LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for May 22, 2003GNU and Ghostscript part waysThe recently announced GNU Ghostscript 7.07 release will be the last. GNU Ghostscript - a free PostScript and PDF interpreter which lurks at the core of free print systems worldwide - is the result of several years worth of cooperation between its developers and the Free Software Foundation. Disagreements over the best way to create free software have brought an end to that cooperation - and to GNU Ghostscript. Fortunately, users of GPL-licensed Ghostscript should see little, if any, change.Many companies have tried innovative licensing schemes as a way of creating free software while making enough money to pay their programmers. Ghostscript works with a variant of the "escrow" approach. New Ghostscript developments are released under the Aladdin Free Public License (AFPL), which is not a free license. It gives users the right to use, modify, and distribute copies of AFPL Ghostscript - with an important restriction:
Distribution of the Program or any work based on the Program by a
commercial organization to any third party is prohibited if any
payment is made in connection with such distribution, whether
directly (as in payment for a copy of the Program) or indirectly
(as in payment for some service related to the Program, or payment
for some product or service that includes a copy of the Program
"without charge"; these are only examples, and not an exhaustive
enumeration of prohibited activities).
In other words, the Ghostscript copyright holder (artofcode LLC) reserves the right to make money from the distribution of Ghostscript. If you want to distribute AFPL Ghostscript as part of a commercial product (i.e. inside a printer), you must come to an agreement with Artifex Software, which handles these deals. After one year has passed, however, the AFPL-licensed code is re-released under the GPL as (until now) GNU Ghostscript. Of course, by that time a new batch of code will be just beginning its time under the AFPL. The end result is the the GPL version is always a bit old. It is, however, clearly good enough for most users; most Ghostscript users probably never bother to download and install the AFPL version, even though they have the right to do so. According to the Free Software Foundation's Bradley Kuhn, the FSF, while accepting the GNU Ghostscript releases, has never been entirely comfortable with the method by which they are produced. There is, he says, "nothing important enough to be worth sacrificing freedom for." So the non-free Ghostscript releases have always gone against FSF principles - even if, in the end, it results in a much improved free Ghostscript. (The FSF also is not convinced that the Ghostscript model results in improved free releases; Mr. Kuhn cites the MySQL approach as, perhaps, a better way of doing things). The difference in viewpoints between the FSF and the Ghostscript team have resulted in two issues which have, at this point, brought about the end of the GNU Ghostscript releases. The first is the FSF's insistence that nothing in GNU Ghostscript can even mention that AFPL Ghostscript exists. This is not a new situation - see this note from Richard Stallman in response to the GNU Ghostscript 5.10 release announcement back in 1998. That announcement mentioned AFPL Ghostscript 5.50, which was set to become GNU Ghostscript 5.50 several months later; this mention violated the FSF's rules on information control and had to be corrected. More recently, Mr. Stallman told the Ghostscript developers that there were "major and pervasive problems" with the GNU Ghostscript release.
The most pervasive problem is that the GPL notices in every source
file are not the standard ones, and they refer to a web site that
describes non-free software.
The Ghostscript team did comply with the FSF's wishes, and changed the copyright notices for the 7.07 release. The other issue has to do with bug tracking systems. The Ghostscript team wants to use a single, unified bug tracker for both versions of the code. Among other things, a common bug database makes it easy to determine whether bugs reported in GNU Ghostscript have been fixed in the AFPL version; in such cases, according to Ghostscript maintainer Raph Levien, the bug fixes are always backported to the GNU version. The FSF was unwilling to agree to a single bug tracking system, however. They would like to see a real development community form around the GPL version of the code and a bug tracking system which includes the AFPL version, in their opinion, works against that goal. The Ghostscript team, unwilling to deal with the hassles of maintaining two separate bug tracking systems, decided to cease making GNU Ghostscript releases. Ghostscript users may not notice the difference, however. Given that each side continues to express great respect for the other and the two remain on friendly terms, there is a real possibility that things could yet be worked out in the future. In the mean time, as Mr. Levien told us: "...while we are discontinuing the GNU affiliation, our commitment to GPL releases of Ghostscript is as strong as ever." GNU Ghostscript will, in the future, bear a name like "GPL Ghostscript," and it will not be considered as part of the body of GNU code. But the GPL-licensed Ghostscript releases - a valuable gift of high-quality code - will continue.
D.H. Brown Linux Summary[This article was contributed by Joe 'Zonker' Brockmeier] What a difference two years makes. D.H. Brown recently released its 2003 Linux Function Review and finds that Linux has improved dramatically since 2001 — though still lagging behind commercial Unix. The executive summary of the report is available to non-subscribers, though you have to provide some contact information in exchange. In the 2001 report, D.H. Brown compared SuSE 7.2, Red Hat 7.1, Caldera OpenLinux 3.1, TurboLinux Server 6.5 and Debian GNU/Linux 2.2r3 against commercial Unix. In the 2003 review, the race is pared down to three Linux contenders: Red Hat Advanced Server 2.1 (RHAS), SuSE Linux Enterprise Server 8 (SLES) and Debian GNU/Linux 3.0. The D.H. Brown Function Review is based on "functional capabilities as of January 1, 2003" in five areas: Scalability; reliability, availability and serviceability (RAS); system management; Internet and Web application services; and directory and security services. Note that the report looks at Linux only as an enterprise system, not in terms of desktop functionality. According to the report, there are 167 items total that have been reviewed by D.H. Brown — the same criteria used by the company to analyze Unix systems. These are rated according to what is offered by each vendor, so add-on packages from third parties don't count. This puts Linux at a slight disadvantage when rating results, since some technologies may be available for Linux from vendors like IBM, HP or SGI, but not provided directly by Red Hat or SuSE. As with the 2001 report, SuSE comes out ahead of Red Hat, particularly in terms of systems management. SuSE ranked "Very Good" in systems management thanks to YaST2 and advanced support for LVM but falls behind RHAS and Debian because it is not suited for managing multiple systems from the same interface. Red Hat scores points for enabling multiple system management with its Red Hat Network. In all categories SuSE either tied with or surpassed RHAS, with Debian taking third place or tying for second place with RHAS. Linux fared poorly in the review in the RAS category, with all three distributions scoring below "Unix minimum" with a rating of "OK" -- Debian GNU/Linux was significantly behind SLES and RHAS, which were tied. In particular, Linux was dinged for not having the same kind of failure recovery features available with high-end RISC Unix systems. For example, none of the distributions reviewed included processor failure recovery or software-based support for advanced memory redundancy. Linux really excels in terms of support for networking protocols, even pulling ahead of some commercial Unix systems. It's interesting to note that a careful reading of the report shows Linux to be handily matching or pulling ahead of SCO UnixWare in many areas. SLES even pulls ahead of the strongest Unix vendor in terms of protocol support, though it's unclear how relevant some of the protocols are to real-world use. For example, both Debian and SuSE have support for IPSec over IPv6, something which isn't exactly in widespread usage. Another thing that is interesting to note is that Linux is shooting for a moving target in trying to catch up with commercial Unix. If commercial Unix systems had not evolved significantly between 2001 and 2003, Linux would have caught up or surpassed most commercial systems in D.H. Brown's ratings. The report gives bar graphs showing the 2001 in grey and the 2003 score in green. In almost every case, Linux is scoring ahead of the top Unix score from 2001. One also wonders whether commercial Unix distributions would have advanced so quickly in two years without Linux nipping at its heels. It's disappointing that D.H. Brown did not compare Linux to Windows Server 2003, particularly since they recently released a report that looks at the advancements made with Windows 2003 Server: Windows Server Platform Reaches Maturity. In that report, Windows 2003 server is mostly examined only in the context of previous Microsoft offerings. In all, the report does a good job pointing out some of the areas where Linux could still use improvement or benefit from additional features while noting that Linux has come a long way in a short time. It seems, at least to this Linux user, as a fair evaluation of Linux's place in the enterprise market. In fact, the report could serve as a useful roadmap for SuSE and Red Hat when planning new features and improvments to their enterprise offerings. It will be interesting to see how well Linux fares in two years.
Fun with SCOThis week's most amusing development in the SCO case is the announcement that Microsoft, that great purveyor of Unix products, has agreed to buy a Unix license from SCO. The amount of money involved has not been disclosed, but there are reports that Microsoft is paying between $10 and $20 million. It is surely coincidental that SCO predicted that licensing revenue would be $10 million this quarter. That is, incidentally, almost half the revenue that the company was expecting over the quarter.There has been no end of speculation regarding Microsoft's motivation for funneling that much money into SCO. It all remains just that, however: speculation. We may find out what is really going on eventually, but it will take a while. The community's attitude toward SCO and its lawsuit remains scornful (at least). It is a matter of faith that SCO's claims are without merit. That faith will probably prove to be justified, but one might wonder about what might happen if SCO turns out to have a point. LWN's standalone article on the topic (reprinted below) was criticized by some as obvious and/or naive, but the question, we believe, deserves a bit more thought than it is receiving. Even if SCO's case turns out to be no more than the hollow, baseless slander that it appears to be, the free software community remains vulnerable to injections of proprietary code.
...and if SCO is right...?As a general rule, the reaction to SCO's lawsuit against IBM has been one of derision and disbelief. It is generally assumed that SCO does not have a legal leg to stand on. SCO's tactics (ever-expanding FUD while refusing to point out the allegedly infringing code) have certainly served to reinforce that perception. But it is worth taking a moment to consider what could happen if SCO turns out to be right. Forewarned, as they say, is forearmed.The Linux kernel (which is the subject of at least some of SCO's claims) is, as a whole, clearly an independent development. The development history is sufficiently public to make that clear. But it is worth considering a few things:
It is also worth bearing in mind that there is no process for checking the pedigree of code submitted to the Linux kernel. Kernel developers (like other free software developers) have more than sufficient integrity to keep them from stealing code, and the process relies upon that fact. If a developer can convince Linus or another major kernel hacker that a patch makes sense, in it goes. Some kernel code is heavily reviewed, but there are vast amounts of code that may not have ever had a serious look by anybody other than its author. Beyond all that, of course, is the unpleasant scenario of tainted code being deliberately submitted to the kernel with the express intent of creating legal problems. The end result is that there might be code of dubious parentage in the kernel. Such code is probably small, and not in the kernel core. But the existence, say, of a purloined device driver somewhere in the kernel would not be entirely surprising. The kernel community might just wake up one morning to find that there are plagiarists in its midst. What happens then? Obviously, a code purge would be called for. Unless SCO explicitly puts any offending code under the GPL (which it might have to do to preserve its own right to distribute the kernel), any infringing code must be pulled from the kernel. That code could be excised even if SCO does release it; its presence would certainly be galling to a number of people. A big "purge and rewrite" operation could, among other things, delay the release of the 2.6 kernel. Future code contributions would receive a higher degree of scrutiny - this may well happen regardless of how the SCO suit turns out. Even if it has not yet happened here, free software projects are vulnerable to injections of tainted code. Developers may have to be prepared to explain how they came up with a particular patch. It is hard to imagine the kernel adopting a bureaucratic mechanism where develpers must sign code releases with warranties and indemnification agreements, but it could happen. Adding that kind of friction to the system can only serve to slow down development, of course. Most frightening, perhaps, is what happens if the kernel development community discovers that one or more of its members has been polluting the well with unfree code. The resultant shattering of trust could impair that community's ability to work together for a long time. In the worst case, if important developers are implicated in dishonest activities, a major fork of kernel development is not out of the question. A successful suit would also make waves in the business world, of course. In the worst case, companies could move away from free software out of fear of lawsuits; this scenario seems unlikely, however. But companies could hold back on code releases or contributions to free software projects out of fear of being accused of illegal copying. A general chilling effect which slows adoption of Linux is a real possibility. Happily, the most likely outcome is that SCO and its lawsuit go down in flames. They have picked on, perhaps, the most transparently developed piece of code in history by way of a huge company with seriously scary lawyers, deep pockets, and the will to defend itself. But the worst-case scenario is worth keeping mind for this simple reason: even if the Linux community doesn't get burned this time, it could happen in the future. We need to pay a great deal of attention to where our code comes from.
Security Brief items The networking hash vulnerabilityMost Linux kernels have a slightly different sort of vulnerability in the networking subsystem. For most users, the new problem is nothing to be particularly worried about. For systems that export important services to the net (i.e. web servers), however, this one is worth paying attention to.The networking code maintains a number of internal hash tables to speed lookups. In the networking code, for example, one table is used to quickly find the route to a remote system; another is used in the netfilter connection tracking code. The problem is that the hashing function used for these tables is predictable and can be influenced by outsiders. In particular, a suitably clever attacker can, through careful choices of (false) source packet addresses, create a great many entries in a single hash chain. Once the chain gets long, the kernel will begin to take a long time to look up each packet which hashes to that chain. This behavior enables a simple denial of service attack: send a bunch of packets with the right addresses and watch the target system slow to a crawl. By exploiting this vulnerability, an attacker can get many of the effects of a large, distributed denial of service attack without having to arrange the "distributed" part - a single system will do. Fixing the problem is a simple matter of picking a better hash function which does not have such predictable behavior. Patches are available for the 2.4 kernel, though, as of this writing, few vendors have released updates; this LWN vulnerability entry will track the updates as they are received. The 2.4.21-rc2 and 2.5.69 kernels also contain the fix - but nobody should be running important services on either of those.
May CRYPTO-GRAM newsletterBruce Schneier's CRYPTO-GRAM newsletter for May is out; it looks at encryption and wiretapping, using unique email addresses for spam avoidance, and cash register receipts. "This wiretapping report provides hard evidence that a closed security design methodology -- the 'trust us because we know these things' way of building security products -- doesn't work. The U.S. government hasn't encountered a telephone encryption product that they couldn't easily break."
OopsTwo weeks ago, this page reported that OpenBSD does not yet have executable stack protection on the x86 architecture. That statement, as it turns out, aligns poorly with reality. OpenBSD has had non-executable stacks since 3.2; what it does not (yet) have is protection for the other data areas - that is the protection offered by the "W^X" technology in OpenBSD 3.3, but which will not be available for x86 until the 3.4 release. We blew it, and we regret the error.
New vulnerabilities cdrecord: format string vulnerability
gnupg: key validation
lv: privilege escalation
sendmail: insecure temporary files
Updated vulnerabilities Heap corruption vulnerability in at
bind buffer overflow vulnerability in DNS resolver libraries
BitchX - denial of service
Bugzilla: several vulnerabilities.
Canna server: exploitable buffer overrun
dvips: command execution vulnerability
epic4: buffer overflows and arbitrary code execution
ethereal - format string vulnerability
evolution: multiple vulnerabilities
Filename disclosure vulnerability in fam
fetchmail: buffer overflow
file - memory allocation problem, stack overflow
GNU fileutils race condition
Potential remote root exploit in glibc
glibc: DNS stub resolvers contain buffer overflow vulnerability
glibc: integer overflow in the xdrmem_getbytes() function
gtkhtml: malformed messages cause crash
IMP - SQL injection vulnerability
kde: arbitrary code execution
kerberos - cryptographic weakness
kernel - ptrace-related vulnerability
kernel 2.4 - two new vulnerabilities
kernel-utils: setuid vulnerability
kopete: vulnerabiliy in GnuPG plugin
libpng, libpng3: buffer overflow
LPRng: insecure temporary file
lprold - buffer overflow in lprm
lynx: CRLF injection vulnerability
perl-MailTools: remote command execution
mysql - configuration file vulnerability
nethack: buffer overflow
NetPBM: math overflow errors
netscape-flash: buffer overflow
net-snmp: denial of service vulnerability
openssh: timing attack leads to information disclosure
openssl: local and remote extraction of RSA private key
pam_xauth: root exploit
PHP: vulnerability in mail function
PostgreSQL - more buffer overflows
PoPTop: remotely exploitable buffer overflow
Local arbitrary code execution vulnerability in Python
Multiple-use vulnerability in Safe.pm
squirrelmail: more cross-site scripting vulnerabilities
File overwrite vulnerability in tar and unzip
TCP/IP: inconsistent flag handling
Multiple vendor telnetd vulnerability
typespeed: buffer overflow
vim - modeline vulnerability
vixie-cron: Local vulnerability
wget:directory traversal bug
Wwwoffle remote privilege escalation vulnerability
xinetd: Memory leak in xinetd 2.3.10
Resources Security Flaw Shows Microsoft Passport Identities Can't Be Trusted (ZDNet)ZDNet is running a Gartner pronouncement on the security of online identity services in the light of the Passport vulnerability. "This discovery deals a major blow to Microsoft and the Liberty Alliance, which have not yet succeeded in getting the consumer e-commerce market to accept identity services of this type. Gartner surveys have shown that consumers and enterprises have already seen more risk than value in Passport and Liberty."
LinuxSecurity.com newslettersNew issues of the Linux Advisory Watch and Linux Security Week newsletters from LinuxSecurity.com are available.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current development kernel remains 2.5.69; there have been no development kernel releases since May 4.Patches continue to accumulate in Linus's BitKeeper repository, however; it now contains some NFS fixes, sysfs support for network devices, an XFS update, some scheduler fixes, a change to the request_module() prototype, some framebuffer fixes, more annotations of user-space pointers and makefile support for Linus's (still unreleased) kernel source analyzer, 48-bit IDE addressing support, a (hopefully) working IDE tagged command queueing implementation, the BIO "walking" API, more devfs cleanups (devfs_register() is gone), the USB "gadget" subsystem, a wireless networking update (and quite a bit of networking work in general), dynamic block I/O request allocation, a fair amount of SCSI cleanup work, a generic x86 subarchitecture, a number of TTY layer cleanups, a USB update, an IA-64 update, and a vast number of other fixes -- some 700 changesets in all. The current stable kernel is 2.4.20; no 2.4.21 prepatches have been released since 2.4.21-rc2 on May 8.
Kernel development news The second "must fix" IRC sessionThe second IRC discussion on the 2.6 "must fix" list was held on May 21. The full transcript is available for those who are interested. Below is a quick summary of some of the high points.
No further discussions have been scheduled at this time.
Kernel policy issues: compatibility and configurationWhen the kernel is deep into a feature freeze and there are not a whole lot of new developments to worry about, it must be time for some policy debates. A couple of issues that have come up over the last week or so - both involving the FUTEX subsystem - cast an interesting light on how policy issues are made, and how the kernel project interacts with its user community.A "FUTEX" is, of course, a fast user-space mutual exclusion primitive. FUTEXes are similar to SYSV semaphores in terms of the functionality they provide, though no attempt has been made to be compatible with the SYSV semaphore interface. A FUTEX is also fast: if there is no contention for a particular lock (which should be the case most of the time) there is no need to go into the kernel at all. An actual system call is only made when a process must wait. FUTEXes are used by the blindingly fast 2.5 threading implementation; other applications will certainly be found for them as they become more widely available. Ingo Molnar recently sent out a series of patches to the FUTEX subsystem; one of them adds a new "requeueing" feature. This feature addresses a performance problem in glibc resulting from a double-lock implementation there; with requeueing, a process which waits on a condition variable can be automatically requeued on a different lock when the condition becomes true. Requeueing avoids the "thundering herd" problem (when many processes are awakened only to contend with each other and go back to sleep) which otherwise results in this situation. The patch drew complaints about how the new feature is implemented. The FUTEX subsystem provides a single system call (futex()) with a command argument. All FUTEX operations are multiplexed through this single call. This style of system call has been deprecated within the kernel for a while now; it is difficult to get a handle on what multiplexor calls are really doing. So it was suggested that, rather than adding yet another command to futex(), Ingo should really tear out the old system call and create a set of new, single-function calls. Ingo did, in fact, send out a patch implementing the futex_wait(), futex_wake(), and futex_requeue() system calls. But he left the old futex() call in as well. And that is the core of the real disagreement: certain developers feel that, since no stable kernel was ever released with the old system call, it should be simply removed before 2.6.0. The problem, of course, is that stable kernels have been released with that system call. In particular, Red Hat Linux 9 contains a version of the 2.4.20 kernel with Native PThread Library and FUTEX support patched in. Removing the futex() system call would break glibc on those systems. So the question becomes: should a feature which has, officially, only been present in development kernels be removed, thus breaking a widely-deployed distribution? Or does a certain amount of compatibility cruft have to remain in the 2.6.0 kernel in order to avoid that breakage? In this case, the issue has been resolved by a decree from Linus: compatibility will be preserved.
Something like "it's only been in the development kernels" is
simply not an issue. The only thing that matters is whether it is
used by various binaries or not.
In a separate posting, Linus states: "...the goodness of an operating system is not in how pretty it is, but in how well it supports the user." And that attitude, of course, has a lot to do with why Linux is as successful as it is. The other FUTEX-related issue has to do with configuration options. Christopher Hoover recently submitted this patch which makes the FUTEX subsystem optional; those who don't want FUTEXes would be able to configure them out of the kernel entirely. Linus, however, doesn't like the idea:
I will strongly argue against making futexes conditional, simply
because I _want_ people to be able to depend on them in modern
kernels. I do not want developers to fall back on SysV semaphores
just because it's too painful for them to use the faster
alternatives.
Similar issues have come up, for example, with regard to making the epoll() system call or parts of sysfs optional. Increasingly, there is an interest in defining a minimal functionality that all Linux kernels will have. Without that, it can be hard to get developers to use some of the advanced features offered by the kernel. On the other hand, developers creating kernels for embedded systems often want to jettison everything that is not absolutely needed. These people, of course, argue for the ability to configure every feature in the kernel. And, as Alan Cox pointed out, making features configurable forces developers to make the implementation of those features properly modular. The likely resolution is that configuration options will be provided for "core" features, but they will be hard to find. Such options may be buried under a menu titled "remove core functions for embedded systems," or hidden from the higher-level configuration interfaces altogether (requiring the use of a text editor on the .config file to change them). Different users have very different needs, and the Linux kernel tries to address as many of those needs as it can.
A general method for firmware loadingWhile most computer peripherals work right "out of the box," some will not function properly until the host system has downloaded a blob of binary firmware. Often as not, this firmware is proprietary software. In the past, a number of drivers have gone into the kernel with proprietary firmware bundled in. In the eyes of many, all devices have proprietary firmware in them; there is little reason to be upset if, in some cases, that firmware arrives via the kernel. But others (notably, the Debian project) object to linking any sort of non-free software into their kernel.The end result is that the recommended way of dealing with devices needing firmware downloads is to have a user-space process handle it. That way, no non-free software need be linked into the kernel; as a side benefit, it also gets easier to upgrade that firmware. The downloads have typically been handled by way of a device-specific ioctl() call; each driver includes its own, slightly different implementation. In 2.5, the device model provides a framework which can be used to clean up the handling of firmware downloads. All that was missing was an actual implementation. Manuel Estrada Sainz has filled that gap, however, with a patch adding an interface for firmware loads. In the new scheme, a device driver needing firmware for a particular device makes a call to:
int request_firmware(struct firmware **fw, const char *name,
struct device *device);
Here, name is the name of the relevant device, and device is its device model entry. This call will create a directory with the given name under /sys/class/firmware and populate it with two files called loading and data. A hotplug event is then generated which, presumably, will inspire user space to find some firmware to feed the device. The resulting user-space process starts by setting the loading sysfs attribute to a value of one. The actual firmware can then be written to the data file; when the process is complete, the loading file should be set back to zero. At that point, request_firmware() will return to the driver with fw pointing to the actual firmware data. The user-space process can chose to abort the firmware load by writing -1 to the loading attribute. When the driver has loaded the firmware into its device, it should free up the associated memory with:
void release_firmware(struct firmware *fw);
There has been talk of maintaining firmware within the kernel so that subsequent requests can be satisfied without going back to user space. No such mechanism has been implemented at this point, however. For situations where it is not possible to wait for user space to react, there is a request_firmware_nowait() function which will call back into the driver when the firmware is available. As of this writing, the new firmware code has not yet been merged into the mainline kernel. Changes to the interface would not be surprising, but it seems likely that 2.6 will have a generic firmware support interface that is not vastly different from what is described here.
Driver porting Driver porting series changesAs was noted last week, the driver porting series is approach completion and new articles will be relatively rare from now on. The series is being maintained, however. Some changes this week include:
Patches and updates Kernel trees
Core kernel code
Device drivers
Documentation
Filesystems and block I/O
Networking
Architecture-specific
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Caldera/SCO Linux: Obituary[This article was contributed by Ladislav Bodnar] Four years ago, Caldera produced one of the best Linux distributions of all times, gained a respectable market share and established vast international presence. Last week, the company suspended its Linux-related activities. What went wrong? Caldera, Inc. was established in 1994 by two former Novell employees Ransom Love and Bryan Sparks. Much of the funding came from Ray Noorda, Novell's former President and CEO and his Canopy Group Investment Company, which he founded in 1995. In February 1996, Caldera released its first Linux product under the name of Caldera Network Desktop 1.0. New releases followed at regular intervals, but it wasn't until Caldera OpenLinux 2.3 in August 1999 that the company made a substantial impact on the Linux market by introducing Lizard. Caldera's Lizard was the first graphical installer ever deployed by a Linux distribution. The OpenLinux 2.3 and especially OpenLinux eDesktop 2.4 releases were well received by Linux fans. "Caldera users truly loved Caldera. The Caldera community was strong, close, and laid-back. The Caldera user mailing list was a true delight." wrote Dennis Powell nostalgically in a recent commentary at Linux and Main. Caldera's KDE-centric products with no GTK/Gnome libraries were remarkably stable and bug-free, a fact that produced an unusually high percentage of entertaining, off-topic discussions on the mailing lists. In the following months, Caldera expanded its presence to 82 countries, introduced Linux training courses and tirelessly attended all major Linux shows and exhibitions around the world. It all seemed like a huge success story. Behind the scenes, however, things did not look nearly as rosy. Sales of boxed products were slow, which prompted the company to withdraw from the retail market in 2001. But the biggest shock came in June of that year when Caldera announced an unprecedented decision to introduce per-seat licensing for their upcoming OpenLinux Workstation and Server 3.1. There was a loud stir on the Caldera mailing list. Even louder was the heated exchange of words between GNU's Richard Stallman, who called Caldera "a parasitic company" and Ransom Love, who claimed that "the open source movement has no clue about marketing". Despite the wide-spread criticism, Caldera pressed ahead with the new license, although, in what looked like a sudden change of mind, it quietly released the distribution as a free download for non-commercial purposes. Nevertheless, the damage was done. The company made the headlines twice in 2002. In May, Caldera was behind the initiative to launch United Linux, a consortium of four companies (the other three were SuSE, Turbolinux and Conectiva) to create an enterprise class distribution, while sharing a unified code base and pooling some of their resources. Despite repeated claims that the consortium is not anti-Red Hat, many analysts felt otherwise. The final version of United Linux 1.0 was released in November 2002. By that time, there was no more Caldera as the company renamed itself to 'The SCO Group'. "Caldera to change its name to SCO, reemphasizing its dedication to Linux, and capturing brand recognition of the SCO name", proudly proclaimed the press release. Thus, Caldera's last Linux product became known as SCO Linux 4.0 powered by UnitedLinux. It carried a per seat license and it was only available from SCO's online store for between $600 and $2,200 depending on support requirements (the $600 edition came with no support whatsoever). We don't know how many boxes SCO sold, but one thing is for certain - SCO Linux made very little dent in Red Hat's market dominance. Richard Stallman made himself heard once again: "Licensing per seat perverts the GNU/Linux system into something that respects your freedom as much as Windows." The Caldera/SCO mailing list became the prime example of the general disillusionment with the company practices. The once popular and lively discussion forum degenerated into angry exchanges, accusations and demands for clear statements about the company's future plans. As these were not forthcoming, many left the list with a widely varying degree of civilized behavior. But of course, all the controversial decisions the company made in the past were nothing compared to the current onslaught against Linux. "Linux is an unauthorized derivative of UNIX and legal liability that may arise from the Linux development process may also rest with the end user." "For the reasons explained above," continues the letter sent to SCO customers on May 14, 2003, "we have announced the suspension of our own Linux-related activities". The intentions were made very clear -- or where they? Back to the SCO mailing list and another quote from a message by a SCO support representative on the very next day (please note that at the time of writing, SCO's online mailing list archives have yet to be updated to show this message): "SCO will continue to honour and renew support agreements and will continue to provide maintenance in the form of security fixes for [OpenLinux 3.1.1 and SCO Linux 4.0]. SCO has no plans to retire SCO Linux at this time." Maybe some lawyers can conclude that the meanings of the two statements are really equivalent, but for the rest of us, they are just another sign of confusion from a company whose honesty and reliability would make the former Iraqi information minister look like an innocent child. This is a sad, sad end of a great distribution and quite possibly the company, whose greed and desperation, rather than solid products, have become the dominant business model. What's the opposite of "rest in peace, Caldera/SCO Linux"?
Linux Audio Workstation (LAW)The LAW distribution, is not a complete Linux distribution. It is a collection of documents and installation scripts that can be used to turn your existing system into an audio workstation. Version 1.0 uses Red Hat Linux 7.2 (Valhalla) as a base system. The next version will use Debian as the base. Of course LAW scripts will probably work well on other distributions with little or no modification.
Distribution News Debian GNU/LinuxThe Debian Weekly News for May 20, 2003 is available. This week's topics include GCC 3.2 & 3.3; Libranet 2.8; Debian Leader Delegations; Debian MIA Check; and much more.There will be a key-signing party at Debconf 3. A new mailing list debian-multimedia mailing list has been created for discussion about the development of applications that produce multimedia content, handling multimedia data, supporting multimedia hardware etc.
Gentoo Weekly Newsletter -- Volume 2, Issue 20The Gentoo Weekly Newsletter for May 19, 2003 is out. Gentoo announces the creation of Gentoo Games. Read more below about how Gentoo plans to advance Linux gaming.
"The Complete FreeBSD" Released by O'ReillyO'Reilly has released "The Complete FreeBSD", a practical guidebook that explains how to get a computer up and running with the FreeBSD operating system and how to turn it into a functional and secure server.
Mandrake LinuxMandrakeSoft reports that the gnome-pilot package, which provides PDA support for GNOME had an error where it would not work the Palm Tungest T. This update fixes that issue.
EnGarde Secure LinuxGuardian Digital reports that PHP packages shipped with some versions of EnGarde had debugging enabled, causing them to not support some third-party add-on packages. This update disables debugging.
New Distributions Bonzai LinuxBonzai Linux, formerly known as miniwoody, has released version 1.5. Found on Debian Planet.
DietLinuxDietLinux is a dietlibc-based Linux distribution. Glibc is fully avoided. Some of the most important server daemons (DHCP, DNS, etc.) are working. The initial version, 0.1, was released May 16, 2003. DietLinux has joined the "Special Purpose" section of our Distributions List.
FreepiaFreepia is small GNU/Linux distribution designed to run on Via Epia-M Mainboards. At present it only runs on the M-9000. The motivation behind this project is to build a full featured, low noise media box to play movies/mp3s/images etc. It currently uses Freevo, but in the future there maybe support for other media players like mythtv or vdr. Version 0.3.1 was released on May 17, 2003. Freepia has also joined the "Special Purpose" section of our Distributions List.
ThinStationThinStation is a Linux distribution that enables you to convert standard PCs into full-featured diskless thinclients supporting all major connectivity protocols. It can be booted from the network using Etherboot/PXE or from standard media like floppy/CD/hd/flash-disk etc. The configuration is centralized to simplify terminal management. Version 0.91 was released on May 15, 2003.
Minor distribution updates BBIagentBBIagent has released v1.8.1 with minor feature enhancements. "Changes: Parallel port or USB printers attaching to the router can now be shared by other computers on the network with LPR or RAW protocol."
Damn Small LinuxDamn Small Linux has released v0.3.9 with minor feature enhancements. "Changes: This version features PPP over Ethernet (PPPoE) so that it works with ADSL connections. XMMS can now play MPEGs thanks to the SDL plugin. It also includes Zile, a very small yet powerful Emacs clone."
KnoppixKnoppix has released v3.2-2003-05-16 with minor bugfixes. "Changes: Support for some TFT displays, updated drivers for wireless cards, several other updates, and improved auto-detection."
MorphixMorphix has released v0.3-6 with major feature enhancements. "Changes: This release adds heaps of bugfixes (and probably new bugs), a new, pretty Xcursor, and a load of other changes. icewm has been replaced with XFCE4 in LightGUI."
MulimidixMulimidix has released v0.1.9pre with major bugfixes. "Changes: This release features the 2.4.20 kernel and VDR 1.1.29 (including AIO). Various bugfixes were made, the configuration scripts were updated, and a lot of other useful stuff was added."
PXES Linux Thin ClientPXES Linux Thin Client has released v0.5.1-41 with major feature enhancements. "Changes: Some important changes include ISOPXES to generate bootable PXES CDs and a telnet server. The ability to create "multi-session" images containing more than one cliet session code was added. The local session was improved. The session used can be decided at run time and the interactive selection of many parameters were added. Outstanding is the ability to select IP address parameters at runtime, freeing it from the DHCP. The look and feel have been improved too. Various client sessions were added (partial) aiming to be the real Universal Linux Thin Client."
WarewulfWarewulf has released v1.11 with minor bugfixes. "Changes: A fix for a permission issue in the node filesystem with /dev/zero and a bug in nodeupdate regarding node permissions. Some GUI bugs were also fixed, and optimizations were made in wwnodes."
Distribution reviews Booting Your Business Card: Linux-BBC 2.1 (Linux Journal)The Linux Journal reviews LNX-BBC 2.1. "There are no man pages, however. Linux-BBC is very much a 'we expect you to know what you're doing' kind of distribution. After all, you can run screen, ssh out to a working system, read the fine manual and cut-and-paste code back into the local host."
Debian on Steroids II: The Libranet Workout (Linux Journal)Linux Journal reviews Libranet, version 2.8. "Libranet's proprietary features are ease of installation and administration. While based on the rock-solid Debian Woody, Libranet also includes up-to-date applications from the Debian testing and unstable versions, making sure that everything works smoothly and together. Updates come from Sarge, the testing branch. Is that worth paying for? With a full 30-day refund guarantee, trying it yourself is the best way to answer the question."
Page editor: Rebecca Sobol Development GCC 3.3 releasedVersion 3.3 of GCC, the GNU Compiler Collection, has been released thanks to the tireless efforts of these contributors.The Changes, New Features, and Fixes page documents everything that is new with this version. A number of changes include the removal of support for processors and obsolete features:
Some of the new features include:
System Applications Audio Projects Alsa 0.9.3b releasedVersion 0.9.3b (and apparently version 0.9.3c) of the Alsa sound driver is available. Changes include: "ISA PnP and other fixes. We removed /proc/asound/dev directory. The 'make install' should create new device files, but in case of problems, the snddevices script should be executed."
JACK 0.71.2 ReleasedVersion 0.71.2 of the Jack Audio Connection Kit is available. Changes include an updated README, and removal of the fltk example client, see the release notes for more information.
Ogg TrafficThe May 13, 2003 edition of Ogg Traffic is out with the latest Ogg Vorbis audio compression software news.
Database Software MySQL 4.0.13 has been releasedVersion 4.0.13 of the MySQL database has been released. "This is a bugfix release for the current production version."
PostgreSQL Weekly NewsThe May 14, 2003 edition of the PostgreSQL Weekly News is out. "The decision has been made to push back the 7.4 release schedule by 1 month. This means feature freeze will occur on June 16th, with Beta starting July 1st. The move has been made mainly to accommodate the win32 & PITR developers, with a nod to giving client developers enough time to implement some of the new front-end/back-end protocol changes."
psqlODBC 07.03.0100 ReleasedVersion 07.03.0100 of psqlODBC has been released. "With this release, the ODBC 3 driver is now the default."
Education Linux in Education ReportIssue #96 of the SEUL/edu Linux in Education Report is out. Issues include: the UK Office of Fair Trading and anti-competitive Microsoft license issues, HOSEF, the Hawaii Open Source Education Foundation, reports from ITFirms in South Africa about Free and Open Source software in developing countries, and new educational software releases.
Mail Software SpamAssassin 2.54SpamAssassin 2.54 has been released. This would normally look like a minor release, but it has a change that could almost be seen as a security fix. It seems that there were some spammers bright enough to figure out that, if they added headers to make their mail look like it came from mutt, pine, or mozilla, SpamAssassin would give their spam a bonus. Thus the curious flood of mail composed simultaneously with mutt and pine. Version 2.54 closes that hole; it's a worthwhile upgrade for anybody running SpamAssassin.
Printing GNU Ghostscript 7.07Version 7.07 of GNU Ghostscript has been released. "This release contains an important security update, and all free software users are encouraged to update. Also included are improvements to the display and pngalpha devices, improved comformance with the GNU coding guidelines, and minor build tweaks. This will also be the last release of Ghostscript as a GNU project. We will continue to make releases under the GNU General Public License, but because of disagreements over censorship of the AFPL releases and our development model in the GNU release, we feel we have to part ways with the GNU project."
LinuxPrinting.org newsThe latest changes on the LinuxPrinting.org site include support for the HP DeskJet 9300, OfficeJet 5105, 6105, PSC 1100, 1110, and 1200 printers, and more.
Web Site Development CMF 1.4 Released (ZopeMembers)The final release of version 1.4 of the Zope Content Management Framework (CMF) is available. See the Change Log for information on what's new.
Zope Group Calendar version 0.1 released (ZopeMembers)The first release of the Zope Group Calendar has been announced. This is an enhancement of the CMF calendar with interfaces for Agendas, Days, and Months.
PABlog 1.4 released (ZopeMembers)Zope Members News has an announcement for version 1.4 of PABlog, a blog tool that runs under CMF and plone.
Formulator 1.4.0 released (ZopeMembers)Version 1.4.0 of Formulator, an extensible framework for the creation and validation of web forms, has been released. "There are a number of new features, including unicode support, new options for DateTime fields and string fields, as well as a system for the public rendering of data based on the form."
mnoGoSearch-php-3.2.0 releasedVersion 3.2.0 of mnoGoSearch-php, a PHP front-end for the mnoGoSearch web site search engine, is available. See the changes document for more information.
Miscellaneous GNOME System Tools 0.26.0 is out! (GnomeDesktop)Version 0.26.0 of GNOME System Tools, a set of cross-platform configuration utilities, has been released. "This new release features (amongst lots of bugfixing) network profiles, so users can store several network configurations, and change between them with a couple of clicks."
Desktop Applications Audio Applications MusE 0.6.0 releasedVersion 0.6.0 of MusE, the Linux (Midi) Music Editor, is available. Changes include a bunch of bug fixes, a Swedish translation, and more, see the ChangeLog file in the source distribution for details.
Tkeca 1.2.0 ReleasedVersion 1.2.0 of Tkeca, the Tk-based GUI interface for Ecasound, has been released.
Desktop Environments KDE-CVS-DigestThe May 16, 2003 KDE-CVS-Digest is out. "In this week's issue of KDE-CVS-Digest, read about the beginnings of a mobile device framework and the reworking of KMail groupware functionality. Also, bug fixes in Kate, KDE Print, Konqueror, KWin, KSpread, Kopete and many others."
KDE TrafficIssue #51 of KDE Traffic is out. Topics include: dot.kde.org weekly roundup and responses, karm: what is a maintainer good for?, KHTML developers: Animated GIF playing, KOffice 1.3 w/o Kexi, and KOffice's Filters on Test.
KDE 3.1.2: The Even More Stable ReleaseVersion 3.1.2 of KDE has been announced. "The KDE Project has released KDE 3.1.2, the second maintenance release of the KDE 3.1 release series. It features more and much improved translations and many problem corrections."
KDE/Qt Gain Increased Support for Indic LanguagesKDE.News covers the upcoming KDE 3.2 desktop, which will include improved Indic language support. "Currently, Devanagari (screenshot), Bengali (bn-2, bn-3, bn-1) and Tamil have been tested but Syriac, Tibetan, Khmer and others are expected to work as well. Dirk Mueller writes: "The KDE Project encourages interested people who understand these languages".
Games Animation in SDL (O'Reilly)Bob Pendleton explains game animation basics under SDL on O'Reilly. "The Simple DirectMedia Layer (SDL), a powerful, commercial grade and cross platform game development library, has been used to write or port more than 40 commercial games. SDL runs on pretty much any PC or PDA which has a graphic screen and something at least roughly like an operating system."
TuxTyping 1.5.0 released (SourceForge)According to SourceForge, version 1.5.0 of Tux Typing, an educational typing tutorial game, is available. "After over a year of development with no releases, we are pleased to present Tux Typing 2 "Preview" release. Most of the internals have been rewritten with a focus on extensibility and internationalization. Creating a language pack is now as simple as creating a file for translations (lang.po file), maybe finding a font [1], setting up how the keyboard maps to the characters [2], and finally creating some word lists."
JOOLS 0.1 released (PyGame)Version 0.1 of JOOLS is available from the PyGame site. "Jools is a graphical puzzle game in the tradition of Tetris, it is a clone of Bejeweled (TM). In a nutshell, the goal is to swap adjacent jools (jewels) within a grid, in order to create rows of three or more of a kind. These jools will then disappear, and more will fall to fill their places."
Graphics GIMP 1.2.4 ReleasedVersion 1.2.4 of the GIMP, the Gnu Image Manipulation Program, has been released. "The long awaited version 1.2.4 has finally been released. This is a bugfix release in the stable 1.2 series."
GUI Packages flews 0.3 releasedVersion 0.3 of flews, a set of extended Widgets for FLTK, has been released.
wx4J 0.1.0 has been releasedwx4j, a Java binding for the wxWindows cross-platform GUI framework, has been released. "Since wx4j uses native widgets, it utilizes the native look and feel. This is the initial public release of wx4j."
Interoperability CrossOver Office Version 1.3.5 availableVersion 1.3.5 of CrossOver Office has been released. "The key change in version 1.3.5 is that it now operates properly on glibc 2.3 systems, including SuSE 8.2, RedHat 9.0, and Mandrake 9.1."
Samba-3.0alpha24 releasedVersion 3.0alpha24 of Samba is available. Release information is available on the here. "The purpose of this alpha release is to get wider testing of the major new pieces of code in the current Samba 3.0 development tree. We have officially ceased development on the 2.2.x release of Samba and are concentrating on Samba 3.0. To reduce the time before the final Samba 3.0 release we need as many people as possible to start testing these alpha releases, and hopefully giving us some high quality feedback on what needs fixing."
Wine TrafficIssue #170 of Wine Traffic has been published. Topics include: TransGaming Poll Update, SpyHunter Port, More on FoxPro, Direct3D Status, Lotus Notes Breakage, NPTL Auto Detection & RH9 Packages, RPC Documentation Update, Valgrinding Wine, Separating 16/32 Bit OLE Functions, Improving Exception Handling, and SourceForge Download Stats.
Office Applications AbiWord Weekly NewsIssue #144 of the AbiWord Weekly News is out. "Yes, we have 1.9.1 ready for your playing about (Win32 binaries STILL not available by press time). Martin has added a nice ability to copy and paste whole tables, but only after the 1.9.1 release. A c-style cast finder was created by Andrew, which I'm sure some of you may want to try out, and, finally, nyorp plays with your editor's mind just long enough to make him take a break in the middle."
StarDict 2.1.0 released. (GnomeDesktop)GnomeDesktop has an announcement for version 2.1.0 of StarDict. This release adds the: "dictd dictionary converter, this added about 100 dictionaries. wquick dictionary converter, this added about 150 dictionaries. dictzip support, so StarDict can use .dict.dz compressed file now. WyabdcRealPeopleTTS support, now StarDict can pronouce English words."
Web Browsers Epiphany 0.6.1 (GnomeDesktop)GnomeDesktop.org mentions the release of version 0.6.1 of the Epiphany web browser. "Epiphany is a GNOME web browser based on the mozilla rendering engine. Version 0.6.1 released and it includes updated translations, bugfixes, interface improvements, new features and code changes."
Mozilla Firebird 0.6 releasedMozilla Firebird 0.6, the first release of the browser formerly known as Phoenix since its high-profile name change, is out. The release notes detail the changes; included therein is a new default theme, a new preferences window, one-click removal of all privacy-related data, and several other new features. French and Polish language versions of this release are also available.
Independent Status Reports (MozillaZine)The May 15th, 2003 Mozilla Independent Status Reports are out. "The latest set of status reports includes updates from BookSync, CardGames, Bugxula, DailyComics, Mozile, Download Statusbar, Demiurge, Linky and Xprint."
Minutes of the mozilla.org Staff Meeting (MozillaZine)The minutes from the May 12, 2003 Mozilla.org staff meeting are available online. "Issues discussed include a reorganisation of the CVS tree and build system, Tinderbox3 and MozTools, 1.4 Beta, 1.4 final and 1.5."
Miscellaneous Gaim 0.63 released (GnomeDesktop)Gnomedesktop.org has an announcement for version 0.63 of Gaim, an internet messaging client. "This new release features a rewrite of the plugin API, support for adding chats to your buddy list, buddy list speed enhancements, and the MSN protocol plugin was rewritten, and has experimental buddy icon support as well as MSN Mobile support."
Languages and Tools Caml Caml Weekly NewsThe May 13-20, 2003 edition of the Caml Weekly News is out with the latest Caml language news.
Java A JSTL primer, Part 4: Accessing SQL and XML content (IBM developerWorks)Mark A. Kolb concludes his series on JSTL with Part 4, Accessing SQL and XML content. "A hallmark of Web-based applications is the integration of multiple subsystems. Two of the most common mechanisms for exchanging data between such subsystems are SQL and XML. In this article, Mark Kolb concludes his coverage of JSTL with an introduction to the sql and xml libraries for accessing database and XML content in JSP pages."
JDBC query logging made easy (IBM developerWorks)Jens Wyke covers JDBC logging issues on IBM's developerWorks. "A simple extension to the JDBC java.sql.PreparedStatement interface can make query logging less prone to error, while also tidying up your code. In this article, IBM e-Business Consultant Jens Wyke shows you how to apply a basic wrapping technique ("extension by wrapping," also known as the Decorator design pattern) for very satisfying results."
How Servlet Containers Work (O'Reilly)Budi Kurniawan explains Java servelet containers in an O'Reilly book excerpt article. "This article explains how a simple servlet container works. There are two servlet container applications presented; the first one is made as simple as possible and the second is a refinement of the first. The sole reason I do not try to make the first container perfect is to keep it simple."
Perl This Week on perl5-porters (use Perl)The May 12-18, 2003 edition of This Week on perl5-porters has been published. "This week, discussions spawned across : manual pages, and their adaptation to perl's audience ; build problems ; interfaces ; conventions ; and the usual amount of bugs."
This week on Perl 6 (O'Reilly)The May 11, 2003 edition of This week on Perl 6 is out. Topics include: Long option Processing, Excessive memory usage?, NCI and handling of generic buffers of stuff, Calling convention changes, IMCC vs. Parrot assembler, More on stack walking, PIO work, sysinfo op, and more.
PHP PHP Weekly SummaryThe May 19, 2003 PHP Weekly Summary is out. Topics include: "PEAR gathering in Amsterdam, RC 3, Activestate awards, Websphere MQ extension, Unbundling expat and libml2, stdio conversion."
PHP 4.3.2RC3 ReleasedVersion 4.3.2RC3 of PHP is available. "This is the third and final release candidate and should have no critical problems/bugs. Nevertheless, please download and test it as much as possible on real-life applications to uncover any remaining issues."
Python Dr. Dobb's Python-URL!The Dr. Dobb's Python-URL for May 20, 2003 is out. This week: recommendations for other programming languages which a Python programmer might enjoy learning; the Second Annual European Python and Zope Conference; and much more.
Using libxml in Python (O'Reilly)Uche Ogbuji shows how to use libxml from Python on O'Reilly. "A few years ago the increase of interest in XML processing in GNOME led to the development of a base XML processing library and, subsequently, an XSLT library, both of which are written in C, the foundational language of GNOME. These libraries, libxml and libxslt, are popular for users of C, but also those of the many other languages for which wrappers have been written, as well as language-agnostic users who want good command-line tools."
Ruby Ruby Weekly NewsThe May 19, 2003 edition of the Ruby Weekly News is out. Threads include: Objects vs. Data Structures, and Enumerable #each with arguments. New softwar includes: Madeleine 0.3, an OpenSSL module for Ruby, and wxRuby Beta 0.01.
Tcl/Tk Dr. Dobb's Tcl-URL!The May 20, 2003 edition of Dr. Dobb's Tcl-URL! has been published. Take a look for the latest Tcl/Tk news.
Miscellaneous Using the Subversion Client API, Part 2 (O'Reilly)Garrett Rooney concludes his two-part series on the Subversion version control system. You may want to start with part one of the series.
Page editor: Forrest Cook Linux in the news Recommended Reading Microsoft to license Unix code (News.com)The plot thickens: News.com reports that Microsoft has decided to license Unix from SCO. "Late Sunday, Microsoft general counsel Brad Smith said acquiring the license from SCO 'is representative of Microsoft's ongoing commitment to respecting intellectual property and the IT community's healthy exchange of IP through licensing.'" (Thanks to Ashwin N. and Cecil Whitley).
Online petition challenges SCO (vnunet)Vnunet covers an online petition which challenges SCO's claim to ownership of intellectual property in Linux. "Now the creator of an online petition is inviting users to sign up to challenge SCO to sue them. A message on the website reads: "I am a Linux user. I feel that SCO's tactics toward an operating system of my choice are unjust, ill founded and bizarre.""
Torvalds Suggests DiBona for SCO Panel (Linux Journal)Linux Journal takes a look at who might be on the panel of experts to which SCO will reveal their allegedly stolen UnixWare code. "Appointing a believable panel would be difficult, Torvalds said in an e-mail interview. "I suspect the people I'd like to see are not people SCO would care for or [who] would be able to sign an NDA on it. The thing I would want is somebody who is able to actually trace things back in time to be able to make a judgment of whether it came from UnixWare or from Linux. Somebody who is technical enough and has enough background in the kernel that he can follow it down without going mad", he said."
Linux vendors confused by SCO actions (ZDNet)ZDNet talks with Linux vendors about the SCO lawsuit. "Red Hat also indicated that it did not yet see SCO's tactics having an effect on business. "We've seen no indication from enterprise customers that these statements from SCO have been a deterrent from viewing Red Hat as a trusted provider of Linux solutions," the company said in a statement on Thursday."
The fear war against Linux (News.com)News.com has an article by Bruce Perens on the announcement that Microsoft will license SCO's Unix patents and the source code. "Who really benefits from this mess? Microsoft, whose involvement in getting a defeated Unix company to take on the missionary work of spreading FUD (fear, uncertainty and doubt) about Linux is finally coming to light."
Microsoft Agrees to License Unix (Wired)Wired takes another look at SCO, IBM and Microsoft. "Since the lawsuit, people have "suggested that SCO doesn't own any Unix patents," [SCO VP] Hunsaker said. The Microsoft deal "is part of an ongoing effort to validate our intellectual property rights... (and) shows very clearly we own Unix patents because Microsoft just licensed them," Hunsaker said."
Microsoft, SCO and Linux (IT-Director)IT-Director is running a column by Robin Bloor on the SCO case. "What the Microsoft deal will do, if nothing else, is help finance SCO so it can pursue its legal games. Indeed some people suspect that it is a Microsoft legal action by proxy - which may be the usual conspiracy theory in motion, but who knows."
Tragedy to farce--the SCO vs. IBM lawsuit (ZDNet)For those who haven't seen enough of this stuff yet: ZDNet has published an Eric Raymond rant about the SCO lawsuit. "In order to make its case against IBM, Caldera has had to push the claim that Linux was a pathetic makeshift until the corporate hand of IBM injected into it secrets stolen from the ancient Unix code. Besides being ludicrously false, this enraged every Linux developer on the planet. Accusing us of trafficking in stolen goods was bad; implying that we were incompetent was far worse."
Companies IBM to debut new desktops for businesses (News.com)News.com covers new desktops from IBM. "The ThinkCentre line will initially consist of three models: the ThinkCentre S50 small-size machine, the A50p multimedia computer and the M50 that IBM will ship with desktop versions of Red Hat or SuSE Linux. More models will be added as the year progresses."
IBM and T-Rex (IT-Director)IT-Director digs up some information about the T-Rex mainframe. "The second factor and the one that brought the mainframe back to life was Linux. Implemented in a virtual machine environment on the mainframe, Linux proves to be very economical "per instance" and cheaper to configure and run than on any other platform."
Ballmer on Linux (Register)The Register covers a meeting held by Microsoft with European industry analysts to discuss Linux and other Open Source Software (OSS). "Overall the day indicated that Microsoft is now happy to recognise that the influence of Linux is growing. It is clear that we can now expect Microsoft to attempt to build its case for Windows as an operating system based on rational arguments rather than a simple dismissal."
How Microsoft Warded Off Rival (NY Times)Several readers have pointed out this NY Times article (registration required), which indicates that Microsoft has probably violated European anti-trust laws in its efforts to win over Linux at all costs. "The Microsoft campaign against Linux raises questions about how much its aggressive, take-no-prisoners corporate culture has changed, despite having gone through a lengthy, reputation-tarnishing court battle in the United States that resulted in Microsoft's being found to have repeatedly violated antitrust laws."
Linux Adoption Playing the Linux Game, By email (IT-Director)IT-Director tells us how to play the Linux Game. "IBM has done well playing the Linux game. Although in theory Linux doesn't belong to anyone, in practice it belongs to those that can profit from it most and thus it belongs most to IBM. It belongs to Hewlett Packard and Dell too of course. It doesn't belong to Sun Microsystems much and it belongs least to Microsoft. Just to confirm this, Steve Ballmer recently said, yet again, that Microsoft will not port its products to Linux."
TORCH Independent Consultant (TIC) Program announced (LinuxMedNews)LinuxMedNews covers a new consultant program for the fledgling Free/Open Source Medical Software industry. "The TIC program is designed to provide independent consultants with the information and tools needed install and support the electronic health record application TORCH. TORCH is licensed under the GPL and can be downloaded from the Open Paradigms,LLC website."
If the glass slipper fits (InfoWorld)InfoWorld examines the maturing of open source. "The real issue for open source is adjusting from being remarkable to being important. There's a real distinction between the two. Remember when cell phones were new? Your first call was probably to a friend to say, "Hey, guess what! I'm on a cell phone." If you called your friend today with the same message, chances are your friend would ask, "Are you feeling OK?" Open source advocates should be pleased that many open source technologies (Linux, MySQL, Apache) are so entrenched in the enterprise (that is, important), and that their presence is similarly unremarkable." (Thanks to Lenz Grimmer)
PeopleSoft: .Net is IT 'asbestos' (News.com)News.com reports that PeopleSoft President and CEO Craig Conway called Microsoft's .Net initiative the information technology equivalent of asbestos. "Speaking at the software company's 2003 Leadership Summit in Sydney, Australia, Conway said the state of the global economy makes it imperative for businesses to control IT costs. He advocated Linux-based server-centric operating environments for enterprise applications as one way to achieve this goal."
Developing Countries Gain from Free/Open-Source Software (Linux Journal)Linux Journal looks at a report from Finland that says FLOSS use is increasing around the world for business, education and political needs. "Free software and open source's "inherent qualities" also make it a prime tool for achieving local language educational software, "especially for languages which are not deemed commercially viable for proprietary software vendors". "If the adoption of FLOSS in developing countries is done wisely, it can help stimulate indigenous software industry and create local jobs", says the study."
Legal Congress calls to arms against pirates (News.com)News.com looks into a new congressional caucus devoted to combating piracy and promoting stronger intellectual property laws. "Joining Wexler as co-founder of the caucus is Rep. Adam Smith, D-Wash., who helped author a note last fall to 74 fellow Democrats assailing the Linux open-source operating system's GNU General Public License as a threat to America's "innovation and security." Smith's district includes the Seattle surburbs near Microsoft's Redmond, Wash., headquarters. The third founder is Rep. Tom Feeney, R-Fla., a first-term congressman and former speaker of the Florida House of Representatives who was once Gov. Jeb Bush's running mate."
Interviews Interview with Display Works Inc. (KDE::Enterprise)KDE::Enterprise interviews Display Works Inc., about KDE and how it is used in the company. "We began about a year ago to migrate our desktops to KDE 2.1.2 for our front office staff. We intentionally provided very little in the way of training to give us a real evaluation of KDE as a desktop. Our staff are generally not at all sophisticated computer users, and we wanted a direct experiential measurement as to what we would call the "competence" of KDE as a work environment. The experiment was a tremendous success."
Interview: Talking pizza and packets with Samba co-founder Tridge (NewsForge)NewsForge interviews Andrew Tridgell. "Much in the same way that Cisco founders Sandy Lerner and Leonard Bosack invented the router so they could send emails to each other across the Stanford University campus, Andrew Tridgell just wanted the three computers on his home network to talk to each other. The three computers, a PC running DOS, a Sun workstation, and a DECstation 3100 running Digital Unix, needed a common protocol that all could understand. Hacking on what he thought was a proprietary protocol of a DOS-Unix program called Pathworks, Tridge (as he's known) accidentally found himself reverse-engineering the heart of Microsoft's networking, the SMB protocol."
Interview with Andreas Mohr (WineHQ)WineHQ features an interview with Wine developer Andreas Mohr. "This week Andreas Mohr finds himself in the hotseat. Andi was born in Karlsruhe, Germany in 1977 and grew up in Renningen, near Stuttgart. He did the usual military service after high school and in 1997 began studying electrical engineering at Stuttgart University. Now he's attending the University of Applied Sciences in Esslingen studying computer science. Besides the normal CS classes Andi is focusing on embedded systems, automation, and networking."
Resources Administer Linux on the fly (IBM developerWorks)This article on IBM developerWorks shows how to use the /proc filesystem to get a handle on your system. "This article includes hints and tips for performing various administrative tasks and changing your system without rebooting. Linux provides various ways to change underlying operating system values and settings while keeping the system up and running."
Reviews Database Users Keen on Linux 2.6 Kernel (eWeek)eWeek examines the improvments to the 2.6 kernel that will help database users. "Tim Kuchlein, director of information systems at Clarity Payment Solutions Inc., a developer of prepaid electronic payment systems, said the ability for the kernel to support extra memory will enable his company to work its database like Google: running on all memory, all the time."
Miscellaneous Can Ogg Vorbis change digital audio? (NewsForge)NewsForge looks into open source digital audio products. "Xiph.Org is an umbrella organization for a group of open source multimedia development projects. Other projects operated by Xiph.Org include Ogg Theora , a video code developed in cooperation with On2 Technologies ; Free Lossless Audio Codec (FLAC); and Speex , a low bitrate codec designed for speech compression. Vorbis, however, is probably the highest-profile aspect of the project."
Can software developers form an 'open source' union? (NewsForge)NewForge proposes a union for software developers. "There has never been a successful union-style organizing movement among software developers. Ian Lurie, who runs a Seattle Web design firm, believes this is because traditional "industrial" union structures don't serve programmers' needs very well, but that a new, "open source" union structure based on pre-industrial craft guilds might make lives better for people in the job-nomadic IT industry."
NASA Technical Report Recommends Adopting Mozilla Public License (MozillaZine)According to MozillaZine, NASA has selected the Mozilla MPL as a license to distribute some free software under. "Adam Hauner wrote in to tell us about a NASA technical report which recommends that the US space agency distribute some of their software under the Mozilla Public License. The report, by Patrick J. Moran of the NAS Systems Division at the NASA Ames Research Center, explains how open source is compatible with NASA's mission and evaluates several licenses before recommending that the Mozilla Public License be an option for software distribution."
Open source in the stars for NASA? (News.com)News.com covers a NASA analyst's recommendation that the agency move some software development to an open-source model. "That report found that open-source software "plays a more critical role in the (Department of Defense) than has been generally recognized" and argued that, if open source were banned, the military's information security would plummet and costs would rise sharply."
Key battles forge fate of free software (SiliconValley)Dan Gillmor looks at the SCO and OpenTV cases. "If the FSF is right that OpenTV is violating the GPL, and if this behavior is found to be legal by the courts, the entire free-software and open-source movements could be derailed. Agreeing to share the improvements you make in the GPL-licensed software you've used is an essential part of the larger ecosystem."
Page editor: Forrest Cook Announcements Non-Commercial announcements World Wide Web Consortium approves patent policyThe W3C has announced the final approval of its patent policy, which states that patented technology included in W3C standards must be licensed on a royalty-free basis - at least for the purpose of implementing the standard. This long process has finally reached its conclusion.
LSB Architecture Specs for PPC64, S390, & S390X approved by the FSGThe Free Standards Group board has approved the LSB version 1.3 archetecture specs for the S390, S390X, and PPC64 platforms.
Public Review for LSB's AMD64 architectureThe Linux Standards Base is looking for comments from the community on its first draft of the architecture specification for the AMD64 (x86-64) processor.
Commercial announcements D.H. Brown Associates Releases 2003 Linux Function ReviewD.H. Brown Associates has published the 2003 release of its Linux Function Review, a comprehensive functional evaluation of Linux as a commercial server operating environment. "Although UNIX systems still clearly offer important functional advantages for the most demanding, high-end commercial applications, Linux has now become a mainstream operating environment for a broad range of general-purpose departmental and workgroup applications in addition to its traditional base of infrastructure solutions, "edge of network" applications, development platforms, and technical computing applications."
Digital Mars releases Linux version of D LanuageDigital Mars has released a free executable of their D language compiler for Linux. (Thanks to Ben Woodhead.)
IBM's "ThinkCentre" desktopsIBM has announced the availability of its new "ThinkCentre" line of desktop computers. For the most part, it looks like yet another announcement for yet another PC (albeit a nice-looking one), but the "M50" model is available with the Red Hat or SuSE distributions preinstalled. IBM has, until now, been unenthusiastic about the Linux desktop market, so these systems represent a bit of a shift in the company's strategy.
Opera 7 now available on LinuxOpera Software has released Opera 7 for Linux. The new version includes major new features changes from Opera 6 for Linux as well as a built-in e-mail client, not previously available in Opera for Linux.
Investment bank and law firm co-sponsor Open Source Software SymposiumC.E. Unterberg, Towbin, an investment bank, and the law firm Testa, Hurwitz & Thibeault, LLP announced they will co-sponsor an Open Source Software Symposium, to be held on Tuesday, May 20th in Boston, Massachusetts. "Jeff Becker, Director and Head of Software Investment Banking at C.E. Unterberg, Towbin and the event's organizer commented, "Open Source software providers continue to demonstrate their entrepreneurial spirit, drive and success despite the challenges of a prolonged drought in IT spending and upheavals in the equity markets. To thrive in this unforgiving environment requires both a sound business model and exceptional execution, aspects that are often hotly debated in the Open Source arena.""
An open letter from Matthew SzulikHere is an open letter from Red Hat CEO Matthew Szulik. "Consistent with Red Hat's core values--Freedom, Commitment, Courage and Accountability--Red Hat's software development community takes valid intellectual property rights seriously. We respect and take effort to maintain the legal and technical integrity of valid intellectual property, including patents, copyright and trademark. When the integrity of the Red Hat brand is publicly called into question, we will defend the use of Red Hat Enterprise Linux by our customers."
Sun and Red Hat Enter Into Global Partnership AgreementSun Microsystems, Inc. has announced that it has entered into a global alliance agreement with Red Hat to distribute Red Hat's Enterprise Linux. As part of the agreement, Red Hat will distribute Sun's Java Virtual Machine (JVM) with Red Hat Enterprise Linux.
VTT Goes Open SourceVTT Information Technology has announced its entry into the world of open-source software. "As its first open source software, VTT published a user-friendly network-testing tool Nipper (Neat Internet Protocol Packet Editor). Nipper is Java based tool that can be used in many ways for testing networks, protocols and networking applications. Nipper was originally developed in a programmable network research project. As Nipper was found practical tool more generally and not limited to programmable network testing, it was selected to be the pilot software in the VTT open source project."
Ximian Releases Red Carpet 2.0Version 2.0 of Ximian's Red Carpet has been announced. "Ximian, Inc., the leading provider of desktop and server solutions enabling enterprise Linux adoption, today announced the availability of Red Carpet 2.0, a new version of its desktop client software that allows users to manage Linux software installed on workstations and servers. Users will benefit from a streamlined user interface, powerful new functionality for finding installed packages and recording installation history, and the ability to manage software on systems other than their own."
Resources GNOME Talks! Part 2 (GnomeDesktop)The American Council of the Blind presents part two from a four part mp3 series on GNOME accessibility. "In the second of a four-part series from the American Council of the Blind, Sun accessibility engineer Marc Mulcachy demonstrated the GNOME Panel and Control Center. He also mentions what system he is running, and that it is hard to install Red Hat 9 compared to Red Hat 8, due to the removal of Speak-Up."
Configuring NFS for control by IPTABLES and other firewallsChris Lowth has published a HOWTO called: "Configuring NFS under Linux for Firewall control".
SAMBA Printing HowtoThe CUPS project mentions the availability of a new SAMBA printing howto document, which now emphasises the CUPS print system.
LDP Weekly NewsThe May 20, 2003 edition of The Linux Documentation Project Weekly News is out with the latest new documentation news.
Upcoming Events Linux@work in DublinThe Linux@work business conference and exhibition will be held in Dublin, Ireland on June 18 in parallel with the GU4DEC conference.
European Zope Training Tour (ZopeMembers)The European Zope Training Tour will consist of four events, in Denmark, Berlin, Cern, and an unspecified UK location starting on May 26, 2003. See the tour schedule for more information.
Python Conference ReportsGuido Van Rossum has published two reports on recent Python conferences, News from Python UK and Notes from PyCon DC.
Events: May 22 - July 27, 2003
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Page editor: Forrest Cook Letters to the editor ...and if SCO is right...? My suggestion:
Fellow Readers,
Re: SCO the "owner" of the UNIX operating system
Dear LWN
Letter to the editor: Legally Defining Access
Defining Computer Access
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||