LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for August 30, 2007The Grumpy Editor encounters FirebugThose who have been paying close attention may have noticed a number of changes to the LWN site over the last few weeks. Most of those changes are not visible; our quaint early-90's table-oriented HTML is slowly giving away to a more contemporary design which makes use of the features of cascading style sheets. This sort of work involves a lot of change-and-reload cycles in an effort to figure out why something is not rendering as your editor intended. CSS is a powerful but sometimes obscure technology. One tool your editor wishes he had stumbled across earlier is Firebug, a Firefox extension designed to help with just this sort of work.Firebug can be thought of as a sort of interactive debugger for HTML and CSS. It is not an authoring tool; it is assumed that content is being created by other means. It is, instead, a way of figuring out why things look the way they do and how to make them come out better.
It is also possible to edit the text contained within the elements, but the interface is somewhat awkward. But this is not a functionality which really matters anyway; Firebug is about markup and rendering, not the content itself. Positioning the mouse over an element in the HTML inspector highlights the corresponding part of the displayed document. This feature can be useful in correlating the two windows, but it also leads to extensive flashing and blinking as the mouse moves through the window. Something a little less distracting and gaudy would be more to your editor's taste. The HTML inspector also features a pane which shows the stylesheet entries relevant to the element of interest. The entire cascade is shown, with overridden attributes marked. As a result, it is easy to see where all of the rendering parameters for an element are coming from. Anybody who has worked with CSS for a while knows that the combination of selection rules and cascading can lead to mysterious effects at times. The CSS display removes the mystery, making the source of strange behavior obvious. Once again, CSS parameters can be tweaked on the fly, making it easy to adjust attributes until things fit together just right. One shortcoming here is that adding new attributes does not appear to work in any useful way; it seems that attempts have been made to support this functionality, but your editor was unable to make it work.
Finally, there is a mode for playing with stylesheets as a whole. In this mode, the entire stylesheet is available and attributes can be tweaked to see what their effect is on the page as a whole. There is a toggle for every attribute allowing it to be turned off. New attributes can be added - that feature seems to work on this screen. What is missing is any way to save the results of changes.
LWN is not a site which makes much use of Javascript, so your editor has not played with the Javascript-specific features of Firebug. Those features look impressive, though. There is a complete interactive debugger, a profiler, a DOM inspector, and more. The HTML inspector, unlike the Firefox "view source" feature, shows what the document's HTML looks like after it has been mangled by Javascript code. All told, it looks like a nice package for those doing that kind of work. "View source" has always been a fundamental part of how web pages are designed. So it is not surprising that Firebug supports this mode of operation very well. But trying to figure out how a CSS designer got a specific effect from the standard "view source" screens is, with modern pages, often a painful experience. Firebug takes a lot of the pain away by making it easy to look at specific elements and the CSS declarations which affect them. In general, Firebug is a tool which gives a highly useful view into just how the browser is rendering a document. It has become an important part of your editor's toolbox.
Ruminations on software freedomThe failure of Microsoft's anti-piracy servers over the weekend would seem an easy entree to some Redmond-bashing, but there are far more important issues to consider. It is sometimes easy to forget about the "freedom" in free software, but that is exactly what protects the users of Linux and other free systems from this kind of misfeature. Using proprietary, closed source software with a decidedly one-sided license agreement is not wrong, per se, but should be considered carefully – not just entered into blindly as is often the case. With a name that seems like the straight line of a joke, Windows Genuine Advantage (WGA) is the "service" that Microsoft uses to attempt to detect and semi-disable copies of Windows that it concludes have been illegally installed. Each copy checks in with a remote server, sending over some hardware and software profile information to determine if it is properly licensed. Any number of things could happen to a "pirated" copy, but currently XP users get a popup that alerts them to their piracy, while Vista users get some – supposedly non-critical – features disabled. All of which might be reasonable for a truly pirated copy, but for users who are properly licensed, it is annoying, at best, to be treated as a criminal. For approximately 19 hours starting on Friday 24 August, the WGA servers were not working correctly; some 12,000 machines that checked in with them during that time were marked, incorrectly in the vast majority of cases, as pirated. The first responses from Microsoft technical support indicated that it might be several days before the service was back: "kindly try to validate again on Tuesday 28 Aug 2007." In fact, the WGA team identified and fixed the problem in less than a day, but it highlights that the default or failsafe condition for WGA is "pirated." Vista users were particularly incensed as they had to endure reduced functionality of their fully legal copies of the software. The reactions of some users to the WGA blog posting announcing the fix were rather telling. Thanking Microsoft for fixing the problem – which they, of course, created – so quickly and over a weekend, while writing off any angry users as cranks, makes it seem that everyone should be thankful that they have any software at all. Many users are willing to cede control of their software to the vendor. Microsoft is not alone in the practice of software and hardware validation, many copy protection and license key schemes depend on some kind of matching between the key and the hardware it is licensed for. Other vendors snoop on their users, in the interests of cheating prevention in games for example, and report back to central servers. Skype was recently found to root around in Firefox profiles for unknown (possibly benign) reasons. It comes down to a question of who controls the system, both hardware and software, that one has purchased. The control issue comes in other forms as well. Proprietary data formats are one of the current battlefields. It is rather amazing that folks will pay lots of money to lock up their data in a format that they will probably be unable to read in ten years time; unless they periodically convert it to use the latest format. So-called Digital Rights Management (DRM) is yet another control scheme that imposes restrictions, determined by the vendor, on books, videos, music, and the like. These restrictions are not arbitrary, the sellers try to optimize their income by imposing constraints that won't chase away the majority of their customers. There are tradeoffs here, folks are generally willing to trade their freedom for the latest whiz-bang software feature or a copy of the latest movie. They rarely think of it in those terms, however. The copyright owners may be within their rights to try to get buyers to agree to their terms; so far, they have largely been successful. There are hopeful signs that people are waking up, recognizing these schemes – DRM, proprietary formats, anti-piracy authentication, etc. – for what they are, an unabashed attempt to control as much as they can get away with. It will be very interesting to watch how the "iPod generation" reacts when the iPod is no longer the music player of choice. All of the music that they "bought" from iTunes will not play elsewhere. Apple will, in all likelihood, make it as hard as possible to migrate to another player, even if their market dominance in digital music players has passed. Users will be left with no choice but to "buy" the music again, which is great for the record companies, but not so much for the users. Google Video users ran into the same problem recently, their DRM-infected videos were to stop playing after 15 August. After initially mishandling the revocation, along with a poorly received refund plan, Google has since relented, offering a full refund and extending the life of the videos until February 2008. With luck, users who have been bitten by these schemes will demand DRM-free versions when they make their second purchase. Users of free software and open formats are largely immune to this kind of silliness. There is no "Linux Genuine Advantage" server running in Linus Torvalds' basement, checking to make sure we are properly licensed. Even the commercial Linux vendors, whose livelihood depends on support subscriptions, cannot get away with enforcing WGA-like schemes; free software can be rewritten, legally, to avoid them. Red Hat, Novell or others cannot reduce your functionality or hold your data hostage, there is no lock-in. Free software and open formats provide freedom, which is easy to overlook when using them on a day-to-day basis. One can feel very secure that a file created using OpenOffice.org or Gimp today will be readable by something – those applications may be long gone – in 50 or 100 years. Assuming that the data stored on our backup media today can be retrieved in the distant future (and that may be a big assumption), the documents, music, pictures, etc. that were stored there will undoubtedly be retrievable. If someone can find compatible hardware, distribution Live CDs will boot and run, without authenticating anywhere. Proprietary and closed format users have no such assurance.
A first look at the OpenMoko Neo 1973
The hubbub over the iPhone is old news now, unlocking it from AT&T is the big story these days. Another phone – one which may actually deliver what many were hoping for with the iPhone – arrived in the LWN laboratories a few weeks ago: an OpenMoko Neo 1973. The phone, pictured at right (Apple's large handed model was not available), is compact and reasonably light; it looks very different from other cell phones. The hardware seems to be working fairly well at this point, but the software is lagging, which is likely to delay the consumer launch, currently slated for October. This device is the first to run the OpenMoko software platform. Because it is the first, it is being called the "OpenMoko phone," but the company, OpenMoko, Inc., is clearly hoping to have other manufacturers use the software platform on their own hardware. Their business model is quite different from most in the consumer electronics world as they are very open about their hardware specs as well as their product roadmap. An unlocked phone running free software is obviously their goal; no doubt they would like theirs to be successful, but they are doing everything they can to see that the overall goal is reached. The Neo hardware is fairly powerful, a 266MHz ARM processor with 128M of RAM and 64M of flash for running Linux and the applications. For additional storage, it has a Micro SD slot, tucked underneath the Subscriber Identity Module (SIM) slot; both live underneath the standard Nokia battery. The back plate is rather easy to remove to get to the battery compartment, though it seems unlikely to pop open unexpectedly; the hardware design seems quite well thought out. There are several connectivity options, starting with the quad-band GSM radio, which allows it to use cellular networks throughout most of the world. The radio also supports General Packet Radio Service (GPRS) for (slow) data connections, as long as the carrier and contract support it. Bluetooth 2.0 and USB 1.1 round out the communications choices. For the development hardware, there is no charger, USB from a host provides the battery recharging. There is a GPS receiver in the phone, unfortunately one with a closed-source driver that is not distributed with the phone. There are efforts underway to reverse-engineer the binary driver and produce a free alternative. Once that is done, GPS applications can be written to take advantage of the device. The touchscreen display is a sharp, 2.8-inch diagonal active matrix at 480x640 resolution which is reasonably easy to see in full sunlight (as long as you tilt it out of the glare). The Neo comes with a combination pen, mini-flashlight and laser pointer to be used as the stylus, which is a useful combination, though leaving ink behind on the screen seems a bit worrisome. There are only two buttons on the phone, one for power and one auxiliary (AUX), both flush with the case to prevent accidental button hits. 
Software is going to make or break any phone project and OpenMoko seems a bit behind in that area. They just announced a complete overhaul of the user interface to be easier to use with fingers, rather than a stylus, and to incorporate what has been learned while using the real Neo hardware. Much of the software was written using emulators; what is easy on a monitor with a mouse is not necessarily so easy on a touchscreen using fingers, particularly when the screen is recessed, making the edges harder to use. The older startup screen is shown on the left, the newer to the right. Some of the major applications (dialer, contacts, calendar, etc.) have been ported to the new interface (called 2007.2), but there is still a lot of work to do. Both old and new interfaces suffered from poor response and some application and UI crashes. The applications themselves are very rudimentary, probably too simple for what cell phone users expect, but they are a good start. 
Actually connecting and registering with a cellular network was a manual process in the most recent build. Once some fiddling was out of the way, though, the phone could make and receive calls. Audio quality was mediocre and there seems to be some kind of echo cancellation problem for the audio at the other end. Those kinds of problems need to be high on the developers' priority list, without rock-solid basic phone functionality, consumers will be uninterested. 
For a Linux user, it is unarguably cool to be able to ssh into your phone and poke around in the guts of the system. By using USB networking, a simple ifconfig on the host allows connections to the phone. Logging in as root puts you into a shell with BusyBox installed for many of the standard Linux utilities. By configuring the host as a gateway, the phone can access the internet (presumably via GPRS as well). This allows the use of Ipkg to update the phone software in the same way that apt-get and friends are used. There is also a terminal application, shown at right, which provides a root prompt on the screen, though making it bring up an on-screen keyboard was not obvious. This phone clearly has a lot of potential, but it also has a long way to go to reach the polish that the iPhone is rumored to have. Its strongest feature, though, that it is not tied to any particular carrier, might be enough to carry it in the early going. In addition, carriers will not be able to lock out "foreign" ringtones or only allow their games and applications to be installed. OpenMoko, both the company and the software, are truly trying to live up to their Matrix-inspired slogan: "Free your phone". Hopefully, the OpenMoko company has the resources to carry it through for a while, until the software catches up with the hardware. If not, though, the software is free, some other company could pick up where they left off. That would be unfortunate, as we look forward to following the development closely; we don't want to wait another year or more for a free (as in freedom) phone. We will keep you updated as things progress.
Security Storm worm gains strengthSpam rates are rising, rapidly, with a lot of the blame being placed on the "storm worm." The worm is targeted at PCs, to build an enormous botnet for purposes that can only be speculated upon. Estimates of the size of the botnet vary, but it is probably fair to say that millions of machines are infected. Interestingly, the techniques used to propagate the worm are evolving and some defense mechanisms are emerging. The storm worm has been with us since January, its name stems from the subject of the earliest emails that propagated it, attacking in multiple waves of spam since then. It uses the simplest of all infection techniques: tricking recipients into running a program. Those programs, which, from all reports, only run on Windows, then install various kinds of malware, including programs to connect the machine to a massive botnet. At its root, the storm worm uses various "social engineering" tactics to convince people to either open an executable in the email or to visit a website and download software from there. Several different messages have been tried recently, electronic greeting cards, welcome messages from various "groups" (Wine Lovers, Poker Players, etc.) and the most recent, that claims to be a pointer to a YouTube video that shows you or your family. These messages have been pumped out at enormous rates by the botnet as it tries to grow bigger. Some defensive behavior has been noted as well. When infected machines are scanned for vulnerabilities or malware, they sometimes react by calling in a distributed denial-of-service (DDoS) attack on the scanning machine. The main concern is for academic networks that sit directly on the internet, machines behind firewalls are generally protected, unless a significant part of the botnet also lives there. These evolving tactics and defensive measures are not being implemented for fun, the botnet herders probably have a plan for using such a huge botnet, the only question is: for what? The most likely explanation is for DDoS attacks on targeted sites, quite possibly to get paid to stop, which is also known as extortion. They presumably also get paid to send spam – other than that used to increase their size – but extorting money from sites that depend on traffic is probably much more lucrative. Unlike other botnets, storm's does not rely on a single central server that can be shut down, destroying the botnet. Instead it uses peer-to-peer technology, distributing its command and control infrastructure throughout the network, making it much more difficult to combat. That coupled with the furious spamming and defensive responses makes this the most robust botnet we have seen yet. While this particular attack does not appear to affect Linux users directly, we should not be resting on our laurels. Linux users likely have a higher clue level, overall, than Windows users, but that level is dropping. As Ubuntu and other desktop, newbie-oriented distributions gain ground, the average computer literacy of the Linux community drops. There is no defense, other than educating users, against folks who download random things and run them on their computer. If the storm botnet herders decide they need even more machines for their plan for total world domination, they might just turn to Linux.
New vulnerabilities bugzilla: several vulnerabilities
id3lib: insecure tmpfile creation
opera: multiple vulnerabilities
pam_ssh: authentication restriction bypass
po4a: information leak
star: directory traversal vulnerability
sylpheed: format string vulnerability
tar: symlink path traversal vulnerability
wordpress: cross-site scripting
xterm: local user unauthorized access
Updated vulnerabilities acroread: multiple vulnerabilities
apache2: information disclosure
apache: multiple vulnerabilities
apache: cross-site scripting
Asterisk: two SIP denial of service vulnerabilities
avahi: denial of service
bochs: buffer overflow
bugzilla: multiple vulnerabilities
centericq: buffer overflows
clamav: denial of service
cpio: arbitrary code execution
vixie-cron: privilege escalation
cscope: buffer overflows
cscope: buffer overflows
cups: denial of service
gpdf: integer overflow
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
dovecot: privilege escalation
dovecot: directory traversal
elinks: code execution
elinks: arbitrary file access
emacs21: denial of service
evolution: format string error
evolution-data-server: malicious server arbitrary code execution
pop mail man-in-the-middle attacks
file: integer overflow
firebird: buffer overflow
firefox: multiple vulnerabilities
firefox: multiple vulnerabilities
firefox, thunderbird, seamonkey: multiple vulnerabilities
flac123: arbitrary code execution
freetype: arbitrary code execution
freetype: integer overflows
gcc: file overwrite vulnerability
gd: buffer overflow
gd: multiple vulnerabilities
gd: denial of service
gdm: denial of service
gedit: format string vulnerability
gimp: multiple vulnerabilities
grip: buffer overflow
gzip: multiple vulnerabilities
HelixPlayer: arbitrary code execution
horde-kronolith: local file inclusion
ImageMagick: integer overflows
ipsec-tools: denial of service
jasper: denial of service
java: multiple vulnerabilities
java-1.5.0-sun: multiple vulnerabilities
kdebase: information leak
kdebase: several vulnerabilities
kdelibs: kate backup file permission leak
kernel: denial of service
kernel: denial of service
kernel: denial of service
kernel: multiple vulnerabilities
kernel: denial of service
kernel: denial of service
kernel: denial of service
kernel: denial of service by memory consumption
kernel: denial of service
kernel: several vulnerabilities
kernel: signal handling flaw on PPC
kernel: several vulnerabilities
kernel: denial of service
kernel: denial of service
kernel: multiple vulnerabilities
kernel: several vulnerabilities
krb5: multiple vulnerabilities
krb5: uninitialized pointers
krb5: local privilege escalation
krb5: multiple vulnerabilities
ktorrent: incorrect validation
lftp: shell command execution
libarchive: pax extension header vulnerabilities
libexif: integer overflow
libmodplug: boundary errors
libphp-phpmailer: command execution
libpng: denial of service
libpng: buffer overflow
libpng: heap based buffer overflow
libtiff: buffer overflow
libvorbis: multiple memory corruption flaws
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
lighttpd: denial of service
lookup-el: insecure temporary file
lynx: arbitrary command execution
mod_jk: proxy bypass
moin: arbitrary JavaScript execution
moodle: cross-site scripting
mplayer: buffer overflow
mydns: buffer overflows
mysql: denial of service
mysql: format string bug
MySQL: privilege violations
mysql: multiple vulnerabilities
MySQL: logging bypass
nbd: arbitrary code execution
ncompress: buffer underflow
nginx: cross site scripting
nvidia-drivers: insecure file permissions
OpenOffice.org: arbitrary code execution
OpenSSH: denial of service
openssh: remote denial of service
openssl: private key attack
pam: privilege escalation
perl-Net-DNS: predictable id sequence
php: multiple vulnerabilities
php: several vulnerabilities
php: multiple vulnerabilities
php: buffer overflows
phpbb2: missing input sanitizing
phpbb2: multiple vulnerabilities
phpPgAdmin: cross-site scripting
phpwiki: remote code execution
pptpd: denial of service
proftpd: authentication bypass
pulseaudio: denial of service
python: information disclosure
qemu: multiple vulnerabilities
qt: arbitrary code execution
qt: "/../" injection
quake: buffer overflow
redhat-cluster-suite: denial of service
rpm: arbitrary code execution
rsync: off-by-one errors
slocate: information disclosure
snort: remote arbitrary code execution
Sun JDK/JRE: multiple vulnerabilities
sysstat: insecure temporary files
tcpdump: integer overflow
tcpdump: denial of service
terminal: arbitrary code execution
tetex: buffer overflow
tomcat: directory traversal
tomcat: cross-site scripting
tor: compromised anonymity
vim: arbitrary code execution
vixie-cron: weak permissions may cause errors
vlc: several vulnerabilities
wireshark: multiple vulnerabilities
XFree86 X.org: integer overflows
xfsdump: insecure temp dir
xine-lib: arbitrary code execution
xine-lib: buffer overflow
xmms: BMP handling vulnerability
X.org: temp file vulnerability
zziplib: buffer overflow
Page editor: Jake Edge Kernel development Brief items Kernel release statusThe current 2.6 prepatch is 2.6.23-rc4, released by Linus (under the code name "Pink Farting Weasel") on August 27. It has a rather large pile of fixes; "most regressions" have been dealt with at this point. See the short-form changelog for details, or the long-form changelog for lots of details.As of this writing, there have been no patches merged into the mainline repository since the -rc4 release. There have been no -mm tree releases over the last week. The current stable 2.6 kernel is 2.6.22.5, released on August 22. It contains about 20 patches for serious problems. The 2.6.22.6 review process (involving a couple dozen more patches) is underway, with the release being a bit overdue as of this writing. For older kernels: 2.6.20.17 was released on August 25 with a long list of fixes. 2.6.20.18, released on August 28, reverts two of those fixes which turned out not to be such a good idea after all.
Kernel development news Quote of the week
In other words, consuming half of your processor is (surprise!)
detrimental to multimedia playback performance. At this point, it
becomes clear that the process scheduler folks and the networking
folks are bitter enemies and do not converse.
-- Robert
Love (not talking about Linux)
Kernel Summit 2007 - an advance viewFor the past several years, the annual, invitation-only kernel developers' summit has been held immediately prior to the Ottawa Linux Symposium. This year is different, though: the summit is, instead, happening just after LinuxConf Europe in Cambridge, UK. As usual, your editor will be there and will be able to report from the event. The preliminary agenda has been posted, though, as has the list of attendees [PDF]. So it is possible to look forward and get a sense for what is likely to be discussed.A few months ago, a discussion of interesting topics was held on the 2007 summit list. Many of the usual topics came around; there is always plenty of interesting development work going on in the kernel community. Andrew Morton objected to many of the topics under discussion, though, saying that the summit was not the appropriate venue to talk about them:
My overall take on kernel summit: we spend far too much time
talking about technical stuff. There is little benefit in doing
this: we conduct technical discussions over email and we do it
well, and there are many very good reasons for doing it that
way.... We fly halfway around the world to yap on about dentry
cache scalability? Spare me, we'd get more done by staying home.
Andrew's conclusion, which was seconded by a number of other developers, was that the process-oriented discussions are always more interesting and useful than the deep technical sessions. Discussions of virtualization, memory management, or device drivers will always be uninteresting to a significant part of the group, and they do not necessarily add much over what can be done with email. But the process-oriented talk affects everybody and is much harder to do electronically. So this year's agenda is more high-level than in previous years. That does not mean that there will be no technical talk, though. Some of the more technical sessions will cover:
That's about it for the serious technical talks; everything else will have a higher-level focus. The summit will start with a panel of distributor kernel maintainers. To a great extent, distributors are the immediate customers for the kernels that the developers put out; those distributors are then charged with getting mainline releases into a condition that allows it to be shipped to users. Distributor kernel maintainers tend to be on the front line when things go wrong; they always hear about all the problems. This panel will be a chance for those maintainers to talk about the quality of the kernels they are getting from the mainline and how things could be made to work better. Once upon a time, the kernel stood alone and presented services to the system by way of the system call interface. In current systems, instead, users see a view of the system which is created by a whole set of utilities, including the C library, udev, HAL, and more. Interactions between these low-level components and the kernel is not always as smooth as it could be, and, despite the best efforts of the kernel development community, kernel releases have been known to occasionally break utilities like udev. The "greater kernel ecosystem" session will cover these issues and the general question of making the system as a whole work better together. Establishing better control over the user-space API is likely to come up, though the problem remains difficult. There is a half-hour session on developer relations. The kernel development community is visibly growing, and that is generally a good thing. Ensuring the continued health of kernel development requires bringing in a steady stream of new developers - from all over the world. This session will be the place to talk about how that can be done, and how participation from under-represented parts of the world can be improved. Andrew Morton gets an hour to pound the table on kernel quality and related issues. There still appears to be a consensus among the developers that the kernel is not getting buggier, but that view is not universally held. Everybody agrees that fewer bugs would be a good thing, though. So topics like bug tracking, fixing the reviewer shortage, possible stabilization releases, and so on, are likely to come up in this session. Documentation is, inevitably, on the agenda - everybody wants more of it, but, somehow, it fails to just show up on its own. Last year there was some talk of imposing documentation requirements on new patches, but few people took the idea all that seriously. So maybe some different ideas for improving the situation will come about this time around. Also on the list may be the area of managing translations - an area of increasing interest - and standardizing kernel messaging. Various other process-oriented questions have been swept into a session late on the second day. Are big code cleanups worth it? How can we improve our handling of large patches which affect a number of different subsystems? How do we deal with problematic maintainers? And, in general, is the kernel process going too fast? But perhaps the discussion will be dominated by Andrew Morton's suggestion that the developers form a union and demand a massive pay raise. There are other sessions on the agenda as well; see the posted version for the full list. Whenever a group of this nature comes together, interesting things are bound to come out of it. Tune into LWN around September 6 for coverage from the event.
Cleaning up the block driver APIOnce upon a time, block device drivers implemented the same file_operations structure used by char drivers - despite the fact that block drivers are quite different and many of the file_operations methods had no relevance to them. By the 2.4 release, though, the block driver API had been significantly reworked, and struct file_operations was no longer used. Instead, block drivers have a block_device_operations structure containing many of the driver's exported operations. "Many" because certain other operations, including the ones which actually enqueue I/O requests, end up being stored in the request queue structure instead.When the move to block_device_operations was done, a number of methods were carried over directly from the file_operations vector with their prototypes unchanged. Doing things this way minimized the pain for driver maintainers, but it led to some interesting interface artifacts. For example, consider the open() method:
int (*open)(struct inode *ino, struct file *filp);
When a char device or an actual file is being opened, filp points to the internal file structure used by the kernel to manage the open file. If a user-space process opens a block device directly, filp will be used in the same way. Most of the time, though, block devices are opened by the kernel as a step toward mounting a filesystem stored there. In that case, there is no associated file structure. That's why a perusal of the source reveals code like this:
/*
* This crockload is due to bad choice of ->open() type.
* It will go away.
* For now, block device ->open() routine must _not_
* examine anything in 'inode' argument except ->i_rdev.
*/
struct file fake_file = {};
struct dentry fake_dentry = {};
fake_file.f_mode = mode;
fake_file.f_flags = flags;
fake_file.f_path.dentry = &fake_dentry;
fake_dentry.d_inode = bdev->bd_inode;
Al Viro (who is responsible for much of the current API) has taken a look at this problem and others. In the case of open(), there is very little of the information passed in the inode and file structure pointers which is actually used by drivers. And some of that is used in hazardous ways - any driver which depends on anything in fake_file lasting beyond the open() call will find itself in trouble. There are other issues with the API as well, leading Al to propose some significant changes. The result, which is almost certain to be merged when it is ready (possibly as soon as 2.6.24), will be a cleaner block driver API - at the cost of changes for every existing driver. The first change will be to move some of the flags found in f_flags over to f_mode, which is not subject to being changed by fcntl() calls from user space. As part of the move, drivers will be expected not to change those flags - or any other part of the file structure. This change will enable a cleanup of some code in the much-maligned floppy driver, which currently stores some information in that structure at open() time. The new open() prototype is projected to be:
int (*open)(struct block_device *bdev, mode_t mode);
Where mode has the usual read/write flags, but also some of the other open()-time flags like O_NDELAY. This value will not be changed by the drivers and will not necessarily exist in any sort of file structure. It will be stored safely in an undisclosed location by the kernel and will be available at release() time, when some drivers will need access to those flags. Speaking of release(), that function, too, currently has an old prototype:
int (*release)(struct inode *ino, struct file *filp);
In this case, filp is often passed as NULL by the kernel, forcing drivers to check the value and implement some sort of default behavior in the lack of a file structure. But, sometimes, drivers need to know about some of the flags which were provided at open() time. So the new release() method will look something like:
int (*release)(struct gendisk *disk, mode_t mode);
The changes do not stop there. Al points out that there is a bit of confusion in the ioctl() interface:
int (*ioctl)(struct inode *ino, struct file *filp, unsigned cmd,
unsigned long arg);
long (*unlocked_ioctl)(struct file *filp, unsigned cmd, unsigned long arg);
long (*compat_ioctl) (struct file *filp, unsigned cmd, unsigned long arg);
The different versions have different arguments - and even different return types. Once again, drivers tend not to care about most of what can be found in the inode and file structures - even when those structures exist. So the new form of the ioctl() methods will be:
int (*ioctl)(struct block_device *bdev, mode_t mode, unsigned int cmd,
unsigned long arg);
int (*compat_ioctl)(struct block_device *bdev, mode_t mode, unsigned int cmd,
unsigned long arg);
Note that unlocked_ioctl() is gone: it is arguably past time to get rid of the big kernel lock (BKL) in the block ioctl() implementation. So any driver still using the locked version (ioctl() in the old API) will be modified to take the BKL internally. Any block driver which still requires the BKL is probably in need of a more serious review, though. As of this writing, there have been no arguments against the change. The word from Linus is:
From your description, I have no objections - everything sounds
good. My only concern is how painful the patch ends up being (and a
worry about whether this will affect a metric truck-load of
external modules? That said, I can't really see us worrying about
those)
Al claims to have a patch in progress and ready to be posted soon, and that the amount of pain should be relatively small - for in-tree drivers, anyway. For those maintaining out-of-tree block drivers, the writing is on the wall: a significant API change is coming.
Re-deprecating sysctl()The sysctl() system call allows a suitably-privileged application to tweak various kernel parameters. It is a useful feature which, as it happens, is almost never used. The reason for that is the existence of the /proc/sys virtual directory hierarchy which exports the same functionality in a form which is much easier to use. Callers of sysctl() have been encouraged to use /proc/sys instead for a long time and the addition of new parameters to sysctl() is considered to be against the rules. One year ago, sysctl() was removed from the 2.6.19-rc kernels, only to be restored before the final release.sysctl() is part of the user-space ABI; it is supposed to continue working forever. That is why the attempt to remove it was ultimately rolled back. So it may be surprising to some to see a new removal attempt by Eric Biederman. His latest patch adds a new deprecation warning and an entry in the feature removal schedule putting the end of sysctl() in September, 2010. Says Eric:
After adding checking to register_sysctl_table and finding a whole
new set of bugs. Missed by countless code reviews and testers I
have finally lost patience with the binary sysctl interface.
The binary sysctl interface has been sort of deprecated for years and finding a user space program that uses the syscall is more difficult then finding a needle in a haystack. Problems continue to crop up, with the in kernel implementation. So since supporting something that no one uses is silly, deprecate sys_sysctl with a sufficient grace period and notice that the handful of user space applications that care can be fixed or replaced. Eric's claim is that this interface is so little-used that it is visibly rotting. There is sufficiently little common code between the sysctl() and /proc/sys implementations that it is easy for the two to diverge. In the long term, he says, the kernel community will do a better job of not breaking applications by getting rid of sysctl() in favor of the interface which is actually used and maintained. The new patch has, predictably, drawn opposition from developers who do not want to see the user-space ABI broken in this way. Alan Cox has also suggested that the deprecation warning approach will not be successful in getting the few remaining users to switch to /proc/sys:
The whole "whine a bit" process simply doesn't work when you are
trying to persuade people to move in a non-hobbyist context. They
don't want to move, the message is simply an annoyance, their
upstream huge package vendor won't change just to deal with it and
they'll class it as a regression from previous releases, an
incompatibility and file bugs until it goes away.
Andrew Morton, instead, is not opposed to the patch:
I think it's worth a try. It might take two, three or five years,
who knows? If it turns out to be impractical then we we can just
change our minds later, no big loss.
While there is little disagreement with the policy that the user-space ABI should never break, it does seem that there is room for discussion on how that goal might best be met. Unused code has always had a tendency to break accidentally, and sysctl() looks to be very close to being entirely unused. One could, presumably, address this problem with some sort of regression test suite - something the kernel could use more of in general. But the maintenance of interfaces which of almost entirely historical interest is not really helpful to Linux users. So, perhaps, there needs to be a way to remove system calls which have fallen into disuse for a long-enough period. Should this patch go through, we shall see whether three years is sufficient warning for such a change or not.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Architecture-specific
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials All aboard the SmoothWall ExpressThe SmoothWall Open Source Project recently released SmoothWall Express 3.0. This is the first release of this free/open source firewall/router distribution in some time. SmoothWall Express 2.0 dates back to December 2003, although an update became available in December 2006. Version 3.0 is the first version to use the 2.6 kernel and adds support for 64-bit processors.In fact the release notes contain a lengthy list of new features and improvements since 2.0. This release comes in four editions: user and developer editions for 32-bit and 64-bit systems. The developer editions contain everything in the user editions and add the needed tools for working on Express itself, including complete builds, check outs and commits. Those who choose the developer version should read the build notes. Your editor recently installed the 32-bit user edition of SmoothWall Express 3.0 on an old computer whose sole function is to provide a home network. This box plugs into a cable modem with one ethernet card and into a SnapGear Lite (four port) box through another ethernet card. SmoothWall Express is small, so it doesn't take very long to download the ISO or to burn a CD. Installation is very easy and prompts you to enter setup during the install. The setup program can also be run at any time after the install. During setup both ethernet cards were correctly identified and were soon configured to use DHCP. My main desktop was back on the net only minutes after beginning the SmoothWall Express installation. SmoothWall Limited provides support and funding for the SmoothWall Open Source Project. This support includes two SmoothWall employees to head the open source development team. As the commercial arm of the SmoothWall community, SmoothWall Limited offers a range of supported security solutions to schools, enterprise networks and small/medium businesses. The SmoothWall Open Source Project produces SmoothWall Express which is released under the GPL and can be downloaded from this page. You can also get VMWare images. Installation and Administrator guides are also available in the download area. There's also a web forum and an IRC channel available for those who need more help.
New Releases Linux From Scratch Version 6.3 Release AnnouncementThe LFS team is proud to announce the release of LFS-6.3. The book can be downloaded, or read online here. The book contains a full changelog.
Announcing openSUSE 10.3 Beta2openSUSE has released the second beta of openSUSE 10.3. Click below for a look at some important changes, most annoying bugs, the call for testing and download information.
Ubuntu Tribe 5 ReleasedThe Ubuntu release team has announced Tribe 5, the fifth alpha release in the Gutsy cycle. Images are now available for Ubuntu Desktop, Ubuntu Server, Kubuntu, Xubuntu and Edubuntu. Tribe releases are for developers and testers only, do not use them if you need a stable system.
Ubuntu's Launchpad 1.1.8 released!Launchpad 1.1.8 has been released. Launchpad is the suite of tools used to create Ubuntu and it's sister distributions. This release sees a great deal of activity in the Bug Tracker, an important new feature in Code, an exciting development in the Personal Package Archive beta and improvements right across every other part of Launchpad.
Distribution News Introducing the Hardy HeronFor those of you who have been wondering what the next Ubuntu release will be named, the long wait is over: Ubuntu 8.04, due next April, will be called "Hardy Heron." "Not only will the Ubuntu community continue to do what it does best, produce an easy-to-use, reliable, free software platform, but this release will proudly wear the badge of Long Term Support (LTS) and be supported with security updates for five years on the server and three years on the desktop." Goals for the release will be hammered out at the developers' meeting in October.
(Ubuntu) IcedTea - a first step towards OpenJDKMatthias Klose takes a look at IcedTea, a temporary fork of OpenJDK, as packaged for Ubuntu's Gutsy release.
(Ubuntu) new architecture lpiaThe Ubuntu Mobile project uses a new architecture "lpia". "[T]he architecture resembles "i386", but uses different optimizations options in the compiler, different configuration and build options for some packages. Because Ubuntu Mobile uses only a subset of main, and almost nothing of universe, a large part of the archive is not yet built for this architecture."
Fedora Board Recap 2007-AUG-21Click below to see a recap of the August 21, 2007 meeting of the Fedora Board. Topics discussed include Job Descriptions, Leadership Impact, Future of Fedora and Quality.
Distribution Newsletters Fedora Weekly News Issue 102Fedora Weekly News issue #102, for the week of August 20th is out. The publication will be taking a few weeks off, the next issue will be after September 21st. Highlights in this edition include disabling "dontaudit" rules for Fedora 8, cleaning old files and packages, Remind, Gallery2, and more. Click below to read it.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for August 20, 2007 covers the upcoming Council elections, including interviews with the candidates, and several other topics.
Ubuntu Weekly News: Issue #54The Ubuntu Weekly Newsletter for August 25, 2007 covers Canonical's new store opening, the announcement of UDS-Boston, Gutsy Gibbon's latest alpha release, Launchpad's new features, and much much more.
DistroWatch Weekly, Issue 217The DistroWatch Weekly for August 27, 2007 is out. "There is little doubt about it - Ubuntu is the most popular desktop Linux distribution on the market. But the great variety of available statistics, usage surveys and web long analyses means that it's often impossible to estimate the true usage figures and switching habits of individual users. Does it all really matter? Read our editorial on the subject and comment in the forums. In the news section, we link to a handful of interesting articles covering the openSUSE package management, Gentoo overlays, and Debian boot process with initng. Finally, the KDE development team has revealed that its official KDE 4 release party will only take place some four months after the release of version 4.0. The reason? Read on to find out."
Distribution meetings Ubuntu Developer Summit Boston 2007 AnnouncedA Ubuntu Developer Summit for 8.04 will be held in Cambridge, Massachusetts to help shape the next release of Ubuntu.
Newsletters and articles of interest Debian stays true to its roots (LinuxWorld)Bdale Garbee, former Debian project leader and current HP chief technologist for Linux and open source, reflects on Debian in a LinuxWorld article. "The Debian distribution is a fascinating social phenomenon. Imagine a voluntary group of more than 1,000 registered developers who build and distribute software that is equal or superior to any commercial operating system -- and theres no company backing them. Since Debian isnt a company, developers dont have to worry about being bought or sold, going through a hostile take-over, answering to shareholders or going bankrupt. Theres no significant money trail, because Debian is based on donated time and resources. This leaves the developers free to pursue their passion to write and use free software. Outsiders sometimes view this as an unruly group that argues a lot, but don't be fooled by the vocal minority. Debian is an amazingly tight-knit community of people who share a passion and enjoy working and playing together."
Sneak Peeks at openSUSE 10.3: New Package Management (openSUSE News)openSUSE News takes a look at the new package management stack included with openSUSE 10.3. "openSUSE 10.3 is set to contain a new, significantly improved and more mature package management stack by default. ZMD, the package management component causing problems in SUSE Linux 10.1 and to a lesser extent in openSUSE 10.2, has been completely removed and is now replaced by the new libzypp and its tools. Today we'll be taking a look at the new package management and talking to Duncan Mac-Vicar Prett, one of the central libzypp developers."
Distribution reviews Debian Lenny & initng (Masuran.org)Here's a review of Debian Lenny, which uses initng for the init system. "Debian Lenny might be called the 'testing' version but I find it stable enough to be used every day as your main OS. The rough edges make it an excellent distribution for the real geek, the computer user that finds that other distributions are either to polished (Ubuntu, SuSe) or too rough (Gentoo, Slackware)."
openSUSE 10.3 Beta (1 &) 2 Report (TuxMachines)TuxMachines.org reviews the beta versions of openSUSE 10.3. "I decided to test this release on the HP Pavillion laptop I received for Christmas as I had overwritten 10.2 for a previous review and I missed having an openSUSE install on it. Another reason this seemed like the time was that developers wanted LCD brightness adjustment, suspend, and the Grub installation tested. Also, long story short, I had lost access to the Windows XP partition at some point and needed to restore it first. So, this was the perfect time to test their Grub installation."
Three MythTV Linux distros compared (Linux.com)Linux.com looks at three distributions that are built around MythTV. "My Series 1 TiVo is getting old, so I am planning an escape route based on MythTV, a free software system that turns an old computer into a personal video recorder. This week I tested three MythTV-specific Linux distributions: KnoppMyth, MythDora, and MythBuntu. I found MythDora the best overall fit for my needs -- but there are important distinctions between the three that may lead you to a different decision."
Page editor: Rebecca Sobol Development Jython 2.2 has been releasedJython is a Python language implementation in Java. Jython was originally called JPython, that project was started in 1997 by Jim Hugunin at CNRI. The name was changed to adhere to the original JPython license requirements. Jython has been released under version 2 of the Python Software Foundation license. ![[Jython]](/images/ns/jythonlogo.png)
The Jython project description states:
Jython is an implementation of the high-level, dynamic, object-oriented language Python written in 100% Pure Java, and seamlessly integrated with the Java platform. It thus allows you to run Python on any Java platform.
the Jython FAQ explains further:
Jython implements the Python programming language on the Java(tm) Platform. It consists of a compiler to compile Python source code down to Java bytecodes which can run directly on a JVM, a set of support libraries which are used by the compiled Java bytecodes, and extra support to make it trivial to use Java packages from within Jython.
On August 23, 2007, Frank Wierzbicki announced Jython version 2.2 on his weblog. "This is the first production release of Jython in nearly six years, and it contains many new features". The Jython News page shows that Jython 2.2 has been in beta test since February, 2007. Jython 2.2 fully implements the features of Python version 2.2. New capabilities in Jython 2.2 include: new-style classes, Java List integration, a PEP 302 implementation, iterators, generators, __future__ division, support for modern JVMs, a new installer and ssl and non-blocking support for sockets. The changelog file has a more detailed release history. The Jython project roadmap explains the plans for the future developments. Support for Python 3000 is planned. Jython is a few steps behind Python, which is currently at version 2.5.1. Jython 2.2 is available for download here. The installation instructions are straightforward. A test install was performed on your author's Ubuntu 6.10 (Edgy Eft) system with the Java 2 Runtime Environment, Standard Edition build 1.5.0_08-b03. The installation went smoothly and some simple Python test programs were executed with no problems. As noted in the FAQ, JPython startup was noticeably slower than regular CPython. If you need to run Python on a variety of Java-supported platforms, or need to access Java classes under Python, give Jython 2.2 a try.
System Applications Database Software Firebird 2.0.2 releasedSub-release 2.0.2 of the Firebird DBMS has been announced. "Firebird 2.0 brings a large collection of long-awaited enhancements that significantly improve performance, security and support for international languages and realise some desirable new SQL language features. Under the surface, it also provides a much more robust code platform from which the re-architecting planned for Firebird 3.0 is proceeding."
MySQL 5.1.21-beta has been releasedVersion 5.1.21-beta of the MySQL DBMS has been released. "Bear in mind that this is a beta release, and as with any other pre-production release, caution should be taken when installing on production level systems or systems with critical data."
PostgreSQL Weekly NewsThe August 26, 2007 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
Embedded Systems BusyBox 1.7.0 releasedUnstable version 1.7.0 of BusyBox, a collection of command line utilities for embedded systems, is out with bug fixes, some new applets and other improvements.
Filesystem Utilities announcing Allmydata-Tahoe version 0.5.1Version 0.5.1 of Allmydata-Tahoe, a secure, decentralized storage grid, has been announced. This version adds some new features and fixes some bugs and security issues.
Virtualization Software Interview with OpenVZ Project Manager Kir Kolyshkin (MontanaLinux.org)MontanaLinux.org has an interview with Kir Kolyshkin, project manager for OpenVZ, a Linux virtualization project.
ML: Are there any areas in the OpenVZ project that you wish you had a bunch of volunteers to work on?
Kir: We have already seen some good contributions here and there, but there's always room for more! I would really like people to work more on tools, especially template tools and OpenVZ control libraries (a.k.a. vzctl-lib). A lot of people already contribute OpenVZ templates, and I'd like that to continue with not only OS templates, but also some kind of virtual appliances (i.e. a pre-installed set of applications for a specific purpose, like running a mail server). I wish we could have some help with the mainstream integration -- if anyone would like to join the fun, start with subscribing to containers-at-linux-foundation-dot-org. (thanks to Warren Sanders).
Web Site Development Chandler Server 0.7.0 releasedVersion 0.7.0 of Chandler Server, a server and Ajax web UI for managing and sharing calendars, events, and tasks, is out. "This release is a substantial improvement over Cosmo 0.6.1 and is recommended for general usage."
Kochizz 1.0 released (SourceForge)Version 1.0 of Kochizz has been announced. Kochizz is: "A free graphical user interface to edit Apache HTTP Server configuration files. After several months of development, the SS2L OpenDev publishes a first version of the free project Kochizz. This graphic tool aims at facilitating the configuration of the Apache Web servers."
Django RoundupThe August 26, 2007 edition of the Django Roundup covers the latest news from the Django web platform.
Desktop Applications Audio Applications jack_mixer version 6 releasedVersion 6 of jack_mixer, an audio mixer application for the JACK Audio Connection Kit, is out. "Changes since version 5: Fix building against jack 0.102.20, Handle python prefix different from install prefix, Fix LASH-less operation, Update install instructions after lash-0.5.3 and phat-0.4.1 releases, Apply Markus patch (thanks!) for sr #1698 (can't restore session using LASH)".
Business Applications openCRX v1.11.0 released (SourceForge)Stable version 1.11.0 of openCRX has been announced. "openCRX is a professional CRM solution (customer relationship management) deployable to all major platforms. openCRX is multi-entity enabled, scalable, a real enterprise-class CRM-solution - new: Activity Management, Bug Tracking - try our Demo Server".
Calendar Software qOrganizer v2.1 released (SourceForge)Version 2.1 of qOrganizer has been announced. "qOrganizer is a general organizer that includes a calendar with schedule,reminders,journal/notes for every day, to-do list.But provides features useful for students such as:timetable and a booklet for marks and absences.It's designed to be easy to use. 2.1 is a bugfix release."
Data Visualization Geomview 1.9.4 released (SourceForge)Version 1.9.4 of Geomview is out with bug fixes. "Geomview is an interactive 3D viewing program for Unix. Geomview lets you view and manipulate three-dimensional objects, and can also be used as a display engine by other programs to animate objects. Geomview supports OpenGL and uses a Motif X interface."
Desktop Environments GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
Pencils Down for KOffice Summer of Code Students! (KDE.News)KDE.News covers the KOffice Google Summer of Code. "With an avalanche of last-minute commits, the KOffice Google Summer of Code students finished yet another great Summer of Code. We had some very exciting projects this year, and most of them were as great a success as last year. Read on for details of the achievements."
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Xorg Software AnnouncementsThe following new Xorg software has been announced this week:
Electronics eispice 0.11 announcedVersion 0.11 of eispice, a clone of the Berkley SPICE 3 electronic simulation engine, has been announced. "This release contains several new features and bugfixes, including a new non-linear capacitor model, a Gaussian Pulse waveform, a simple diode model, Python docstrings (built in help), and improved IBIS model support and performance. The module naming has changed significantly and as a result this new release is not backward compatible."
gds2pov 20070827 announcedRelease 20070827 of gds2pov is out with a build fix for Linux x86_64 machines. "GDS2POV is a program to take a GDS2 layout file and output a POV-Ray scene description file of the GDS2 data. This allows the creation of attractive 3D pictures of a layout."
gEDA/gaf 1.1.2.20070818 development snapshot announcedDevelopment snapshot 1.1.2.20070818 of gEDA/gaf, a collection of electronic CAD applications, has been announced. See the release notes for more information. "This development snapshot includes a non-modal multi-attribute dialog box, the return of support for guile 1.6.x, component selector improvements, preview widget improvements, removal of a few memory leaks, lots of code cleanup, and the usual slew bug fixes."
Games Risk 1.0.9.2 announced (SourceForge)Version 1.0.9.2 of Risk has been announced. "This is java version of the classic RISK board game, with a simple map format, network play, 1 player, hotseat, 5 user interfaces and many more features, it works in all OSs that run java 1.4 or higher. A new map called godstorm has been added. A full map editor is included, and a new 3D view has been added to SwingGUI. There are other minor features and bugfixes."
Interoperability Wine 0.9.44 releasedVersion 0.9.44 of Wine has been announced. Changes include: Better heuristics for making windows managed, Automatic detection of timezone parameters, Improvements to the builtin WordPad, Better signatures support in crypt32, Still more gdiplus functions, and Lots of bug fixes.
Music Applications a2jmidid - first releaseThe first release of a2jmidid has been announced. "a2jmidid is daemon for exposing legacy ALSA sequencer applications in JACK MIDI system. It is based on jack-alsamidi-0.5 (jackd alsa seq midi backend) by Dmitry Baikov. The main purpose is to ease usage of legacy, not JACK-ified apps, in JACK MIDI enabled systems."
GTick 0.4.1 releasedVersion 0.4.1 of GTick, a metronome application, has been announced. The changes include: "Fixed segfault on using custom sound file".
Science p version 2 announcedStable version 2 of p has been announced. "In p, a bunch of particles interact with each other according to this simple rule: every particle moves towards, away, or watches another particle(s). When the program starts, each particle chooses a random color, position, and the particle(s) it will move towards, away, or watch. As the program runs, some particles join together to form a train and journey together thereafter. Some orbit each other. Some collapse into each other. Some form swarms that split and join. One cannot predict when or where or how many of these behaviours will emerge but they usually do."
Speech Software eSpeak 1.29 releasedVersion 1.29 of eSpeak, a speech synthesizer, is out with bug fixes and minor improvements.
Languages and Tools BASIC GTK support in GAMBAS coming of age ... (GnomeDesktop)GnomeDesktop looks at new GTK support in GAMBAS, a BASIC language environment. "More recently however I've been experimenting with GAMBAS (it's *not* aimed at writing games) and found that although it sports a Qt front-end and widget set, it's very robust and provides a fantastic IDE approaching the levels of Delphi / VB. One of the new features available in the development version that has thus far been overlooked is full Gtk support!"
Caml Caml Weekly NewsThe August 28, 2007 edition of the Caml Weekly News is out with new Caml language articles.
Erlang Erlide 0.3.32 announced (SourceForge)Version 0.3.32 of Erlide has been announced. Erlide is: "An Eclipse plugin providing IDE support for Erlang (http://www.erlang.org), a concurrency-oriented language developed by Ericsson. This release includes the reworked RPC mechanism. It may still have some rough edges. There are no direct user-visible changes, but I would be glad to know if there are any crashes/bugs/errors."
Lisp SBCL 1.0.9 releasedVersion 1.0.9 of Steel Bank Common Lisp has been announced. "This version improves object finalization, code coverage annotations, and more."
Python Python-URL! - weekly Python news and linksThe August 27, 2007 edition of the Python-URL! is online with a new collection of Python article links.
Build Tools IcedTea 1.3 Web Browser Plugin releaseVersion 1.3 of IcedTea has been announced. "This release represents the inclusion of a web browser plugin! The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools and provides replacements libraries for the binary plugs with code from the GNU Classpath project."
Libraries libavl 2.0.3 releasedStable version 2.0.3 of libavl has been released. "libavl is a balanced tree library that comes with full documentation. It includes unthreaded, right threaded, and fully threaded variants of AVL tree, as well as unthreaded red-black trees. It features self-test routines as well as insertion, deletion, tree count, tree copy, tree walking and traversal, search, and threading and unthreading routines."
Test Suites Linux Desktop Testing Project 0.9.0 releasedVersion 0.9.0 of the Linux Desktop Testing Project has been announced. "This release features number of important breakthroughs in LDTP as well as in the field of Test Automation. This release note covers a brief introduction on LDTP followed by the list of new features and major bug fixes which makes this new version of LDTP the best of the breed."
Page editor: Forrest Cook Linux in the news Recommended Reading On GNOME's 10th anniversary, de Icaza and Waugh look back, ahead (Linux.com)Linux.com looks at ten years of GNOME. "It seems like just yesterday that the GNOME Project got its start, but actually it was a decade ago that Miguel de Icaza got the ball rolling. While de Icaza has largely focused his time on Mono recently, the GNOME community has kept making progress. To get some perspective on GNOME's history, I spoke to de Icaza and longtime GNOME contributor and GNOME Foundation board member Jeff Waugh."
Linus Torvalds talks future of Linux (apc)apc features an interview with Linus Torvalds. "APC: Out of curiosity, do you have anything to say to hardware manufacturers who refuse to release datasheets or specifications about the functioning of their hardware so it could operate with the Linux kernel? LT: Is "I hope you all die a painful death" too strong? The good news is that a lot of hw manufacturers are actually doing the right thing. Intel in particular has improved wrt open source a lot, and for that reason I tend to suggest that when buying a machine, just make sure that you buy one with Intel graphics and wireless. That takes care of the two biggest annoyances right there. But Intel certainly isn't the only one, and we're doing fairly well in general - with just a few dark spots."
Companies Adobe Flash Player 9 Update 3 Beta 2 available for Linux (ars technica)ars technica reports on the availability of the latest Flash beta for Linux. "During the development of Flash Player 9, Adobe sought to make the program's infrastructure truly cross-platform compatible so that future versions of the player wouldn't have to be ported to Linux after every release. Adobe hoped to ensure that future Flash player releases could be issued simultaneously for all major platforms. Adobe's success in this respect is illustrated by the availability of this latest Flash player beta for Linux at the same time that it's available for Windows and Mac OS X."
Linux Adoption FSF links up with environmental groups (Linux.com)Linux.com reports that the Free Software Foundation is connecting with environmentalists. "Continuing its efforts to connect with social activists, the Free Software Foundation (FSF) has released an open letter signed by major environmental organizations. The letter urges activists to reject lockdown technologies in general and Windows Vista in particular as hostile to their ethics and the causes they support, and to support free software instead. The letter is only the first in a series that the FSF plans to release in the coming months, each of which will be crafted to make an ethical or pragmatic appeal to a specific group's concerns."
Legal BitTorrent Admin Monitored by US Government, Forced to Dump Linux (TorrentFreak)TorrentFreak covers a forcible change of operating system to enable monitoring. "'I had a meeting with my probation officer today, and he told me that he has to install monitoring software onto my PC. No big deal to me, that is part of my sentence. However, their software doesn't support GNU/Linux (Which is what I use). So, he told me that if I want to use a computer, I would have to use an OS that the software can be installed on.'" (Thanks to Ludo Stellingwerff).
Amazon, Google, Yahoo, And Others Sued For Automating Their E-mail (InformationWeek)Here's an InformationWeek article about this week's software patent silliness. "The lawsuit charges the companies with implementing systems that 'comprise interpreting electronic messages with rule base and case base knowledge engines' as described in the patent held by the plaintiff, 'Automatic message interpretation and routing system.'" The patent claims are quite general and could easily describe packages like Mailman.
Can developers reclaim donated IP? (Linux.com)Linux.com muses on the ownership of (so-called) intellectual property, including a discussion with Richard E. Fontana, of the Software Freedom Law Center. "'Intellectual property is property; like any other form of property, ownership can be transferred to someone else. With respect to copyrights (and also patents and trademarks), an outright transfer of all rights to someone else is called an "assignment." Ownership generally means the ability to exercise all rights associated with a form of property, so to convey ownership of copyrights you would assign them. (If you transfer fewer than all rights to someone else, that's a "license.") You can assign copyrights to someone else in return for compensation, or you can assign them as a gift. In the US, at least, an assignment must be in writing and signed by the person conveying the copyrights.'"
Resources Linux vs. BSD, What's the Difference? (O'ReillyNet)Dru Lavigne compares Ubuntu 7.04 to PC-BSD 1.4 on O'Reilly. "Linux mavens are usually pretty sure they'll never go back to (or start using) Windows. They may like Mac OS, but usually don't jump ship for that either. But how about the other open source Unix descendant, BSD? Dru Lavigne offers a basic primer on what's different in PC-BSD for a Linux user, and what's better."
Can hypervisors circumvent GPLv3's 'anti-tivoization' clause? (LinuxDevices)LinuxDevices has a guest whitepaper authored by Bruno Zoppis, a Trango product manager. "This guest whitepaper explains how a hypervisor can be used to leverage GPL software while isolating it from proprietary code, in order to ensure compliance with the requirements of the GPL. It was written by a TRANGO Virtual Processors product manager, and uses that company's hypervisor as an example." (Thanks to Phil Endecott)
Reviews Documentation Coverage Testing With dcov (Linux Journal)Pat Eyler takes a look at a documentation coverage tool for Ruby, on Linux Journal. "How often have you thrown up your hands in disgust at the poor quality of documentation for an open source project? Wouldn't it be nice if someone put together a documentation coverage tool that worked like test coverage tools? Well, you're in luck--dcov is here (at least for Ruby code)."
Discontent with LiveContent (Linux.com)Linux.com takes a look at the Creative Commons' LiveContent mini-distribution and finds it lacking. "The CD is a modified version of the Fedora 7 live CD. Bypassing the login screen, it boots directly to a customized GNOME desktop, with a Firefox browser opened to a welcome page -- and that is where the trouble with the presentation begins. Instead of beginning with a concrete explanation of the CD or explaining what Creative Commons and free software are, the welcome page begins by repeating the vague rhetoric of the project wiki. It does not even encourage users to make free use of the material on the CD. If I were someone who had never heard of either Creative Commons or free software, I wouldn't know what to think."
Comprehensive integrity verification with md5deep (Linux.com)Mayank Sharma looks at md5deep on Linux.com. "Most of the ISO images and other software you grab off the Internet come with a message digest -- a cryptographic hash value that you can use to verify their integrity. While almost all Linux distributions come with utilities to read and generate digests using MD5 and SHA1 hash functions, the md5deep utilities can do that and more. md5deep computes MD5, SHA-1, SHA-256, Tiger, and Whirlpool digests across Linux, Windows, Mac OS X, *BSD, Solaris, and other operating systems. It can recursively traverse directories, computing sums for files under subdirectories as well."
UFRaw 0.12 could make new converts to open source RAW photo conversion (Linux.com)Linux.com reviews UFRaw 0.12. "There is more to UFRaw than just new tools and icons, though. As hinted at above, UFRaw is color-managed, and this release is the first to support display profiles and display profile rendering intents. That makes it possible to use a fully color-managed workflow for your editing session; something not to be taken lightly."
Page editor: Forrest Cook Announcements Non-Commercial announcements EFF Challenges Bogus Patent on Internet SubdomainsThe Electronic Frontier Foundation has sent out a press release concerning bogus patents on Internet subdomains. "The Electronic Frontier Foundation (EFF) is challenging a bogus patent on Internet subdomains that has been used to threaten small businesses and innovators. Ideaflood, a self-proclaimed "intellectual property holding company," used this illegitimate patent to demand payment from website hosting companies that offer virtual, personalized subdomains -- like "action.eff.org" for the parent domain "eff.org." But in a reexamination request filed with the United States Patent and Trademark Office (PTO) today, EFF and Rick Mc Leod of Klarquist Sparkman, LLP show that the method Ideaflood claims to have invented was well known before the patent was issued. In fact, website developers were having public discussions about how to create these virtual subdomains on an Apache developer mailing list for more than a year before Ideaflood made its patent claim."
FSF: Microsoft cannot declare itself exempt from the requirements of GPLv3The Free Software Foundation has released the following statement in response to claims by Microsoft regarding their obligations under the GNU General Public License version 3 (GPLv3). "We do not, however, agree with Microsoft's characterization of the situation involving GPLv3. Microsoft cannot by any act of anticipatory repudiation divest itself of its obligation to respect others' copyrights. If Microsoft distributes our works licensed under GPLv3, or pays others to distribute them on its behalf, it is bound to do so under the terms of that license. It may not do so under any other terms; it cannot declare itself exempt from the requirements of GPLv3."
The FSF's environmental press releaseHere is the press release from the Free Software Foundation trying to turn Windows into an environmental issue. "Today, environmental and social justice groups united to call for the rejection of Microsoft Windows Vista and for society's adoption of free software, highlighting environmental concerns and technology restrictions associated with proprietary software."
The Linux Foundation on OOXMLThe Linux Foundation has sent out a press release giving its position on the upcoming vote on the adoption of Microsoft's OOXML format as an ISO/IEC standard. "For all these reasons and more, the Linux Foundation calls upon those National Bodies that have not yet cast their votes to vote 'No, with comments.' Those comments should reflect their best, neutral, technical judgment, based upon OOXML in its current form. Only by doing so, we believe, can both the future availability of documents, but the integrity of the standard setting process be assured."
US District court says that the artistic license is a contractThe Law & Life weblog has a summary of a decision in the JMRI case in California. "The decision makes two important points: (1) the Artistic License is a contract and (2) the failure to include the copyright notices was not a 'restriction' on the scope of the license... The second point is very important because it deals with remedies. Generally, the remedy for contract violations under US law is damages, not 'injunctive relief' (which means that the court order a party to cease their violation). On the other hand, copyright infringement generally includes a presumption that injunctive relief is appropriate." LWN first covered the JMRI case in April, 2006; interested parties can read a summary of the case (which has gotten more complicated since then) or can go straight to the court's ruling [PDF].
Commercial announcements Mandriva Benelux is launchedMandriva has announced the launch of Mandriva Benelux "Our target areas are corporate applications and solutions to individuals, educational institutions, public and private organizations, ISVs and OEMs all over the Belgium, the Netherlands and Luxembourg region. The goal of Mandriva Benelux NV is to provide local distribution of Mandriva Linux and other integrated open source applications in multiple languages throughout Belgium, the Netherlands and Luxembourg."
Marvell 88ALP01 data sheet releasedAlmost one year ago, the One Laptop Per Child project took some grief for developing device drivers for its laptop under non-disclosure agreements. It was asserted that, by giving in to hardware vendors in this way, OLPC was ensuring that specifications for the hardware would never become available. So it is nice to see that Marvell has followed through on at least part of its promise and released the 88ALP01 data sheet. This specification covers the camera, SD, and NAND flash controllers.
Mozilla announces Firefox Campus EditionMozilla has announced the Firefox browser Campus Edition. "The bundled version of Firefox with three popular add-ons is geared towards students and provides easy access to music, timesaving research tools and highly rated web sites."
German Universities tap Novell for infrastructure needsNovell, Inc. has announced a Linux deployment at some German universities. "Novell today announced that state universities across the Federal State of North Rhine Westphalia in Germany have selected Novell for their critical IT infrastructure systems. The agreement will give 560,000 students and employees across 33 universities access to key enterprise management and Linux* services from Novell, including SUSE(R) Linux Enterprise Desktop."
New Books Learning PHP and MySQL, 2nd Edition--New from O'ReillyO'Reilly has published the book Learning PHP & MySQL, 2nd Edition by Michele E. Davis and Jon A. Phillips.
Security Power Tools--New from O'Reilly MediaO'Reilly has published the book Security Power Tools by Nicolas Beauchesne, Philippe Biondi, Bryan Burns, Chris Iezzoni, Jennifer Statis Grannick, Paul Guersch, Dave Killion, Michael Lynn, Steve Manzuik, Eric Markham, Eric Moret and Julien Sobrier.
Surveys 2007 Desktop Linux Survey results revealed (DesktopLinux.com)DesktopLinux.com presents the results from the 2007 Desktop Linux Survey. "The leading Linux distribution is the Ubuntu family -- 30 percent of our survey respondents are using Ubuntu or one of its sister distributions: Kubuntu, Xubuntu, and Edubuntu. While there are other distributions that owe a great deal to Ubuntu -- Linspire, Freespire, MEPIS, Linux Mint, and Pioneer all come quickly to mind -- we decided not to count them for Ubuntu this year, since some, like Freespire, have just made the switch, while others, such as MEPIS, are switching back to Debian, and Pioneer is going in its own direction. Next in popularity, after the ever-popular Ubuntu family, comes the SUSE Linux family with 21 percent."
Education and Certification Learn embedded Linux, get a Linux laptop (LinuxDevices.com)LinuxDevices.com reports that LinuxCertified will hold a three-day class on embedded and real-time Linux development. "Set for Sept. 12-14 in Sunnyvale, Calif., LinuxCertified's embedded Linux course promises to examine, "why Linux, how to embed Linux, and how to measure and obtain real-time performance," the vendor said."
Calls for Presentations O'Reilly ETel Conference 2008 Call For ParticipationA Call For Participation has gone out for the 2008 O'Reilly ETel Conference. "Now in its third year, ETel, the O'Reilly Emerging Technology Conference, brings together all of the voices in telephony that need to be heard--from telecommunication company executives, garage hackers, mobile executives, programmers, researchers to venture capitalists, community activists and CEOs. The call for participation is now open; submissions will be accepted until September 17, 2007. The conference, taking place March 3-4 in San Diego, California, is an ambitious mix of inspirational speakers who lay out visionary road maps to the future, combined with practical, unconventional hacks from small, innovative startups."
Fedora Mini-conf at LCA2008 - Call for PresentationsA Fedora mini-conf has been scheduled for linux.conf.au 2008 in Melbourne, Australia. Presentations are being solicited for 50, 25, and 10 minute slots. Click below for more information.
LinuxChix Women's mini-conf: Call for PresentationsLinuxChix, the organization for women who like Linux and free software, announces a mini-conf as part of linux.conf.au 2008 in Melbourne, Australia. A call for 50, 25, and 10 minute presentations is being announced as well. Click below for more information.
MySQL Miniconf at LinuxConfAU 2008: Call for PapersA call for papers has gone out for the MySQL Miniconf at LinuxConfAU 2008. "There are about 6 or 7 slots of 50 minutes each. We could do 2x25 minutes for some, and possibly a slot with 5 minute lightning talks. A proposal should contain a short title and abstract of what you intend to talk about, what duration the talk would be (5, 25, 50), and a brief bio of yourself."
Upcoming Events Cell Hack-a-thon II announcedThe Cell Hack-a-thon II will be held in Austin, TX on September 22-25, 2007. "You are invited to attend Hack-a-thon II, Austin, Texas, September 22-25, two days prior to and then in conjunction with the Power Architecture Developer Conference. In this 4 day event, Terra Soft will host a 6 node PS3 cluster and hands-on workshop for the installation of Yellow Dog Linux, compute image deployment via Y-HPC, and use of Torque and Moab for job management. Hack-a-thon attendees are given opportunity to test their own parallel and distributed code."
HITBSecConf2007 - Malaysia is less than 2 weeks awayHITBSecConf2007 will be held on September 3-6, 2007 in Malaysia. "Organized as a community centric, non-profit effort, HITBSecConf is Asia's largest network security event featuring 4 keynote speakers, 7 tracks of technical training sessions and access to over 30 hours of deep knowledge demos and presentations!"
Legal Conference News from the Linux FoundationThe Linux Foundation has announced a Legal Summit. "The Linux Foundation is pleased to issue an invitation to in-house counsel for all of our members to participate in the Linux Foundation Legal Summit on October 25 and 26, 2007. This collaborative workshop will provide an opportunity for in-house counsel involved in shaping member policies around open source or open standards issues to lend their experience and expertise to the development of Linux Foundation legal strategy."
Office 2.0 agenda finalizedThe Office 2.0 Conference will take place in San Francisco, CA on September 5-7, 2007. "The event will feature over 100 speakers and panelists, and include 6 keynote presentations and 21 panels. The conference will be kicked off with a quick presentation of the exclusive applications developed for the iPhone by Etelos, and an introduction to the enterprise-grade WiFi network deployed for the event by Covad and Swisscom. This year, every attendee will receive an iPhone to support real-time collaboration during the event."
Ubuntu Developer Summit Boston 2007 AnnouncedThe Ubuntu Developer Summit to plan the next Ubuntu release has been announced. It is slated for 27 October through 2 November in Cambridge, Mass. Click below for more details.
Events: September 6, 2007 to November 5, 2007The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it. Audio and Video programs KDE Multimedia Meeting Video Interviews (KDE.News)Seb Ruiz has announced the availability of video interviews from the KDE Multimedia Meeting. "You might remember, that a little over a year ago kde.nl graciously hosted the KDE multimedia meeting (or k3m for short). Whilst we were there, hacking away, the folks from Source21 joined us to do some interviews for their open source software vidcast. If you take some time to watch the video, youll hear from Martijn Klingens (KDE marketing, KDE.nl), Matthias Kretz (Phonon) and myself (Amarok) speaking about our respective areas of expertise."
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[html inspector]](/images/ns/grumpy/firebug/html-inspector-sm.png)
![[Layout display]](/images/ns/grumpy/firebug/box-model-sm.png)
![[Timings display]](/images/ns/grumpy/firebug/timings-sm.png)