LWN.net Weekly Edition for March 6, 2003
SpamAssassin 2.50
Last September, we compared SpamAssassin with a new set of spam filtering systems based on Bayesian analysis. The Bayesian approach, while seemingly "dumber," looked poised to depose SpamAssassin's complex set of rules as the most effective filtering system. Bayesian filters are fast, and they can learn from the actual mail received by each potential consumer of anatomical enlargements and Nigerian investment schemes. The combination of speed and adaptibility looked like a winning pair.Of course, SpamAssassin has not stood still in the intervening months. The SpamAssassin team released version 2.50 a couple of weeks ago; this release is described as a "beta version." No true Linux user fears beta-quality software, so we decided to have a look.
The SpamAssassin 2.50 rule set is more impressive than ever. Several hundred rules detect forged headers, cellphone pitches, Nigerian scams, mortgage refinance pitches, mentions of Oprah, porn terms ("various types of feline"), suspicious HTML, "my wife Jody," 100% guarantees, etc. There is a growing set of rules aimed at catching spam in languages other than English. One can only marvel at the noble souls who examine that much spam closely enough to develop these tests.
As is usually the case with a new SpamAssassin release, the new rules are far more effective than the previous set - for a while at least. The normal pattern, though, is that spammers begin to figure out how to evade the latest rules, and the number of false negatives slowly rises over time.
The truly significant new feature of version 2.50 may help change that pattern, however. Included in this release is, of course, a Bayesian filter. SpamAssassin will now remember the terms it finds in both spam and "ham," and assign to each a probability that the message containing it is spam. The Bayesian filter is not actually used to classify mail until a sizeable body of both good and bad mail has been processed. Once that threshold has been reached, the Bayesian filter will simply assign points to a message like any other test.
In 2.50, the scoring is set up so that the Bayesian filter, by itself, cannot condemn a message as spam. Even if the filter says the probability of spam is 99%, a maximum of 4.3 points (out of the 5 needed by default) will be assigned. Still, the Bayesian filter is sufficient to tip the balance on many spams that would have otherwise been classified as real mail. We ran a quick test with 5000 messages from the LWN.net inbox; before training, SpamAssassin flagged 3,935 of them as spam. Afterwards, it caught 4,139 instead. That's 204 spams we would not have to see, and that can only be a good thing.
The combination of SpamAssassin's rule base and the Bayesian filter addresses one of the biggest weaknesses of the Bayesian approach: the filter must be trained. Everybody gets a unique mix of mail, and, believe it or not, a unique mix of spam. There is no set of Bayesian rules that will work for everybody. If you happen to have nicely sorted piles of spam and real mail sitting around, you can quickly train the SpamAssassin filter via the sa-learn tool. But most users will simply want the filter to work without an extra effort on their part.
SpamAssassin's rules can help make that happen. Even without the Bayesian filter, SpamAssassin can flag most of the spam in a user's mail stream. It can, thus, train the Bayesian filter by itself; that filter will eventually start catching spam which sneaks past the regular rules. SpamAssassin has become a tool which learns how to do its job better over time. As a result, we are free to spend out time dealing with more interesting things. It would be hard to find a better example of useful, user-friendly free software.
The State of Linux International
[This article was contributed by Joe 'Zonker' Brockmeier]
Linux International (LI) has been an extremely important organization in the growth of Linux. But LI has been kind of quiet as of late. Its website hasn't been updated in a while, and the last press release put out by the organization on their home page is dated March 1, 2002. We caught up with LI president Jon "maddog" Hall recently and asked him where things stood. He assured us that LI is still working to promote Linux:
The BusinessWeek articles Hall referred to have generated a lot of discussion for Linux. But they don't reflect LI's influence. Hall says that's the way that he wants it:
He does admit, however, that the modesty can backfire when trying to justify LI dues to member companies and potential members. Dues for corporate sponsors are $10,000, and dues for member companies are $2,500 annually. Hall says that it can be difficult to convince companies to fund LI, even though some can spend much more than that on their individual marketing efforts.
Another function of LI that doesn't get discussed much is the stewardship of the Linux trademark. For the most part, that's been spun off to the Linux Mark Institute (LMI), a non-profit that controls the Linux trademark and grants use of the trademark to commercial entities for a fee. Hall says the fee is necessary to build a "warchest" to deal with legal issues instead of taking the money from LI's budget. Unless there's a "sticky situation" with a trademark, says Hall, the process is more or less automatic. Hall also mentioned that LI/LMI have stepped in when people have tried to trademark Linux in other countries and attempt to "hold it for ransom."
Hall did note that LI is undergoing some changes, particularly in terms of membership. "The industry has changed...used to be lots and lots of small companies, but the small companies have gone away and Linux has become not a "Linux-only" product, but a "Linux-also" product." Because of this, he says, companies like IBM and HP wonder what LI can do for them when they can afford to put money into Linux advertising that is branded with their company name instead of promoting Linux alone.
So is LI still relevant, if these companies are putting big bucks into marketing Linux? Hall says yes, because it can do things that IBM and HP cannot. For example, Hall mentioned that he wants to focus on providing materials for Linux User Groups to use to promote Linux. Because LI is vendor-neutral, Hall says that it will have much more success working with community groups to promote Linux on behalf of its member companies than those companies would directly:
Jeremy White, CEO of CodeWeavers and an LI supporter, says that he believes that LI was and continues to be important. White says that the case studies on LI's site have been useful for him, and also says that Hall's role as a Linux promoter is very important. "The most important thing they do is having Jon fly around and evangelize Linux. That's important to me. Linux, at least on the desktop, is very much in the adoption phase...I need the whole market to grow."
Hall says that there is still a lot of work to do in promoting Linux:
Vulnerability disclosure and government
The nasty remotely exploitable vulnerability in sendmail is covered in this week's Security Page. There is one aspect of this episode, however, which deserves a separate look: the involvement of the new U.S. Department of Homeland Security (DHS).The disclosure of this vulnerability was, it seems, coordinated by the DHS Information Analysis & Infrastructure Protection Directorate. This is new: government agencies have not generally handled the response to vulnerabilities in the past. Given that the government's security interests have not always aligned all that well with everybody else's interests (consider the whole issue of cryptographic code), this involvement should be watched closely.
On the face of it, the sendmail disclosure was handled reasonably well. The process took a little while (the vulnerability was first discovered in December), but the information release went as it should. There were no early disclosures (which have occasionally been a problem in the past), and almost everybody was in a position to have an update available when the disclosure did happen. System administrators who are paying attention should not get hit when the vulnerability is (inevitably) exploited.
There is an interesting statement in InfoWorld's coverage of the disclosure process, however:
In other words, the military got to hear about the problem before anybody else, and the rest of the government also got a couple of days of lead time. The DHS put the needs of the government above those of everybody else, including "critical infrastructure companies."
Things worked out in the sendmail case. As the DHS gets itself established, however, we should be concerned about how it might handle vulnerabilities in the future. It does not take a great deal of paranoia to imagine that disclosure of some problems could be suppressed altogether. It is also not hard to imagine future regulations criminalizing the disclosure of vulnerabilities without governmental approval. After all, that is the sort of thing governments do, and the current U.S. administration is rather more inclined in that direction than many.
True information systems security requires disclosure of vulnerabilities. One can imagine a governmental role in the coordination of that disclosure to effect a quick and universal availability of patches - though it is far from clear that this role is truly necessary. But a high level of vigilance will be required to keep the governmental role from expanding to where it subverts the disclosure process altogether.
A subscription pricing change
As promised last week, we have implemented a slight change in the pricing of subscriptions to LWN. One-time subscriptions (or extensions) of at least ten months will now be given a 10% discount. This discount reflects the fact that longer-term subscriptions cost us less to manage.Remember that subscriptions are what keeps LWN.net alive; if you have not yet subscribed, please consider signing up now.
Security
Brief items
The Sendmail Vulnerability
[This article was contributed by Tom Owen]
Internet Security Systems issued this sendmail vulnerability report by Mark Dowd on March 3rd. In summary, a legal RFC822 email message with excessive comments in address headers can cause any current version of sendmail to overflow a heap memory area. The LWN vulnerability entry has links to patches, and to the 8.12.8 release which contains the fix. SANS has set up a page with a background information. Fixes are necessary for all sendmails which may see mail regardless of whether they are behind the firewall or without a public address. Eric Allman, the author of sendmail has emphasised that "Everyone should patch as soon as possible, regardless of platform."
This overflow has an pair of ugly aggravations:
- Sendmail normally runs full time as root. It needn't, but that's the way most default sendmail.cf files are written and this allows a sucessful exploit to take full control of the machine.
- Direct access to port 25 is not needed to exploit the vulnerability. Even a machine with a private, non-routable IP address can be reached from the Internet provided the crafted -- but legal -- email message can be relayed to the ultimate target by other systems. To be effective, the exploit has to be able to run asynchronously and phone home out through the firewall before the attacker can take direct control, but that should be possible if the target machine is allowed to browse the web, and of course it's easy for an internal attacker.
This is not the time to join the argument about the extent to which sendmail dominates Internet email. A lot of MX and outbound smart hosts are certainly running sendmail, but the scale of the problem really hits with machines that are not intended to be MTAs. When installing most distributions as a workstation or an application server, it takes a bit of thought not to install sendmail. Few admins are certain that there's nothing -- no vital little cron job or script -- that requires a local SMTP server. With the huge majority of machines on a private subnet or shielded by the firewall, it's simpler and it seems safe to install the MTA offered -- usually sendmail -- just on the off chance. Every one of of these machines now needs to be assessed, and its sendmail patched or removed.
For individual machines, the fix isn't hard. Most distributions have patches out, and with few dependencies, it's a rather easy package to compile and install from scratch. If that's necessary, it's probably simplest to move straight to 8.12.8 rather than apply the patches for earlier versions.
Further out, there are deeper questions for users and distributions. Even if sendmail is still the right solution in 2003, is it right to run it as root?
Abandoning sendmail is a well-trodden route. The venerable system is partly a prisoner of the mail nightmare of the early Internet. Life is easier now without bang paths and BITNET, and modern MTAs benefit from simpler or absent rewriting and use of the least-privilege concepts that have been taught by earlier security problems. Qmail and Postfix both make a fetish of security while still being easier than sendmail -- in simple cases vastly easier -- to set up, and there are others. Unfortunately, mail admins who move their mail servers to other MTAs actually got little protection if they continued to accept the default MTA on workstations. Sites in this position need filters now to stop any exploit reaching the internal network, and then they need to fix those machines as well. Example filters for Exim and for Postfix will need to be reviewed when actual exploits appear.
And those exploits will certainly appear. A proof of concept exploit has already been posted, and more unpleasant varieties are certainly under development. This is the kind of problem that large-scale Internet worms are made of. If you have not yet applied your patches, now would be a good time to do it.
New vulnerabilities
eterm, vte: dangerous interception of escape sequences
| Package(s): | vte, eterm | CVE #(s): | CAN-2003-0021 CAN-2003-0068 CAN-2003-0070 | ||||||||||||
| Created: | March 3, 2003 | Updated: | April 1, 2003 | ||||||||||||
| Description: | From the
advisory:
"Many of the features supported by popular terminal emulator software can be abused when un-trusted data is displayed on the screen. The impact of this abuse can range from annoying screen garbage to a complete system compromise. All of the issues below are actually documented features, anyone who takes the time to read over the man pages or source code could use them to carry out an attack." | ||||||||||||||
| Alerts: |
| ||||||||||||||
file - memory allocation problem, stack overflow
| Package(s): | file | CVE #(s): | CAN-2003-0102 | ||||||||||||||||||||||||||||||||||||||||||||
| Created: | March 4, 2003 | Updated: | June 4, 2003 | ||||||||||||||||||||||||||||||||||||||||||||
| Description: | Jeff Johnson found a memory allocation problem and David Endler found a stack overflow corruption problem in the file "Automatic File Content Type Recognition Tool" version 3.41. Nalin Dahyabhai improved ELF section and program header handling in file version 3.40. The folks at OpenPKG believe that file versions without those modifications are vulnerable to memory allocation and stack overflow problems which put security at risk. | ||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||
mhc - insecure temporary file
| Package(s): | mhc | CVE #(s): | |||||
| Created: | February 28, 2003 | Updated: | March 5, 2003 | ||||
| Description: | It has been discovered that adb2mhc from the mhc-utils package has a temporary file vulnerability. The default temporary directory uses a predictable name, allowing a local attacker to overwrite arbitrary files. | ||||||
| Alerts: |
| ||||||
sendmail - Remote Buffer Overflow
| Package(s): | sendmail | CVE #(s): | CAN-2002-1337 | ||||||||||||||||||||||||||||||||||||||||||||
| Created: | March 3, 2003 | Updated: | March 10, 2003 | ||||||||||||||||||||||||||||||||||||||||||||
| Description: | ISS has turned
up an unpleasant problem with sendmail; by sending a properly crafted
message, an attacker can run arbitrary code as root on a target
system. This is the sort of hole that can lead to all sorts of problems,
including widespread breakins and Internet worms. Everybody who is running
sendmail should upgrade to version 8.12.8 at the first
opportunity. Note that systems behind firewalls need to be fixed too.
See CERT Advisory CA-2003-07 for additional information. | ||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||
snort - buffer overflow
| Package(s): | snort | CVE #(s): | CAN-2003-0033 | ||||||||||||||||||||
| Created: | March 5, 2003 | Updated: | April 4, 2003 | ||||||||||||||||||||
| Description: | A buffer overflow in the snort intrusion detection system can lead to remote code execution and/or disabling of intrusion detection. The 1.9.1 release fixes the problem. See this advisory for more information. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
squirrelmail - cross-site scripting vulnerability
| Package(s): | squirrelmail | CVE #(s): | CAN-2002-1276 CAN-2002-1341 | ||||
| Created: | March 5, 2003 | Updated: | March 5, 2003 | ||||
| Description: | A new cross-site scripting vulnerability afflicts Squrrelmail 1.2.10 and prior. | ||||||
| Alerts: |
| ||||||
tcpdump - infinite loop
| Package(s): | tcpdump | CVE #(s): | CAN-2003-0108 | ||||||||||||||||||||||||||||||||||||
| Created: | February 28, 2003 | Updated: | May 1, 2003 | ||||||||||||||||||||||||||||||||||||
| Description: | Andrew Griffiths and iDEFENSE Labs discovered a problem in tcpdump, a
powerful tool for network monitoring and data acquisition. An
attacker is able to send a specially crafted network packet which
causes tcpdump to enter an infinite loop.
In addition to the above problem the tcpdump developers discovered a potential infinite loop when parsing malformed BGP packets. They also discovered a buffer overflow that can be exploited with certain malformed NFS packets. | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
Resources
Guardian Digital's Secure Mail Suite
Guardian Digital has announced the availability of its secure mail suite, which comes packaged with EnGarde Secure Linux. The Secure Mail Suite offers spam and virus filtering and simplified administration.Linux Advisory Watch
The February 28 Linux Advisory Watch newsletter from LinuxSecurity.com is available.
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current development kernel is 2.5.64, which was released by Linus on March 4. Changes in 2.5.64 include a dentry cache performance improvement, code for finding "jiffy wraps," an ACPI update, some new CPU frequency control code, USB updates, several kbuild fixes, a number of sysfs tweaks, some module fixes, and, of course, a great many spelling fixes. The long-format changelog has the details, as usual.As of this writing, Linus's BitKeeper tree includes only some timekeeping fixes and some SBUS frame buffer patches.
The current stable kernel is 2.4.20. Marcelo released the fifth 2.4.21 prepatch on February 27; it includes some architecture updates, some IDE fixes, fixes for the ethernet information leakage vulnerability, a JFS update, and, of course, lots of other repairs.
Alan Cox released 2.2.24 on March 5. There is, of course, no active development happening with 2.2, so this release consists of fixes only - in particular, it includes fixes for the ethernet information leakage vulnerability.
Kernel development news
remap_file_pages()
Ingo Molnar's new remap_file_pages() system call was first merged into the 2.5.46 kernel. The final parts of that are just now circulating in patch form, however. So it seems like a good time to look at what this system call does.Many kinds of applications use mmap() to map a file into virtual memory. mmap() makes a simple, linear mapping between a region of virtual memory and a corresponding part of the file on disk. Some applications, however, have more complicated needs; they typically want to map several pieces of a file into different parts of memory. This sort of nonlinear mapping is used, for example, by large database management systems as a way of managing the movement of data to and from the disk.
Nonlinear mappings can be created on any system which supports mmap(); it's just a matter of creating a separate mapping for each piece of the file. Such mappings can be expensive to set up, however, and even more expensive to use. In the Linux kernel, each mapping creates a separate virtual memory area (VMA). Each VMA uses kernel memory; the presence of large numbers of VMAs will also slow down the VM subsystem.
The remap_file_pages() system call addresses these problems by allowing a process to rearrange the memory mapping of a file on the fly. It is called as:
int remap_file_pages(unsigned long start, unsigned long size,
unsigned long prot, unsigned long pgoff,
unsigned long flags);
Essentially, this call says that size pages from the file, starting at page offset pgoff, should be mapped into the process's virtual memory beginning at start. The file should already be mapped into a VMA which contains start. Since the system call works entirely through page table manipulation, it is quite fast. It also can create complicated nonlinear mappings without needing to create new VMAs.
remap_file_pages(), as found in the 2.5.64 kernel, only has one little problem: the remapping information is lost if the page is swapped out. Users must thus either lock the area in memory (which is generally not a problem for the "big database management system" scenario, which tends to perform this locking anyway), or take pains to reestablish the mapping on swapin. Ingo's latest patch clears up that last bit of trouble by storing the mapping information into the page table entry when a page is swapped out. On 32-bit systems, this technique limits the maximum size of a nonlinear mapping to 1-2TB (depending on the architecture) because some of the PTE bits are not available for this use. Given the trouble most 32-bit systems have in simply addressing that much memory, this limitation is not likely to bother too many people.
For now, it is not possible to change protections within a single VMA (the prot parameter to remap_file_pages() is ignored). At some future point, that could change. Some applications (i.e. memory debuggers) currently struggle to control memory protection in a fine-grained manner. Being able to simply set protections on a per-page basis (without creating new VMAs) would make things much easier.
The spelling fix backlash
Development kernels typically go through a stage where half of the patches seem to be spelling fixes. Correcting misspellings is an easy way for people to help improve the code base without having to understand locking rules - or even the C language. For the most part these changes are, at worst, harmless.2.5 seems to have inspired a more thorough than usual cleanup effort, however. People have been fixing punctuation problems, and there is even a special kernel source spellchecker out there. All this work has caused some developers to wonder if things aren't going a little too far, especially the changes start breaking things. As Alan Cox put it:
This is a good point: very few documentation projects complain about having too many contributors. Improving documentation may not bring the satisfaction of seeing your name in the kernel changelog, but it could well be a better use of available time than correcting apostrophe errors in kernel comments.
Linux memory management documentation
Speaking of improving documentation, Mel Gorman has been working for some time to document how memory management works in the 2.4.20 kernel. He has now released the results of his work in text, HTML, and PDF formats. There is also an extensive commentary of the VM code itself. It is a large body of work, and a substantial contribution to the development community; worth a read.
Driver porting
This week's driver porting articles
Below, you will find two new articles on porting drivers (and other kernel code) to the 2.5 kernel; they discuss interrupt handling and asynchronous I/O. Also new this week (but not included below) is an article describing the completion event interface; that article, along with all the others in this series, may be found on the LWN Driver Porting Series page.Driver porting: dealing with interrupts
| This article is part of the LWN Porting Drivers to 2.6 series. |
Interrupt handler return values
Prior to 2.5.69, interrupt handlers returned void. There is, however, one useful thing that interrupt handlers can tell the kernel: whether the interrupt was something they could handle or not. If a device starts generating spurious interrupts, the kernel would like to respond by blocking interrupts from that device. If no interrupt handler for a given IRQ has been registered, the kernel knows that any interrupt on that number is spurious. When interrupt handlers exist, however, they must tell the kernel about spurious interrupts.So, interrupt handlers now return an irqreturn_t value; void handlers will no longer compile. If your interrupt handler recognizes and handles a given interrupt, it should return IRQ_HANDLED. If it knows that the interrupt was not on a device it manages, it can return IRQ_NONE instead. The macro:
IRQ_RETVAL(handled)
can also be used; handled should be nonzero if the handler could deal with the interrupt. The "safe" value to return, if, for some reason you are not sure, is IRQ_HANDLED.
Disabling interrupts
In the 2.6 kernel, it is no longer possible to globally disable interrupts. In particular, the cli(), sti(), save_flags(), and restore_flags() functions are no longer available. Disabling interrupts across all processors in the system is simply no longer done. This behavior has been strongly discouraged for some time, so most code should have been converted by now.The proper way to do this fixing, of course, is to figure out exactly which resources were being protected by disabling interrupts. Those resources can then be explicitly protected with spinlocks instead. The change is usually fairly straightforward, but it does require an understanding of what is really going on.
It is still possible to disable all interrupts locally with local_save_flags() or local_irq_disable(). A single interrupt can be disabled globally with disable_irq(). Some of the spinlock operations also disable interrupts on the local processor, of course. None of these functions are changed (at least, with regard to their external interface) since 2.4.
Various small changes
One function that has changed is synchronize_irq(). In 2.6, this function takes an integer IRQ number as a parameter. It spins until no interrupt handler is running for the given IRQ. If the IRQ is disabled prior to calling synchronize_irq(), the caller will know that no interrupt handler can be running after that call. The 2.6 version of synchronize_irq() only waits for handlers for the given IRQ number; it is no longer possible to wait until no interrupt handlers at all are running.If your code has post-interrupt logic which runs as a bottom half, or out of a task queue, it will need to be changed for 2.6. Bottom halves are deprecated, and the task queue mechanism has been removed altogether. Post-interrupt processing should now be done using tasklets or work queues.
A new function was added in 2.6.1:
int can_request_irq(unsigned int irq, unsigned long flags);
This function returns a true value if the given interrupt allocation request would succeed, but does not actually allocate anything. Potential users should always be aware that the situation could change after calling can_request_irq().
Finally, the declarations of request_irq() and free_irq() have moved from <linux/sched.h> to <linux/interrupt.h>.
Driver porting: supporting asynchronous I/O
| This article is part of the LWN Porting Drivers to 2.6 series. |
AIO file operations
The first step in supporting AIO (beyond including <linux/aio.h>) is the implementation of three new methods which have been added to the file_operations structure:
ssize_t (*aio_read) (struct kiocb *iocb, char __user *buffer,
size_t count, loff_t pos);
ssize_t (*aio_write) (struct kiocb *iocb, const char __user *buffer,
size_t count, loff_t pos);
int (*aio_fsync) (struct kiocb *, int datasync);
For most drivers, the real work will be in the implementation of aio_read() and aio_write(). These functions are analogous to the standard read() and write() methods, with a couple of changes: the file parameter has been replaced with an I/O control block (iocb), and they (usually) need not complete the requested operations immediately. The iocb argument can usually be treated as an opaque cookie used by the AIO subsystem; if you need the struct file pointer for this file descriptor, however, you can find it as iocb->ki_filp.
The aio_ operations can be synchronous. One obvious example is when the requested operation can be completed without blocking. If the operation is complete before aio_read() or aio_write() returns, the return value should be the usual status or error code. So, the following aio_read() method, while being pointless, is entirely correct:
ssize_t my_aio_read(struct kiocb *iocb, char __user *buffer,
size_t count, loff_t pos)
{
return my_read(iocb->ki_filp, buf, count, &pos);
}
In some cases, synchronous behavior may actually be required. The so-called "synchronous iocb's" allow the AIO subsystem to be used synchronously when need be. The macro:
is_sync_kiocb(struct kiocb *iocb)
will return a true value if the request must be handled synchronously.
In most cases, though, it is assumed that the I/O request will not be satisfied immediately by aio_read() or aio_write(). In this case, those functions should do whatever is required to get the operation started, then return -EIOCBQUEUED. Note that any work that must be done within the user process's context must be done before returning; you will not have access to that context later. In order to access the user buffer, you will probably need to either set up a DMA mapping or turn the buffer pointer into a series of struct page pointers before returning. Bear in mind also that there can be multiple asynchronous I/O requests active at any given time. A driver which implements AIO will have to include proper locking (and, probably queueing) to keep these requests from interfering with each other.
When the I/O operation completes, you must inform the AIO subsystem of the fact by calling aio_complete():
int aio_complete(struct kiocb *iocb, long res, long res2);
Here, iocb is, of course, the IOCB you were given when the request was initiated. res is the usual result of an I/O operation: the number of bytes transfered, or a negative error code. res2 is a second status value which will be returned to the user; currently (2.6.0-test9), callers of aio_complete() within the kernel always set res2 to zero. aio_complete() can be safely called in an interrupt handler. Once you have called aio_complete(), you no longer own the IOCB or the user buffer, and should not touch them again.
The aio_fsync() method serves the same purpose as the fsync() method; its purpose is to ensure that all pending data are written to disk. As a general rule, device drivers will not need to implement aio_fsync().
Cancellation
The design of the AIO subsystem includes the ability to cancel outstanding operations. Cancellation may occur as the result of a specific user-mode request, or during the cleanup of a process which has exited. It is worth noting that, as of 2.6.0-test9, no code in the kernel actually performs cancellation. So cancellation may not work properly, and the interface could change in the process of making it work. That said, here is how the interface looks today.A driver which implements cancellation needs to implement a function for that purpose:
int my_aio_cancel(struct kiocb *iocb, struct io_event *event);
A pointer to this function can be stored into any IOCB which can be cancelled:
iocb->ki_cancel = my_aio_cancel;
Should the operation be cancelled, your cancellation function will be called with pointers to the IOCB and an io_event structure. If it is possible to cancel (or successfuly complete) the operation prior to returning from the cancellation function, the result of the operation should be stored into the res and res2 fields of the io_event structure, and return zero. A non-zero return value from the cancellation function indicates that cancellation was not possible.
Patches and updates
Kernel trees
Architecture-specific
Build system
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
Is RPM Doomed? (DistroWatch)
DistroWatch takes a look at the RPM Package Manager. RPM was created by Red Hat, but it has been adopted by many other distributions, including Mandrake and SuSE. It has become a de facto standard, which might not be so bad except that various implementations are less than standardized. The article begins with a description of RPM "dependency hell", and goes on to look at other methods of package management such as Debian's .deb format and Slackware's .tgz format. Then there are source based distributions such as Gentoo and Sorcerer which have their own ways of dealing with packages.DistroWatch has some solutions for the precieved problem:
Is there a problem? If so what would you do to solve it?
- Learn to build your own RPMs.
- Petition the RPM distributions to adhere to common standards.
- Use more advanced package management tools, such as urpmi or apt-rpm.
- Switch to Debian or Slackware.
- Switch to a source-based Linux distributions, such as Gentoo or Sorcerer.
Distribution News
Debian GNU/Linux
The Debian Weekly News for March 4, 2003 laughs at an article on Linux security, announces GNOME 2.2 for Debian Woody, introduces new mailing lists, and much more.The Debian Project Leader debate will be held on freenode at 22:00 UTC on Friday, March 7, 2003, in two channels: #debian-dpl-debate for the moderated debate, and #debian-dpl-discuss for unmoderated discussion. Voting begins on Saturday.
Joey Hess announced some changes to debconf and debhelper.
Mandrake Linux 9.1 RC2 is available
MandrakeSoft has announced the release of Mandrake Linux 9.1 RC2 for downloading and testing. This version has a new theme called "MandrakeGalaxy" and of course, many bug fixes.The first Slackware 9.0 release candidate
As announced on the Slackware site, the first release candidate for Slackware 9.0 is available. Features in this release include a 2.4.20 kernel, KDE 3.1, GNOME 2.2, XFree86 4.3.0, and more. The changelog has the details in an exhaustive, tiny-font format.Gentoo Weekly Newsletter -- Volume 2, Issue 9
Here's the latest Gentoo Weekly Newsletter, with news about Gentoo Linux at the Game Developers Conference, Open Developer Positions in the Gentoo Linux Project, the release of Gentoo Linux 1.4_rc3, and more.Secure Mail Suite Available with New Version of EnGarde Secure Linux
Guardian Digital has announced the Guardian Digital Secure Mail Suite, available with EnGarde Secure Linux v1.5.Red Hat Linux bug fix advisory
Red Hat has updated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 available that fix a deadlock with the tg3 driver on certain revisions of the Broadcom 570x gigabit ethernet series.
New Distributions
BlackRhino GNU/Linux
BlackRhino GNU/Linux is a free Debian-based GNU/Linux software distribution for the Sony PlayStation 2. A company called xRhino created the distribution for a commercial Sony PlayStation 2 title, and has released it in the hopes that it will help hobbyists create their own games and applications that utilize the advanced programmable hardware of the PS2.BlackRhino contains over 1,200 software packages to aid in using and creating programs for the Sony PlayStation 2 Linux kit. The programs range in functionality from simple games, to text editors, compilers, web servers, windowing systems, database systems, graphics packages, mail servers and a variety of other tools and utilities. Version 1.0 was released March 4, 2003.
CollegeLinux
College Linux is made available by Robert Kennedy College, Delémont, Switzerland to both RKC and non RKC students. CollegeLinux is a new, stand-alone operating system based on Slackware. The aim of this experimental Linux distribution is to provide students with an operating system which is easy to install and use and which provides an alternative to the traditional commercial operating systems.Morphix
Morphix is a modular distribution, with live-CD support. No configuration is necessary, just burn the CD and boot it. Morphix is partly based on KNOPPIX, the rest comes directly from Debian. The initial version, 0.3-2, was released February 27, 2003.
Minor distribution updates
BBIagent
BBIagent has released v1.7.0 of the BBIagent Router. "Changes: A bootable ISO image including user-defined settings can be created and downloaded from the router itself when using the registered version."
Gentoo Linux
Gentoo Linux has released v1.4_rc3 with major feature enhancements. "Changes: This release adds many new "Portage" features, bugfixes, and code cleanups on the way to 1.4_final. An updated Live-CD and stages for the Sparc, PPC, and x86 platforms are all available for this release candidate."
Phrealon Linux
Phrealon Linux has released v0.82 with major feature enhancements. "Changes: This has quite a few improvements over the 0.81 release. All of the modules are available, though not all are autoscanned, so you'll have to do things semi-manually for some cards. There is an attempt at NFS, but it does not do anything of use yet. The udp-up, init-up, and nfs-up scripts exist directly on the CD instead of initrd.img for easier modification."
Server optimized Linux
SoL has released a diskless distribution, SoL-diag, for the rescue and analysis of i686 computers. The 36MB image contains over 300 programs, including DVD and MP3 players and CD-RW buring tools. It is also useful for improving your Linux skills and benchmarking computers without having to install programs to the hard drive. The initial version of SoL-diag 1.1 was released March 3, 2003.uClinux
uClinux has released 20030226. "Changes: This is a beta/testing release. As usual there are lots of new things, including lots of bugfixes. The dist also supports a number of VM Linux targets (including x86, ARM/XSCALE, and Hitachi SH3/SH4) as well as all the existing MMU-less targets. It contains uClinux 2.0.39, uClinux 2.4.20, glibc 2.2.5, uClibc 0.9.18, and a lot of user app packages. Glibc is currently only supported on VM targets; don't try to use it for uClinux targets."
Distribution reviews
Knoppix gives bootable, one-disk Linux (IBM developerWorks)
IBM developerWorks reviews Knoppix. "While Linux adepts often experiment with bootable media, and many applications rely on data compression, Knoppix shows a singular level of polish. It's simple, only because Knopper and a few other project contributors took so much care in constructing it to be simple."
Page editor: Rebecca Sobol
Development
The Speex RC3 Speech Codec
Version RC3 of Speex, an open-source speech codec, has been released. A codec, short for coder/decoder, is a system for digitizing and compressing audio speech data. Codecs can be implemented in both hardware and software. Historically, codecs have their roots in telephony systems.The goals of the Speex project are as as follows:
"The Speex project aims to build a patent-free, Open Source/Free Software voice codec. Unlike other codecs like MP3 and Ogg Vorbis, Speex is designed to compress voice at bitrates in the 2-45kbps range. Possible applications include VoIP, internet audio streaming, archiving of speech data (e.g. voice mail), and audio books. In some sense, it is meant to be complementary to the Ogg Vorbis codec.
"
The Speex
FAQ clarifies
the different goals of Speex and Ogg Vorbis:
"Ogg is a ``container format'' for holding multimedia data. Vorbis is
an audio codec that uses Ogg to store its bit-streams as files, hence the
name Ogg Vorbis. Speex also uses the Ogg format to store its bit-streams
as files, so technically they would be ``Ogg Speex'' files (I prefer to
call them just Speex files). One difference with Vorbis however, is that
Speex is less tied with Ogg.
"
The Speex site lists the following features:
- Designed for speech compression.
- Optimized for Voice over IP (VoIP) instead of cell phones.
- Free of patents and royalties.
- Licensed under the Xiph.org variant of the BSD license.
- A part of the GNU project.
- Wide and narrow band compression capabilities.
- Supports multiple bitrates, from 2-45 kbps.
- Uses a CELP-based encoding technique.
- Supports Intensity stereo encoding.
- Supports variable bitrate operaton.
- Voice activity detection.
- Discontinuous transmission.
- Works best with hardware floating point support.
The Speex online manual explains the various parts of the project. The Command-line encoder/decoder utilities speexenc and speexdec allow conversion from .wav or raw PCM files to and from speex format files.
Programmers who want to add Speex capabilities to their applications may want to have a look at the Programming with Speex (the libspeex API) section of the documentation, as well as the Speex API Documentation.
The newly released RC3 version is leading up to version 1.0:
"Just some more bugfixes and tuning are in this release;
If no bugs are found, this may be rebranded Speex 1.0.
"
System Applications
Audio Projects
Ogg Traffic
The March 4, 2003 edition of Ogg Traffic is available with the latest Ogg Vorbis audio compression software news. Discussion topics include: Status Updates, Goals and non-Goals of Vorbis Comments, and Speex RC3.ALSA 0.9.0rc8 released
Version 0.9.0rc8 of the ALSA sound driver is available. "It is probably [the] last release before 0.9.0 final. You will find in the alsa-lib package the dmix plugin which allows mixing of multiple PCM streams together without the client/server mechanism."
Database Software
OpenLink Releases Open Source ODBC and JDBC Driver Benchmark Utilities
OpenLink Software, Inc. has announced the release of their OpenLink ODBC Bench and OpenLink JDBC Bench under the GPL. "These cross platform, Open Source benchmarking utilities enable users to produce their own local empirical data for objective comparison and analysis of the performance and scalability of ODBC and JDBC Drivers, underlying database engines, and host operating systems."
Manage Perl persistence with Pixie (IBM developerWorks)
James A. Duncan introduces Pixie on IBM's developerWorks. "The Pixie module takes a different approach to interfacing your Perl project with a relational database. Throwing away the schema, it allows more flexibility. Sure, there can be some downside to that, but for a large number of projects, you'll find it fits the bill just fine."
Electronics
gEDA/gaf 20030223 development snapshot
A new version of gaf (gschem and friends) is available from the gEDA project. Numerous changes have been made to the gaf components, see the release notes for details.
Embedded Systems
Qtopia 1.6 released
Trolltech has announced the release of Qtopia 1.6, the latest version of its embedded Linux application platform. New features include Outlook synchronization, a new plugin framework, a voice recorder, an improved desktop, and more. The company claims that over 1,000 third-party applications are available for Qtopia.
Printing
LinuxPrinting.org news
The latest news from LinuxPrinting.org includes new drivers for the Epson laser winprinters, the HP OfficeJet 5110, and the Kyocera KM-1810. A few bugs have been fixed in the pnm2ppa driver, and the Kyocera entries in the Foomatic printer support database have been updated.
Web Site Development
Aegir CMS 1.0 RC 2 released
Version 1.0 RC 2 of the Aegir CMS Open Source Content Management System has been released. Changes include new translations, new file synchronization, deletion confirmation, better FHS compatibility, an improved Mozilla 1.3 editor, and bug fixes.Zope Members News
The most recent headlines on the Zope Members News include: fcForum 0.0.13b Released to the Community, TTWType - a through-the-web content type for Plone, ZWiki 0.16.0 released, RenderableCharts 0.5 is out - with MySQL Demo, COMRack 1.0 released (an alternative ZPatterns Rack implementation), mxODBC Zope DA 1.0.0 released, New 0.8 version of bislTrayIcon, and Free Silva Hosting.
Miscellaneous
The LSB published PPC64 and S390X specifications for public review
The LSB has published the archLSB-PPC64 and archLSB-S390X for public review. The LSB's Specification Authority will be accepting comments until Friday March 28th, 2003.
Desktop Applications
Desktop Environments
FootNotes
Headlines on the GNOME desktop FootNotes site include: GNOME Fifth Toe 2.1.99, 2002 LinuxQuestions.org Members Choice Award Winners, Gaim 0.60 Screenshots, Dropline GNOME 2.2.1 - Not just for Slackware 8.1 Anymore!, First release of gmodconfig, The Creative Penguin: The GNOME Art Duo Speak, and more.KDE-CVS-Digest
The February 28, 2003 edition of the KDE-CVS-Digest is out, here's the content summary: "Large merges from safari. KOffice developers improve the filters and add useful templates. The development tools, Kdevelop and Quanta receive new templates and bug fixes."
Games
PYTAXX 0.51
Version 0.51 of PYTAXX is available from the PyGame site. "Pytaxx is a clone of the arcade game Ataxx. Like gataxx from Gnome, but with a wicked recursive AI and cool pygame-powered graphics. It also features downloadable themes."
Graphics
Crystal Space 0.96r003 available
Version 0.96r003 of the Crystal Space Open Source, Multi-Platform 3D Engine is available. "This release fixes a few problems and issues present in the 0.96r002 release."
GUI Packages
FLTK Developments
The latest new software for FLTK, the Fast, Light ToolKit includes: fl_connect 1.1, and flcdsim 1.1.
Interoperability
Wine Traffic
Issue #159 of Wine Traffic is out. Topics include: Compiling with MS VC++, CodeWeavers & Taratella, MS Paint, Threading Work, Commandline MSVC, X11Drv / NTDll Separation, Libwine Portability, Using Clientside Fonts, Finding Missing Locks with Smatch, and Making Config Tools.Samba 2.2.8pre2 available
Version 2.2.8pre2 of Samba has been released. "This is the second non-production preview release of the upcoming Samba 2.2.8 codebase. It is being provided for testing purposes." The code and release notes are available for download here.
Office Applications
OSAF Status Update
The February 26, 2003 OSAF Status Update has been published with news from the Open Source Application Foundation, with news of the Chandler PIM project. "OSAF staff has been focusing on defining our initial release of code, which we've named the 0.1 release. We've been working to figure out what the 0.1 release ought include, what code is required to make this happen, what APIs ought to be described, which areas will not be addressed in this release (such as security), and the steps we need to take to make this release happen."
Web Browsers
mozillaZine
The latest mozillaZine topics include: A Blogger's Guide to Mozilla, Chimera Renamed to Camino, Tinderbox Traffic Light Widget for Konfabulator, French Translation of ChatZilla 0.8.23 Available, and AppMac Announces Three New Gecko-Based Browsers for OS X.Mozilla Status Update
The March 4, 2003 Mozilla Status Update is out. Topics include the approaching Mozilla 1.3 final release, OS/2 work, Calendar presentations, the Rhino JavaScript implementation, and Staff Meeting Minutes.
Languages and Tools
Caml
Caml Weekly News
The February 25 - March 4, 2003 Caml Weekly News is out with the latest Caml language news.The Caml Light / OCaml Hump
This week, the new software on The Caml Light / OCaml Hump includes: Katmake, OCaml-Lirc, and FFTW-GEL.
Java
EJB Free and Open Source Tools Summary (O'Reilly)
Emmanuel Proulx covers the topic of tools for EJB on O'Reilly. "People often ask me "What's the best platform for J2EE development?" There's no clear answer for this question. First, the vendors each provide contradictory facts to prove that their product is the best. Second, each has its zealots who will tell you all of the good things about one server and bad things about the others. Third, there are dozens of products available out there."
A stepped approach to J2EE testing with SDAO (IBM developerWorks)
Kyle Brown writes about SDAO on IBM's developerWorks. "The Data Access Object pattern has become a standard part of the J2EE developer's arsenal. What most developers don't know is that one of its variations allows for much easier testing. Simulated data access objects bring together the best of DAO, mock objects, and layered testing, letting you simultaneously improve both your testing results and your overall development method. Enterprise Java developer (and resident SDAO guru) Kyle Brown uses code samples and discussion to guide you through the concepts and everyday use of SDAO."
Lisp
SBCL 0.7.13 released
Version 0.7.13 of Steel Bank Common Lisp is available. "This version adds a contributed modules system (some contributed modules are also included), changes the REQUIRE/PROVIDE behavior to support the contribution system, changes the placement of some system files, makes the compiler more consistent in its error-checking treatment in certain cases, provides speed and stability improvements, and fixes several bugs."
PHP
PHP Weekly Summary
Topics on this week's PHP Weekly Summary include: Tutorials for C++ extensions, PHP server upgrades, PHP parsers, 4.3.2 release plan, Performance degrading study, Manual translations, bindlib for Win32, and strip_tags().SAX-like apps in PHP (IBM developerWorks)
Nicholas Chase writes about streaming XML data in PHP on IBM's developerWorks. "While there is no official implementation of the Simple API for XML (SAX) in PHP, PHP does provide a SAX-like method for working with both local and remote XML files. In this article, author Nicholas Chase shows you how to work with XML files in PHP by building and setting handler functions and creating a parser. He demonstrates SAX in PHP with a page-building exercise in which he crafts a page based on the result of an Amazon Web Services query."
Python
Dr. Dobb's Python-URL! for March 3, 2003
The latest Dr. Dobb's Python-URL is available, with weekly news and links for the Python community.The Daily Python-URL
This week's Daily Python-URL article topics include: Create declarative mini-languages, Inside the RSS validator, Plone, and SimPy: Simulating systems in Python.
Ruby
The Ruby Weekly News
Topics on this week's Ruby Weekly News include: Happy Birthday Ruby, RubyConf(2003), European Ruby Conference, ThisThread::Encompassed::LateFebruary, and Embedded Documentation, et al, and lots of new Ruby software releases.
XML
An Introduction to Streaming Transformations for XML (O'Reilly)
O'Reilly has an article on Streaming Transformations for XML. "This article introduces Streaming Transformations for XML (STX), a template-based XML transformation language that operates on streams of SAX events. STX resembles XSLT 1.0, the tree-driven transformation language for XML, but STX offers unique features and advantages for some applications."
Special Characters, Database Mappings (O'Reilly)
John E. Simpson discusses how to deal with ampersands and databases in XML. "Is there anything I can do in my stylesheet or elsewhere to ensure that my XSLT will work even if the source data contains an ampersand or apostrophe?"
Profilers
OProfile 0.5.1 released
Version 0.5.1 of the OProfile code profiler has been released. "X86-64 on 2.4 support has been added. Kernel profiles can be separated per-application. A new C++ demangler has been added, which is still experimental. An important daemon crash fix and a number of other bugs have been fixed."
Miscellaneous
Jext 3.2pre3 available
Version 3.2pre3 of the Jext source code editor is available. "You can use it to discover the new Decalco plugin which allow to put any picture in Jext background. This release also ships SQL Console 1.7, Gooey (for Winamp 2.x), FunnyBrackets, the new PHP plugin, the new PHP highlighting feature, the Jump plugin and ProjectMaster."
Don't Live with Broken Windows (artima.com)
Bill Venners talks to Andy Hunt and Dave Thomas on keeping code maintenance under control. "In the realm of psychology, this actually works. If you do something to keep on top of the small problems, they don't grow and become big problems. They don't inflict collateral damage. Bad code can cause a tremendous amount of collateral damage unrelated to its own function. It will start hurting other things in the system, if you're not on top of it. So you don't want to allow broken windows on your project."
Use the Best Tool for the Job (artima.com)
Bill Venners talks about the need for programmers to master both a statically typed, and dynamically typed language. "Here's how I would summarize this argument: Python tries hard to get out of your way while you're coding, so you can quickly complete the functionality and start testing the program. Java, by contrast, actually tries to slow you down a bit while you're codingfor your own goodso that when you reach the system-testing phase, you already have a more robust system."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Microsoftens (LinuxUser)
Eben Moglen, General Counsel of the Free Software Foundation, writes this LinuxUser article looking at Microsoft and free software. "Competing with free software is problematic for Microsoft for many reasons. There's no company to acquire, in the first place, in order to incorporate or suppress attractive competing products - a strategy that the monopoly has pursued so often and so successfully in the past. Because free software is continually modified and improved by all its users, there's no 'evolutionary dead end' argument with which to scare customers: someone choosing to use free software is never going to be left with an unserviceable product whose maker has gone out of business, leaving the code 'orphaned' in the face of constantly shifting technology."
Perceptions: Is Linux a suitable desktop platform? (DesktopLinux.com)
In this guest column at DesktopLinux.com, former SCO evangelist and Samba.org team leader John H. Terpstra weighs in on market perceptions about Linux and its suitability for the desktop. "Interviewing a sample group -- that included 30 people evenly split in the Linux and MS camps -- Terpstra discovered each group cited the very same arguments in defending their OS of choice!"
Linux Adoption
Councils leading Linux push (News.com.au)
Here's a look at how Linux is taking over local goverenment computing in Australia. "Large federal government departments switching to Linux - such as Veterans Affairs - have hogged the limelight, but local councils have pioneered the use of the open source OS." Thanks to Ashwin N
Linux Thrust: Full Utilisation Of Free Software Outlined (Financial Express)
The Financial Express looks at free software in India. "For computer technology to have maximum impact in India, complete support for Indian languages is required. Government agencies are working towards ensuring that all Indian languages are properly supported, particularly with free software." Thanks to Ashwin N
Legal
Experts: Copyright law hurts technology (News.com)
News.com reports from the Berkeley Digital Rights Management conference. "'There has to be a way between the lunatics at the two extremes,' said Larry Lessig, a law professor at Stanford University and well-known opponent of the DMCA. 'We need to build a layer of reasonable copyright law on top of this background of unreasonable extremism.'"
Interviews
The Creative Penguin: The GNOME Art Duo Speak (OfB.biz)
Open for Business talks with GNOME art duo Tuomas "Tigert" Kuosmanen and Jakub "Jimmac" Steiner of Ximian. "If you've ever admired the beautiful artwork of GNOME, these are the gentlemen responsible for it. How did they get involved? Why should you be interested in desktop artwork? They discuss all of this and more with Open for Business' Timothy R. Butler."
Resources
Approaches to a Linux PVR (Linux Journal)
Here's a Linux Journal article on ways to build a linux-based video recorder. "I don't have one working yet, but I have learned a few things. Here are notes on the two approaches that look best for a Linux PVR."
March Linux Gazette
The March 2003 issue of the Linux Gazette is available; it looks at fonts, Linux-based telecom, optimizing gcc, and several other topics (along with the latest "Ecol" comics).LinuxDevices.com Weekly Newsletter
Here is the LinuxDevices.com Embedded Linux Newsletter for February 27, 2003.Embedded Linux remains #1 choice (LinuxDevices)
LinuxDevices.com analyzes a recent survey by Evans Data Corp. and finds that Embedded Linux remains the top embedded OS choice among developers, but that developers are not particularly satisfied with the available Embedded Linux toolsets.Root 101 (Iodynamics)
This Iodynamics article teaches newbies about the significance of root. "When a user logs on to a computer running one of the various flavors of Unix, he is prompted to enter his username and password. The system then checks its roster of users to determine if the password and username match. If the user logs in with the username root, using the root password, he will be given permission to do lots of things that other users aren't allowed to do."
Reviews
Two OCR packages for Linux compared (LinuxWorld)
In this article on LinuxWorld.com Joe Barr compares two Optical Character Recognition packages -- one is free software, the other proprietary. "In the legal and medical fields, document management is a very big deal. In modern office environments, OCR often plays a key role in solving that problem. Because OCR for Linux is one area I don't hear or read a lot about, I decided to do some digging and see what I could find. This week, I'll tell you about two solutions I found: one from the free-software camp and one proprietary application."
Linux cluster used to map geothermal energy in Iceland (ComputerWorld)
ComputerWorld covers this Linux NetworX cluster. "Now the system, which had a total cost of about $100,000, is successfully helping researchers understand past weather events in Iceland and learn how the country's topography influences its weather, according to Olafur Rognvaldsson, CEO of the Institute for Meteorological Research in Reyjavik." Thanks to Ashwin N
MySQL Database Takes Open To Next Level (CRN)
CRN has published a glowing review of the support available for the MySQL database. "The popularity of the product and the large developer community that has cropped up to work with it have made MySQL one of the most stable back-end databases on the market. On small projects with 50 or fewer user connections, MySQL's price/performance actually surpasses that of all of the top database vendors."
Linux does Windows (Salon.com)
Here's Salon's take on Desktop Linux, including a mini-review of Linux desktops from Lycoris and Lindows. "Still, there's one good thing about having an alternative to Windows, even if the alternative's a kind of Windows Lite -- Microsoft might have a reason to improve its software. Competition, finally, is making its way into the world of desktop PCs." Thanks to Ashwin N
Genomic Perl (O'Reilly)
Simon Cozens reviews the book "Genomic Perl" on O'Reilly. "Rex Dwyer has produced a book, Genomic Perl, which bridges the gap. As well as teaching basic Perl programming techniques to biologists, it introduces many useful genetic concepts to those already familiar with programming. Of course, as a programmer and not a biologist, I'm by no means qualified to assess the quality of that side of the book, but I certainly learned a lot from it."
Miscellaneous
Buffer overflow flaw socks Snort (ZDNet)
ZDNet reports on the other important recent security hole: a buffer overflow in the Snort intrusion detection system. "If an attacker can gain access to an IDS they may be able to delete its logs, add false log entries or just shut down the whole system. If the IDS is 'switched off' an attacker can be as indiscreet as they want to without setting the alarm bells ringing..."
The Creation of Open Source
Daniel L. Johnson MD has put together a fable about the origins of open-source software. "One Gownie, a brilliant and unkempt thinker, the Man who Stalls, turned the Townie philosophy upside down. If Intellectual Property Rights could be used to keep ideas secret and to accumulate Money, then they could also be used to force ideas into the public and to accumulate Knowledge."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
OSDL Offers First Open Source Database Test Tools
Open Source Development Labs, Inc. has announced availability of OSDL-DBT, a suite of open source database workload testing tools which are a fair use implementation of specific industry-standard Transaction Processing Performance Council (TPC) benchmarks.
Commercial announcements
"Practical Unix & Internet Security, 3rd Edition" Released by O'Reilly
O'Reilly has released an updated version of Practical Unix & Internet Security. "Focusing on the four most popular Unix variants today--Solaris, Mac OS X, Linux, and FreeBSD--this book contains new information on PAM (Pluggable Authentication Modules), LDAP, SMB/Samba, anti-theft technologies, embedded systems, wireless and laptop issues, forensics, intrusion detection, chroot jails, telephone scanners and firewalls, virtual and cryptographic filesystems, WebNFS, kernel security levels, outsourcing, legal issues, new internet protocols and cryptographic algorithms, and much more."
Sony, IBM and Butterfly.net announce the activation of Linux-based computing grid
Sony, IBM and Butterfly.net announced the activation of a Linux-based computing grid that makes it easier and cheaper to run Sony PlayStation 2 games on the Internet. The massive "Butterfly Grid" can support millions of concurrent PlayStation 2 online users around the world, with no limit to the number of players who can be on the Grid at one time.Oracle9i Database and Oracle9i Real Application Clusters Now Available on UnitedLinux 1.0
UnitedLinux has announced that it has completed certification of UnitedLinux Version 1.0 with both Oracle9i Database and its database clustering technology, Oracle9i Real Application Clusters.Ximian and SuSE Linux Announce Partnership
Ximian, Inc. and SuSE Linux announced a wide-ranging partnership. As part of the agreement, SuSE will resell Red Carpet Enterprise from Ximian. The companies will also offer Ximian Connector software to integrate Ximian Evolution groupware suite for Linux with the SuSE Linux Openexchange server.
Resources
Reasoning Releases Linux Inspection Report
On February 11, 2003 LWN reported that a company called Reasoning had put out a press release on a defect study it did of six different TCP/IP stacks. Reasoning has now announced the availability of the actual report.Embedded Developers Target Military and Defense Industry
Evans Data Corporation has announced the results of a new Embedded Systems Development Survey conducted in January 2003. "Embedded Linux continues to find converts as over 50% of respondents are targeting the OS in their current or next project, up 5% from the previous survey. However, the new survey found that fewer than 20% of developers rated Embedded Linux toolsets "good" and only 5% rated them "excellent". More than 60% indicated that their toolsets are "not very good" or "adequate" thus showing a need for better tools."
LPI-News Febraury 2003
The Linux Professional Institute newsletter for the month of February 2003 is now available. Some of the topics for this month include LPI-Brazil; CeBit in Germany; Hewlett Packard's road shows; and preparing for the release 2 of Level 1 and resources.Russian-Language MySQL Reference Manual Now Available Online
A Russian language version of the MySQL reference manual is now available online.2002 LinuxQuestions.org Members Choice Award Winners
Voting for the 2002 LinuxQuestions.org Members Choice Awards is now closed. Winners include Red Hat as Distribution of the Year, KDE as Desktop Environment of the Year, Open Office as Office Suite of the Year and many more. You can view the announcement including all of the winners or the complete results.A certification primer for XML and related technologies (IBM developerWorks)
Pradeep Chopra offers some tips on passing IBM's XML certification exam. "XML has spread like wildfire throughout the IT industry, creating a broad range of opportunities for developers. What's the best way to take advantage of such opportunities? In the competitive world of software development, it's important to stand above the crowd. Thus, some standard for measuring how much one knows about XML is necessary."
Upcoming Events
OpenOffice.org Conference
Registration is open for the OpenOffice.org Conference in Hamburg, Germany. The conference will be held on March 20-21, 2003.Linux Symposium Accepting Proposals
Proposals are being accepted for the 2003 Linux Symposium, to be held this summer in Ottawa, Canada. "We are now accepting proposals for Bird of a Feather Sessions, Tutorials, and Working Group meetings at the 2003 Symposium."
YAPC::Israel::2003 has been moved (use Perl)
Use Perl mentions that the YAPC::Israel::2003 conference has been moved to a new location and date. The event will be held in Haifa, Israel on May 11, 2003.Events: March 6 - May 1, 2003
| Date | Event | Location |
|---|---|---|
| March 12 - 19, 2003 | CeBIT 2003 | (Hannover exhibition center)Hannover, Germany |
| March 17 - 19, 2003 | Open Source for National and Local eGovernment Programs in the U.S. and EU | (The Marvin Center Grand Ballroom, George Washington University)Washington, DC |
| March 20 - 21, 2003 | First OpenOffice.org Conference(OOoCon2003) | (University of Hamburg)Hamburg, Germany |
| March 20 - 21, 2003 | Conference PHP 2003 | (École Polytechnique de Montréal)Montreal, Quebec, Canada |
| March 26 - 28, 2003 | PyCon DC 2003 | (George Washington University)Washington DC |
| March 29, 2003 | First Hungarian PHP Conference | Budapest, Hungary |
| March 31 - April 2, 2003 | 2nd USENIX Conference on File and Storage Technologies(FAST '03) | (Cathedral Hill Hotel)San Francisco, CA |
| April 2 - 3, 2003 | The UK Python Conference | (Holiday Inn Oxford)Oxford, England |
| April 10 - 12, 2003 | MySQL Users Conference & Expo 2003 | (Doubletree Hotel)San Jose, California |
| April 13 - 17, 2003 | RSA Conference 2003 | (Moscone Center)San Francisco, CA |
| April 14 - 15, 2003 | Samba eXPerience 2003 | (Hotel Freizeit)Göttingen, Germany |
| April 15 - 16, 2003 | LinuxUser & Developer Expo 2003 | Birmingham, UK |
| April 22 - 26, 2003 | Embedded Systems Conference(ESC) | (Moscone Convention Center)San Francisco, CA |
| April 22 - 25, 2003 | The O'Reilly Emerging Technology Conference | (Westin, Santa Clara)Santa Clara, CA |
| April 23 - 25, 2003 | PHPCon East 2003 | (Park Central Hotel)New York, NY |
| April 28 - 30, 2003 | Real World Linux 2003 | (Metro Toronto Convention Centre)Toronto, Canada |
Web sites
KDE.org: New Design, New Implementation
KDE.News reports on the newly redesigned KDE web site. "The KDE Web Team is proud to present a new and exciting design for the official KDE site! This is the first overhaul of the flagship homepage since Kurt's vastly successful update more than two years ago. The KDE Web Team has maintained a focus on standards-compliance as well as improved the overall usability and accessibility of the site. Also featured prominently is an overhaul of the content as well as the implementation of a whole new design matching the shiny new Keramik/Crystal look from KDE 3.1."
TechTarget Launches SearchEnterpriseLinux.com
TechTarget has announced the launch of SearchEnterpriseLinux.com, a new addition to the TechTarget network of targeted Web sites focused on specific enterprise IT segments. "SearchEnterpriseLinux.com will serve the needs of IT professionals charged with purchasing, implementing, and managing Linux-based systems in large- and medium-sized businesses."
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Miscellaneous
Embroidered KDE Shirts Available Soon
If you're short on Geek Fashion, the KDE Promo Team have made available some Embroidered KDE Shirts.
Page editor: Forrest Cook