LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for August 21, 2008One week of infrastructure issuesOn August 14, Fedora leader Paul Frields sent out a terse announcement regarding "an issue in the infrastructure systems" supporting the project. This "issue" could lead to some service outages, for which he apologized. Also included in the note was this ominous warning:
We're still assessing the end-user impact of the situation, but as
a precaution, we recommend you not download or update any
additional packages on your Fedora systems.
As this article is written (August 20, just barely in time for the LWN weekly publication deadline), there have been a couple of uninformative updates, but the situation persists and nobody seems to know what is really going on. The Fedora team, it would seem, is quite good at keeping secrets when the need arises. As a result, Fedora users worldwide have spent almost a full week wondering what has happened and whether they need to be worried about it. In such a situation, there is a delightful amount of space for wild speculation. Your editor does not usually start his drinking binge until after publication, but, for the purposes of interpreting the following, one should assume that it was already well underway. This "issue" could be explained by any of the following:
The real point of this being, of course, that none of us know what is going on, creating a situation described by Alan Cox as "leaving people in the dark assuming the worst - a very bad way to create long term trust." Distributors occupy a crucial part of our ecosystem; they absolutely need to have the trust of their users. There is just too much that can go wrong at that level. One can only assume that something fairly serious has happened. By all accounts, the Fedora team has been working flat-out to get things resolved as quickly as possible; they seem to be doing an exceptional job under a great deal of pressure. They have undoubtedly earned a big round of thanks - and lots of beers - from the Fedora community as a whole. But Fedora's leadership appears to have failed here. If Fedora users need to be concerned about the software running on their systems, they should have been told by now. If they can relax and stop worrying, they should have been told that as well. Instead, the Fedora user community has been left wondering for nearly a week while the infrastructure they count on is torn down and rebuilt from the beginning. Given that, Fedora users have shown a tremendous amount of patience and restraint; the user community clearly has a high degree of confidence in the project in general, and has been willing to wait until the project is ready to come clean. To retain that confidence, the Fedora project will have to tell the full story in a clear manner - and sooner would certainly be better. A good explanation of why Fedora users were made to wait so long before hearing anything about how this "infrastructure issue" affects them will also be needed. Fedora users are concerned about what has happened so far, but their real response will be determined by what Fedora does next.
Standards, the kernel, and PostfixStandards like POSIX are meant to make life easier for application developers by providing rules on the semantics of system calls for multiple different platforms. Sometimes, though, operating system developers decide to change the behavior of their platform—with full knowledge that it breaks compatibility—for various reasons. This requires application developers to notice the change and take appropriate action; not doing so can lead to a security hole like the one found in the Postfix mail transfer agent (MTA) recently. The behavior of links, created using the link() system call—on Linux, Solaris, and IRIX—is what tripped up Postfix. In particular, what happens when a hard link is made to a symbolic link. Many long-time UNIX hackers don't realize that you can even do that, nor what to expect if you do. Postfix relied on a particular, standard-specified behavior that many operating systems, including early versions of Linux, follow. Links can be a somewhat confusing, or possibly unknown, part of UNIX-like filesystems, so a bit of explanation is in order. A link created with link()—also known as a hard link—is an alias for a particular file. It simply gives an additional name by which a particular chunk of bytes on the disk can be referenced. For example:
link("/path/to/foo", "/link/to/foo");
creates a second entry in the filesystem (called /link/to/foo)
which points to the same file as
/path/to/foo. The file being linked to must exist and reside on
the same filesystem as the link.
Symbolic links, on the other hand, are aliases of a different sort. A symbolic link creates a new entry (e.g. inode) in the filesystem which contains the path of the linked-to file as a string. There is no requirement that the file exist or be on the same filesystem—the only real requirement is that the path conform to standard pathname rules. The symlink() system call is used to create them:
symlink("/path/to/foo", "/symlink/to/foo");
Both symbolic links and hard links can also be created from the command line
using the ln command (adding a -s option for symbolic
links).
So, when making a hard link to a symbolic link, there are two choices: either follow the symbolic link to its, possibly nonexistent, target and link to that or link to the symbolic link inode itself. POSIX requires that the symbolic link be fully resolved to an actual existing file, which is the behavior that Postfix relies upon. The exact sequence of events is lost in the mists of time, but Linux changed to non-standard behavior—at least partially for compatibility with Solaris—in kernel version 1.3.56 (which was released in January 1996). Some discussion prior to that change adds an additional reason for it: user space has no way to make a link to a symbolic link without it. Some saw that as a flaw in the interface and proposed the change. An application developer that wanted the original behavior would be able to implement it by resolving any symbolic links before making the hard link. To further complicate things, it appears that the POSIX behavior was restored in the 2.1 development series, only to be changed back in late 1998. This change led to the comments currently in fs/namei.c for the function implementing link():
/*
* Hardlinks are often used in delicate situations. We avoid
* security-related surprises by not following symlinks on the
* newname. --KAB
*
* We don't follow them on the oldname either to be compatible
* with linux 2.0, and to avoid hard-linking to directories
* and other special files. --ADM
*/
Where oldname is the file being linked to and newname
is the name being
created. For the curious, KAB is Kevin Buhr and ADM is Alan Modra.
Unfortunately, according to Postfix author Wietse Venema, the link(2) man page didn't change until sometime in 2006. This makes it fairly difficult for application developers to learn about the change, especially because they may not follow kernel development closely. Postfix allows root-owned symbolic links to be used as the target for local mail delivery, specifically to handle things like /dev/null on Solaris, which is a symbolic link. Because an attacker can make a link to a root-owned symbolic link on vulnerable systems, Postfix can get confused and deliver mail to files that it shouldn't. This can lead to privilege escalation (via executing code as root) by making a hard link to a symbolic link of an init script (CVE-2008-2936). As Venema outlines in the Postfix security advisory, the problem can be resolved by requiring that symbolic links used for local delivery reside in a directory that is only writeable by root. It is not a perfect solution, though: "This change will break legitimate configurations that deliver mail to a symbolic link in a directory with less restrictive permissions." There are other workarounds for people who don't want to use the provided patch to Postfix. Protecting the mail spool directory is one solution; Venema provides a script to use to do that. Some systems can be configured to disallow links to files owned by others, which is another way to avoid the problem. This issue has given Postfix a bit of a black eye, but that is rather unfair. The problem was found by a SUSE code inspection, but it has existed in certain kinds of Linux installations of Postfix for a long time. It could be argued that testing should have found it—there is a simple test for vulnerable systems—but relying on documented behavior that is part of an important standard that Linux is said to support is not completely unreasonable either. It is likely that the full implications of not supporting the standard were not completely understood until recently. Linux was still in its infancy when the original change went in. One would like to think that a change of that type today would be nearly impossible because it breaks the kernel's user-space interface. If it were to happen, somehow, the resulting hue and cry would be loud enough that application developers would hear. But that's for intentional changes; a bug introduced into a dark corner of the kernel's API might go unnoticed for quite some time. Hopefully, none of those lingers for ten years before being discovered. Update: The original article referred to CVE-2008-2937 as also being a consequence of the link issue, which it is not. It is an unrelated issue that was found during the same code review.
Why the JMRI decision mattersThe Java Model Railroad Interface (JMRI) project is not one to sit at the top of the Debian popularity contest results; it provides tools for model railroad enthusiasts. But the legal wrangling around JMRI has made it one of the more important projects in our community at this time. JMRI has suffered some legal setbacks, but much of that was turned around by the US Federal Circuit Court of Appeals on August 13. The result is a vindication for much of the legal reasoning behind free software licenses.JMRI was charged with patent infringement back in 2006. As part of the legal counterattack, JMRI developer Robert Jacobson charged patent holders Michael Katzer and Kamind Associates, Inc. with copyright infringement for its use of JMRI code. The Federal District Court in this case had concluded that the terms of the Artistic License were contract terms, and not condition on the copyright license itself. That ruling was seen as a major setback. The authors of free software licenses have gone to great lengths to restrict themselves to copyright licensing and to avoid contract law altogether. There are a couple of important reasons for this:
Both points are crucial. If you look at clause 5 of the GNU General Public License (version 2, in this case), you read:
You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify
or distribute the Program or its derivative works. These actions
are prohibited by law if you do not accept this License.
Anybody who distributes a copyrighted work will be doing so in violation of the author's exclusive rights. If a distributor has a license from the owner, though, then this distributor has a legal defense. The question raised in this case was, in summary, this: if somebody distributes free software without adhering to the terms of the license, does that somebody still have a license at all? The District Court ruled that this person did, indeed, still have a license to distribute the software, though they might be liable for damages for not having followed all of the terms. The Appeals Court, instead, said that failure to hold to the conditions meant that the license simply did not exist; distributing free software in a manner contrary to its license is copyright infringement, not breach of contract. This decision was reached in a sufficiently high court that the conversation should be finished in the United States; we now have a high-level legal precedent that software licenses are licenses, and that they can be enforced with injunctions. In US-style law, precedents are everything; the absence of a clear precedent always causes a certain degree of legal uncertainty. We now have that precedent; as a result, anybody seeking to enforce a free software license in the US is now standing on firmer ground. There are some other interesting conclusions to be drawn from this ruling. Copyright law in the US does not recognize any sort of moral rights to copyrighted works; it is, in classic American style, all about the protection of economic rights. Some have argued that, since free software is, well, free of charge, there is no economic harm in violating its licenses, and, thus, copyright law has nothing to say. But the Appeals Court saw things differently, stating that there was a clear economic interest in the Artistic license:
The clear language of the Artistic License creates conditions to
protect the economic rights at issue in the granting of a public
license. These conditions govern the rights to modify and
distribute the computer programs and files included in the
downloadable software package. The attribution and modification
transparency requirements directly serve to drive traffic to the
open source incubation page and to inform downstream users of the
project, which is a significant economic goal of the copyright
holder that the law will enforce.
So the reasoning that free software licenses are unenforceable due to the lack of an economic interest fails to hold water. Similarly, the interesting idea that free software license incompatibility does not really exist, recently promoted on LWN by Brian Cantrill, seems unlikely to stand up to serious scrutiny. Some voices on the net have worried that this ruling could also give sharper teeth to exploitive proprietary end user license agreements. The Electronic Frontier Foundation is one example:
While we're pleased to see a panel of learned judges endorse the
legal foundations of the open source software paradigm, the
decision may also encourage proprietary software vendors who
frequently fill their "end user license agreements" with
restrictions that are denominated as "conditions" on the license.
If violating a "condition" in a EULA results in copyright infringement liability, what's to stop a software vendor from imposing conditions that are unrelated to copyright law (e.g. an agreement not to disparage the copyright owner, or to wear pink bunny ears on Tuesdays), or even antithetical to copyright law (e.g. a waiver of fair use rights)? If this comes to pass, restrictions on reverse engineering, publication of reviews, lack of bunny ears, etc. may, indeed, become easier to enforce. Such an outcome would not necessarily be a bad thing for users of free software, though. If anything, it will simply make the value of freedom that much more clear. Finally, it is worth noting well that this outcome did not just happen on its own. Behind the scenes, concerned lawyers from groups like the Stanford Center for Internet and Society and the Electronic Frontier Foundation, who have understood all along what was at stake here, have put in a great deal of work to get this ruling. They were successful despite the fact that the old Artistic License was not the strongest position to be arguing from. Many of us would prefer to not have to think about legal issues much of the time. But we should be happy and grateful that some very capable people have been willing to put in the effort to defend our rights in cases like this one. (The full ruling is available in PDF format, or in plain text on Groklaw).
Security Injunction lifted against MIT studentsThree MIT students won a victory in court this week, but it was a rather bittersweet one as the injunction that was overturned was, at best, dubious. The students had researched the security of the Massachusetts Bay Transportation Agency's (MBTA) tickets and pre-paid cards. They were planning to give a presentation about their findings at the DEFCON security conference when MBTA sued them. Even after the Electronic Frontier Foundation (EFF) stepped in to represent the students, MBTA was able to get a ten-day injunction that made the presentation impossible. The judge who issued the injunction relied on the Computer Fraud and Abuse Act, a statute aimed at preventing computer intrusions, to make his decision. He ruled that speaking at a conference was a "transmission" of a computer program that could harm MBTA by allowing people to get free subway rides. The free speech rights of the students, Zack Anderson, RJ Ryan and Alessandro Chiesa, were completely ignored by the judge. Unfortunately, when a second judge lifted the injunction this week, he did it on narrow grounds, not considering the First Amendment issues either. He instead, ruled that MBTA was unlikely to succeed on the merits of its case. While the injunction has been lifted, the suit continues. MBTA is likely to be the biggest loser in all of this for a number of reasons, not least of which is the "Streisand Effect". By trying to squelch discussion of their security problems, MBTA ensured that the story got much wider play than it would have as a report from DEFCON. As Barbara Streisand found out when she tried to remove aerial pictures of her Malibu estate from a California coastal survey, suing someone to stop information from flowing rarely works; in fact, on the internet, it generally backfires. After getting an "A" in Professor Ron Rivest's—the R in RSA—class, the students met with MBTA to outline what they had found. They also provided a confidential report that included all of the details. They told MBTA that they planned to keep some of those details out of the DEFCON presentation to stop others from trivially exploiting the system. With no advance warning, 48 hours before the presentation, MBTA sued to get an injunction. Had MBTA done its homework, it would have realized that the slides of the presentation [PDF] were already available, both on the net and on CDs given to the conference attendees. Worse still, MBTA entered the confidential report, with details left out of the presentation, into the open court record. For an agency that claimed that release of the information would cause harm, it did far more to harm to itself than the students did. It is a common fallacy that security problems are somehow, magically kept at bay if they are not discussed. Time and again we see organizations try to stifle discussion of security problems rather than to actually address them. Any system that is likely to attract the attention of "white hat" security researchers is very likely to have attracted others as well. In fact, for a system like MBTA's, where large amounts of money can be made, the chances that someone of malicious intent isn't already looking for vulnerabilities are vanishingly small. By treating the "MIT Three" as criminals, MBTA has done itself and the Boston-area taxpayers a disservice. The students are willing to work with the agency to identify and fix the problems, but not while they are being sued. The agency told the judge this week that it would take it five months to fix the problems identified—it is hard to see how that is expedited by spending time in court. While the students were under a gag order, various MBTA officials were saying that there were no security problems. Because their First Amendment rights had been suspended, the students were unable to respond to defend their research. Only recently has the agency confessed that they do, indeed, have security problems. This is one of the reasons that "prior restraint" on free speech has been deemed unconstitutional in various cases, including the famous "Pentagon Papers" case. It is hard to see how the students could have been more "responsible" with their disclosure. It is not as if these vulnerabilities came out of left field; similar types of problems had been reported for other transit systems. Had MBTA done its job, the students might not have been able to find any flaws to report on. But, instead of thanking them and, perhaps, hiring them, MBTA tried to bully them. The next time someone finds a flaw in their systems, they may decide to anonymously report it with full details—or exploit it for free subway rides.
Brief items Federal Judge Throws Out Gag Order Against Boston Students in Subway Case (Wired)Wired covers the lifting of an injunction against three MIT students regarding their research into Massachusetts Bay Transportation Authority (MBTA) security. The ruling comes just a tad late for the students to give their planned talk at DEFCON, but it does recognize some important legal points. "District Judge O'Toole, in vacating the restraining order this morning, essentially ruled that the Computer Fraud and Abuse Act does not apply to speech and that the MBTA had failed to supply sufficient proof to merit other claims with regard to the statute, to merit a restraining order or preliminary injunction." The Electronic Frontier Foundation (EFF) represented the students, so updates should be available soon at its website.
New vulnerabilities amarok: temporary file vulnerability
postfix: multiple vulnerabilities
yum-rhn-plugin: SSL certificate not verified
Page editor: Jake Edge Kernel development Brief items Kernel release statusThe current 2.6 development kernel remains 2.6.27-rc3. There have been a lot of patches merged into the mainline repository, however, and the 2.6.27-rc4 release can be expected at almost any time. Along with all the fixes, 2.6.27-rc4 will add support for the multitouch trackpad on new Apple laptops, more reshuffling of architecture-specific include files, a number of XFS improvements, interrupt stacks for the SPARC64 architecture, the removal of the obsolete Auerswald USB sound driver, and new drivers for TI TUSB 6010 USB controllers, Inventra HDRC USB controllers, and National Semiconductor adcxx8sxxx analog-to-digital converters.The current stable 2.6 kernel is 2.6.26.3; it was released (along with 2.6.25.16) on August 20. Both updates contain a large number of fixes for a wide variety of serious problems.
Kernel development news Quotes of the week
This isn't the first time that I've seen kernel developers claim
that it's better to work around the kernel in userspace than it is
to fix it. I could understand this if we didn't have the source
code to our own kernel, but we do.
The kernel isn't sacred and it isn't a separate part of the system. It needs to be seen as just one component of a fully integrated system, especially by its developers.
Our (complexity(config system) * complexity(header files)) is so
large that compilation testing doesn't prove anything useful. You
just have to check your homework very carefully and don earplugs
for the inevitable explosions.
-- Andrew Morton
Guys, please: regressions are serious, top-priority emergencies.
We drop everything and run around with our hair on fire when we
hear about one (don't we?). Please, if you have a report of a
regression or a fix for one, Cc: everyone in the world on it.
-- Andrew Morton
As it is, it seems like some people think that the merge window is
when you send any random crap that hasn't even been tested, and
then after the merge window you send the stuff that looks
"obviously good".
-- Linus Torvalds
How about raising your quality control a bit, so that I don't have to berate you? Send the _obviously good_ stuff during the merge window, and don't send the "random crap" AT ALL. And then, during the -rc series, you don't do any "obviously good" stuff at all, but you do the "absolutely required" stuff.
Triggers: less busy busy-waitingKernel code must often wait for something to happen elsewhere in the system. The preferred way to wait is to use any of a number of interfaces to wait queues, allowing the processor to perform other tasks in the mean time. If the kernel code in question is running in an atomic mode, though, it cannot block, so the use of wait queues is not an option. Traditionally, in such situations, the programmer simply must code a busy wait which sits in a tight loop until the required event takes place.Busy waits are always undesirable, but, in some situations, they become even more so. If the wait is going to be relatively long, it would be better to put the processor into a lower power state. After all, nobody cares if it executes its empty loop at full speed, or, even, whether the loop executes at all. If the wait is running within a virtualized guest, the situation can be even worse: by looping in the processor, a busy wait can actively prevent the running of the code which will eventually provide the event which is being waited for. In a virtualized environment, it is far better to simply suspend the virtual system altogether than to let it busy wait. Jeremy Fitzhardinge has proposed a solution to this problem in the form of the trigger API. A trigger can be thought of as a special type of continuation intended for use in a specific environment: situations where preemption is disabled and sleeping is not possible, but where it is necessary to wait for an external event. A trigger is set up in either of the two usual patterns:
#include <linux/trigger.h>
DEFINE_TRIGGER(my_trigger);
/* ... or ... */
trigger_t my_trigger;
trigger_init(&my_trigger);
There is a sequence of calls which must be made by code intending to wait for a trigger:
trigger_reset(&my_trigger);
while(!condition)
trigger_wait(&my_trigger);
trigger_finish(&my_trigger);
Triggers are designed to be safe against race conditions, in that if a trigger is fired after the trigger_reset() call, the subsequent trigger_wait() call will return immediately. As with any such primitive, false "wakeups" are possible, so it is necessary to check for the condition being waited for and wait again if need be. Code which wishes to signal completion to a thread waiting on a trigger need only make a call to:
void trigger_kick(trigger_t *trigger);
This code should, of course, ensure that the waiting thread will see that the resource it was waiting for is available before calling trigger_kick(). A reader of the generic implementation of triggers may be forgiven for wondering what the point is; most of the functions are empty, and trigger_wait() turns into a call to cpu_relax(). In other words, it's still a busy wait, just like before except that now it's hidden behind a set of trigger functions. The idea, of course, is that better versions of these functions can be defined in architecture-specific code. If the target architecture is actually a virtual machine environment, for example, a trigger can simply suspend the execution of the machine altogether. To that end, there is a new set of paravirt_ops allowing hypervisors to implement the trigger operations. Jeremy has also created an implementation for the x86 architecture which uses the relatively new monitor and mwait instructions. In this implementation, a trigger is a simple integer variable. A call to trigger_reset() turns into a monitor instruction, informing the processor that it should watch out for changes to that integer variable. The mwait instruction built into trigger_wait() halts the processor until the monitored variable is written to. No more busy waiting is required. There is a certain elegance to the monitor/mwait implementation, but Arjan van de Ven worries that it may prove to be too slow. So changes to the x86 implementation are possible. There have not been a lot of comments about the API itself, though, so the trigger functions may well make it into the mainline in something close to their current form.
Regulating wireless devicesWhenever a Linux system communicates with the rest of the world, it must follow a whole set of rules on how that communication is done. Basic TCP/IP networking would work poorly indeed in the lack of an observed agreement on how the networking medium should be used. Wireless networking has all of those constraints, plus a set of its own. Since wireless interfaces are radios, they must conform to rules on the frequencies they can use, how much power they may emit, and so on. If all goes well, Linux will finally have a centralized mechanism for ensuring that wireless devices are operated according to that wider set of rules.Regulations on radio transmissions bring some extra challenges. They are legal code, so their violation can bring users, vendors, and distributors into unwanted conversations with representatives of spectrum enforcement agencies. The legal code is inherently local, while wireless devices are inherently mobile, so those devices must be able to modify their behavior to match different sets of rules at different times. And some wireless devices can be programmed in quite flexible ways; they can be operated far outside of their allowed parameters. The possibility that one of these devices could be configured - accidentally or intentionally - in a way which interferes with other uses of the spectrum is very real. The potential for legal problems associated with wireless interfaces has cast a shadow over Linux for a while. Some vendors have used it as an excuse for their failure to provide free drivers. Others (Intel, for example), have reworked their hardware to lock up regulatory compliance safely within the firmware. And still, vendors and Linux distributors have worried about what kind of sanctions might come down if Linux systems are seen to be operating in violation of the law somewhere on the planet. Despite all that, the Linux kernel has no central mechanism for ensuring regulatory compliance; it is up to individual drivers to make sure that their hardware does not break the rules. This situation may be about to change, though, as the Central Regulatory Domain Agent (CRDA) patch set, currently being developed by Luis Rodriguez, approaches readiness. At the core of CRDA is struct ieee80211_regdomain, which describes the rules associated with a given legal regime. It is a somewhat complicated structure, but its contents are relatively simple to understand. They include a set of allowable frequency ranges; for each range, the maximum bandwidth, allowable power, and antenna gain are listed. There's also a set of flags for special rules; some domains, for example, do not allow outdoor operation or certain types of modulation. Each domain is associated with a two-letter identifying code which, normally, is just a country code. There is a new mac80211 function which drivers can call to get the current regulatory domain information. But, unless the system has some clue of where on the planet it is currently located, that information will be for the "world domain," which, being designed to avoid offending spectrum authorities worldwide, is quite restrictive. Location information is often available from wireless access points, allowing the system to configure itself without user intervention. Individual drivers can also provide a "location hint" to the regulatory core, perhaps based on regulatory information written to a device's EEPROM by its vendor. If need be, the system administrator can also configure in a location by hand. The database of domains and associated rules lives in user space, where it can be easily updated by distributors. When the name of the domain is set within the kernel, an event is generated for udev which, in turn, will be configured to run the crda utility. This tool will use the domain name to look up the rules in the database, then use a netlink socket to pass that information back to the kernel. From there, individual drivers are told of the new rules via a notifier function. [PULL QUOTE: No distributors have made any policy plans public, but one assumes that the signing keys for the CRDA database will not be distributed with the system. END QUOTE] The database is a binary file which is digitally signed; if the signature does not match a set of public keys built into crda, then crda will refuse to use it. This behavior will protect against a corrupted database, but is also useful for keeping users from modifying it by hand. No distributors have made any policy plans public, but one assumes that the signing keys for the CRDA database will not be distributed with the system. We're dealing with free software, so getting around this kind of restriction will not prove challenging for even moderately determined users, but it should prevent some people from cranking their transmitted power to the maximum just to see what happens. The CRDA mechanism, once merged into the kernel and once the wireless drivers actually start using it, should be enough to ensure that Linux systems with well-behaved users will be well-behaved transmitters. Whether that will be enough to satisfy the regulatory agencies (some of which have been quite explicit on their doubts about whether open-source regulatory code can ever be acceptable) remains to be seen. But it is about the best that we can do in a free software environment.
Tangled up in threadsCertain kinds of programmers are highly enamored with threads, to the point that they use large numbers of them in their applications. In fact, some applications create many thousands of threads. Happily for this kind of developer - and their users - thread creation on Linux is quite fast. At least, most of the time. A situation where that turned out not to be the case gives an interesting look at what can happen when scalability and historical baggage collide.A user named Pardo recently noted that, in some situations, thread creation time on x86_64 systems can slow significantly - as in, by about two orders of magnitude. He was observing thread creation rates of less than 100/second; at such rates, the term "quite fast" no longer applies. Happily, Pardo also did much of the work required to track down the problem, making its resolution quite a bit easier. The problem with thread creation is the allocation of the stack to be used by the new thread. This allocation, done with mmap(), requires locating a few pages' worth of space in the process's address range. Calls to mmap() can be quite frequent, so the low-level code which finds the address space for the new mapping is written to be quick. Normally, it remembers (in mm->free_area_cache) the address just past the end of the previous allocation, which is usually the beginning of a big hole in the address space. So allocating more space does not require any sort of search. The mmap() call which creates a thread's stack is special, though, in that it involves the obscure, Linux-specific MAP_32BIT flag. This flag causes the allocation to be constrained to the bottom 2GB of the virtual address space - meaning it should really have been called MAP_31BIT instead. Thread stacks are kept in lower memory for a historical reason: on some early 64-bit processors, context switches were faster if the stack address fit into 32 bits. An application involving thousands of threads cannot help being highly sensitive to context switch times, so this was an optimization worth making. The problem is that this kind of constrained allocation causes mmap() to forget about mm->free_area_cache; instead, it performs a linear search through all of the virtual memory areas (VMAs) in the process's address space. Each thread stack will require at least one VMA, so this search gets longer as more threads are created. Where things really go wrong, though, is when there is no longer room to allocate a stack in the bottom 2GB of memory. At that point, the mmap() call will return failure to user space, which must then retry the operation without the MAP_32BIT flag. Even worse, the first call will have reset mm->free_area_cache, so the retry operation must search through the entire list of VMAs a second time before it is able to find a suitable piece of address space. Unsurprisingly, things start to get really slow at that point. But the really sad thing is that the performance benefit which came from using 32-bit stack addresses no longer exists with contemporary processors. Whatever problem caused the context-switch slowdown for larger addresses has long since been fixed. So this particular performance optimization would appear to have become something other than optimal. The solution which comes immediately to mind is to simply ignore the MAP_32BIT flag altogether. That approach would require that people experiencing this problem install a new kernel, but it would be painless beyond that. Unfortunately, nobody really knows for sure when the performance penalty for large stack addresses went away or how many still-deployed systems might be hurt by removing the MAP_32BIT behavior. So Andi Kleen, who first implemented this behavior, has argued against its removal. He also points out that larger addresses could thwart a "pointer compression" optimization used by some Java virtual machine implementations. Andi would rather see the linear search through VMAs turned into something smarter. In the end, MAP_32BIT will remain, but the allocation of thread stacks in lower memory is going away anyway. Ingo Molnar has merged a single-line patch creating a new mmap() flag called MAP_STACK. This flag is defined as requesting a memory range which is suitable for use as a thread stack, but, in fact, it does not actually do anything. Ulrich Drepper will cause glibc to use this new flag as of the next release. The end result is that, once a user system has a new glibc and a fixed kernel, the old stack behavior will go away and that particular performance problem will be history. Given this outcome, why not just ignore MAP_32BIT in the kernel and avoid the need for a C library upgrade? MAP_32BIT is part of the user-space ABI, and nobody really knows how somebody might be using it. Breaking the ABI is not an option, so the old behavior must remain. On the other hand, one could argue for simply removing the use of MAP_32BIT in the creation of thread stacks, making the kernel upgrade unnecessary. As it happens, switching to MAP_STACK will have the same effect; older kernels, which do not recognize that flag, will simply ignore it. But if, at some future point, it turns out there still is a performance problem with higher-memory stacks on real systems, the kernel can be tweaked to implement the older behavior when it's running on an affected processor. So, with luck, all the bases are covered and this particular issue will not come back again.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Virtualization and containers
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials In defense of UbuntuCriticisms of the Ubuntu distribution and Canonical, its corporate sponsor, are not hard to come by. Depending on who is speaking, Ubuntu and Canonical are guilty of profiting from the free software community without giving back to it, forking important projects or distributions, legitimizing the use of binary-only system components, and more. Of all of these gripes, it is the "contributing to the community" complaint which is heard most. If one believes these complaints, Ubuntu is a parasitic operation which does not understand how the community works and which is harmful to the community as a whole.Your editor would like to submit that these charges are overblown. Ubuntu is far from perfect, and it could certainly give back more than it does, but Ubuntu does not deserve the level of opprobrium it is receiving from certain parts of our community. It is interesting to note that there appears to be a special place for distributors among those who would criticize. Red Hat, it has been said, drives things toward its own profit and has, in the past, pushed far too much bleeding-edge software on its long-suffering users. Fedora is accused of remaining insufficiently open, excessively bleeding-edge, and refusing to make the watching of flash videos just work. Novell/SUSE has done a deal with the devil. Debian, we are told, is simultaneously too chaotic and too bureaucratic, and it can never get a release out on time. Some charge that Gentoo's community is dysfunctional, and that, in any case, it's made up of people with too much time on their hands. And Ubuntu stands accused of taking the work of others while failing to give back to or even credit the community from which draws its software. It is not surprising that distributors are specially blessed with this sort of criticism. Most free software users never deal directly with the upstream projects which create the software they use. Instead, they get it all from a single middleman - the distributor. So the distributor has a great deal of influence over what kind of experience those users have; the distributor is also the obvious guilty party when things seem to go wrong. Lots of people have opinions about their distributor, but they know little about the projects that actually develop their software. That said, much of the criticism of Ubuntu is coming from the developer community, which does have a more detailed view of the full ecosystem. It is worth thinking about why that might be. While Ubuntu's contributions may not be as high as one might like, they are most certainly not zero. There are Ubuntu developers who are Debian developers, X.org developers, GNOME developers, and so on. If this page is to be believed, Ubuntu developers are also contributing to the HURD. The page does not say why, sorry. The developers who castigate Ubuntu are uniformly silent about the number of kernel patches coming from the Mandriva camp. They have nothing to say about how much Xandros gives back to Debian. Nobody totals up contributions from Gentoo. There are no complaints about Slackware's presence in the community. Arch Linux developers do not hear that they are not doing enough. There are no high-profile articles on how rPath is taking advantage of free software developers. Yet Ubuntu's contributions most likely exceed those from all of the distributions named here, with the possible (but far from certain) exception of Gentoo. Ubuntu, it would seem, is being held to a higher standard than many of its peers. One reason for Ubuntu's special treatment must certainly be its nature as the cool kid who showed up out of nowhere. Sudden success can breed a certain amount of animosity, especially when much of that success is perceived to be built on the work of others. It is a rare distribution list which has not seen the occasional "I'm tired of your distribution, I'm moving to Ubuntu now" message; that kind of stuff gets old after a while. And when something gets old and irritating, it's tempting to respond in a short-tempered way. But the real reason must be elsewhere: Ubuntu has overtly set itself up to be held to a higher standard. It has been positioned as a strongly community-oriented distribution with the mission of saving the world for free software. Debian-derived distributions which make less noise about community - Xandros, say - receive less grief for their lack of participation in the community. Nobody expects anything from them, so nobody complains. But people do expect something different from Ubuntu; it's supposed to be a part of our community. So when it seems that Ubuntu is not contributing patches upstream or that it's maintaining forks of important software components, and when tools like Launchpad remain proprietary, it feels like a promise has not been kept. There is no doubt that Ubuntu could do better than it has. But we should not lose track of what Ubuntu has done. Ubuntu has created a distribution which appeals to a whole new class of Linux users. The fact that much of this work was done elsewhere notwithstanding, Ubuntu has shown that a Linux system can wear a friendlier, easier-to-use face. In the process, it has made Debian suitable for a larger class of users. Ubuntu has shown that a Debian-based distribution can make regular, stable releases and still ship contemporary software. Ubuntu has lived up to its promises of support, including providing top-quality security support. And all of this is happening in a way that, we are told, should become commercially self-sustaining at some point. On top of all this, Ubuntu employs a number of developers who work within the community. Yes, it would be a good thing if there were more of these developers. It would also be good if more fixes and enhancements escaped Ubuntu's repositories and made it back upstream. Ongoing encouragement at all levels should help to make this happen. But, as we encourage Ubuntu to live up to its ambitious goals of being a full member of our community, we should not lose our perspective. We are, beyond doubt, richer as a result of Ubuntu's existence.
New Releases Pie Box Enterprise Linux 4AS U7 now availablePixExcel has released the seventh update to Pie Box Enterprise Linux 4AS. "Pie Box Enterprise Linux 4 is aimed at people who need a stable OS with a long lifespan but don't want an expensive bundled support contract. It is derived from open source software with only four packages modified in order to replace trademarks and logos with our own. Features of Pie Box Enterprise Linux 4 include the Linux 2.6 kernel, SELinux, GNOME 2.8, Samba 3.0, Logical Volume Manager 2, PCI Express support and NFSv.4." Click below for a look at the new features in this update.
"Intrepid Ibex" Alpha-4 releasedThe fourth alpha for the Intrepid Ibex is out. The announcement (click below) has pointers for downloading Ubuntu, Ubuntu Education Edition, Kubuntu and Xubuntu flavors. Mythbuntu 8.10 Alpha 4 is also available.
Distribution News Debian GNU/Linux Upcoming changes to supported architecturesJoerg Jaspert looks at supported architectures in the post-Lenny Debian archive. "with the Lenny release upcoming we are thinking about larger changes to the Debian archive, of which one point is "Clean up the supported architecture list to free up space for new ones"."
For Those Who Care About X (Bits from the X Strike Force)Debian's X Strike Force is the team responsible for the packages forming the X Window System, including the X server, all video and input device drivers, as well as client libraries and various client applications. Click below for a status report, a look at what's next, and a call for help.
Debian on the FreeRunner -- now officialThe Debian project has announced (click below) a new base for the Openmoko FreeRunner. "Note that Debian does not try provide yet another software stack (or "Distribution" in the OpenMoko slang) next to 2007.2, 2008.8 or FSO, but rather an alternative base, comparable to OpenEmbedded. We are looking forward to also support other stacks such as the Stable Hybrid Release, once they are ready for that."This page shows the officially supported distributions for the Openmoko. (Thanks to tajyrink)
Debian's 15 year anniversaryThe Debian distribution has reached its 15 year anniversary, this timeline documents the project's history. (Thanks to Chris Lamb).
Fedora ACL Changes and new package group policyThe Fedora infrastructure team has been working on a new group policy to encourage greater openness in the community while containing newer members until they have earned the trust of the community. Click below to see the changes being implemented.
Something going on with FedoraThe Fedora Project has sent out an "important infrastructure announcement" regarding an unspecified "issue" with Fedora systems. "We're still assessing the end-user impact of the situation, but as a precaution, we recommend you not download or update any additional packages on your Fedora systems." Stay tuned for more.
An update on Fedora's "issues"The Fedora Project has sent out a relatively uninformative update about whatever problem it is working on. "The Fedora Infrastructure team continues to work on the issues we discovered earlier this week. Right now, we're getting the account system restored to service, along with some of the application servers. We're also taking advantage of the outages to upgrade a few systems at the same time."
Fedora Password Reset RequestThe Fedora Project is requesting users to change their passwords: "The Fedora Infrastructure team is still actively working on the issues we discovered earlier. As a precautionary measure, we need all members to reset their Fedora Account System passwords."
Slackware Linux KDE 4.1 in Slackware Testing (KDE.News)KDE.News reports on the arrival of KDE 4.1 into Slackware-current. From the Slackware changelog: "Thanks to Robby Workman and Heinz Wiesinger for all the packaging and testing help, and of course to the whole KDE community for helping to bring the Linux desktop to a whole new level of appearance and ease of use. I've installed this on my main email/browsing/general machine and as far as I'm concerned there's just no looking back. It's really a big step forward."
SUSE Linux and openSUSE SUSE Linux 10.1 has reached End of LifeSupport for SUSE Linux 10.1 has been discontinued. "With the release of an mysql security fix on August 13 we have released the last update for SUSE Linux 10.1. (Actually 10.1 was discontinued on May 31st, but the queue took a bit longer to flush from all updates.) It is now officially discontinued and out of support."
Other distributions KDE 4.1 Included in FreeBSD Ports Tree (KDE.News)KDE.News reports that KDE 4.1 has been included in the FreeBSD ports tree."KDE 4 will be installed into a custom prefix ${LOCALBASE}/kde4 so KDE 4 and KDE 3 can co-exist. For sound to work, it is necessary to have dbus and hal enabled in your system. Please see the respective documentation on how to enable these."
Distribution Newsletters Ubuntu Weekly Newsletter #104The Ubuntu Weekly Newsletter for August 16, 2008 covers: Intrepid Alpha-4 released, New UWN translation team, Global Bug Jam: Retrospective, MOTU School sessions for developer week wanted, MOTU News, North Carolina Mental Health Proposals: Open Source VistA Only, Open Sesame: Entering the Realm of Open Source Technology, and much more.
OpenSUSE Weekly News/34This edition of the OpenSUSE Weekly News covers the announcement for ENOS 2008, Join the openSUSE Proofreading Team, Announcing Hack Week III, openSUSE TV, and much more.
Fedora Weekly News, Issue 139This issue of the Fedora Weekly News covers Fedora Test Day: Encrypted Installs & Plymouth, Tech Tidbits, Artwork, Features in F10, and much more.
DistroWatch Weekly, Issue 266The DistroWatch Weekly for August 18, 2008 is out. "The explosion of low-cost, ultra-portable laptops that started to appear in computer stores is a dream come true for many technology enthusiasts and free software developers who are keen to offer solutions for the new computer class. In this week's issue we take a first look at Mandriva Flash 2008.1, one of the first distributions with official support for the ASUS Eee PC. Does it really work "out of the box" as claimed? Read on to find out. In the news section, Slackware introduces KDE 4.1 into the development tree, Fedora hints at a major problem with its update infrastructure, and Linux Mint suffers from a crippling attack on its web site. Also in this week's issue, links to two excellent interviews with Ubuntu's Scott Remnant and gOS's David Liu. Finally, after a short break, we have resumed adding new distributions to the DistroWatch database - one of the new ones introduced last week is FaunOS, an interesting Arch Linux-based desktop distribution optimised for USB Flash drives."
Distribution meetings FUDConF11Planning has begun for FUDCon 11, tentatively scheduled for December 5 - 7, 2008 in Boston. See the wiki page where any changes will show up first.
Newsletters and articles of interest Fedora 10 Takes Shape (Internetnews.com)Internetnews.com takes a look at some new features planned for Fedora 10. "Among the features currently being tested in Fedora 10 is a new network connection sharing feature. Frields said the feature would enable ad hoc networks, in which one user shares their live connection to the Internet with others. Frields said he tested the feature in a literal road test -- he was able to maintain a network connection while riding in a car, courtesy of the ad hoc network created by users in a second car, which had a broadband Wi-Fi connection."
Interviews Interview: Scott James Remnant, Lead-developer of Ubuntu Desktop Linux (Hardware.no)Robin Heggelund Hansen talks with Scott James Remnant, leader of the Ubuntu Desktop Team. "I was one of the original groups of developers hired by Mark, based on my work with the Debian project; at the time, I was maintaining dpkg, GNU libtool and pkg-config. My role has varied over the four years, from some of the early decisions about which applications to include to my current role of leading the desktop team."
gOS 3 Beta, Netbooks, and Linux: An Interview with David Liu, Founder of Good OS (LAPTOP)LAPTOP has an interview with David Liu, founder of Good OS (gOS). "With the recent release of gOS 3 Beta, we thought it was prime time to take a closer look at the company responsible for creating the OS that powered the ill-fated Everex Cloudbook, and the gorgeous (and Mac OS X Leopard-inspired) gOS Space. We chewed the fat with David Liu, gOS founder and CEO, about the operating systems' new features, potential competition from Ubuntu Netbook Remix, the push for consumer adoption, and the future of Linux on the desktop."
Page editor: Rebecca Sobol Development Desktop talks from LinuxWorld 2008 ConferenceThe LinuxWorld 2008 (August 4 - 7) Conference program had plenty of talks that sounded interesting. Unfortunately I only found time to attend two talks, both from the Desktop Linux Track.The first was from John Walicki, Open Client Architect at IBM who presented "Desktop Linux Architects Speak Out". The second was from Don Hardaway and Craig Van Slyke, professors at John Cook School of Business and Saint Louis University, respectively who entitled their talk "Open Source on the Desktop: Why Not?". Their were a couple of common themes in both of these talks. First was that Linux is ready for the general desktop. The second was that the desktop effects of Compiz and similar technologies are vital for attracting people to the Linux desktop. Wobbly windows may not be very useful in practice, but putting a presentation on a cube can be effective. Mostly though it's the "wow factor" that gets people's attention. In many cases, open source applications are just as good as, or better than, their proprietary counterparts. Don and Craig did a study in which they asked university business students to recreate documents and spreadsheets that they had previously done using MS Office. Twenty-eight of 28 students thought that it was just as easy to produce documents of equal quality with OOo Writer. OOo Calc was similarly approved by 26 of the 28 students. There were areas where John Walicki thought Linux needed improvement. Accessibility, making computers useful for people with disabilities, is an important area, as is power management, making computing greener by using less electricity. Linux is greener when it comes to keeping old hardware working longer. One big plus is collaboration, getting KDE applications to run seamlessly on GNOME and vice versa, or when multiple distributions adopt a single tool (upstart, PackageKit, etc.). The collaboration enables the tools to become much better, much faster. John's assessment of the State of Linux Desktop is that it is growing, with hot products that are making rapid changes. Preloads are well established, and Linux is the hottest technology in emerging markets, appliances, and green computing. His forecast is for steady growth. Don Hardaway and Craig Van Slyke had a different perspective as academics. They study people, and looked at why people choose one technology over another. Don presented the '3 leg stool' model for acceptance of technology. There are the 'tech leg', the 'people leg' and the 'organizational leg'. The open source tech leg gets the most attention, and the organizational leg is getting better, but the people leg has been neglected. The first thing about getting people to try new technologies is to realize that people resist change. However the perception of risk is relative to their knowledge. Those of us that use open source technology on a regular basis are comfortable with it, but for those who don't know anything about it there is a perceived risk that makes them reluctant to try it. If they learn more about open source the perception of risk is reduced. There are stages in technology adoption. First people must be aware that it exists. Then something about it must attract their interest. Once that happens they are more willing to evaluate the technology. If the evaluation is favorable, they will try it out. Many of Don and Craig's students had never heard of Linux. Once they had heard, things like the desktop effects of Compiz got their interest. Some began to evaluate Linux, and some are probably still using it. To gain the relative advantage, Linux must be better than the competition. Linux costs less and is virus free, but, in the absence of a good image, people will be reluctant to try it. Craig thought gOS had a good image, but the ease-of-use was not there in all cases. Wireless, streaming media and some applications were difficult for him to get going. Craig found the EeePC with Xandros was very easy to use and he got everything going without resorting to the command line. He thinks the Netbooks will give Linux another boost. So the average user might find sharper graphics appealing, but if things don't work the way they expect or they have to resort to the command-line to get it done, they won't switch. To get more people to switch, a good first step is to hand out live CD/DVDs to people that have never heard of Linux. Explain that they can play around with Linux and then take the disc out of the drive and reboot to whatever was there before. If they realize that Linux can also extend hardware life, they just might be sold.
System Applications Database Software MySQL 6.0.6 Alpha has been releasedVersion 6.0.6 Alpha of the MySQL DBMS has been announced. "MySQL 6.0 includes two new storage engines: the transactional Falcon engine, and the crash-safe Maria engine."
PostgreSQL Weekly NewsThe August 17, 2008 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
Security announcing ClamAV 0.94rc1Version 0.94rc1 of the ClamAV virus scanner has been announced, it adds a number of new capabilities.
libnetfilter_log 0.0.15 releaseVersion 0.0.15 of libnetfilter_log has been announced. "libnetfilter_log is a userspace library providing interface to packets that have been logged by the kernel packet filter. It is is part of a system that deprecates the old syslog/dmesg based packet logging."
PorkBind 1.3 Nameserver Security Scanner announcedVersion 1.3 of the PorkBind Nameserver Security Scanner has been announced. "This program retrieves version information for the nameservers of a domain and produces a report that describes possible vulnerabilities of each. Vulnerability information is configurable through a configuration file; the default is porkbind.conf. Each nameserver is tested for recursive queries and zone transfers. The code is parallelized with libpthread."
ulogd 2.0.0beta2 releasedVersion 2.0.0beta2 of ulogd has been announced. "ulogd is a userspace logging daemon for netfilter/iptables related logging. This includes per-packet logging of security violations, per-packet logging for accounting purpose as well as per-flow logging."
Web Site Development Django 1.0 beta 1 releasedVersion 1.0 beta 1 of the Django web development platform has been announced. "The next step on that path will be the first Django 1.0 release candidate, currently scheduled for August 21."
Desktop Applications Audio Applications Ecasound 2.5.0 releasedVersion 2.5.0 of Ecasound, a command line audio processing utility, has been announced. Changes include: "A set of new input types, including a tone generator, audio looper, selector and sequencer ("playat"), have been added. Ecasound EWF file support has gone through a major refactoring. Threshold gate functionality has been extended. The Ecasound Emacs mode has been updated with more ECI commands. The usual set of bugs have been fixed."
Desktop Environments GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Commit-Digest (KDE.News)The August 3, 2008 edition of the KDE Commit-Digest has been announced. The content summary says: "In this week's KDE Commit-Digest: The Plasma "extenders" project is merged into kdebase, with initial integration into the kuiserver applet. Continued work on the systray-refactor, and more work on the "Weather" Plasmoid. A whole load of bugfixes for Kicker 3.5.10. A new "Magic Lamp" minimize effect, and a rework of the "Grid" effect in kwin-composite. Support for extracting artwork from iPod's, tag editing and removing files from MTP devices, and scriptable services (including a "web control" script), and lots of other developments in Amarok 2.0..."
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Xorg Software AnnouncementsThe following new Xorg software has been announced this week:
Games Mercator 0.2.6 releasedThe WorldForge game project has announced the release of Mercator 0.2.6. "Mercator is a library for handling procedural world data, especially terrain. It is used by all WorldForge components. This API is still in development, and changes with each version."
Pogolyn: 0.4.0 released (SourceForge)Version 0.4.0 of Pogolyn has been announced, this release includes new features and bug fixes. "Pogolyn is a cross-platform 3D graphics engine intended to be easy-to-use and high performance, which also supports the features for game development, such as animation, input device handling and sound playing. Pogolyn runs on Windows, Linux and iPhone Toolchain for now."
Multimedia Elisa Media Center 0.5.6 releasedVersion 0.5.6 of Elisa Media Center has been announced. "A very important and long awaited improvement of this release is the introduction of DVD playback including DVD menus support. It is elegantly integrated in the user interface making it easy and natural to use. A well deserved big thanks goes to the GStreamer hackers who made that possible to happen. A considerable number of bugs were also fixed during this cycle (25 bugs) mainly related to device hotplugging and to the media scanner."
Music Applications CLAM 1.3.0 releasedVersion 1.3.0 of CLAM has been announced, new capabilities have been added. "The CLAM team enraptured to announce the 1.3.0 release of CLAM, the C++ framework for audio and music, code name ''The Shooting of the Flying Plugins release''."
Office Applications Release 0.70.3 of Task Coach announcedVersion 0.70.3 of Task Coach has been announced, it features some bug fixes. "Task Coach is a simple task manager that allows for hierarchical tasks, i.e. tasks in tasks. Task Coach is open source (GPL) and is developed using Python and wxPython."
Science ETS 3.0.0 releasedVersion 3.0.0 of ETS has been announced. "The Enthought Tool Suite (ETS) is a collection of components developed by Enthought and open source participants, which we use every day to construct custom scientific applications. It includes a wide variety of components, including: * an extensible application framework * application building blocks * 2-D and 3-D graphics libraries * scientific and math libraries * developer tools"
Lepton particle engine 0.6a releasedVersion 0.6a of Lepton particle engine has been announced. "I'm pleased to announce the 0.6 alpha release of Lepton, a high-performance, pluggable particle engine and API for Python. Although it is still under development, a critical mass of features are completed and I think it is ready for wider consumption. Note that this is an alpha release, so expect the API to change somewhat in future releases."
Miscellaneous AgileTrack: Version 1.2.1 Released (SourceForge)Version 1.2.1 of AgileTrack has been announced. "AgileTrack is an agile/extreme programming (XP) development planning, iteration, and task tracking tool. It assists in the life-cycle of iterations, projects, stories, tasks, and bugs. It focuses on simplicity, usability, flexibility, and practicality. AgileTrack version 1.2.0 was released without stating the new Java 1.6 requirement for the client application. So, this is a minor maintenance release to state that requirement and update the release to properly enforce it."
Tail: Version 1.1.1 (SourceForge)Version 1.1.1 of Tail has been announced. "Tail is a graphical interface for following files, similar to the *nix command tail -f. Tail can monitor and show multiple files, parse file changes for optional keywords, and optionally notify you of changes both visually and audibly. After months of silence, I received 2 bug reports/feature request this morning. Now behold, version 1.1.1, which can now handle unicode and correctly scrolls to the bottom of the text field if you are tailing more lines than the window can currently show."
Languages and Tools C GCC 4.3.2-rc1 availableVersion 4.3.2-rc1 of GCC has been announced. "4.3 branch remains in the state that all changes require release manager approval, until 4.3.2 is released. GCC 4.3.2 will follow in about a week in the absence of any significant problems with 4.3.2-rc1."
GCC 4.3.2 Status ReportThe August 18, 2008 edition of the GCC 4.3.2 Status Report has been published. "Although the number of open regression PRs is increasing, probably as more people start to use 4.3 branch, there are currently no open P1 PRs and it does not look like there are any serious PRs open for regressions relative to 4.3.0 or 4.3.1. Thus, I propose to make 4.3.2-rc1 tomorrow, with a release or -rc2 following about a week later. The process of fixing regressions can continue for subsequent 4.3 releases, which I expect at approximately two-month intervals until 4.4.0 is released."
C++ dlib C++ Library: 17.8 Released (SourceForge)Version 17.8 of dlib has been announced. "The dlib C++ library is a modern general purpose C++ toolkit with a focus on portability and program correctness. It comes with extensive documentation and thorough debugging modes. The library provides a platform abstraction layer for common tasks such as interfacing with network services, handling threads, and creating graphical user interfaces. Additionally, the library implements many useful algorithms such as data compression routines, linked lists, binary search trees, linear algebra and matrix utilities, machine learning algorithms, XML and general text parsing, and many other general utilities. The major change to the library in this release is the addition of relevance vector machines for solving regression and classification problems."
Perl Parrot 0.7.0 "Severe Macaw" announcedVersion 0.7.0 of Parrot, a virtual machine aimed at running dynamic languages, has been announced. "The new concurrency implementation makes its debut in 0.7.0."
Python bbfreeze 0.96.3 announcedVersion 0.96.3 of bbfreeze has been announced. "bbfreeze creates standalone executables from python scripts (similar to py2exe). bbfreeze works on windows and unix-like operating systems (no OS X unfortunately). bbfreeze is able to freeze multiple scripts, handle egg files and track binary dependencies. This release fixes an issue with some packages wrongly being recognized as "development eggs"."
HDF5 for Python 0.3.0 announcedVersion 0.3.0 of h5py has been announced. "HDF5 for Python (h5py) is a general-purpose Python interface to the Hierarchical Data Format library, version 5. HDF5 is a versatile, mature scientific software library designed for the fast, flexible storage of enormous amounts of data. The h5py project has been under informal development for a few months now, and has reached the point where it might be generally useful to others. Unlike the fantastic PyTables project, h5py aims to provide access to the full HDF5 C library, although in a more Pythonic fashion."
Python-URL! - weekly Python news and linksThe August 18, 2008 edition of the Python-URL! is online with a new collection of Python article links.
Tcl/Tk Tcl-URL! - weekly Tcl news and linksThe August 20, 2008 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.
Build Tools SCons: 1.0.0 is now available (SourceForge)Version 1.0.0 of SCons, a Python-based software build tool, has been announced. "The SCons API available in release 1.0.0 is considered stable, and no 1.x release will knowingly break backwards compatibility with SCons configuration files that work under 1.0.0. This release is functionally equivalent to the 0.98.5 release and contains only documentation updates."
Test Suites PyUseCase 1.4.1 releasedVersion 1.4.1 of PyUseCase has been announced. "PyUseCase is a record/replay layer for Python GUIs. It consists of two modules: usecase.py, which is a generic framework for all Python GUIs (or even non-GUI programs) and gtkusecase.py, which is specific to PyGTK GUIs. See www.pygtk.org for more info on PyGTK. The aim is only to simulate the interactive actions of a user, not to verify correctness of a program. Essentially it allows an interactive program to be run in batch mode."
TextTest 3.12 releasedVersion 3.12 of TextTest has been announced. "This is an announcement for a tool that has existed since 2003 but whose releases haven't featured on this list before. For users it isn't strictly python-specific as it will test programs written in any language, but it is written in Python and also functions as an extensible python framework for functional testing."
Version Control GIT 1.6.0 announcedVersion 1.6.0 of the GIT distributed version control system has been announced, numerous changes have been made.
Mercurial 1.0.2 releasedVersion 1.0.2 of the Mercurial source control management system has been announced. "This is a minor bugfix release including two security fixes and a number of other bugfixes."
Page editor: Forrest Cook Linux in the news Recommended Reading What Linux Will Look Like In 2012 (InformationWeek)Serdar Yegulalp ponders what will happen with the next four years of Linux development in a lengthy InformationWeek article. "In the time it takes most college students to earn an undergraduate degree -- or party through their college savings -- Linux will continue to mature and evolve into an operating system that non-technical users can fully embrace. The single biggest change you'll see is the way Linux evolves to meet the growing market of users who are not themselves Linux-savvy, but are looking for a low-cost alternative to Microsoft (or even the Mac). That alone will stimulate enormous changes across the board, but there are many other things coming down the pike in the next four years, all well worth looking forward to."
VMware exec says Windows days are numbered (ComputerWorld)Stephen J. Vaughan Nichols discusses Paul Harapin's predictions for the end of Windows. "Seriously. In an ITWire tale, Paul Harapin, VMware's managing director for Australia and New Zealand said Windows is already being replaced by virtual appliances running on Linux. In ten-years, there will be no more Windows. OK. I know people at Red Hat who would say that that's exactly what will happen. That's right out of the new Red Hat KVM-based virtualization playbook. But, someone from VMware saying this? Wow."
Trade Shows and Conferences Mobile and Embedded Day at Akademy (KDE.News)KDE.News covers the mobile and embedded day at Akademy. "This year Akademy held a dedicated day for mobile and embedded talks. With Trolltech being owned by Nokia, mobile is suddenly a hot topic for KDE and several variants of Qt and KDE on mobiles were in progress at Akademy."
LWCE 2008 - Reports from inside the .org PavilionScott Dowdle has posted his coverage of LinuxWorld. "I wrote up a report for each day of Linux World Conference and Expo 2008 in San Francisco from my perspective as a staffer of the OpenVZ Project booth in the .Org Pavilion." The coverage includes: day one, day two, day three and a photo gallery.
Three things the Linux desktops needs to do to beat Windows (ComputerWorld)Steven J. Vaughan-Nichols covers two LinuxWorld panels. "While at LinuxWorld at the Moscone Center in San Francisco, I chaired the panel on what the OEMs (original equipment manufacturers) that are pre-installing Linux on their PCs are up to and I attended another panel on what the Linux desktop architects have planned. One theme that showed up at both functions is: "What does Linux need to do to compete more successfully on the desktop?" We came up with several pain points, but some of them are clearly hurting Linux more than the others. "
Companies How Adobe can stop Microsoft (MarketWatch)John C. Dvorak suggests a new Linux strategy for Adobe. "Microsoft has attacked Adobe before by adopting TrueType font technology over PostScript around 1989, an announcement that sent Adobe founder John Warnock into shock. Fear of Microsoft may have resulted in the fast-paced and never-ending upgrade cycle of Adobe Photoshop -- out of real concern that Bill Gates and company might develop a real competitor. Now we have this Silverlight situation, and Adobe has to do something other than run away from Microsoft. It should attack Microsoft with a Linux initiative."
IBM introduces new Software Appliance Initiatives (TradingMarkets)TradingMarkets reports on IBM's Software Appliance Initiatives. "IBM announced new software appliance initiatives designed to accelerate the adoption of Linux in small and medium businesses (SMBs) and the deployment of Domino applications on Lotus Foundations. According to the company, the new developments include a preconfigured version of SUSE Linux Enterprise Server 10 from Novell in Lotus Foundations and a toolkit that opens new opportunities for Domino software vendors (ISVs) to deliver their applications on a software appliance to the smallest businesses. IBM is also announcing a new strategy -- the ISV Software Appliance Initiative -- designed to enable a wide range of ISVs to deliver Linux software appliances to mid-market customers."
Linux Adoption Travelocity's parent company hails Red Hat Enterprise Linux 5 (SearchEnterpriseLinux.com)SearchEnterpriseLinux.com reports on the use of Linux by Travelocity. "Sabre Holdings Corp., the $3 billion online network best known for Travelocity, has adopted Red Hat Enterprise Linux (RHEL) as the corporate standard for its global ticketing and airline services businesses and will implement RHEL 5 in all future acquisitions. Robert Wiseman, Sabre's chief technology officer, said the Southlake, Texas-based company began using Red Hat and other open source software about 2004. Red Hat now runs mission-critical online systems that collectively process as many as 32,000 transactions per second from three data centers in Tulsa, Okla., and one in Texas, he said. The primary motive for moving to open source was the ability to access the code, he said."
Interviews Torvalds: No picnic to become major Linux coder (ZDNet)ZDNet talks with Linus Torvalds about kernel development. "It may not sound exciting but, quite frankly, I don't think anybody who starts out believing that they want to rewrite some big piece of the kernel should even bother. Reality isn't that simple."
Debian GNU/Linux: 15 Years Old and at the Crossroads (Datamation)Datamation talks with some Debian project leaders, past and present, about the distribution's 15th anniversary and its future. "The popularity of Ubuntu, [Ian] Murdock suggests (as well as, he might have added, the popularity of specialized Debian-derived distributions such as Knoppix and Damn Small Linux) may very well mean that Debian's role is changing. Instead of being the distribution of choice for many users, the project may be evolving into an upstream supplier for other, more user-focused distributions."
Linux Foundation Publishes Guide On How To Get Your Code In The Kernel (InformationWeek)InformationWeek talks to LWN's Jonathan Corbet about his recently published Linux Foundation document: "How To Participate In The Linux Community". "Development of the Linux kernel is a process that's a mystery to many outsiders. Someone who thinks he has just the right code to add to Linux periodically crashes into the hurdles that need to be leaped before the new code can get incorporated into the kernel. The Linux Foundation is trying to do something about that. It's issued a guide on "How To Participate In The Linux Community," which outlines well-known standards and also unveils some of the little-known barriers."
People Behind KDE: Michael Pyne (KDE.News)KDE.News has announced the latest interview in the People Behind KDE series. "In the next People Behind KDE interview, we stay in the United States of America (but leave in an underwater craft!) to meet a KDE developer who could be a JuKebox in another life, someone who helps you build development versions of KDE (staying on the bleeding edge without the pain!) - tonight's star of People Behind KDE is Michael Pyne."
The A-Z of Programming Languages: Python (TechWorld)TechWorld talks to Python creator Guido van Rossum. "Q:Would you do anything differently if you had the chance? A:Perhaps I would pay more attention to quality of the standard library modules. Python has an amazingly rich and powerful standard library, containing modules or packages that handle such diverse tasks as downloading web pages, using low-level Internet protocols, accessing databases, or writing graphical user interfaces. But there are also a lot of modules that aren't particularly well thought-out, or serve only a very small specialized audience, or don't work well with other modules. We're cleaning up the worst excesses in Python 3.0, but for many reasons it's much harder to remove modules than to add new ones -- there's always *someone* who will miss it."
Resources Beef up the Find command in Firefox (IBM developerWorks)IBM developerWorks shows how to improve the Firefox Find command. "The Find command in Firefox locates the user-specified text in the body of a Web page. The command is an easy-to-use tool that works well enough for most users most of the time. Sometimes, however, a more powerful Find-like tool would make locating text easier. This article shows how to build a tool that isolates relevant text in Web pages faster by detecting the presence and absence of nearby words."
Building a greener IT department (IBM developerWorks)Michael J. Welsh explores ways to save power and recycle equipment on IBM developerWorks. ""Green," "eco-friendly," and "carbon footprint" are buzzwords that are frequently used to describe a company's level of environmental responsibility. But how to be more green in the IT world is a more complex matter. In this article, get some ideas that can help any IT department lessen its impact on the environment. "
Reviews Dell Announces 10 New Laptops (MAXIMUMPC)MAXIMUMPC looks at the latest laptop offerings from Dell, which will use a Linux-based OS front end. "Another feature that Dell will be rolling out in the coming months is the Latitude ON technology, which, like the HP/Voodoo Omens Instant-On feature, is a Linux-based UI that loads instead of Windows. Dell execs said that they werent creating the OS themselves, but have partnered with a yet-to-be announced third party to create the embedded Linux solution (apparently not SplastTop). What will differentiate Latitude ON from HPs solution is that Dell is also utilize a separate low-voltage sub-processor to power the Linux OS, which in theory will let the laptop run for multiple DAYS."
Leaked: Dell Inspiron 910 (Mini Note) Specs and Release Date (Gizmodo)Gizmodo takes a look at Dell's upcoming Inspiron 910 mini notebook. "A few weeks ago we ran some rumored specs of Dell's answer to the Eee, the Dell Inspiron 910 (aka Mini Inspiron and Inspiron Mini). Now we've gotten our hands on the full (internal) 910 web documentation. Along with scoping shots from every angle, we've learned that the 910 will support SSDs up to 16GB and has what looks to be very moddable internals (large Phillips-head screws hold that SSD in place). The system will go on sale in just a few daysAugust 22nd our source saysbut we still don't know whether or not that $299 starting price is just a myth."
Miscellaneous Commercial Apps For Consumer Linux: D.O.A.? (InformationWeek)Serdar Yegulalp has a follow-up article on his previous prognostication. "One thing I didn't talk much about in my recent feature article about the future of Linux was whether consumers will be paying for Linux apps in four years. Truth is, I don't think most of them will -- if even any at all."
Page editor: Forrest Cook Announcements Non-Commercial announcements Lessig on the model train decisionLawrence Lessig comments on the appeals court's decision establishing the validity of the Artistic License, calling it "huge and important." "In non-technical terms, the Court has held that free licenses such as the CC licenses set conditions (rather than covenants) on the use of copyrighted work. When you violate the condition, the license disappears, meaning you're simply a copyright infringer. This is the theory of the GPL and all CC licenses. Put precisely, whether or not they are also contracts, they are copyright licenses which expire if you fail to abide by the terms of the license."
EFF: Judge Lifts Unconstitutional Gag Order Against MIT StudentsThe Electronic Frontier Foundation has sent out a press release concerning the lifting of a gag order on some MIT students. "Today, a federal judge lifted an unconstitutional gag order that had prevented three Massachusetts Institute of Technology (MIT) students from disclosing academic research regarding vulnerabilities in Boston's transit fare payment system. The court found that the Massachusetts Bay Transportation Agency (MBTA) had no likelihood of success on the merits of its claim under the federal computer intrusion law and denied the transit agency's request for a five-month injunction. In papers filed yesterday, the MBTA acknowledged for the first time that their Charlie Ticket system had vulnerabilities and estimated that it would take five months to fix."
Canonical joins the Linux FoundationHere's a press release from the Linux Foundation, announcing that Canonical has just joined as a member. "'Canonical is an important new member for The Linux Foundation,' said Jim Zemlin, executive director of The Linux Foundation. 'Matt [Zimmerman] and his team have created an exciting distribution that has taken the world by storm. They have rallied the cause of cross-industry, cross-community collaboration for years. We are extremely pleased to work even more closely with Canonical as we push Linux to the next stage of growth.'"
Perl Foundation statement on the U.S. Court of Appeals (use Perl)use Perl reports on the Perl Foundation's statement in the the Jacobsen v. Katzer license case. "As we mentioned in March, The Perl Foundation was part of a coalition of groups that collaborated on a "friend of the court" brief that was filed to support the appeal. Allison Randal, and Roberta Cairney, who also helped out with Artistic 2.0, worked on the brief with Chris Ridder, from Creative Commons, and representatives of several other open source, free software, and public license organizations."
The SFLC's Guide to GPL ComplianceThe Software Freedom Law Center has released A Practical Guide to GPL Compliance, a document which appears to be aimed at corporate management. It is a detailed and clear discussion of the issues as seen from the SFLC point of view. "The companies we contact about GPL violations often respond with: 'We didn't know there was GPL'd stuff in there'. This answer indicates a failure in the software acquisition and procurement process. Integration of third-party proprietary software typically requires a formal arrangement and management/legal oversight before the developers incorporate the software. By contrast, your developers often obtain and integrate FOSS without intervention. The ease of acquisition, however, does not mean the oversight is any less necessary. Just as your legal and/or management team negotiates terms for inclusion of any proprietary software, they should be involved in all decisions to bring FOSS into your product."
Commercial announcements CadSoft releases Eagle 5.2CadSoft has released version 5.2 of their Eagle printed circuit CAD application. This release adds some new capabilities and bug fixes. See the What's new document for details.
Clarion Corporation of America unveils ClarionMiNDClarion Corporation of America has announced the launch of ClarionMiND, a Linux-based Mobile Internet Navigation Device. "ClarionMiND is based on the new Intel(R) Atom(TM) processor Z5xx series and is scheduled to begin shipment in the 4th quarter of 2008 in the U.S. market. ClarionMiND will provide an all- new portable device experience and enable users access to two-way connected navigation, high-speed Internet experiences, digital music and video playback, and many other innovative entertainment features."
Fedora's scholarship programRed Hat has announced a new program providing college scholarships for Fedora and free software contributors. "The Fedora Scholarship program furthers Red Hat and the Fedora Project's commitment to helping develop and foster up and coming talent in the open source software field. Applicants will be evaluated on criteria including the quality of contributions made to Fedora and other free software projects, references provided by Fedora community members, the amount of time the applicant has been contributing to Fedora and the overall quality of the application. Recipients will receive a scholarship to be applied toward tuition for the student's college or university education."
Memopal: Online Backup in Public Beta for LinuxMemopal has announced the availability of a beta version of their backup solution for the Ubuntu and Debian distributions. "The public beta version of Memopal for Linux is now downloadable. This launch was timed to almost immediately follow the release of the MAC version. As such, it is part of a wider strategy, the goal of which is to make Online Backup available to as many operating systems as possible."
Microsoft and Novell do it againMicrosoft and Novell have announced that, since their deal turned out so well, they will be expanding it. "The investment focuses on enhanced programs from Novell to provide tools, support, training and resources for customers seeking an enterprise-class Linux platform and specifically, the optimal interoperability solution between Microsoft Windows Server and SUSE Linux Enterprise Server from Novell. It also includes Microsoft's commitment to purchase up to $100 million in certificates that those customers can redeem for expanded support from Novell that includes SUSE Linux Enterprise Server support and support for moving toward an enterprise-class Linux platform."
RealPlayer now available for Intel Atom Processor-Based NetbooksRealNetworks, Inc. has announced the availability of the RealPlayer media player for Intel Atom Processor machines running Linux. "The new RealPlayer can play content in all the most sought-after formats, including: RealMedia(R), Windows Media, MP3, MPEG4, H.264, AAC, AAC+, VC-1 and Ogg. Devices that use the Intel Atom processor with Moblin based OS will have the added benefit of highly optimized performance and battery life when playing media content. RealPlayer can be used to play content in a browser window for an embedded Internet experience, and also as a stand-alone media player."
Event Reports GSP East '08--Social Networks Move into FutureO'Reilly has published an event report from the 2008 GSP East conference. "At the O'Reilly Graphing Social Patterns East conference in Washington, D.C., June 9-11, Facebook announced that it had more than 80 million active users worldwide, a milestone that illustrated the phenomenal growth and business opportunities presented by the explosion of social networking since Facebook was founded barely four years ago. Social networks are quickly changing the way people connect, communicate, work and play on the net."
RailsConf '08--Passionate about RailsO'Reilly has sent out a press release for the recently held RailsConf '08. ""Passionate and fascinating" is the way one developer summed up RailsConf 2008 in Portland May 26-June 1, the largest physical gathering of Ruby and Rails developers in the world. His view was echoed in conversations and blogs by many of the more than 1,800 programmers from around the world who attended the four-day conference co-presented by O'Reilly Media and Ruby Central. Some of the conference-goers have already made plans to go to RailsConf Europe, scheduled for September 2-4 in Berlin."
Calls for Presentations PostgreSQL Conference: West - Call for PapersA call for papers has gone out for PostgreSQL Conference: West. "The second annual PostgreSQL Conference: West is being held on October 10th through October 12th 2008 in the The Native American Student & Community Center at Portland State University."
ToorCon 10 Call For PapersA call for papers has gone out for ToorCon 10, submissions are due by August 29. "We'll be having the main conference again at the San Diego Convention Center on September 26th-28th, starting off with our standard reception on Friday night, 50-minute talks on Saturday, and 20-minute talks on Sunday. We will also be having 2 days of hands-on training on September 24th-25th, 2008 and our Deep Knowledge Seminars on September 26th, 2008. Talks are currently being accepted for all slots and will be given preference based on the order that they are received."
7th National Medical Banking Institute National Call for White Papers (LinuxMedNews)LinuxMedNews has announced a call for white papers by the 7th National Medical Banking Institute. The submission deadline is October 15. "The editorial staff of the International Journal of Medical Banking is seeking white papers in the following areas: Open source healthcare programs linking banking and healthcare systems; Information privacy, confidentiality and security that focuses on cross-industry issues in banking and healthcare; Treasury and cash management programs targeting healthcare; Card-based platforms and technologies that link healthcare and banking platforms; Independent Health Record Banks; Consumer-driven healthcare technology tools that integrate with banking platforms; Point of service technologies that enable payment at the counter; Community coalition building."
Upcoming Events FOSS.IN/2008: Event AnnouncementFOSS.IN/2008 has been announced. "Team FOSS.IN is happy to announce that this year's edition of Asia's biggest Free and Open Source Software contributor conference will be held on November 25th to 29th, 2008, at the National Science Symposium Centre, of the Indian Institute of Science, Bangalore, India."
Speakers for the Linux Plumbers ConferenceThe list of accepted talks for the Linux Plumbers Conference has been posted. This event is off to a strong start; there are a lot of interesting, highly technical talks on the agenda.
Announcing the pyArkansas ConferenceThe pyArkansas conference has been announced. "The Arkansas Python Users Group announces a 1-day Python conference to be held on the campus of the University of Central Arkansas (www.uca.edu) on October 4. We plan a 3-hour "Introduction to Python" class as well as talks on text/file processing, Python standard library, Django, pyGame, OLPC and GIS programming."
Helping Hands: 10 Things You Didn't Know about F-SpotThe OpenSUSE project has announced an online presentation about the F-Spot photo management application. "This week, the Helping Hands Program is proud to host "Ten Things You Didn't Know about F-Spot" presented by the F-Spot Developer Team. This event will be held on Friday, August 22nd at 14:30 UTC in the #opensuse-gnome IRC Channel on the Freenode Network."
Events: August 28, 2008 to October 27, 2008The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it. Web sites Announcing the Java Game TomeNoble Master Games has launched the Java Game Tome site. "Noble Master Games has created the Java Game Tome, a game showcase platform for Java game developers. The Java Game Tome is an internet site that focuses entirely on games written in the Java programming language. Games run as Java Applet, Java Webstart or via download. Games are available for all major operating systems including Windows, Macintosh and Linux."
Audio and Video programs Meet Open Invention Network CEO Keith Bergelt (Linux.com)Linux.com features a video interview with Keith Bergelt. "Linux.com correspondent R. Scott Belford caught up with Open Invention Network CEO Keith Bergelt at the 2008 LinuxWorld Expo and had a pleasant (on-camera) conversation with him."
Page editor: Forrest Cook
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||