cycle device, such as a USB thumb drive, it's possible to get away with ignoring the limitations that flash has. When a flash drive is the primary storage device, though, a smarter approach is called for. Being smarter is usually a matter of using a filesystem which was explicitly designed to work well with flash hardware. These filesystems can dispense with the great care that other filesystems must take in how blocks are laid out - there are no seek time or rotational latency issues with flash drives. On the other hand, flash-aware filesystems must be written with erase cycles in mind; they must not risk losing data during these cycles and they should endeavor to spread these cycles across the drive to maximize its lifetime. The end result is that filesystems designed for flash devices take the log-structured approach. The device is treated like a sort of circular buffer, with new data always being written to the end. This approach makes for fast write operations, but the read side can be a more complex story. One approach taken is to attach some metadata to each erase block describing which file that block belongs to and its version number. When an erase block is to be rewritten, a new copy is made at the end with a higher version number; reading the file is simply a matter of finding the erase block with the highest version number. Finding that block requires scanning the disk - something which, most likely, one does not want to do for every read operation. The in-kernel JFFS2 filesystem solves this problem by performing a scan when the filesystem is mounted. It builds an in-memory data structure which speeds subsequent accesses considerably. There is a cost, though: the initial scan can make mounting slow, and the in-memory tree can take a considerable amount of space. Given that flash filesystems are often used on small, embedded systems - where both boot time and memory are at a premium - these costs are significant. Jörn Engel thinks he has a better way in the form of the LogFS filesystem, currently proposed for inclusion into the mainline. The core idea behind LogFS is that, rather than building the filesystem tree at mount time, the filesystem code should store the tree on the device itself, much like traditional filesystems do. Putting the tree on the flash device reduces mount times (Jörn says that an OLPC system goes from 3.3 seconds under JFFS2 to 60ms under LogFS) and should reduce the runtime memory requirements considerably. The on-flash tree looks much like the structure used by ext2. There are some differences in how it is managed, however. The log structure of the filesystem implies that blocks cannot be rewritten in place; any time a block is changed it must be moved and written to a new location. If there are pointers to the moved block (think about the usual indirect blocks used to store the layout of larger files), the blocks containing the pointers must also be changed, and thus moved. That, in turn, will require changes at the next level up in the tree. Thus changes at the bottom of the tree will propagate upward all the way to the root. This is the "wandering tree" algorithm. One of the advantages is that the old filesystem structure remains valid until the root is rewritten - a crash could cause the loss of the last operation, but it will leave previous data and the structure of the filesystem intact. Actually managing the entire directory tree as a wandering tree would be expensive; beyond that, files with multiple hard links break the tree structure and make wandering trees much harder to implement. So the actual tree implemented by LogFS just has two levels. There is an "inode file" containing the inode structures for every file and directory existing within the filesystem; each inode then points to the associated blocks holding the file's data. Directory entries contain a simple integer index giving the inode offset within the inode file. So changes to an inode only require writing the inode itself and the inode file; the rest of the directory structure need not be touched. To tie it all together, LogFS sets aside a group of blocks as the "anchor area," where versioned pointers to the root inode can be found. Mounting the filesystem requires scanning this anchor area to find the current version of the root inode, at which point the rest of the filesystem becomes accessible. This mechanism allows the root to be found in constant time without the need to scan the entire device. LogFS has been through a couple rounds of review, with significant changes each time. Barring significant problems, it should be getting close to ready, perhaps it will be merged in time for 2.6.23. (See also: Jörn's LogFS paper from which much of the above was cribbed).
Scatterlist chainingHigh-performance I/O generally involves the use of direct memory access (DMA) operations. With DMA, the I/O device transfers data directly to and from main memory without the intervention of the CPU. In the simplest form of DMA, the controller is handed a pointer to a region of memory, given the length, and told to do its thing. The processor can then forget about the operation until the device signals that the work is done.This simple view has a drawback, however, in that it assumes that the data to be transferred is stored contiguously in memory. When the I/O buffer is in kernel space, the kernel can often arrange for it to be physically contiguous - though that gets harder as the size of the buffers gets larger. If the buffer is in user space, it is guaranteed to be scattered around physical memory. So it would be nice if DMA operations could work with buffers which are split into a number of distinct pieces. In fact, with any reasonably capable peripheral device, buffers can be split this way. The term for operations on such buffers is "scatter/gather I/O"; scatter/gather has been well supported under Linux for some time. The DMA chapter of Linux Device Drivers covers scatter/gather in a fair amount of detail. In short, a driver starts by filling in an array of scatterlist structures, which (on the i386 architecture) look like:
struct scatterlist {
struct page *page;
unsigned int offset;
dma_addr_t dma_address;
unsigned int length;
};
For each segment, the page pointer tells where the segment is to be found in memory, offset tells where the data begins within the page, and length is the length of the segment. Once the list has been filled in, the driver calls:
int dma_map_sg(struct device *dev, struct scatterlist *sg, int nents,
enum dma_data_direction direction);
This operation, at a minimum, fills in the dma_address field of each scatterlist entry with an address which can be given to the peripheral. It might do more, though: physically contiguous pages may be coalesced into a single scatterlist entry, or the system's I/O memory management unit might be programmed to make parts (or all) of the list virtually contiguous from the device's point of view. All of this - including the exact form of struct scatterlist - is architecture dependent, but the scatter/gather interface is set up so that drivers need not worry about architecture details. Recently, a particular constraint in the scatter/gather interface has turned up. For various reasons, scatterlists must fit within a single page; that restriction puts an upper limit on the number of segments which may be represented. On the i386 architecture, with high memory enabled, struct scatterlist requires 20 bytes, which limits a scatterlist to 204 entries. If each scatterlist entry points to a full page, the maximum size for a DMA transfer will be about 800KB. On an x86-64 system, the situation is worse: the structure uses 40 bytes, cutting the maximum length in half. There are situations where larger I/O operations are desirable. The block I/O subsystem is one of them, but there are certainly others: high-resolution video capture devices are an example. The limitation on scatterlist length is one of the factors motivating developers who are working on large block size support. By increasing the effective page size, they are able to increase the maximum I/O operation size. Increasing the page size is not the only feasible approach, though; another is simply to make scatterlists longer. Multi-page contiguous scatterlists are not really in the cards, but chaining single-page scatterlists can be done. Jens Axboe has been working on that approach; his scatterlist chaining patch is on its sixth revision as of this writing. Chaining is done by overloading the page pointer in the last scatterlist entry in a page. The least significant bit is set to indicate that the entry is, in fact, a chain link rather than another segment to transfer. The change is almost transparent to drivers. In current kernels, the code which iterates through a scatterlist usually looks something like this:
struct scatterlist *sg = &the_scatterlist[0];
for (i = 0; i < nentries; i++) {
program_io_operation(sg);
sg++;
}
When chaining is being used, simply incrementing through the array no longer works. So Jens has added a simple sg_next() macro to follow the the chain links when necessary. So the sg++ line above turns into something like:
sg = sg_next(sg);
Since a driver change is required, chained scatterlists should not be used unless one knows for sure that the driver is prepared for them. The patch from Jens fixes up a number of drivers, especially in the block subsystem. Even so, the maximum I/O size must be raised explicitly by the administrator (via a sysfs file) before chaining will be turned on. Once it's enabled, however, multi-megabyte I/O operations become possible. No intrusive memory management changes required.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials No Pidgin for SlackersThe Slackware current changelog has been a busy place in recent weeks, with the usual stream of upgraded packages, bug fixes and so on. What was less usual was this note in the entry for May 11, when Patrick discovered this text on the Pidgin (formerly GAIM) website.
"We have no developers using Slack, and furthermore, several of us
actively dislike that distribution for its history of broken installs,
as well as for its non-existant package management. You cannot create
true packages for Slack."
Here's Patrick's response from the changelog entry:
Well, I'm somewhat shocked by this, having never (to my knowledge) done
anything to any of the former GAIM or Pidgin developers to make them
mad at me, Slackware, or anyone on the Slackware team. I guess if
they feel it's not possible to make a "true" Pidgin package for
Slackware, there's no point in continuing to try. Having put out 7
security advisories on GAIM, I'm quite sure there will be less work
here if Pidgin is not included. The Pidgin package has been moved
to the "unsupported" directory. For the record, I do not actively
dislike Pidgin or any of their developers, but I do plan to use
Kopete from now on.
The statement on the Pidgin - Why Packages Exist page has since been modified and now reads:
We have no developers using Slackware, and we do not support it, due to a
history of problems which are caused or made unnecessarily difficult to
solve by the fact that its package system does not support automatic
dependency resolution. We also recommend that users do not attempt to
compile Pidgin from source on Slackware, but instead use the packages
provided by the Slackware team. If you insist on trying this out
yourself, the only advice we can give you is to ask for help in
##slackware on irc.freenode.org, or on the Slackware mailing lists.
The original text was still available on Google cache at the time this article was written. So now the Pidgin team suggests using packages provided by Slackware, but Slackware will not be providing any Pidgin packages. It seems Slackers will be looking elsewhere for their Instant Messaging needs.
New Releases BLAG 60001 ReleasedBLAG 60001 is the first update to the Fedora Core 6 based BLAG 60k series. "This is just a "roll up" of recent package updates, including an update from the 2.6.18 kernel to 2.6.20. The base package set remains the same. Over 200 updated packages are included. This release is primarily done so people who download the ISO don't have to then download a bunch of package updates."
openSUSE 10.3 Alpha4 availableThe fourth alpha release leading to openSUSE 10.3 is out. It adds the YaST "meta packages handler," TeX Live, the first bits of pre-KDE4, OpenOffice.org 2.2, a 2.6.21 kernel, and more.
OpenVZ Virtualization Software Available On Live CDThe OpenVZ project has announced the availability of its operating system server virtualization software as a modified version of the Knoppix 5.1.1 bootable Live CD so that users can test drive the OpenVZ software without changes to their computer or installing anything on their hard disk.
rPath Linux 1.0.6 available for x86 and x86_64rPath Linux has released updated images for rPath Linux 1. "The new images incorporate updates to the installation process and all package updates released as of May 11, 2007. In particular, the installation images and installed system now include a 2.6.19.7 Linux kernel, enabling installation on more recent hardware not supported by previous installation media. (Linux kernels for Xen support are 2.6.16.29 in this release.) New to 1.0.6 are x86_64 VMware and Xen images, as well as x86 and x86_64 ESX images."
Distribution News Bits from DebianDebian's Alioth server has been upgraded from Sarge to Etch. A few things have changed in the process.The call for bids has gone out for DebConf9. Bids should be submitted before the start of DebConf7 so that a venue can be chosen during DebConf7. The first post-Etch Bug Squashing Party has been scheduled for May 17 - 20, 2007. The mechanism that allows people to subscribe to bug reports was broken, but has now been fixed.
Ubuntu Mobile and Embedded - DetailsThe Ubuntu Mobile and Embedded project was launched last week at the Ubuntu Developer Summit in Sevella, Spain. This week the project's wiki page has more details.
Open Source Collaboration Leader Zimbra Now Available on Ubuntu LinuxZimbra has announced the general availability of the Zimbra Collaboration Suite Network Edition for Ubuntu. "The Zimbra Collaboration Suite -- a premier, enterprise-grade email and collaboration solution -- now supports the wildly popular Ubuntu version 6.06 LTS (Long Term Support) from Canonical Ltd., an operating system designed to be the ideal platform for enterprises seeking better stability and longer guaranteed support horizons."
Distribution Newsletters Fedora Weekly News Issue 87The Fedora Weekly News for May 12, 2007 covers Fedora 7 -- what, when, and why, Fedora 7 Deep Freeze/GA release schedule change, Post-merge howto and FAQ, Red Hat Summit, Liberations fonts from Red Hat, and much more.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for May 7, 2007 covers the release of Gentoo Linux 2007.0, information about recent coreutils changes, and several other topics.
Ubuntu Weekly News: Issue #40The Ubuntu Weekly Newsletter May 12, 2007 covers the long awaited stable release of Ubuntu Studio, the new Ubuntu Central American LoCo Team, the growing media coverage on Ubuntu (both press and blogs), the amazing work done by the MOTU Team, and more.
DistroWatch Weekly, Issue 202The DistroWatch Weekly for May 14, 2007 is out. "The intensive development period before the upcoming release of Fedora 7 has been marked by several release updates and further complimented by news from Red Hat Summit in San Diego last week. Will this be the most impressive Fedora release ever? Chances are that it will be indeed. In other news, the openSUSE community launches a software portal, Daniel Robbins comments on the latest Gentoo Linux, Patrick Volkerding drops Pidgin (formerly GAIM) after finding an anti-Slackware comment on the project's developer page, and several distributions, including openSUSE, SabayonLinux, sidux and Skolelinux, announce updated release schedules. In the feature story of the week, your DistroWatch editor describes what can happen when the most important piece of computer hardware suddenly decides to stop working."
Newsletters and articles of interest A Guide to Virtualization on Mandriva Linux 2007 SpringMandriva developer Adam Williamson has written a guide to virtualization on Mandriva Linux 2007 Spring. Click below for the full article.
Rethinking the Linux Distribution (O'ReillyNet)This O'ReillyNet tries to think outside the box when it comes to Linux distributions. "As I hope to demonstrate in this article, FOSS tools are the right technology to define the post-PC software era, and not merely as a backend platform for someone else's proprietary SaaS (Software as a Service) suite. Today's typical Linux distribution, however, follows a design that resembles a legacy Unix system with a Windows-style front end bolted on. This is a competitor to products such as Vista, which may actually be the last of its kind, even for Microsoft. It would be unfortunate indeed to suddenly find ourselves stuck with yesterday's business model."
HowtoForge tutorialsNew HowtoForge articles:
Distribution reviews Gentoo Linux 2007.0 Review: First ImpressionsGentoo founder Daniel Robbins reviews the latest Gentoo release. "Overall, the install process was significantly improved using the installer. However, there was noticeable room for improvement - general lack of refinement and questionable choices made regarding what to include on the 600MB LiveCD. Also, the online documentation has grown to the point where it is cumbersome to navigate and disorienting to use. And those are my first impressions of 2007.0 :)"
Page editor: Rebecca Sobol Development Interview with three OpenChange project developersThe OpenChange project recently announced the "MAILOOK" release, which provides a library to access Microsoft Exchange servers using native protocols. We recently got a chance to catch up with Julien Kerihuel, Ali Mdidech and Fabien Lementec from the OpenChange project.LWN: Can you tell us about OpenChange and what the current library is capable of?
Julien Kerihuel: The OpenChange MAPI library (libmapi) provides
interoperability with Microsoft Exchange servers, which means being
able to communicate with Exchange in the same way that Outlook
does. Our primary objective in providing the MAILOOK release is to
make our implementation available to beta testers so we can validate
the design, evaluate libmapi code scalability and reliability; and
thus fix possible inconsistencies before we go to much further in the
development process.
This release is a very important step in the project roadmap. It is the first time that we've provided code which can be used in stand-alone applications and which is generic enough to perform most of the messaging operations that final users would deal with, such as:
These features will be included in the next library release, planned for early June 2007. The rest of the interview is available here.
System Applications Database Software MySQL 5.1.18 beta has been releasedVersion 5.1.18 beta of the MySQL DBMS has been announced, it adds new functionality and bug fixes.
MySQL Community Server 5.0.41 has been releasedVersion 5.0.41 of MySQL Community Server has been released, it features bug fixes and some new capabilities.
PostgreSQL Weekly NewsThe May 13, 2007 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
Interoperability Samba 3.0.25 Available for DownloadSamba 3.0.25 has been released. "This is the first production release of the Samba 3.0.25 code base and is the version that servers should be run for for all current bug fixes." There are new features and security fixes in this version.
Printing Common UNIX Printing System 1.2.11 announcedVersion 1.2.11 of CUPS, the Common UNIX Printing System, has been announced. "CUPS 1.2.11 fixes several build system, printing, PPD, and IPP conformance issues. It also fixes a crash bug in the scheduler when printing to files in non-existent directories."
Desktop Applications Audio Applications Ardour 2.0.2 releasedVersion 2.0.2 of Ardour, a multi-track digital audio workstation, is out. "There was an error in the source tarball released as 2.0.1. We are therefore releasing 2.0.2 as a fix for this. The OS X DMG of 2.0.1 does NOT have this error in it, there is no reason to upgrade if you have downloaded the DMG of 2.0.1 2.0.2 is identical to 2.0.1 except that it actually includes all all the fixes listed below rather than all but one." See the change log for more information.
LASH 0.5.3 announcedVersion 0.5.3 of LASH, a session management system for JACK and ALSA audio applications, is out. "This release features automatic auto-launch of the daemon by default, compilation fixes for certain machines, and various bug fixes."
Sonic Visualiser 1.0 releasedVersion 1.0 of Sonic Visualiser has been announced. "Sonic Visualiser contains advanced waveform and spectrogram viewers, as well as editors for many sorts of audio annotations. Besides visualisation, it can make and play selections based on the locations of automatically detected features, seamlessly loop playback of single or multiple noncontiguous regions, synthesise annotations for playback, and slow down playback while retaining display synchronisation."
Business Applications Jitterbit 1.2 releasedVersion 1.2 of Jitterbit has been announced, it adds several new capabilities. "Jitterbit is an open source client and server designed to give end users a quick and easy way to design, configure, test, and deploy integration solutions. Connect your Applications & Data Organizations can use Jitterbit to connect data from ERP and CRM applications, data warehouses, online marketplaces, and much more. Jitterbit supports Web Services, XML Files, HTTP/S, FTP, ODBC, Flat and Hierarchic file structures and file shares."
CAD Thirty-sixth release of PythonCAD announcedRelease 36 of PythonCAD has been announced. "The thirty-sixth release of PythonCAD is primarily a bug-fix release. A number or bugs relating to saving and loading user preferences that appeared in the thirty-fifth release have been fixed. Also, several number of bugs involving entity redrawing have been corrected, as well as bugs regarding the typing of various commands within the text entry box in the display."
Data Visualization RRDtool 1.2.23 releasedVersion 1.2.23 of RRDtool, a time series data visualization package, is out. RRDtool is: "The industry standard data logging and graphing application. Use it to write your custom monitoring shell scripts or create whole applications using its Perl, Python or PHP bindings." See the CHANGES document for release details.
Desktop Environments GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE 4.0-alpha1 Released: "Knut"The KDE Community has announced the immediate availability of the first alpha release of the KDE Desktop Environment, version 4.0. "KDE 4.0 Alpha 1 marks the end of the addition of large features to the KDE base libraries and shifts the focus onto integrating these new technologies into applications and the base desktop. The next few months will be spent on bringing the desktop into shape after two years of frenzied development leaving very little untouched."
KDE Commit-Digest (KDE.News)The May 13, 2007 edition of the KDE Commit-Digest has been announced. The content summary says: "The KOffice ODF weekend sprint takes place in Berlin. KTuberling, the much-loved "potato man" game, is saved for inclusion in kdegames for KDE 4, with the start of porting to SVG and other general improvements. Rewrite of KPoker replaces the previous implementation. Xinerama improvements in the KWin window manager. Continued work on Konsole. Usability and other improvements in KGPG. More progress in the Music Notation Flake shape Summer of Code project in KOffice. Version 2 of the KDChart library imported into KDE SVN to allow KChart of KOffice 2 to be based upon it. The "systemsettings" set of utilities begins to be ported to KDE 4...."
HIG Hunting Season Now Open (KDE.News)KDE.News has announced the HIG Hunting Season. "The HIG Hunting Season is an experiment to include the community into the search for obvious infringements of the KDE Human Interface Guidelines. As those are not fully finished yet, the HCI working group is currently preparing HIG checklists that help to uncover small potatoes that disturb a seamless use experience, such as inconsistencies among applications, incomplete keyboard access, missing feedback, or overloaded configuration dialogs, toolbars or menus. In short: We are asking the community to report user interface and interaction issues that can be stated like bugs."
Konch 1.0 releasedVersion 1.0 of Konch has been announced. "Konch is a versatile utility that allows you to create system tray* applets using standard scripting languages such as bash, Perl, or Python. You control Konch via command-line parameters, DCOP, or your script's STDOUT." See the release notes for a list of new features and bug fixes in this version.
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Xorg Software AnnouncementsThe following new Xorg software has been announced this week:
Financial Applications SQL-Ledger 2.8.4 releasedVersion 2.8.4 of SQL-Ledger, a web-based double entry accounting/ERP system, is out. New features include: support for foreign currency GL transactions, the ability to specify foreign exchange rates for every transaction and payment and add/edit/delete default exchange rates.
Interoperability Wine 0.9.37 releasedVersion 0.9.37 of Wine has been announced. Changes include: MSI automation with JScript/VBScript support, Various MSHTML improvements, The usual assortment of Direct3D fixes, Support for a few more exe protection schemes and Lots of bug fixes.
Wine Weekly NewsletterThe May 14, 2007 edition of the Wine Weekly Newsletter is online with coverage of the Wine project. Topics include: Wine 0.9.37, No Wine on Dells, Kidney Stones Suck, Direct3D Milestone, Activation Context, USB Support in Wine, Mandriva RPMs, and Improving Debugging Performance.
Music Applications Amuc version 1.4 releasedVersion 1.4 of Amuc, the Amsterdam Music Composer, is out. "Amuc is a light-weight tool for composing and playing music. 'Light-weight' in the sense of not needing graphical or other toolkits, however it's very fast and offers useful features to help the inexperienced composer."
nova 0.00.4 releasedVersion 0.00.4 of nova, a computer music system with a dataflow syntax, is out. "the main improvement over nova-0.00.3 is a working graphical patcher interface, lots of bug fixes to improve the stability and a port to osx ..."
Office Applications HylaFAX 4.3.4 releasedVersion 4.3.4 of HylaFAX, a fax modem control application, has been announced. "The 4.3 branch of HylaFAX has been in stable mode since 4.3.3. Any release since then is strictly a bugfix release, and as such, is a recommended upgrade."
Web Browsers My eBay Fox for Firefox (MozillaZine)MozillaZine looks at My eBay Fox, a Firefox extension for working with the eBay auction site. "My eBay Fox is a customized version of Firefox that helps people use eBay more effectively. It includes an eBay Toolbar for Firefox, which gives users easy access to all of the important parts of eBay and a handy set of tools like price comparison, consumer reviews, and shipping information. The coolest part, though, is that when you do a search in eBay, the toolbar will go out and find preview images for all the items that don't have them, so every item in the list of results will have a preview next to it, even if the seller didn't pay for one."
Raising Mozilla on Linux Runtime Requirements Proposed (MozillaZine)MozillaZine takes a look at a weblog post by Mike Connor on Mozilla's runtime requirements. "Historically, Mozilla on Linux has had fairly conservative requirements, employing runtime checks and workarounds to support older libraries or work around known bugs. While this means that Mozilla applications will run on older Linux distributions, it has led to some compromises and ugly hacks in the Mozilla code, making it harder to maintain."
Languages and Tools C GCC 4.2.0 ReleasedGCC 4.2.0 is out. This is a major release with a number of new features including OpenMP support, various new optimization options, a new warning for "suspicious" address usage, and much more; see this page for a full list.
Caml Caml Weekly NewsThe May 15, 2007 edition of the Caml Weekly News is out with new Caml language articles.
Java The Process Virtual Machine (O'Reilly)Tom Baeyens and Miguel Valdes Faura discuss the Process Virtual Machine on O'Reilly's OnJava.com. "This article will show how both business analysts and developers can benefit from workflow, Business Process Management (BPM), and orchestration. We'll explain the core essence of workflow engines in simple terms, and how this can be leveraged in a Java environment. While every self-respecting developer knows the relational model behind databases, such a model is absent for workflow engines. The Process Virtual Machine will provide that missing piece."
Perl Parrot 0.4.12 releasedVersion 0.4.12 of Parrot has been announced. "On behalf of the Parrot team, Im proud to announce Parrot 0.4.12 Of the Caribbean. Parrot is a virtual machine aimed at running all dynamic languages."
Everyday Perl 6 (O'Reilly)Jonathan Scott Duff looks at changes coming with the long-awaited Perl 6. "Perl 6 will soon be here. How will programming in Perl 6 be different from programming in Perl 5 for your average Perl programmer? The answer is: very different yet very much the same. A Perl 6 program viewed at arm's length will look much like a Perl 5 program viewed at arm's length. Programming in Perl 6 will still feel like programming in Perl. What will change however, is that Perl 6 will enable programmers to be more expressive by giving them more tools to work with (making easy things easy) and allowing them to be more precise in their expressions."
PostScript GPL Ghostscript 8.57 announcedVersion 8.57 of GPL Ghostscript, a PostScript interpreter, has been announced. "This is a stable release in the 8.5x series. In addition to the usual bug fixes, there are specific performance and quality improvements in the areas of patterns, shading and image filtering. Also new in this release is an implementation of the Well Tempered Screening algorithm in an output device, using Graeme Gill's IMDI library for efficient color mapping."
Python Python-URL! - weekly Python news and linksThe May 16, 2007 edition of the Python-URL! is online with a new collection of Python article links.
Tcl/Tk Tcl-URL! - weekly Tcl news and linksThe May 16, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.
XML XML Parser Benchmarks: Part 1 (O'Reilly)Matthias Farwick and Michael Hafner compare XML parsers in part one of an O'Reilly article series. "Five years after the introduction of SOAP 1.0, XML parsing is still the main bottleneck in web service performance. In search of components for a high performance web service security solution, we have executed benchmarks for various XML parsers in Java and C. These benchmarks cover event-driven parser models like SAX and StAX, object model parsers like DOM, and also new breeds of XML parsers like Apache's AXIOM, which only builds parts of the document tree in the memory."
Bug Trackers Bugzilla 3.0 Released (MozillaZine)MozillaZine covers the release of Bugzilla 3.0. "The Bugzilla 3.0 release announcement lists some of the main new features added to this version, including custom fields, support for the Apache mod_perl module, per-product permissions, an XML-RPC interface and the ability to create and edit bugs by email."
Cross Compilers SDCC 2.7.0 RC1 releasedVersion 2.7.0 RC1 of SDCC, a retargetable, optimizing ANSI - C compiler that targets the Intel 8051, Maxim 80DS390, Zilog Z80 and the Motorola 68HC08 based MCUs, is out. "SDCC 2.7.0 Release Candidate 1 source, doc and binary packages for x86 Linux, 32 bit Windows and ppc Mac OS X are available". See the release schedule document for more information.
Libraries RFIDIOt version 0.1m releasedVersion 0.1m of RFIDIOt, the open source python RFID library, is out with some new capabilities and bug fixes.
Page editor: Forrest Cook Linux in the news Recommended Reading Microsoft takes on the free world (CNN)According to this Fortune article (by way of CNN), Microsoft is starting to rattle the patent saber in a more serious way. "But [Microsoft general counsel Brad Smith] does break down the total number [of patents] allegedly violated - 235 - into categories. He says that the Linux kernel - the deepest layer of the free operating system, which interacts most directly with the computer hardware - violates 42 Microsoft patents. The Linux graphical user interfaces - essentially, the way design elements like menus and toolbars are set up - run afoul of another 65, he claims. The Open Office suite of programs, which is analogous to Microsoft Office, infringes 45 more. E-mail programs infringe 15, while other assorted FOSS programs allegedly transgress 68."
Schwartz: Free advice for the litigiousSun CEO Jonathan Schwartz has some advice for Microsoft regarding its patent claims. "All of which is to say - no amount of fear can stop the rise of free media, or free software (they are the same, after all). The community is vastly more innovative and powerful than a single company. And you will never turn back the clock on elementary school students and developing economies and aid agencies and fledgling universities - or the Fortune 500 - that have found value in the wisdom of the open source community. Open standards and open source software are literally changing the face of the planet - creating opportunity wherever the network can reach."
Trade Shows and Conferences 2007 Red Hat Summit coverageThe 2007 Red Hat Summit is underway in San Diego, California. Here are some of the news reports and press releases from the event:
Red Hat Summit 2007, Day 2: Red Hat Exchange and interesting presentations (Linux.com)Linux.com covers day 2 at the Red Hat Summit. "In addition to the seven official tracks, this year's Red Hat Summit has an unofficial eighth track for the press. Day 2 saw two official announcements: Red Hat Exchange and a new partnership with Sybase. In addition to covering the press conferences, I had time to sit in on some interesting presentations."
Awards and Moglen mark Red Hat Summit finale (Linux.com)Linux.com covers the last day of the Red Hat Summit. "The third annual Red Hat Summit in San Diego concluded on Friday with a half-day schedule of sessions capped off by the presentation of the first annual Innovation Awards. I missed the awards ceremony in favor of a one-on-one interview with Professor Eben Moglen, during which I learned the secret of how to change the world."
KOffice ODF Sprint Kickoff (KDE.News)KDE.News covers the KOffice meeting in Berlin. "What are the KOffice developers planning to work on, or what do they want to discuss with their fellow hackers? Inge Wallin explained his main goals for the Berlin meeting in an email sent a few days before the meeting started. The big target for the meeting is ODF. First, the KOffice hackers will go through the current ODF support and try to improve it. It is important to create a good infrastructure to support ODF throughout KOffice, so developers won't have a hard time getting their apps to use it."
KOffice ODF Sprint Report (KDE.News)KDE.News covers the KOffice ODF sprint. "The two days of the KOffice ODF sprint were very productive. Most time was spent on group discussions, and designing specific parts of KOffice in smaller groups. Of course, code was written as well, and for an overview of what happened, read on!"
Art meets open source at Libre Graphics Meeting (Linux.com)Linux.com has a report on the Libre Graphics Meeting. "Unlike a typical Linux get-together, at the Libre Graphics Meeting (LGM), half of the attendees are developers and the other half are artists. The conference, which was held earlier this month at the Polytechnique Montreal, featured speakers from as far as Australia and Europe. In three rooms, speakers presented techniques for everything from generating photorealistic vector drawings to producing full movies to magazine production."
Linuxfest Northwest 2007 ReportScott Dowdle has written a report on the Linuxfest Northwest 2007 conference. "Linuxfest Northwest has been an annual event since 1999 held at Bellingham Technical College in Bellingham Washington which is approximately 90 miles North of Seattle. To allow for the largest participation, it is held on a weekend. Linuxfest Northwest 2007 was held on April 28-29th and was attended by approximately 900 people."
Meeting on Future Mozilla Firefox Support Forums Held (MozillaZine)MozillaZine covers a recent meeting on Firefox support. "The notes from the second meeting on the future of Mozilla Firefox support have been made available online. The telephone conference was organised by the Mozilla Corporation and took place on Thursday. The discussion concentrated on ways to improve forum-based Firefox user support offerings. The MozillaZine Forums currently host the most popular Firefox support boards and the discussion included opinions on the current strengths and weaknesses of the present site. However, the usefulness of the meeting was somewhat limited by the low number of regular MozillaZine Forums participants present."
Companies Microsoft Won't Sue Linux Users, Company Exec Says (InformationWeek)InformationWeek reports that Microsoft doesn't want litigation. ""We're not litigating. If we wanted to we would have done so years ago," said Horacio Gutierrez, Microsoft's VP for intellectual property and licensing, in an interview. Instead, Microsoft wants to create more arrangements that mirror the company's deal with Linux distributor Novell. In November, the two agreed to share intellectual property and pledged not to sue each other's customers. "We created a bridge between two worlds that before were perceived to be unbridgeable," said Gutierrez."
Novell and Microsoft detail 12 new Linux coupon customers (CBR Online)CBR Online reports on the signing of twelve new Linux coupon customers to the Novell and Microsoft interoperability agreement, which offers support for SUSE Linux Enterprise. "Deutsche Bank, Credit Suisse and AIG Technologies signed up in December 2006, a month after the scheme was announced, while Wal-Mart came on board in January and HSBC in March. Now added to that list are: 1blu, Arsys, Fujitsu Services, Gordon Food Service, Gulfstream Aerospace, hi5 Networks, Host Europe, Nationwide, Prisacom, Reed Elsevier, Save Mart Supermarkets, and California's Department of Fish and Game."
Progeny's closure highlights problems of small FOSS companies (Linux.com)Linux.com examines the demise of Progeny. "Branden Robinson, former Debian Project Leader and a Progeny employee from the company's start, makes clear that Progeny's failure was not due to lack of business. According to Robinson, when the company closed, it had half a dozen clients, and was in negotiations with at least one other company. In addition, Progeny was still providing update services for three or four clients. "In some ways, I feel like we had no competitors," Robinson says. One company, he adds, "was really disappointed to hear that Progeny was going out of business, because they weren't really sure who to turn to.""
Who Leads The Real-time Linux Niche? (InternetNews.com)Here's an article on InternetNews.com covering the petty back-and-forth between real-time Linux distributors. "Currently Red Hat employee Ingo Molnar is leading the real-time Linux development effort at kernel.org. It's a fact that doesn't faze MontaVista. 'It is not a competitive advantage even if that was implied,' MontaVista's [Tom] Kelly said. 'Leadership is a service to the community and a role that we appreciate and everyone should bear the burden of helping and MontaVista has done it in the past.'"
Sun hopes for Linux-like Solaris (ZDNet)Stephen Shankland looks at Ian Murdock's role as Sun's chief operating systems officer in a ZDNet article. "Sun has been trying for years to restore the luster of Solaris, a version of Unix that peaked in popularity in the late 1990s, but that since has faced a strong challenge chiefly from Linux. Sun has worked to reinvigorate Solaris by boosting its performance, offering it as a free download, making it an open-source project called OpenSolaris, and pushing a version that runs on servers using Intel's and AMD's mainstream x86 processors. Linux and Solaris are cousins that stem from the same Unix heritage, if not from the same source code. But Linux fans simply have a hard time trying Solaris, Murdock said Tuesday."
Legal GPL likely to regain Apache compatibility (ZDNet)ZDNet covers an effort to bring the GPL v3 license together with the Apache License. "In a significant change of course, the Free Software Foundation is working to make the upcoming version 3 of the General Public License (GPL) compatible with an alternative, the Apache License. "I think a final change we'll see for the release of GPL 3 will be that compatibility," said Free Software Foundation Executive Director Peter Brown in a panel discussion Tuesday at Sun Microsystems' JavaOne conference here. The Apache License compatibility had been removed as a result of an "11th-hour" decision before release of the third draft of GPL 3."
Eight common misunderstandings about GPLv3 (IT Manager's Journal)IT Manager's Journal attempts to clarify GPLv3. "To separate the confusions and half-truths from the reality, we went to the source: members of the Free Software Foundation (FSF) such as compliance engineer Brett Smith, founder Richard Stallman, and executive director Peter Brown; and the Software Freedom Law Center's Richard Fontana, who is one of the main drafters of the new license. Taken together, their comments help to create a clearer picture of the goals behind GPLv3 and the final form that the license will probably take."
Interviews Java goes back to the PC (ZDNet)ZDNet talks with James Gosling. "In 1995, Sun Microsystems introduced Java as a way to endow Web surfing with fancy graphics and more sophisticated interaction than just basic pointing and clicking. By introducing JavaFX Script this week at the JavaOne conference here, Sun is trying to reinvigorate that original idea. Gosling helped invent the Java programming language, initially called Oak in the early 1990s. He was involved in its early spread as a Web browser plug-in and its commercial success in server software and mobile phones."
An Interview with Robert Brewin (O'Reilly)David Bock interviews Robert Brewin on O'Reilly. "If you have been paying attention to any of the news from Sun lately, Robert Brewin is probably not a stranger to you. Robert has been strategically involved in if not outright responsible for some of the major announcements from Sun, from the open sourcing of the JDK, to the embracing of scripting languages like Ruby, and most recently this week's announcements of JavaFX Script and the JavaFX Mobile platform. I had the chance to sit down with Bob and talk to him about JavaFX Script, JavaFX Mobile, the announcement of the new consumer-focused JRE, and several other impressions and events from JavaOne."
Resources Understanding ActiveRecord: A Gentle Introduction to the Heart of Rails (Part 2) (O'ReillyNet)O'Reilly is running part two in a series on the Rails ActiveRecord Persistence layer. "In the second part of Gregory Brown's in-depth examination of the Rails ActiveRecord Persistence layer, he looks at how to model relationships such as one to many and many to many. This comprehensive introduction to ActiveRecord will let you hit the ground running when you need to integrate a database into Rails."
Reviews Release of Foundations of GTK+ Development (GnomeDesktop)GnomeDesktop.org reviews the book Foundations of GTK+ Development. "Foundations of GTK+ Development is the first book completely dedicated to GTK+ development since 2001. It contains examples and instructions for using almost every single widget available in GTK+ 2.10. In addition, five appendixes provide a reference to often under-documented properties and signals."
Pocket-sized PC runs Linux (LinuxDevices)LinuxDevices looks at the Linutop PC. "Linutop claims that its Linutop PC draws "less than 6 Watts" -- less energy than many computing appliances such as printers and scanners dissipate in standby mode. The device measures 3.7 x 1.1 x 5.9 inches (9.3 x 2.7 x 15 cm), and weighs 9.9 ounces (280 grams). Its compact wall-wart-style power supply incorporates a European-style plug."
Page editor: Forrest Cook Announcements Non-Commercial announcements Two new initiatives from the FSFThe Free Software Foundation has announced the creation of an "activist campaigns team" to try to spread the word on software freedom. This group will be run by John Sullivan and Joshua Gay; it will start by managing the BadVista.org and Defective By Design efforts.There is also a new campaign called PlayOGG.org, intended to promote use of the Ogg Vorbis audio format. "OGG is your safest bet to be free from patent litigation when using compressed audio. This is especially true given the recent upswing in patent-based lawsuits. What is most frightening, and underscores the landmine metaphor often used to describe software patents, is the recent $1.5B preliminary judgment against Microsoft. Microsoft thought it had a paid-up nonexclusive license to practice the patents in MP3. This judgment demonstrates that there is no good way to protect yourself from these threats. The only viable solution right now is to switch to OGG, and work for the abolition of software patents."
Commercial announcements Announcing CrossOver 6.1 for Linux and MacCodeWeavers has announced the availability of version 6.1 of CrossOver Mac and CrossOver Linux. "Version 6.1 includes a lot of improvements from 6.0; while many applications should be affected by these improvements, the biggest improvements will be in Outlook 2003 as well as in our 3D game support. The major change in Outlook includes support for RPC over HTTP, to enable people the check their email from outside the office. There is also a wide range of other bug fixes and minor improvements in Outlook."
The DMCA requires use of DRM?This must be the strangest use of the DMCA yet: here's a press release from two companies called Media Rights Technologies and BlueBeat.com about the cease-and-desist letter they have sent to companies like Apple, Adobe, and Microsoft. It seems those companies are committing the crime of not using MRT's DRM products. "MRT asserts Apple, Microsoft, Real and Adobe have produced billions of these products without regard for the DMCA or the rights of American Intellectual Property owners, actively avoiding the use of MRT's technologies. Failure to comply with this demand could result in a federal court injunction to any of the above named parties to cease production or sale of their products and/or the imposition of statutory damages of at least $200 to $2500 for each product distributed or sold."
EMC enhances support for Red Hat Enterprise LinuxEMC Corporation has announced its enhanced support for Red Hat Enterprise Linux. "EMC Corporation announced today at the Red Hat Summit that it has strengthened support for Red Hat Enterprise Linux deployments by completing interoperability qualification of core EMC(R) platforms including EMC Symmetrix(R), EMC CLARiiON(R), EMC Celerra(R), and EMC Invista(R). EMC worked with Red Hat engineers to extensively test Red Hat Enterprise Linux interoperability with EMC's core storage platforms in the EMC E-Lab(TM), the leading industry testing facility of its kind."
Free software drivers for the Intel 965GM Express ChipsetIntel has announced free driver software for the 965GM Express chip set. "The Intel 965GM Express Chipset represents the first mobile product that implements fourth generation Intel graphics architecture. Designed to support advanced rendering features in modern graphics APIs, this chipset includes support for programmable vertex, geometry, and fragment shaders. Extending Intel's commitment to work with the X.org and Mesa communities to continuously improve and enhance the drivers, support for this new chipset is provided through the X.org 2.0 Intel driver and the Mesa 6.5.3 releases. These drivers represent significant work by both Intel and the broader open source community."
Terra Soft Launches PS3 User ShowcaseTerra Soft has launched the Share Your Story page. "Terra Soft today launched a program to engage its growing PS3 user base through the sharing of their unique stories on the Terra Soft Showcase web pages. As presented on the Terra Soft website, "You may be a super-geek, cranking out code into the midnight hour. Or you may be just like the rest of us, cranking out a mid term exam paper an hour before it's due. Either way, you have a story to tell, a unique experience to share. And if you are using YDL on a PLAYSTATION(R)3, an Apple PowerPC, or an IBM Power product, you are doing something the rest of us would like to hear about.""
TimeSys Introduces LinuxLink subscriptions for Intel IXP435 processorsTimeSys has announced the availability of LinuxLink subscriptions for the Intel IXP435 line of processors. "This processor is a new addition to Intel's popular line of network processors and TimeSys is the only vendor to provide processor-optimized Linux packages and components for the IXP435. Through the partnership between Intel and TimeSys, customers have access to the LinuxLink service, which allows them to build and assemble their own commercial-grade custom Linux platforms based on the IXP435 processor."
TimeSys Embedded supports 2.6.21 kernelTimeSys claims to be the first embedded Linux vendor to support the version 2.6.21 kernel. "TimeSys Corporation, the leading service provider to developers in the embedded Linux market, today announced that LinuxLink by TimeSys is the first commercial embedded Linux offering to deliver support for the 2.6.21 Linux kernel. LinuxLink is a web-based subscription service that simplifies embedded Linux development by providing the optimized code, tools and support that organizations need to accelerate their development and reduce their time to market."
Zenoss among open-source leaders selected for Red Hat Exchange LaunchZenoss Inc. has announced it is among the short list of partners involved in the launch of Red Hat Exchange (RHX). RHX allows companies to find, purchase and manage enterprise-ready open source software solutions through a single, trusted source - Red Hat.
New Books SitePoint releases "The Art and Science of CSS"SitePoint has published the book The Art & Science of CSS by Cameron Adams, Jina Bolton, David Johnson, Steve Smith and Jonathan Snook.
Foundations of GTK Development publishedThe book Foundations of GTK Development by Andrew Krause has been published.
O'Reilly Publishes 'Programming Firefox' by Kenneth Feldt (MozillaZine)MozillaZine reports on O'Reilly's publishing of the book Programming Firefox by Kenneth Feldt. "Subtitled Building Applications in the Browser, the new book by Kenneth Feldt covers using XUL and XPCOM to build Internet applications and extensions for Mozilla Firefox."
Resources FSFE NewsletterThe May 12, 2007 edition of the Free Software Foundation Europe Newsletter is online, here is the table of contents: "1. FSFE launches list of recommended Free Software lawyers 2. FSFE action on IPRED2 "Criminalisation" Directive 3. Transcript of Richard M. Stallman's speech in Brussels online 4. FSFE at A2K2 conference in Yale Law School 5. Georg Greve and Jonas Ãberg in Belgrade, Serbia 6. Ivan Jelic joining European Core Team of FSFE 7. Merchandise available via web order 8. Get active: join the translation team!"
Calls for Presentations IMF 2007 - CFP deadline extensionThe call for papers deadline for the 3rd International Conference on IT-Incident Management & IT-Forensics has been extended to June 4, 2007. The event takes place in Stuttgart, Germany on September 11-12, 2007.
Upcoming Events OpenLogic to Host Webinar on Impact of GPLv3OpenLogic, Inc. has announced a webinar on GPLv3 featuring Eben Moglen on Thursday, May 17, 2007 at 6 p.m. GMT. "Participants in this webinar will learn first-hand how changes to the GPL could impact enterprise organizations. Discussion topics will include differences between GPLv2 and GPLv3 (including simplification, internalization, patent defense clauses, digital rights management, and GPL- covered devices in consumer products), what GPLv3 means to enterprises committed to free and open source (including the future for open source projects that switch to GPLv3 versus stay with GPLv2), and what's in store for the release (including projected release date and the anticipated level of adoption)."
Maker Faire: 400 Makers, 40,000 Attendees, 200,000 Sq. Ft. of DIY MayhemO'Reilly has sent out a press release for the 2007 Maker Faire. "The 2nd Annual Bay Area Maker Faire (May 19 & 20) at the San Mateo Fairgrounds in northern California is just 10 days away, and this year's event is shaping up to be even better than last year's award-winning DIY fiesta! This year's event will have twice as many Makers (400), twice as many fans (40,000 anticipated), and twice the terrain (200,000 square feet)."
Mozilla Developer Day Paris: June 23, 2007The next Mozilla Developer Day will take place in Paris, France on June 23, 2007. "As mentioned in a couple of the Mozilla Project Update meetings, were going to have our third Developer Day of 2007 in Paris, on June 23rd. You can read more details on the wiki page including a place to indicate if youre interested in attending! Also, theres a page for proposing a topic that youd like to discuss with other Mozilla developers, or for indicating that youve got something to demo."
Events: May 24, 2007 to July 23, 2007The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it. Mailing Lists New Pre-Release Firefox and Thunderbird announcement lists (MozillaZine)MozillaZine reports on the creation of a number of new mailing lists for pre-release versions of Mozilla Firefox and Mozilla Thunderbird. "The Mozilla Developer News weblog has announced the creation of several new mailing lists for pre-release versions of Mozilla Firefox and Mozilla Thunderbird. Users who are interested in testing pre-release builds, such as release candidates and alphas, can subscribe to the announce-prerelease list to receive early notifications when such pre-release builds are made available."
Web sites Polish KDE Community Announces KDE.org.pl Web Site (KDE.News)KDE.News has announced the new Polish KDE site. "The Polish community of KDE is growing year after year. In association with KDE e.V. we're proud to announce the launch of the KDE.org.pl web site, with ambitions of becoming the starting point for the KDE element of Poland."
Official Mozilla Corporation Weblog in the Works (MozillaZine)MozillaZine notes plans to launch an official Mozilla Corporation weblog. "A project of the Mozilla marketing team, the new weblog will present the official Mozilla Corporation line on news and developments in the Mozilla ecosystem. The target audience for the weblog will be broad, encompassing users, community members, journalists and weblog authors. It is expected to launch by the end of May."
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
