LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for March 20, 2003A quick look at Gentoo LinuxYour editor recently needed to set up a sacrificial box for testing out code for the driver porting series. Installing a system like that is always a good opportunity to try out a new distribution, so it seemed like the right time to try to get a sense for what the Gentoo hype is about.Little did he know that it would take a week just to get through the installation process. Gentoo seems to be positioning itself as a Debian for the real hackers. So, for example, most of the distribution is built from source at installation time. Why? So you can control the configuration and optimization settings, of course. As a result, the process can take a while, especially if the system you are installing is relatively old and slow. But, in fact, it takes some time to get even that far. A look at the 1.4rc3 installation instructions is a sobering experience; it takes a while just to read about all that must be done. You start with a bootable CD image, of course, but then it's a matter of:
And so on...you presumably get the point by now. Installing Gentoo is essentially a process of assembling your desired system by hand. For old-time Linux users, the experience is much like going about ten years back in time, when Linux systems really were assembled by hand. At least you don't need a big stack of diskettes anymore. The interesting thing is that, once you're done, the result is a pretty nice system. The right packages are there, the administration tools seem to be well thought out (though things like the init script system take a little getting used to), and the "portage" package system has many of the same features that make Debian's "apt" so great. And, of course, you have a system that is set up exactly how you directed it to be and optimized for your processor. For most users, though, the pain required to get there will probably not prove to be worth it. Your editor is not a stranger to this mode of operation, having been through experiences like converting systems from a.out to ELF by hand. But, you know, that was a while ago; now I'm more interested in having the system just work. And if I'm trying to set up a dozen (or hundreds) of boxes, the Gentoo approach is simply out of the question. There is, of course, absolutely nothing wrong with Gentoo being what it is. There are plenty of distributions out there for people who want to be able to do an installation without thinking about it. Gentoo is aimed at a different audience - those who want to get their hands quite dirty inside their Linux systems. That is, of course, one of the great things about Linux: you can get your hands as deeply into the system as you want. As the commercial distributions get flashier and generally easier to work with, the excitement and challenge of dealing with the system at the lowest level recedes a bit. Gentoo is bringing that experience back to a new generation of Linux users and hackers, and seems to be doing a very good job of it.
OpenOffice.org's Community Council[This article was contributed by Joe 'Zonker' Brockmeier] OpenOffice.org has come a long way since it was officially rolled out in October, 2000. The group has delivered a full-featured Open Source office suite that is shaping up as a viable competitor to Microsoft Office, at least in some markets. The group is now looking to revamp its governing process. Until now, decisions have mostly been made by votes on mailing lists or by the project leads of the various projects that make up OpenOffice.org. Now the group is trying to develop a Community Council. The proposal has been kicked around for some time, and is currently being voted on. We talked to one of the originators of the proposal, Josh Berkus. Berkus is a marketing volunteer for the OpenOffice.org project. According to Berkus, the proposal has been making the rounds for about a year before it got to the final draft that is now being voted on. In general, he says the Council will be similar to a steering committee. It will help set release dates, coordinate efforts between the OpenOffice.org community and Sun Microsystems, and coordination between specific projects in the project. Berkus also noted that the Community Council will handle some member issues that the group was ill-suited to handle in the past.
We had a problem with somebody who specifically needed to be expelled
from the project and blocked from rejoining...we didn't have any
structure in place with designated authority to kick this person out,
which is another thing we sort of need.
Another responsibility for the Council will be to assign resources if a company or organization wants to donate developer time to the project, without a specific feature or goal. Also, Berkus noted that the current structure is not set up to handle donations of money. "The first task is to come up with a legal structure that allows us to accept money." Berkus wasn't sure if the the organization would be seeking non-profit status or not. The Council will consist of five project leads elected from the leads of accepted projects, Lang (language) Representatives, a Community Contributor Representative and a representative from Sun. The project leads and language reps will have twelve-month terms, and the Community Contributor will hold a six-month term. Sun's rep will be seated for whatever term Sun chooses. The goal is also to stagger elections so only half of the seats are up for election at one time. When speaking to Berkus, he mentioned that having language group representatives was particularly important. According to Berkus, it can be extremely difficult for non-English speakers to participate in discussion lists that are conducted in English and that being effectively shut out of important lists can lead to misunderstandings and communications issues. "Having them know they have a rep on the Community Council and they have a voice, should do a lot to head off that kind of a problem...they don't have to feel alienated." One thing that is unusual about the Community Council, for an Open Source project, is that some of the work will take place behind closed doors. In fact, the Community Council members will have to sign confidential disclosure agreements. Berkus explained that, from time to time, the group would be discussing plans that relate to Sun's StarOffice strategy and that it wouldn't be prudent to do that in the open where Microsoft could oversee the StarOffice strategy and revise theirs to match. Berkus said that the Community Council would not be likely to dictate new features, though they could help coordinate non-technical members of the Community with the technical teams that could implement new features. As far as new features go, we should be seeing some pretty soon. According to the public roadmap, we should be seeing a public beta of OpenOffice.org 1.1 as early as this month and a final release of 1.1 sometime in July. We all know, however, how changeable software release dates are. From the roadmap and release notes for build 643, OpenOffice.org 1.1 looks to be mostly improvements on existing features and further refinement of the program in general. However, there are a few noteable features that many users will find compelling. At the top of the list is native PDF export capability. Filter support, in general, is also slated to improve in 1.1, including new filters for DocBook, XHTML and FlatXML. A full list of changes can be found on the OpenOffice.org site. Note that this list may be out of date, as it was last updated in September; a few more improvements are listed on the developer snapshot page. Meanwhile, the first OpenOffice.org conference is being held at the end of this week in Hamburg, Germany. Expect more interesting news to emerge soon from this important project which has only begun to shake up the desktop Linux landscape.
Some security notesThis has not been the greatest week for Linux from the security point of view. A new, remotely-exploitable hole in Samba threatens a great many servers worldwide (though one can only hope that there aren't that many Samba servers directly exposed to the Internet); this vulnerability is covered on this week's security page. There is also the ptrace vulnerability in 2.2 and 2.4 kernels. A local user, by attaching to a kernel thread, can obtain root access. Most distributors have patches out for both of these problems, and applying them would be a good idea.Given the distinctly unpleasant state of world affairs at the moment, now is probably a good time for most of us to take a look at the state of our security patches. The number of attacks can only increase over the next few weeks, and some attackers may be even less discriminating than usual in their choice of targets. Some time spent checking systems now could be saved many times over in the near future. Meanwhile, every so often, some company which is making good money selling antivirus software to Windows users decides to try to convince people running Linux that they, too, need that company's help. The latest entrant is this press release from Central Command. Their angle is that the increase in desktop Linux deployments will translate into Virus problems: "A vast majority of these new Linux users are unaware of the existence of Linux-based viruses and security risks associated with Linux..." OpenOffice is singled out for mention as a possible means by which a Linux system could be infected. Of course, a Linux-based virus is not an impossible thing. But a virus running in the wild which bothers more than a very small number of people remains quite unlikely. All of the usual reasons for this apply, but there is one that stands out: Linux developers do not like the idea of strangers running arbitrary code on their systems. So they tend not to write code which provides that capability, and, when somebody figures out how to run something anyway, the problem gets fixed. Quickly. If the original developer won't fix the problem, somebody else will. Quickly. Linux users need not wait until their vendor figures out that letting others run code on their computers is a bad idea. So, while we need to pay careful attention to the security of our systems, we need not accept the claims of companies trying to sell us antivirus products. Keeping systems secure is a matter of careful administration and staying on top of patches; there is no time, or need, to be distracted by companies selling solutions for problems we do not have.
Security Brief items The Samba Vulnerability[This article was contributed by Tom Owen] Samba.org's announcement of 2.2.8 last week had a eerie familiarity. Here's a release prompted by heap overflow in a major open source server component. A fortnight ago it was sendmail -- this time it's Samba, the free SMB/CIFS server. The vulnerability was spotted by the reliably hard-nosed security team at SuSE. Samba team members say there's a risk of remote root compromise; all sites are urged to plan an urgent upgrade. The LWN vulnerability entry has links to distributions' patches, and the new version 2.2.8 which contains the fix.The vulnerability dates back to 2.0.x, which is over four years old. This is the Samba version which introduced domain logon for Windows NT clients. If your server has been updated since 1999, or looks like a domain controller for NT clients then it is vulnerable. The vulnerability is described as a buffer overflow in smbd's message fragment assembly code. Any exploit would send crafted SMB fragments to TCP port 139. Also fixed in the new release is a locally exploitable race condition. Even in a tightly-run site, this vulnerability is a serious threat, potentially allowing root access to local users. What gets plain scary is that there are sites which expose SMB to the Internet. This can't ever be the right thing to do whether the server is Samba or Windows. The problem is not the servers but the protocol. The MS network neighbourhood browser can be easy to use but the price is that anyone can connect to a server and list users, servers and shares -- perfect background for social hacking, and an easy route to find any share which, by error or design, has less than perfect security settings. Security is easier to control down with Samba than Windows,but it is best simply not to expose it to the net at all. The announcement goes into detail on the precautions any Samba site should be taking. They have little to do with the vulnerability -- they don't protect against a local attack -- and every site ought to be doing them anyway. The first step is to make sure that ports for SMB and WINS are blocked at the Internet gateway. This risk is so well understood that many cheap routers include a standardised filter set (typically called something like NETBIOS) to block ports 137, 138 and 139. This is good as far as it goes, but Microsoft is moving away from these ports. More recent Microsoft servers offer SMB directly on TCP at port 445, so this is one more port to block. Samba 2.2 doesn't use 445 but the upcoming 3.0 will. Samba's daemons are not normally run under inetd.conf and so can't be protected by TCP wrappers. The announcement shows how to use smb.conf directives to get similar control:
One of the simplest fixes in this case is to use the 'hosts allow' and
'hosts deny' options
in the Samba smb.conf configuration file to only allow access to your
server
from a specific range of hosts.
An example might be:
hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24
hosts deny = 0.0.0.0/0
The above will only allow SMB connections from 'localhost'
(your own computer)
and from the two private networks 192.168.2 and 192.168.3.
All other connections will be refused connections as soon as the client
sends its first packet.
The refusal will be marked as a 'not listening on called name' error.
It seems rash to put a file server on to your Internet gateway, but a lot of home and small business hosts are setup that way. These sites can control their exposure with 'interfaces=' and 'bind interfaces only = yes' but a cheap basic filtering router is probably a better plan. Samba servers have one extra risk not shared by Windows servers. The Samba Web Administration Tool (SWAT) runs under inetd, normally via TCP wrappers. Care is needed in inetd.conf and hosts.allow to restrict access to SWAT to the local network, and not on the Internet. Alternatively, there are instructions on how to offer SWAT over SSL. One way this Samba vulnerability stands out from Sendmail earlier this month is that it's a bit of surprise. Despite Samba's long history and wide use, it has shown few vulnerabilities which are not a consequence of the SMB protocol. The other way is that malicious exploits appear to have been tested or used before the announcement. SuSE saw anomalous crashes in one of their public servers. Analysis of the logs was enough to persuade the Samba team to bring 2.2.8 release forward -- a truly alarming response. Site administrators should act soon, first to make sure that their SMB is not visible on the Internet, and then to upgrade Samba to 2.2.8. (Thanks to Jeremy Allison for assistance with this article).
March CRYPTO-GRAM newsletterBruce Schneier's CRYPTO-GRAM newsletter for March is out. It looks at Practical Cryptography (a new book he co-authored with Niels Ferguson), the defeat of the SSL patent, and the SSL vulnerability. "By now it should be obvious that hackers don't steal credit card numbers one by one across the network; they steal them in bulk -- by the thousands or even millions -- by breaking into poorly protected networks. Many smaller e-commerce sites don't use SSL to protect their credit card transactions, and even there this kind of attack simply doesn't happen."
New vulnerabilities kernel - ptrace-related vulnerability
lprold - buffer overflow in lprm
lxr - input validation error
man - code execution vulnerability
mysql - configuration file vulnerability
NetPBM: math overflow errors
openssl: local and remote extraction of RSA private key
rxvt - vulnerabilities in the handling of escape sequences
samba - exploitable buffer overruns
Updated vulnerabilities apcupsd - remote root vulnerability and buffer overflows
Heap corruption vulnerability in at
bind buffer overflow vulnerability in DNS resolver libraries
BitchX - denial of service
Canna server: exploitable buffer overrun
CVS - exploitable double-free bug in the CVS server
dhcp3 - ignored counter boundary
dvips: command execution vulnerability
ethereal - format string vulnerability
Filename disclosure vulnerability in fam
fetchmail: buffer overflow
file - memory allocation problem, stack overflow
GNU fileutils race condition
Potential remote root exploit in glibc
glibc: DNS stub resolvers contain buffer overflow vulnerability
IMP - SQL injection vulnerability
kdelibs: Vulnerabilities in KIO subsystem support
kernel-utils: setuid vulnerability
libpng, libpng3: buffer overflow
lynx: CRLF injection vulnerability
perl-MailTools: remote command execution
micq: Denial of service
MySQL: multiple vulnerabilities
mysqlcc - world readable file permissions
nethack: buffer overflow
netscape-flash: buffer overflow
net-snmp: denial of service vulnerability
pam_xauth: root exploit
PHP: vulnerability in mail function
PostgreSQL - more buffer overflows
Local arbitrary code execution vulnerability in Python
qpopper - buffer overflow
Multiple-use vulnerability in Safe.pm
slocate - buffer overflow
snort - buffer overflow
File overwrite vulnerability in tar and unzip
tcpdump - infinite loop
Multiple vendor telnetd vulnerability
typespeed: buffer overflow
usermode - local root compromise
vim - modeline vulnerability
vnc - replay and cookie vulnerabilities
eterm, vte: dangerous interception of escape sequences
wget:directory traversal bug
Problems with libgtop_daemon
Wwwoffle remote privilege escalation vulnerability
zlib 1.1.4 has buffer overrun
Resources LinuxSecurity.com newslettersThe Linux Advisory Watch and Linux Security Week newsletters from LinuxSecurity.com are available.
Events 2003 IEEE Symposium on Security and PrivacyThe schedule for the 2003 IEEE Symposium on Security and Privacy (May 11 to 14, Oakland, California) has been posted.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current development kernel is 2.5.65, which was released by Linus on March 17. It includes a bunch of scheduler work (see last week's LWN kernel page), some IDE work, some devfs trimming, NUMA updates, a PCI update, a number of kbuild updates (including the long-awaited GTK front end for "make xconfig"), various architecture updates, and a long list of other fixes. The long-format changelog has the details.Linus's BitKeeper tree includes an interesting patch which makes the "magic sysrq" functionality available to remote users (via /proc/sysrq-trigger), a PA-RISC update, and a small number of fixes and performance improvements. The current prepatch from Alan Cox is 2.5.65-ac1, which adds a small set of new fixes. The current stable kernel is 2.4.20; Marcelo has released no 2.4.21 prepatches since 2.4.21-pre5, which came out on February 27. Note that 2.4.20 contains a local root vulnerability; if you are running systems with untrusted users, you should apply an update from your vendor or the patch supplied with the vulnerability announcement. Alan Cox has released 2.2.25, which contains the ptrace vulnerability fix (and nothing else).
Kernel development news 32-bit dev_t progressAndries Brouwer released a new set of patches this week which brings the long-planned expansion of dev_t closer to reality. These patches rework the character device infrastructure to make it safe for much larger numbers of devices. For now, at least, it is not even necessary to change any char drivers to work properly with the new code.The first patch clears out the char device code within the filesystem area. This code included a whole structure for tracking devices, managing reference counts, etc. That structure was only used in one place, however, and Andries decided that, rather than fix it up to work with larger device numbers, he would just hack it out altogether. The rest of the kernel will not really notice its absence, for now. The core of the work is in the second patch. Here, the longstanding static chrdevs array is removed. A static array of devices works reasonably well when there is a maximum of 255 of them; it's rather less convenient when there can be thousands of device numbers. In its place is a simple hash table with linked lists of registered char drivers. There is a new way of registering a char driver:
int register_chrdev_region(unsigned int major,
unsigned int baseminor,
int minorct,
const char *name,
struct file_operations *fops);
The new baseminor and minorct arguments describe the range of minor numbers that the driver is prepared to deal with. Char drivers should eventually be converted to the new interface, but there is no great hurry; the register_chrdev() interface is still supported as:
int register_chrdev(unsigned int major, const char *name,
struct file_operations *fops)
{
return register_chrdev_region(major, 0, 256, name, fops);
}
So unchanged char drivers will still work, and will not be confronted with minor numbers greater than 255. For now, drivers requesting a dynamic major number may continue to use the same mechanism: passing major as zero. The mechanism implemented in the patch is not entirely robust, however, and is marked as being temporary. The third patch just cleans things up a bit, and removes the MAX_CHRDEV macro. For the truly adventurous, there is a fourth patch which actually changes dev_t to 32 bits, using a 16:16 split. These patches have found their way into the -mm kernel tree, and are now in need of some serious testing. Should things work out, the 32-bit dev_t expansion may finally get crossed off the 2.5 development list.
Speeding up ext2The 2.5 kernel development process has put a strong emphasis on scalability and performance issues. So it is somewhat interesting that the core Linux filesystems - ext2 and ext3 - have seen relatively little scalability work in 2.5. That is beginning to change, at least for ext2, but this work is raising some interesting questions about what the role of these two filesystems really is.Alex Tomas has recently been working on performance bottlenecks in ext2. His first concurrent block allocation patch attacks the problem of allocating blocks within a filesystem. The current ext2 code takes out the superblock lock before performing block allocation; this means that only one thread can be trying to allocate space in a given filesystem at a time. The first patch created a separate "allocation lock" which protects the small piece of code which actually makes allocation decisions; a later revision creates a separate lock for each block group within the filesystem, thus reducing lock contention further. The patch was greeted with positive reviews. William Lee Irwin reported a throughput increase from 62 MB/s to 104 MB/s on a benchmark he ran, and exclaimed "This patch is a godsend. Whoever's listening, please apply!. Martin Bligh, instead, said "SDET on my machine (16x NUMA-Q) has fallen in love with your patch, and has decided to elope with it to a small desert island." Not bad for a patch which is really a pretty straightforward exercise in finer-grained locking. The block allocation patch was quickly joined by a concurrent inode allocation patch and a distributed counters patch. None of these have found their way into the mainline kernel yet, but they offer enough performance benefits that they will likely get there eventually. Assuming the block allocation patch can be coaxed back from its desert island experience, that is. A question was raised, however: is ext2 the right place for this sort of work? ext2 is generally thought of as the relatively simple Linux filesystem; ext3 is the place for fancy new stuff. There are a couple of reasons why this sort of work tends to find its way into ext2 first, though. One of those reasons is the simple fact that ext3 still has bigger scaling problems. The ext3 filesystem is one of the few places in the Linux kernel that still makes heavy use of the big kernel lock (BKL). As a result, ext3 does not scale well to large systems, and tweaking things like block allocation will not help the real problem. Until the BKL dependency is removed from ext3, most other performance work will not make much sense. Removing the BKL is apparently a somewhat tricky job; at this point, it may well not happen before 2.6 is released. The other reason is that, large-systems scaling issues notwithstanding, ext3 is developing into the default Linux filesystem. For most users, there is little or no incentive to prefer ext2 over ext3; all it takes is one power failure to make the advantages of a journaling filesystem clear. So, as Daniel Phillips put it:
Ext2 is growing into the role of experimental filesystem; Ext3 is
now the stable filesystem. Hopefully, the experiments will make
Ext2 smaller, cleaner and at the same time, more powerful, over
time. Sort of like the role that RAMFS plays: besides being
useful, Ext2 should be thought of as a showcase for best filesystem
coding practices
The role reversal, it seems, is nearly complete. Soon, it will be the ext2 users who are living on the bleeding edge.
Driver porting News from the driver porting seriesThe driver porting series continues to look at block drivers this week. Below you'll find an article on the gendisk interface, which has become rather more important in 2.5. Also available is this article which looks, in detail, at the simplest possible block driver - a naive ramdisk driver for 2.5. As always, the entire series (up to 19 articles now) can be found on this page.
Driver porting: the gendisk interface
Gendisk initializationThe best way of looking at the contents of a gendisk structure from a block driver's point of view is to examine what that driver must do to set the structure up in the first place. If your driver makes a disk (or disk-like) device available to the system, it will have to provide an associated gendisk structure. (Note, however, that it is not necessary - or correct - to set up gendisk structures for disk partitions).The first step is to create the gendisk structure itself; the function you need is alloc_disk() (which is declared in <linux/genhd.h>):
struct gendisk *alloc_disk(int minors);
The argument minors is the maximum number of minor numbers that this disk can have. Minor numbers correspond to partitions, of course (except the first, which is the "whole disk" device), so the value passed here controls the maximum number of partitions. If a single minor number is requested, the device cannot be partitioned at all. The return value is a pointer to the gendisk structure; the allocation can fail, so this value should always be checked against NULL before proceeding. There are several fields of the gendisk structure which must be initialized by the block driver. They include:
The gendisk structure also holds the size of the disk, in sectors. As part of the initialization process, the driver should set that size with:
void set_capacity(struct gendisk *disk, sector_t size);
The size value should be in 512-byte sectors, even if the hardware sector size used by your device is different. For removable disks, setting its capacity to zero indicates to the block subsystem that there is currently no media present in the device.
Manipulating gendisksOnce you have your gendisk structure set up, you have to add it to the list of active disks; that is done with:
void add_disk(struct gendisk *disk);
After this call, your device is active. There are a few things worth keeping in mind about add_disk():
Should you need to remove a disk from the system, that is accomplished with:
void del_gendisk(struct gendisk *disk);
This function cleans up all of the information associated with the given disk, and generally removes it from the system. After a call to del_gendisk(), no more operations will be sent to the given device. Your driver's reference to the gendisk object remains, though; you must explicitly release it with:
void put_disk(struct gendisk *disk);
That call will cause the gendisk structure to be freed, as long as no other part of the kernel retains a reference to it. Should you need to set a disk into a read-only mode, use:
void set_disk_ro(struct gendisk *disk, int flag);
If flag is nonzero, all partitions on the disk will be marked read-only. The kernel can track read-only status individually for each partition, but no utility function has been exported to manipulate that status for single partitions. Partition management is handled within the block subsystem in 2.6; drivers need not worry about partitions at all. Should the need arise, the functions add_partition() and delete_partition() can be used to manipulate the (in-kernel) partition table directly. These functions are used in the generic block ioctl() code; there should be no need for a block driver to call them directly.
Registering block device number rangesA call to add_disk() implicitly allocates the a set of minor numbers (under the given major number) from first_minor to first_minor+minors-1. If your driver must only respond to operations to disks that exist at initialization time, there is no need to worry further about number allocation. Even the traditional call to register_blkdev() is optional, and may be removed soon. Some drivers, however, need to be able to claim responsibility for a larger range of device numbers at initialization time.If this is your case, the answer is to call blk_register_region(), which has this rather involved prototype:
void blk_register_region(dev_t dev,
unsigned long range,
struct module *module,
struct kobject *(*probe)(dev_t, int *, void *),
int (*lock)(dev_t, void *),
void *data);
Here, dev is a device number (created with MKDEV()) containing the major and first minor number of the region of interest; range is the number of minor numbers to allocate, module is the loadable module (if any) containing the driver, probe is a driver-supplied function to probe for a single disk, lock is a driver-supplied locking function, and data is a driver-private pointer which is passed to probe() and lock(). When blk_register_region() is called, it simply makes a note of the desired region and returns. Note that there can be more than one registration within a specific region! At lookup time, the most "specific" registration (the one with the smallest range) wins. At some point in the future, an attempt may be made to access a device number within the allocated region. At that point, there will be a call to the lock() function (if it was not passed as NULL) with the device number of interest. If lock() succeeds, probe() will be called to find the specific disk of interest. The full prototype of the probe function is:
struct kobject *(*probe)(dev_t dev, int *partition, void *data);
Here, dev is the device number of interest, partition is a pointer to a partition number (sort of), and data is the driver-private pointer passed to blk_register_region(). The partition number is actually just the offset into the allocated range; it's the minor number from dev with the beginning of the range subtracted. The probe() function should attempt to identify a specific gendisk structure which corresponds to the requested number. If it is successful, it should return a pointer to the kobject structure contained within the gendisk. Kobjects are covered in a separate article; for all, all you really need to know is that you should call get_disk() with the gendisk structure as the argument, and return the value from get_disk() to the caller. The probe() function can also modify the partition number so that it corresponds to the actual partition offset in the returned device. If the function cannot handle the request at all, it can return NULL. Some probe() functions do not, themselves, locate and initialize the device of interest. Instead, they call some other function to set in motion that whole process. For example, a number of probe() functions simply call request_module() in an attempt to load a module which can handle the device. In this mode of operation, the function should return NULL, which will cause the block layer to look at the device number allocations one more time. If a "better" allocation (with a smaller range) has happened in the mean time, the probe() function for the new driver will be called. So, for example, if a module is loaded which allocates a smaller device number range corresponding to the devices it actually implements, its probe() routine will be called on the next iteration. Of course, there is the usual assocated unregister function:
void blk_unregister_region(dev_t dev, unsigned long range);
The next stepOnce you have a handle on how the gendisk structure works, the next thing to do is to learn about BIO structures.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Kernel building
Memory management
Networking
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials The 'New Releases' Season is Upon Us...[This article was contributed by Ladislav Bodnar] It is that time of the year when commercial Linux companies are readying their new boxes full of the latest and greatest Linux software. While their programmers do the last minute debugging and marketing departments prepare for the grand product launches, for the consumers among us it's time to face the usual decisions: to upgrade or not to upgrade? And should we stick with the existing choice or try a different distribution? Let's take a look at what we can expect to come our ways within the next few weeks.Slackware Linux, the oldest surviving Linux distribution, is the first one to grace us with a new release this season. What's new in 9.0? This question is best answered by this little dialog I noted on a public forum discussing one of the Slackware release candidates. The question: "What has Slackware accomplished? Red Hat has given us plenty of useful utilities, SuSE has developed YaST, Mandrake has drakconf, but what about Slackware? All they do is compile packages that others develop and put them on a CD, nothing extra, no major accomplishment." And this was one reader's reply: "Thank you, Slackware, for not putting anything extra into your distribution. This is why you develop the most stable, dependable and bug-free Linux distribution on earth!" Yes, Slackware is like a medieval city surrounded by modern skyscrapers, a stark contrast of an installer and package management tools developed in mid-nineties, together with the most up-to-date software found in any distribution. The result is highly appealing as demonstrated by Slackware's continuing popularity as the tool of choice for many seasoned Linux users and administrators. Suggest that they switch to something else and they'll laugh at you... MandrakeSoft will launch Mandrake Linux 9.1 shortly. Users who have tested the release candidates have reportedly been impressed with the product's stability and lack of major bugs as well as some of the new features. What can we expect? One of the main new features is the inclusion of a NTFS partition resizing tool, which makes Mandrake only the second distribution, after Xandros Desktop, offering this feature. A new theme called "Galaxy", running under both KDE and GNOME desktop environments, has been revealed to make the user interface more consistent. Another new and long overdue feature is "zeroconf" which promises to make network configuration as easy as plugging the cables into your network's workstations and servers. All this, together with the fact that the applications on offer were chosen by their users, the MandrakeClub members, and you seemingly have a winner. Of course, there is a big question that has to be answered sooner or later. Will 9.1 be the MandrakeSoft's last release in its present form? Or will the company survive their financial woes and come out as strong as before? MandrakeSoft's practice of releasing a new version to the FTP servers at the same time it goes to the manufacturer allows many people to download the release before the boxed sets are available. This practice has pleased Mandrake users, but it also cuts into Mandrake sales. Their customer support was reported to be far from top-notch. Producing a quality distribution is the first priority, but there is much more to generating revenue. Mandrakesoft has a thin line to walk to generate the revenue they need to survive, while keeping their customers happy with cutting edge software that is freely available. If they can do that, we will likely see many more Mandrake releases in the years to come. SuSE Linux AG has announced that a new release, version 8.2, will be available on April 3 in Europe and on April 14 in North America. Besides all the latest software, the new release claims to be the first distribution shipping a professional video editing application called MainActor. The release also provides improved wireless networking support, tools for automatic network reconfiguration for mobile computer users as well as further improvements to the YaST configuration utility and enhanced security. Certainly a very tempting bunch of features. Other major distributions will no doubt follow soon. Red Hat, which traditionally does not pre-announce final releases, has produced three betas of its upcoming Red Hat Linux 8.1 and even the Debian developers have started talking about a package freeze of their testing branch called "Sarge". The next two months will be highly interesting for the industry while all the major players try their best to please the consumers. We will be watching the competition with great interest. Of course it's not just the major players that are announcing new releases. Below we have new release announcements from Immunix and Yellow Dog Linux. Who knows, maybe even the long awaited Gentoo Linux 1.4 will be out soon.
Distribution News Slackware 9.0 releasedSlackware has quietly announced the release of Slackware Linux 9.0 in a change log entry. "Tue Mar 18 01:44:41 PST 2003Slackware 9.0 is released... happy release day!"
Yellow Dog Linux 3.0 releasedYellow Dog Linux 3.0 has been released; it includes all the latest software, of course, along with improved Apple hardware and "Mac-on-Linux" support.
Immunix Secured Linux 7+ ReleasedWireX Communications has announced the release of Immunix Secured Linux 7+. Based on Red Hat Linux 7.0, Immunix includes security updates for dozens of vulnerabilities, compiled with WireX's StackGuard and FormatGuard modifications. The 2.2.19 Linux kernel is extended with several Openwall technologies as well as WireX's SubDomain mandatory access control technologies.
Mandrake Linux 9.0 for AMD 64-bit technology is available.MandrakeSoft announced the release of Mandrake Linux 9.0 for Opteron® processors based on AMD 64-bit technology. "This development will lead to a planned release in April 2003 of the 'Mandrake Linux Corporate Server 2.1' for AMD Opteron®, a product dedicated to server deployment in medium to large accounts. Later in June 2003, MandrakeSoft will release 'MandrakeClustering' for Opteron®, an easy-to-use clustering solution designed to answer needs in the intensive calculation area that will greatly benefit from the power of AMD 64-bit technology."
Debian GNU/LinuxThe Debian Weekly News for March 18, 2003 is available. This issue covers the work of the French chapter of the Free Software Foundation Europe, and others, have been doing to have Free Software classified as an intangible world cultural heritage term by the UNESCO. Also DPL elections, Debian Project at CeBIT and OOoCon, and more.Debian Planet reports that KDE 3.1 is now (finally) complete in 'sid'. Uploads of the missing pieces, kdenetwork and kdepim have been accepted into the archive. Linux Orbit installs Debian Gnu/Linux on a Rebel NetWinder 3100 and provides a description of the process. This Debian Planet article points to three Debian-based live-cd projects: KNOPPIX, GNOPPIX (in German), and Morphix. We've added another one, see TrX in the 'New Distributions' section, below.
Gentoo Weekly Newsletter -- Volume 2, Issue 11The Gentoo Weekly Newsletter for March 17, 2003 is available. This week's issue contains an update from the Game Developers Conference; GWN is looking for contributors; rsync.gentoo.org shows signs of strain as Gentoo Linux continues to grow; Gentoo Linux launches a "hardened Gentoo" effort; and new items at the Gentoo Store.
"Learning Red Hat Linux, Third Edition" Released by O'ReillyO'Reilly has released Learning Red Hat Linux, Third Edition. "The third edition of "Learning Red Hat Linux" eases newcomers into the world of Linux, guiding them through the process of installing and running Red Hat Linux on their PCs. Written in a friendly, easy-to-understand style, this book contains all that readers will need to get started, including the complete Red Hat 8.0 distribution on CDs. With new tutorials covering OpenOffice Tools and the desktop, this book is ideal for first-time Linux users who want to install the operating system on a new PC or convert an existing system to Linux. Throughout the book, the author addresses security issues on a level appropriate for a beginning user."
New Distributions TrustedDebian beta releaseAs reported on DebianPlanet, the first TrustedDebian beta release is now available. TrustedDebian is an upgrade to Debian 3.0 which adds stack protection, address space layout randomization, FreeS/WAN, and some recent security packages. Future releases will include RSBAC mandatory access controls (which distinguishes this project from other secure Debian efforts, which are using SE-Linux).
TrXTrX is a project that aims to produce a Debian GNU/Linux-based desktop router and firewall package based on Knoppix. This Turkish distribution boots directly from CD-ROM, so there is no hard disk installation necessary. The initial Freshmeat release of TrX, version 3.2, was made available March 12, 2003.
freevixfreevix is a tiny GNU/Linux distribution designed to provide a complete but small foot print environment for people wanting to build a media player system with Freevo. Initial version 0.2 was released March 12, 2003.
Minor distribution updates Ark LinuxArk Linux has released v1.0-0.alpha7.1. Ark Linux is designed especially for desktop use, primarily for people without prior Linux experience.
MoviXMoviX has released v0.8.0pre2 with major feature enhancements. "Changes: Menu entries to play all audio/video files of a CD/DVD drive or hard drive partition have been added. TV-out support has been improved. Many SCSI and USB modules and DHCP support have been introduced. Hardware auto-detection and audio card support has been greatly improved." MoviX v0.8.0pre3 is also available.eMoviX is another branch of the MoviX project. This micro (7MB) Linux distribution is meant to be embedded in a CD together with all video/audio files you want. eMoviX version 0.8.0pre6 was released March 13, 2003.
Server optimized LinuxServer optimized Linux has released v16.00 with major feature enhancements. "Changes: This release contains recent packages such as the Linux kernel 2.4.20, Apache 1.3.27, Sendmail 8.12.8, OpenSSL 0.9.7a, MySQL 3.23.55, etc. There is also an update system now available."
Trustix Secure LinuxTrustix Secure Linux has released bug fixes to file, tcpdump and man.
Distribution reviews Who Wins the Shootout? (OfB.biz)Open for Business concludes the Penguin Shootout and announces the winner. "In our series, we've looked at Xandros Desktop Deluxe 1.0, Mandrake Linux 9.0, Red Hat Linux 8.0, SuSE Linux 8.1, and Lindows OS 3.0. Additionally, several distributions that did not receive a full review this time around but were also considered for the top spot include Lycoris Desktop/LX Amethyst, Knoppix 3.1, and Ark Linux Alpha 6 (the former two of those will join us in the next shootout)."
The state of SuSE (Register)Robin "Roblimo" Miller interviews SuSE U.S. representative Holger Dyroff, about SuSE's new products, trends in Linux desktop/consumer use, and more. "The new announced SuSE Linux 8.2 will not be a successor of the SuSE Linux Office Desktop but a new version of our successfull Personal and Professional series!"
UnitedLinux Operating System (ZDNet)ZDNet carries an in-depth look at UnitedLinux, from Gartner. " UnitedLinux is scalable to handle server configurations with increased processors, tasks, threads and users. As such, it supports asynchronous input/output for busy systems and methods to enhance process scheduling on symmetric multiprocessors (SMPs) and can be used to build server farms for workload management. For high availability, UnitedLinux supports Posix-compliant event logging and notification, dynamic probes for profiling and debugging, hot-plug PCI support, and record- and event-tracing mechanisms. It also provides a variety of security features, such as Kerberos network authentication and basic firewall configuration. At the foundation of UnitedLinux is a core set of components, including the Linux kernel 2.4.19, GNU Compiler Collection (GCC) 3.2, glibc 2.2.5, K Desktop Environment (KDE) 3.0 and XFree86 4.2. The 2.4.19 Linux kernel includes several hundred patches."
Page editor: Rebecca Sobol Development Module configuration with gmodconfigFootNotes has an announcement for version 0.2 of gmodconfig. The 0.2 release is further documented on the gmodconfig status page. According to the gmodconfig overview:
gmodconfig aims to provide a simple way for end-users to download, install, configure and update Linux kernel modules, in the language of their choosing, through an easy-to-use graphic interface.
By using gmodconfig, a user does not have to know how to modify the modules.conf configuration file in order to effect module parameter changes. Gmodconfig has the ability to pull XML encoded module parameter information from the module's web site via an XSA file that is created by the module author. The information is used to create a dynamically built user interface for configuring the module. Gmodconfig also keeps track of the module description and available versions. There does not appear to be a large assortment of XSA files available for modules at this point in time. Gmodconfig can control the installation, removal, and configuration of loadable modules, simplifying configuration of devices with lots of configuration options. The gnodconfig screenshots page shows some examples involving the configuration options for a USB camera driver. More information on gmodconfig can be found in the online Manual and FAQ, the code is available for download here.
System Applications Audio Projects Ogg TrafficThe March 18, 2003 edition of Ogg Traffic is available with the latest Ogg Vorbis audio compression software news. Discussion topics include: It's Ogg, not OGG!, Vorbis Decoder from Scratch, Asterisk PBX supports Speex, Speex heading for the RFC Track, WinAmp needs You!, and more.
Database Software MySQL 3.23.56 has been releasedVersion 3.23.56 of the MySQL database has been released. "This is a bugfix/security enhancement release for the current production version."
Printing PyKota 1.01 availableVersion 1.0.1 of the PyKota print quota system is available. "Several functionnalities were added : account only mode (no quota enforcement), possibility to choose the recipient(s) of email messages, default values for configuration. Manual pages were added, and redistribution/modification terms of the official package (paid for) are now fully GPL compliant."
Web Site Development Apache Mod_python 3.0.3 is now availableVersion 3.0.3 of mod_python, the Python language extension to the Apache web server, is available. "This release works with Apache HTTP Server 2.0. Please note that this version will not work with older releases of Apache HTTP Server." See this announcement for more information.
CMFOODocument Version 0.2 Released (ZopeMembers)Zope Members News reports on the release of CMFOODocument. "A new feature release of OpenOffice Documents for "icoya Content & Collaboration Management" http://www.icoya.com has landed. With CMFOODocument OpenOffice Writer files can easily be integrated inside your Plone site. The OO-Documents are converted by XSL transformation into HTML."
ZODB4 alpha 1 releasedThe alpha 1 release of ZODB is now available. "This release contains essentially the same software that will be in the upcoming Zope3 milestone release. This version of ZODB is very different from ZODB3. The Persistent base class is a new-style class, allowing persistent objects to use many of the features of Python 2.2 new-style classes."
Desktop Applications Audio Applications BEAST/BSE 0.5.0 is releasedFootNotes mentions that a new version of BEAST/BSE, the BeDevilled Audio SysTem/Bedevilled Sound Engine, is available. BEAST works under GTK+/GNOME.
Swami 0.9.1 releasedVersion 0.9.1 of Swami, a MIDI instrument patch editor, has been released. "The main focus of this release is support for the new FluidSynth 1.0.0 (was called iiwusynth)."
WaveSurfer 1.5 releasedVersion 1.5 of WaveSurfer, an audio editing application, has been released. The changes include support for packed 24 bit files, playback highlighting for transcription lables, support for Snack 2.2.1, bug fixes, and more.
Desktop Environments GNOME 2.2.1 releasedFootNotes has an announcement for the GNOME 2.2.1 Desktop and Developer Platform. The 2.2.x series is devoted to bugfixes, translations, and general polish of our major 2.2 stable release. We strongly recommend upgrading to 2.2.1 in particular, as it contains the Best Nautilus Release Ever. Faster and more stable than ever before, the Captains of Nautilus have done it again. Bravo!" GNOME 2.2.1 is available here.
Evolution 1.4 Preview 1 availableThe first preview of Evolution for Gnome 2 is available for testing.
GNOME SummaryThe March 3-15, 2003 GNOME Summary is out with the latest assortment of GNOME news.
KDE-CVS-Digest for March 14, 2003The March 14, 2003 edition of the KDE-CVS-Digest is out. "This week in KDE-CVS-Digest, our big feature is a review of the status of the KDE HEAD branch. We cover everything from virtual folders in KMail to Konqueror, Kontact and more."
Web Shortcut Goodness: KDE Support for FeedsterKDE.News looks at the Feedster RSS search engine, which now works under KDE. "Fortunately, adding support for Feedster (and Google News) to KDE proved to be quite trivial. The man behind Feedster was so amazed, he put up a blog entry full of praise for KDE!"
Graphics GNOME 2 version of DiaFootNotes looks at version 0.91 of the Dia diagram tool. "The all free Visio like diagram tool Dia is finally availble in a GNOME 2 version. After 9 months of work on changing over to Gtk 2.0 they proudly present version 0.91 of Dia."
Interoperability Wine Weekly NewsIssue #161 of the Wine Weekly News is out. Topics include: WineX 3.0 Preview, Thread Latency, Petzold Example Programs, Named Pipe Patch, Lightwave, and Need New Winsock Maintainer.
Office Applications AbiWord Weekly News #135Issue #135 of the AbiWord Weekly News is out. "Various issues come up for a word-processor that wants to support numerous languages. It's a good thing that such things may one day have a Twiki page to cover them. Have you noticed that to the left? Yes, under the "Support" heading, you'll notice Twiki has gained its own page."
LyX 1.3.1 is releasedVersion 1.3.1 of the LyX GUI interface to the TeX typesetting program has been released. "As expected this is a maintenance release, which adds some polish to the new features of LyX 1.3.0 (especially the Qt frontend) and also fixes some significant bugs in the math editor and the lyx2lyx import script. We also threw in a few new features (new textclasses, latex import improvements) for good measure."
Web Browsers Mozilla 1.3 releasedMozilla 1.3 is out; new features include spam filtering, rich text editing, image auto-sizing, and lots of fixes; see the release notes for details.
Mozilla 1.4 Alpha Coming Soon (MozillaZine)Version 1.4 Alpha of the Mozilla browser is coming soon. "Right now the freeze is scheduled for midnight on Wednesday 26th March with the release targetted for Friday 28th March."
Galeon 1.2.9 Released (GnomeDesktop)Version 1.2.9 of the Galeon lightweight web browser has been announced. This is a compatibility release that adds support for Mozilla 1.3 final. There is also a small fix to the gcc abi wrapper so that realplayer and other old plugins work properly even when galeon and mozilla are compiled with gcc 3.x. The code is available for download here.
Miscellaneous French Translation of ChatZilla 0.8.24 Available (MozillaZine)MozillaZine has an announcement for version 0.8.24 of the ChatZilla IRC client, which now supports the French language.
Languages and Tools Caml Caml Weekly NewsThe March 11-18, 2003 edition of the Caml Weekly News is out. Topics include Ocaml-beginners ML, monads for dummies, poll - need for a good introductory OCaml book, Beta release of lablgtk2, and OCaml popularity.
Java ONJava Newsletter (O'ReillyNet)O'Reilly has published the ONJava Newsletter for March 13, 2003. "This week we have two interesting articles that will help you reduce the amount of code you write. (As they say, you know you're on the right track when you can remove code and add functionality.)"
Getting started with JML (IBM developerWorks)Joe Verzulli talks about JML on IBM's developerWorks. "The Java Modeling Language (JML) is a notation for detailed design that encourages a new way of thinking about methods and classes. In this primer, Java programming consultant Joe Verzulli introduces JML and some of its most important declarative constructs."
Perl RTF::Parser: Plea for Help (use Perl)UsePerl mentions that help is needed for the Perl RTF::Parser module. "I'm looking for people who have used it to send me code they've written using it, on which I can start to build tests for it."
The Many Dates and Times of Perl (O'Reilly)Dave Rolsky covers a number of date and time concepts in Perl.
This Week on perl5-porters (use Perl)The March 10-16, 2003 edition of This Week on perl5-porters is out. Topics include Pseudo-hash deprecation, Posixly////, Imaginary signals, and more.
This week on Perl 6 (O'Reilly)The March 9, 2003 edition of This week on Perl 6 is out. Article topics include: Object Specs, IMCC and multiple source files, Patch Roundup, Coroutines end and DFG, SableVM, Parrot 0.0.10 freeze, Signal/slot like mechanism, and more.
Parrot v0.0.10 'Juice' released (use Perl)According to Use Perl, version 0.0.10 of Parrot has been released.
PHP PHP 4.3.2RC1 ReleasedPHP 4.3.2RC1 is available. "This is the first release candidate and should have a very low number of problems and/or bugs. Nevertheless, please download and test it as much as possible on real-life applications to uncover any remaining issues."
Working with Forms in PHP, Part 1O'Reilly has an article on working with forms in PHP. "PHP is handy for templating and displaying dynamic data, but you're missing its full power until you handle user data. John Coggeshall explains how PHP 4.3 handles form submissions securely and sanely."
PHP Weekly SummaryTopics on this week's PHP Weekly Summary include: 4.3.2 RC 1, php-dev name change, 4.3.2 Windows issues, error docref, language on PHP web site, and Iterating objects with Interfaces.
Python Dr. Dobb's Python-URL!The Dr. Dobb's Python-URL for March 17, 2003 is available, with weekly news and links for the Python community.
Python-dev SummaryThe Python-Dev summary, covering development activity for the first half of March, is available. Topics covered include the real difference between tuples and lists, capabilities, and more.
Ruby Ruby Weekly NewsTopics on the March 17, 2003 edition of the Ruby Weekly News include: Preventing method overriding, and Dynamically creating methods.
Tcl/Tk Dr. Dobb's Tcl-URL!The Dr. Dobb's Tcl-URL! for March 17, 2003 is available with the usual collection of useful Tcl/Tk information.
XML Using SAX for Proper XML Output (O'Reilly)Uche Ogbuji discusses the use of SAX on O'Reilly. "There are other tools for helping with XML generation. In this article I introduce an important one that comes with Python itself. Generating XML from Python is one of the most common XML-related tasks the average Python user will face; thus, having more than one way to complete such a common task is especially helpful."
Truth in AdvertisingKendall Grant Clark covers XML subsetting and namesetting on O'Reilly. "In this week's column I will focus on two of the bread and butter issues of the XML development community: XML subsetting and XML namespace management. While both of these issues are among the permanent topics of conversation (that is, "permathreads") on the XML-DEV mailing list, this time around there are some interesting wrinkles which make reviewing the conversations worthwhile."
Miscellaneous MLton 20030312 releasedVersion 20030312 of MLton, a whole-program optimzing compiler for Standard ML that runs on X86 machines, is available. "Improvements include support for source-level profiling of both time and allocation, an updated basis library matching the 2002 specification, and new basis library modules for sockets and networking."
Page editor: Forrest Cook Linux in the news Recommended Reading Spectrum For All (CIO Insight)Lawrence Lessig writes about wireless spectrum on CIO Insight. "The issue here is spectrum -- that swath of electromagnetic radio frequencies that is used today for everything from AM radio to Wi-Fi networks. The FCC regulates this spectrum. How they do so is about to change. The command and control model of spectrum regulation that defined FCC policy for most of the 20th century will certainly crumble. The only question is what policy will take its place."
Why Open Source Stifles Innovation (Strategy+Business)Here's a delightful attack on free software in the Spring issue of Strategy+Business magazine (registration is required to read it). "The 'viral' quality of GPL software is intentional: Proponents happily acknowledge that the goal is to undermine incentives to create software that carries a price tag. But for those of us without ideological qualms about software as private property, the wall that GPL erects between open source and proprietary software seems unfortunate." They would, of course, be happier with a one-way wall. (Thanks to Anand Vaidya).
The commoditization of software (ZDNet)Here's a ZDNet column on the economic effects of free software. "A large component of America's economy is information technology, and free software undermines demand for such products, thus hampering recovery and increasing the attractiveness of outsourced development. Furthermore, given the general lowering of software price expectations initiated by the popularity of free alternatives, interest in outsourced development only rises."
A study of Linux (The Boston Globe)This Boston Globe Intelligence column visits with three members of the Boston Consulting Group's Strategy Practice Initiative, as they study a map showing most frequent contributors to Linux, with different colors indicating the number of contributions each has made. "Robert Wolf, Philip Evans, and Mark Blaxill have plenty to say on the topic of Linux. They've been studying it, and open source in general, for more than two years to see whether more general lessons can be learned from the phenomenon. When I stopped by Wednesday night, the three sounded optimistic that they were on to something."
Trade Shows and Conferences Linux conference to launch this summer (vnunet)Vnunet looks forward to LinuxWorld UK 2003. "LinuxWorld 2003 Expo will take place on 3 to 4 September in Birmingham. Although other technology conferences have struggled, organisers are convinced that the subject matter will guarantee a wide audience."
Companies Michael Robertson: the Steve Case of Linux (NewsForge)This NewsForge article compares Michael Robertson (Lindows) to Steve Case (AOL). "Lindows is to Linux as AOL is to the Internet: a cut-down, simplified version with a proprietary interface. Robertson, like Case, realizes that his market is not sophisticated users, but those who are just starting out -- in this case with Linux rather than the Internet." (Thanks to Ashwin N)
MySQL: A threat to bigwigs? (CNN)CNN takes a look at MySQL. "MySQL is used in four million installations around the world, Mickos estimates. The product gets downloaded for free off the company's site about 30,000 times a day."
Linux Adoption The Open Source MovementLinda Wedemeyer, M.D. writes about The Open Source Movement from a medical point of view. "What I learned from the question that I posted to the AMIA list group is that open source for healthcare is a movement in its infancy (Shreeve, 2003). Products have been in the development stage for several years, and it is only recently that real world implementations are occurring."
Legal New Texas Bill Moves Software Acquisition Reform Forward (Linux Journal)Doc Searls looks at possible software acquisition policy changes in Texas in the Linux Journal. "It seems there's a fundamental problem for many state governments that want to acquire and use free software: they can't buy it. Literally. That's because the state software acquisition process doesn't know what to do with software that nobody owns or sells."
Interviews Wrapped up in Crypto Bottles (Heise)Heise Online interviews John Perry Barlow. "I fear that Digital Rights Management today is Political Rights Management tomorrow. That embedding these kinds of technological controls into the very architecture of computing has the capacity to become a form of political control in the not so distant future."
Why Desktop Linux Should Give Microsoft Nightmares (MicrosoftWatch)Here's an interview with Lindows.com CEO Michael Robertson in Mary Jo Foley's MicrosoftWatch column. "Robertson: We're about choice and lower costs. Microsoft is about locking their customers into longer contracts with higher costs to try and get more milk out of the same cow. Consumers aren't stupid. They know they're being extorted to sign up for these programs, but there's been little choice. Desktop Linux now gives them real choice."
Linuxfr.org interviews Guido van RossumLinuxfr.org has an interview with Python creator Guido Van Rossum. "Whether you're currently programming in C, C++, Java or Perl, Python has certain advantages that you should at least be aware of: clarity of expression, readability, maintainability, all in an attractive open source package with a large standard library and an even larger supply of open source third party software." Scan down the page for the English version of the interview.
Oracle's 'Mr. Linux' (News.com)News.com talks with Wim Coekaerts about Oracle on Linux. "How many people do you have working on Linux at Oracle? If you talk about Linux kernel stuff, there are about 1,000 people that actually do development work. It's been that way for a long time, but we just have not been very public about it. Linux is Unix. When you have a lot of Unix competency in your company, it's really very easy to switch and doesn't take too long." (Thanks to Ashwin N)
The Next Revolution: Smart Mobs (O'Reilly)O'Reilly has an interview with Howard Rheingold on the topic of smart mobs. ""The people who make up smart mobs cooperate in ways never before possible because they carry devices that possess both communication and computing capabilities. Their mobile devices connect them with other information devices in the environment as well as with other people's telephones," he says. The result is a third computing revolution, after the PC and the Net, in which individuals once again have the power to put themselves together in collectives of their own choosing."
Reviews The Definite Desktop Environment Comparison (OSNews)OSNews has posted a lengthy comparison between the most popular desktop environments. "So many operating systems and so many graphical desktop environments... This article is a comparison of the UI and usability of several Desktop Environments (DEs), that have been widely used, admired and reviled: Windows XP Luna, BeOS 6 (Dano/Zeta), Mac OS X Aqua and Unix's KDE and Gnome. Read on which one got our best score on our long term test and usage."
Hackers Meet Soldiers (O'Reilly)This O'Reilly article looks at OpenBSD. "OpenBSD has focused on security, reliability, and quality since its launch over 7 years ago. The team follows such standards as POSIX, ANSI, and most of X/Open. Since 1996, formal audits [see sidebar on security and audits] of the base system's source code have further buttressed its reputation for security. Thousands of companies, including Adobe and Network Security Technologies, Inc., use OpenBSD, although many of them keep their choice private for security reasons."
Egoboo: The Cute Way to Dungeon Role Play (O'Reilly)Egoboo is an open source dungeon crawling game. This O'Reilly article examines the project, its history, and its future. "Aside from the OpenGL and SDL APIs, the rest of the codebase is original and was written in C by the Bishop brothers. They did borrow the Quake II model format for game characters, however, to avoid the work of writing their own modeling program from scratch. An extra, obvious benefit is that this decision makes customizing Egoboo much easier: the mod community is full of people who are familiar with creating Quake II models."
Miscellaneous It's a Cycle of Life Thing: Managing Linux Releases (O'ReillyNet)The O'ReillyNet explores an old idea for improving enterprise Linux adoption by separating applications from the core OS. "The release of the 2.4 series kernel made a lot more functionality available to developers, and the Linux community has taken advantage of it with wild abandon. With the release of Red Hat 7.3 (and SuSE 8.0, and most other Linux distributions from about mid-2001), I noticed a sudden bump in the number of applications available and a radical change in the dependencies in any given distribution, release after release."
Page editor: Forrest Cook Announcements Non-Commercial announcements UK Campaign for Digital Rights condemns German PC levyHere's a press release from the UK Campaign for Digital Rights, which is fighting against a German initiative to charge a 12 Euro levy on on every PC sold. The levy -- to be imposed under a three-year old law -- will supposedly compensate copyright holders for copyright infringement by PC users.
Voting: OpenOffice.org Community Council ProposalVoting is open for the OpenOffice.org Community Council Proposal. You may want to read this voting tip before proceeding.
Commercial announcements ActiveState Sponsors pVoice (use Perl)Use Perl reports that ActiveState will be sponsoring development of pVoice, which allows people with disabilities to communicate with a computer.
Central Command predicts Linux viable channel for virus infectionsHere's a press release from Central Command, a provider of anti-virus software, warning us that Linux viruses are on the rise.
Free Software behind Indian telephone directoryIndia's largest telephone company, Bharat Sanchar Nigam Ltd., has turned to Free Software to help it print this year's directory for its subscribers in the southern State of Kerala, the country's most literate State and the place where the Free Software Foundation of India was launched by Richard M. Stallman two years ago.
Hitachi and Codehost to sell Linux-based tablet systemsHitachi and Codehost have announced a partnership to develop and sell wireless tablets running Linux. Codehost's contribution appears to be, primarily, a handwriting recognition interface. The target market is the healthcare industry.
HP and Red Hat do a dealRed Hat and HP have announced a new deal; HP will become a "global services provider" for Red Hat's Enterprise Linux products. Red Hat will back up HP for difficult problems.
IBM Linux case study: wireless truckingIBM and Rocksteady Networks announced that the companies will provide the infrastructure for Columbia Advanced Wireless (CAW) to offer high speed wireless Internet access at more than 1,000 truck stops throughout the country. Rocksteady software loaded on IBM's Intel-based servers running Linux will enable truckers to connect to the Internet through 802.11 Wireless Local Area Networks (WLAN'S) deployed by Columbia Advanced Wireless.
Lindows systems on store shelves in CanadaAccording to this press release, systems running Lindows can now be found on the shelves at The Brick stores across Canada.
Motorola phones to run MontaVista LinuxMotorola has sent out a press release stating that Motorola's Linux-based handsets, starting with the A760, will be running MontaVista's "Consumer Electronics Edition" of embedded Linux.
OpenEAI Project Releases Functional Open Source Sample EnterpriseThe OpenEAI Software Foundation has released the first version of the OpenEAI Sample Enterprise, comprised entirely of open source software. The sample enterprise consists of a set of working components developed exclusively with the OpenEAI foundation APIs and supporting technologies.
Plone Training in Europe : French, English, GermanZope Members' News has an announcement concerning a European training program for the Plone web platform. "Ingeniweb, leading french company for Zope hosting and engineering is proud to announce the availability of its latest training concerning the famous CMF/PLONE in 3 languages".
Progeny's Linux Platform ManagerProgeny has announced the availablity of its "Linux Platform Manager." Essentially, the Platform Manager is a web-based tool which enables the creation and maintenance of custom Linux distributions. As such, it could be useful for large IT departments which maintain a version of Linux for a company, or for companies which distribute Linux as part of a larger product. Naturally, there is a whole set of associated services available for interested companies to buy.
Sleepycat Software Adds Support for Carrier Grade LinuxSleepycat Software, Inc. has announced the immediate availability of Berkeley DB for Linux operating systems that comply with the OSDL Carrier Grade Linux (CGL) 1.1 feature set.
SourceForge Sitewide updateThe SourceForge Sitewide update for March 18, 2003 is out with the latest SourceForge news.
Trustix business partner, SHAF secures infrastructure of Asia's largest digital TV news stationTrustix AS announced that their Indian business partner Shaf Information & Teknologies Pvt. Ltd. (SHAF), has recommended Trustix Linux Solutions for Asias largest digital television news station, Sahara TV. The solution will comprise of Trustix Firewall, Proxy, Mail and Intrusion Detection servers running on IBM eServer xSeries hardware.
UnbreakableUnitedLinuxOracle and UnitedLinux have announced that Oracle will make its "Unbreakable Linux" platform available for UnitedLinux.
Resources ''Introduction to GNOME 2.2'' availableA new version of "Introduction to GNOME", updated for GNOME 2.2, is available on the web.
GNOME 2.2.1 Desktop User Guide V2.5 ReleasedAccording to FootNotes, a new version of the GNOME Desktop User Guide has been released.
Evans Data on where Linux developers come fromEvans Data Corporation put out a press release on its latest study, which looks at where Linux developers are coming from. "Although Linux may have initially drawn converts from the Unix community the survey found that more than half of Linux developers, 52%, used to primarily target the various forms of Windows, 30% of developers came from some form of Unix."
Name Resolution and Browsing in Samba, Part 1O'Reilly has made part of the book Using Samba, 2nd Edition available. "This excerpt from Chapter 7 of Using Samba, 2nd Edition focuses on name resolution using WINS, which is supported by Samba with the nmbd daemon."
Ecasound tutorials onlineA new page full of Ecasound Documentation - Tutorials, Articles and Other Such Resources is available online. Ecasound is a multi-track audio recording, playback, and processing tool.
Minutes of the mozilla.org Staff Meeting (MozillaZine)MozillaZine has the minutes of the Mozilla.org staff meeting available online. "Issues discussed include Mozilla 1.3.1; plans for 1.4; changing the compiler and OS on Linux; redistributing the time periods assigned to the alpha, beta and final stages of the development cycle; distributing Mozilla to developing countries on CD; and the Why Use Mozilla documents from Mozilla University."
Upcoming Events CFP: EuroPython Conference 2003A Call for Participation has gone out for the EuroPython Conference 2003. The conference will be held in Charleroi, Belgium on June 25-27, 2003.
KDE and the 3rd Linux Accessibility ConferenceKDE.News reports on the KDE presence at the 3rd Linux Accessibility Conference, which will be held on March 20 and 21, 2003 in Los Angeles, CA.
GNOME and 3rd Linux Accessibility ConferenceFootNotes covers the GNOME presence at the upcoming 3rd Linux Accessibility Conference.
Events: March 20 - May 15, 2003
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Miscellaneous GNOME Germany has got a mascotAccording to FootNotes, GNOME Germany has selected a new mascot, Gnobble the Gnome.
Final W3C patent policy draftThe World Wide Web Consortium has released yet another patent policy draft; there is a review period going through the end of April. According to the press release: "The W3C Royalty-Free license requirements are now consistent with generally recognized Open Source licensing terms." The policy still allows patent holders to impose field-of-use requirements, however. For details, see the policy draft or the "last call issues list" which gives the working group's responses to concerns with the previous draft.
Page editor: Forrest Cook Letters to the editor Who says Netscape's *lost*?
You assume the browser war is over.
Page editor: Jonathan Corbet
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
