LWN.net Weekly Edition for July 31, 2003
Not just IBM's problem
The Ottawa Kernel Summit managed to get through its agenda with almost no discussion of SCO, despite the fact that SCO had just told those developers that they need to purchase a binary licence in order to be able to run their own code. The IBM employees present were, without exception, entirely quiet on the whole situation - but they also radiated a sort of calm confidence that was impossible to miss. In general, at both the Summit and OLS, it was difficult to find anybody who was genuinely worried about SCO and its actions.There are exceptions, of course, but it appears that much of the Linux community has come to the conclusion that IBM's lawyers will make the whole SCO problem go away. There are certainly reasons to feel that way. IBM's legal team inspires fear in many, especially when intellectual property issues are at stake. And IBM's interests align reasonably well with the wider community's interests in this case. IBM wants a commodity operating system platform which is free of external proprietary interests; with such a platform, IBM is well positioned to sell its hardware, services, and proprietary add-ons. So it would suit IBM to see SCO defeated in a manner that would strongly discourage any other enterprising bandits from attempting the same sort of heist.
Still, IBM is not the Linux community, and its interests are not exactly the same. It is conceivable (though unlikely) that IBM could eventually reach a settlement with SCO that ends the case, but leaves a number of users and developers in an uncertain legal position. And IBM has no particular incentive to defend Linux users against any future copyrights suits filed by SCO - especially if the victims are not IBM customers.
We all have high hopes for IBM's defense in this case. But the Linux community has a problem with SCO that is different from IBM's problem, and expecting IBM to fix it for us could prove to be a big mistake. We need to find ways of ending SCO's constant attacks on Linux developers and users. SCO's attempt to hijack and put a tax on Linux cannot be allowed to succeed.
The challenges which have quieted SCO in Germany (and, with luck, will have the same effect in Australia) show one way forward. SCO's attacks on Linux are slanderous, and its attacks on Linux developers head toward libel. The company needs to be made to put up its evidence or back down from its claims. This especially needs to happen in the U.S.
SCO also continues to distribute the 2.4 kernel - get your copy here. LWN downloaded a copy of this kernel on July 30, 2003; the date on SCO's server is May 9. This kernel lacks some of the disputed developments (e.g. RCU), but SCO has made it clear that it objects to code in all of the 2.4 kernels. So what we have here is SCO distributing code over which it claims proprietary rights as a derived product containing a great deal of uncontested, GPL-licensed code. That is, of course, a clear violation of the GPL. One can only hope that SCO's attitude toward copyright and licensing will come up at the IBM trial. But the situation would certainly be helped if one or more developers with copyrighted code in the kernel would bring an infringement case against SCO. That would be a counteroffensive which would attract some attention.
SCO is not just IBM's problem; the company has made it clear that it plans to cast its legal net far more widely than that. So it is important that IBM not be SCO's only problem. If we sit back and wait for IBM to clean up this mess, we may not get the thorough and complete job that we truly need.
Kroupware Kompleted
[This article was contributed by Joe 'Zonker' Brockmeier]
The Kroupware Project, announced last October, has been finished and released as Kolab. The project began last September when three companies, Erfrakon, Intevation GmbH and Klarälvdalens Datakonsult won a bid to create a free software groupware solution for Germany's federal agency for IT security, the Bundesamt für Sicherheit in der Informationstechnik (BSI). The goal was to create an end-to-end groupware solution, both client-side and server-side software, entirely from free software.
Instead of starting from scratch, which is where many free software projects fail, Kroupware was based on existing projects. The Kolab Server is made up of existing projects like Apache, Postfix, OpenLDAP and the Simple Authentication and Security Layer (SASL). The KDE Kolab client is made up of several existing programs for KDE, including KMail, Kontact and KDE PIM. Another project is underway to create an all-in-one groupware client for KDE called Kontact and work is being done on a webmail client as well.
The suite supports e-mail (POP3 and IMAP4), calendaring, global and private addressbooks, vacation notices, notes, synchronization with Palm OS devices, task lists and a number of other features that companies and organizations are looking for in a groupware suite. The server is managed using a Web-based interface. Almost all of the protocols used, with the notable exception of Palm's HotSync Protocol, are Internet Engineering Task Force (IETF) standards.
The project isn't aimed solely at any Linux distribution, or Linux alone for that matter. The Kolab server should run on just about any Unix-like system that runs Apache, Postfix, OpenLDAP and the other components that make up the server. On the client side, Windows users can fully access the Kolab Server groupware functions using Outlook and the Bynari Insight Connector Plugin. Note that the Bynari software is proprietary, but there is work being done by a third-party to create a free software connector. Other Windows groupware clients may work as well if an organization prefers to run Windows, or a mix of Windows and Linux, on the desktop.
It's good to see a fully open source, end-to-end, groupware solution being made available. Particularly one that allows Windows users and Linux users to share the same groupware server and allow companies to deploy Linux in some parts of their business without having to make an all-or-nothing commitment.
It will be interesting to see whether vendors are quick to embrace Kolab after developing their own groupware solutions. A single, standard, open source groupware solution could do a lot to boost Linux though it might hinder sales of products like Openexchange Server or Ximian Connector.
This is yet another piece of the puzzle that could allow Linux to gain significant share of the desktop market. At the moment, installation and configuration of the suite is still a bit rough for companies who are used to buying pre-packaged solutions. However, it should not be difficult for Linux distributors or other vendors to smooth over the installation process a bit and create a value-added product based on Kolab. And, of course, work continues on Kolab even though the Kroupware Project has been declared "complete." It seems as if legal challenges and perception are now the greatest obstacles to adoption of Linux on the desktop.
Trip report: the Ottawa Linux Symposium
The 2003 Ottawa Linux Symposium has run its course. Once again, OLS has established itself as the premier North American Linux developers' conference. A solid roster of speakers delivered four days' worth of![[Ottawa]](https://static.lwn.net/images/ns/parliament-sm.jpg)
intensely technical talks on where Linux development (and kernel
development in particular) is headed. It is always nice to attend an event
where the talk is technical and nobody is trying to sell you anything.
Your editor was not able to attend all of the presentations, of course, and did not write up every one he attended. Below, however, you'll find quick summaries of several of the more interesting talks given at OLS this year. Those looking for all the details can find them in the OLS 2003 Proceedings.
In response to popular demand (i.e. somebody actually asked), I have also put up the slides for my talk on porting drivers to the new kernel. Giving this sort of talk at OLS is a unique challenge, given that, for any topic, there's certain to be at least one person in the audience who knows way more than the speaker. Happily, the hecklers were kind...
Thanks are due to the OLS organizers for putting together another high-quality event, for the event's sponsors for helping making it possible, and to all the speakers for presenting their work.
Ugly ducklings - resurrecting unmaintained code
Dave Jone's talk covered the work he has done in 2.5 to fix up the MTRR and AGPGART drivers. Dave has observed a common sort of lifecycle for drivers. A driver is initially written for a specific vendor's widget. Over time, it is extended to support compatible widgets from other vendors, then slightly different widgets from yet other vendors. The number of special cases increases. Meanwhile, the maintainer gets bored and moves on. Eventually you end up with thousands of lines of spaghetti which is unmaintainable.Dave's approach to such drivers includes splitting code into separate files by vendor (usually) and separating code which should never have been run together in the first place. "Useless abstractions" can be cleaned out. Eventually you end up with a code body which is sufficiently clean and understandable that it can be updated for modern hardware, new features, etc. But one should not underestimate the amount of work it can take to get there.
Large projects and bugzilla
Luis Villa discussed his experience working as GNOME's quality assurance person. He has, he estimates, read some 30,000 bug reports over the last few years. The experience appears to not have warped him too badly, though such things can take years to show.He is, as one might expect, a strong proponent of organized bug tracking. A good QA system, he says, makes writing software easier (through reductions in mailing list traffic, among other things), eases the release process, makes the software better, and, important, makes writing software more fun.
The key point of the talk, perhaps, was that QA people have less power in free software projects than they do in the proprietary world. That makes it even more imperative that they not forget that they are providing a service to the developers, and that they have to understand what the developers need from them. Filtering ("triage") is especially important; developers should not have to deal directly with the full flow of bug reports. If the bug trackers are providing the sort of bug filtering and categorization that the hackers need, all will be well. Otherwise the bug tracking system will degenerate into an unused pile of old information.
Interactive kernel performance
Robert Love's talk covered work done in the 2.5 kernel to improve interactive performance. What's interactive? Robert takes a wide view; interactive applications are "everything except Oracle." The topics covered will be familiar to LWN Kernel Page readers; they include the anticipatory disk scheduler, the O(1) process scheduler, the preemptible kernel and other low-latency work, etc. In his opinion, the single most important bit of work to go in this time around (with regard to interactive performance) is the anticipatory scheduler.
udev - devfs done right
Greg Kroah-Hartman described udev, his user-space devfs replacement (covered here last April) in a standing room only session. Progress on udev has been slow since April (Greg has been busy with other stuff), but some things have happened. There is now a set of configuration files to allow the user to specify how device naming and permissions should be handled; it uses various attributes of a device (it's serial number, label, position in the bus topology, etc.) to figure out what the system administrator would like it to be called. Future versions will use the "tdb" database to track devices and handle persistent naming.Future work includes changing udev to run as a daemon process; this change is required to properly handle out-of-order hotplug events. For those wanting to experiment with it, the udev code can be found on kernel.org in /pub/linux/utils/kernel/hotplug/.
Why doesn't my laptop suspend?
Pat Mochel's talk was on power management, or "why doesn't my laptop suspend?" He asked for a show of hands: how many in the audience have laptops? Well, this is OLS, so most of the attendees raised their hands. How many of those suspend correctly? Most hands went down.Older, APM-based machines would handle suspend operations entirely in the firmware; it "just worked" for most people. Newer ACPI systems, however, push the suspend task into the software; this is evidently an improvement. And Linux software has not yet caught up with that. ACPI support is pretty much in place, but that is the easy part. The harder part is working power management support into all the drivers, coming up with a reliable way of suspending the system, and implementing a reasonable user-level interface to it all.
Much of this work has been done for 2.5; it still languishes in Pat's tree, however, and has not been merged into the mainline. The changes include a new set of driver power management methods; there is also a cleaned up software suspend subsystem with a safer snapshot mechanism and the ability to write the system image to any persistent media.
Pat has said that he will finish this work, though it was clear that he would appreciate some help from other developers as well. His hope is to get the work merged by August 20. Should he be successful, appreciative users should send him a birthday present ("small, unmarked bills") on that day.
Toward an O(1) VM
Rik van Riel discussed recent work with virtual memory management; the talk covered page replacement strategies, the reverse mapping VM, etc. The key point of his talk, however, was this: by many metrics relevent to VM, our newer, "faster" machines are actually slower. Over the years, the time required to perform tasks like reading an entire disk, or writing a system's entire RAM to disk, has gone up by a couple of orders of magnitude or more. Much of the previous century's research into VM is losing its relevance as memory and disk sizes increases faster then the transfer speeds between them. VM hackers increasingly find themselves having to make things up as they go.
Integrating DMA into the device model
James Bottomley discussed the new generic DMA layer; these functions have been documented in this article, which is part of the LWN driver porting series. What was new in this talk is James's discussion of where the DMA API needs to go in the future. The current version has no way of returning a failure code from the DMA mapping routines. But failure can happen: a system can run out of I/O memory management unit space, a problem which will be exacerbated in the future as GART hardware is used as a poor man's IOMMU. At some point, that sort of failure must be communicated back to the caller.Device drivers can provide a DMA mask describing the range of addresses that their devices can handle. But there is no way for the system to pass back a mask saying which addresses the device needs to handle. Better performance can often be maintained when devices are operated in their smaller-memory modes; the system should provide the information that allows those modes to be used when they are applicable. Finally, the current approach to cache coherency needs some work; drivers should be able to find out just how coherency works on the host system. The means by which the CPU and peripherals share DMA buffers needs to be reorganized into a straightforward ownership model; in the current system, it is not always clear who has the right to change a buffer, and that can lead to data corruption.
The party
Your reporter was going to write up the legendary OLS closing party at the Black Thorn, but the whole event has become somewhat fuzzy and difficult to recall. Suffice to say that a lot of fun was had.
Security
Brief items
On quietly fixing security holes
A recent Bugtraq posting came with the following statement:
This bug allows a remote attacker who can send packets to an NFSv3 server to overwrite memory and bring the system down. It would appear to be a hard vulnerability to exploit for anything beyond a denial of service, however.
The problem was not fixed entirely silently in 2.4.21; the relevant changelog entry reads "Avoid oops when NFSD decodes enourmous filehandle." Still, the fix has not been all that widely advertised either; there have been no alerts reading "systems running 2.4.20 and prior kernels may be subject to a denial of service vulnerability." In that sense, this was a classic "quiet fix."
There are advantages to quiet fixes when nobody is known to be exploiting the problem. With luck, the fix will be widely deployed before anybody notices the problem. If all goes well, many vulnerable installations can be protected before anybody begins to exploit the problem, and without the need for a panic update. These advantages need to be weighed against a couple of problems with quiet fixes, however. One is that crackers do watch changelogs and patch releases, hoping to find just this sort of fix. And the other is that many sites may continue to run vulnerable code because nobody has told them that there is a problem.
If you run any NFS servers with kernels older than 2.4.21, this is your notice that you may want to look into an upgrade. So far, nobody has been hurt by the quiet nature of this particular fix. Even so, it would have been better to treat it as the true security hole that it is.
New vulnerabilities
Apache: denial of service vulnerabilities
| Package(s): | apache | CVE #(s): | CAN-2003-0460 | ||||
| Created: | July 24, 2003 | Updated: | July 30, 2003 | ||||
| Description: | The Apache Software Foundation and The Apache Server Project
released
a new version of the Apache webserver which addresses the
following security vulnerabilities:
Denial of service (VU #379828) Ryan O'Neill reported that it is possible to make the httpd server enter infinite loops and crash under certain circumstances. A new configuration directive has been created (LimitInternalRecursion) to avoid these infinite loops and abort the request which caused them if the configured limit has been reached. File descriptor leak Leaks of several file descriptors to child processes, such as CGI scripts, were fixed. | ||||||
| Alerts: |
| ||||||
konqueror: information disclosure vulnerability
| Package(s): | kde konqueror | CVE #(s): | CAN-2003-0459 | ||||||||||||||||||||
| Created: | July 30, 2003 | Updated: | August 11, 2003 | ||||||||||||||||||||
| Description: | All versions of Konqueror through KDE 3.1.2 contain a vulnerability wherein the browser could (in rare situations) send authentication information on an unrelated web site. See this advisory for details. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
mnogosearch: Remote buffer overflow vulnerabilities
| Package(s): | mnogosearch | CVE #(s): | CAN-2003-0436 CVE-2002-0789 | ||||
| Created: | July 28, 2003 | Updated: | July 30, 2003 | ||||
| Description: | Buffer overflow in the "ul" variable
(CAN-2003-0436) pokleyzz <pokleyzz -at- scan-associates.net> reported a
buffer overflow vulnerability in mnoGoSearch which can be exploited
remotely to execute arbitrary commands with the privileges of the
webserver.
Buffer overflow in the query variable ("q") (CVE-2002-0789) qitest1 <qitest1 -at- bespin.org> reported a buffer overflow vulnerability in the query variable ("q") which can be exploited remotely to execute arbitrary commands with the privileges of the webserver. | ||||||
| Alerts: |
| ||||||
perl: cross site scripting vulnerability in CGI.pm module
| Package(s): | perl | CVE #(s): | CAN-2003-0615 | ||||||||||||||||||||||||||||
| Created: | July 29, 2003 | Updated: | October 1, 2003 | ||||||||||||||||||||||||||||
| Description: | obscure@eyeonsecurity.org reported a cross site scripting vulnerability in the CGI.pm perl module. This module is used to facilitate the creation of web forms and is part of the perl-modules RPM package. | ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||
stunnel: signal handler reentrancy DoS
| Package(s): | stunnel | CVE #(s): | CAN-2002-1563 | ||||||||||||||||||||||||
| Created: | July 25, 2003 | Updated: | November 25, 2003 | ||||||||||||||||||||||||
| Description: | Stunnel is a wrapper for network connections. It can be used to tunnel an
unencrypted network connection over a secure connection (encrypted using
SSL or TLS) or to provide a secure means of connecting to services that do
not natively support encryption.
When configured to listen for incoming connections (instead of being invoked by xinetd), stunnel can be configured to either start a thread or a child process to handle each new connection. If Stunnel is configured to start a new child process to handle each connection, it will receive a SIGCHLD signal when that child exits. Stunnel versions prior to 4.04 would perform tasks in the SIGCHLD signal handler which, if interrupted by another SIGCHLD signal, could be unsafe. This could lead to a denial of service. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
sup: insecure temporary file
| Package(s): | sup | CVE #(s): | CAN-2003-0606 | ||||
| Created: | July 29, 2003 | Updated: | October 1, 2003 | ||||
| Description: | sup, a package used to maintain collections of files in identical versions across machines, fails to take appropriate security precautions when creating temporary files. A local attacker could exploit this vulnerability to overwrite arbitrary files with the privileges of the user running sup. | ||||||
| Alerts: |
| ||||||
Resources
Security newsletters
The July 28 O'Reilly Security Alerts column is available; it looks at the latest apache and kernel problems, along with several others.The latest Linux Advisory Watch and Linux Security Week newletters from LinuxSecurity.com are also available.
Events
Financial Cryptography '04
The 2004 Financial Cryptography conference will be held February 9 to 12 in Key West, Florida. The call for papers has gone out, with submissions due by September 1.
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current development kernel is 2.6.0-test2, which was released by Linus on July 27. It contains a lot of fixes, of course, including a bunch of forward-ported 2.4 patches, numerous architecture updates, some IDE fixes, an option to remove I/O schedulers from the kernel entirely, and a new local_t type for CPU-local data. See the long-format changelog for the details.As of this writing, there are no patches beyond -test2 in Linus's BitKeeper repository.
The current stable kernel is 2.4.21. Marcelo has been busy with the prepatches, however; 2.4.22-pre8 was released on July 24, and 2.4.22-pre9 on July 29. Both patches limit themselves to fixes.
Kernel development news
Fixing interactive response in 2.6
While the performance improvements in the 2.6 kernel have impressed and pleased many users, there has been a constant level of complaining about the scheduler. In particular, many users are unhappy with the interactive feel of the 2.6 kernel; reports of jerky response and skipping audio are common. Some have gone as far as to compare the 2.6-test scheduler with the 2.4 virtual memory subsystem at the same point in the development cycle. There is some concern that scheduling could be one of the (few) embarrassments in the upcoming 2.6.0 release. Those worries are probably overdone, but the point is that 2.6.0-test scheduling still needs some work.The good news is that said work is being done. Con Kolivas has been posting a set of interactivity patches for about a month now. Those wanting to try them out can find them in a recent -mm kernel; patches against the Linus kernels can be found on Con's web site. His most recent patch is 011int.
Con's work follows a familiar theme: improve interactive performance by giving a priority boost to interactive processes. All you have to do is figure out which processes are the interactive ones. Of course, that is rather easier said than done. Con's interactivity patches have been through several iterations in an attempt to find the best way to identify interactive processes and the proper amount of bonus to give them. This patch series may be converging on a result; several testers have reported good results.
The core idea (already part of the 2.6.0-test scheduler) is that an interactive process is one which sleeps much of the time. With Con's patches, any process which sleeps for at least one clock tick gets a priority bonus when it wakes up; processes which have done enough sleeping recently to be explicitly marked as "interactive" get a bigger bonus than others. Processes which run without sleeping for their entire time slice lose a point. In this way, CPU-hog processes sink to the lowest priorities, while a process reading from a terminal (or an audio stream) will get quick access to the processor. Additionally, processes which have maxed out their sleep bonus and are seen as truly interactive can hang out in the run queue for a while even after their time slice expires.
Life is not always so simple, however. Early versions of this patch tended to make life hard for newborn processes; it took them quite a while to build up enough of an interactivity bonus to be able to respond quickly on a loaded system. So things had to be tweaked to let new processes find their natural level quickly. There is also the issue of processes that sleep for a long time, then wake up to do some serious cranking. So processes that sleep for longer than one second lose their interactivity bonus, and end up at an "idle" level just below the interactive level. Work has also been required to balance priorities properly when an interactive process forks.
More recently, Ingo Molnar has also started looking at the interactivity problem; his sched-2.6.0-test1-G6 patch takes a different approach. Ingo starts by changing the scheduler to use nanosecond resolution in its timekeeping; his claim is that, by working with high-resolution time, audio skipping problems can be fixed. Then, the patch splits up time slices so that processes running at the same priority switch off with each other much more often, ensuring that none of them have to wait too long before getting some processor time. Finally, Ingo's patch extends the sleep bonus to include time that the process sits in the run queue, but does not actually get into the processor.
The two sets of patches are mostly orthogonal to each other; while it remains hard to apply both Con's and Ingo's patches to a single system, the two really are addressing different issues. Recent versions of Con's patches, however, also include some of Ingo's work (almost everything except the nanosecond resolution). In the end, code from both patches is likely to find its way into the kernel.
As a postscript, it's worth taking a look at this post from Daniel Phillips, where he states that the wrong approach is being taken for the audio skipping problem. Audio playback, says Daniel, is not an interactive task - it is a realtime task. What is really needed for the audio case is a bounded-latency soft realtime scheduler, not an endless series of interactive scheduler tweaks.
A different approach to module races
The topic of module unload races - where the kernel can end up calling into a module which has been removed - comes back occasionally. Much work has been done in 2.5 to reduce and eliminate these races. Part of that effort was moving module reference counting outside of the modules themselves. The result was a safer scheme, but one which imposes new requirements on kernel code which calls into modules. In some kernel subsystems (networking), the maintainers have decided that there is no need to worry about reference counting for modules; they simply ignore it.Enter Rusty Russell. Since the reference counts are seen to be a pain, and some code isn't using them at all, why not simply get rid of them? He has submitted a patch which does exactly that.
Of course, the issue of how to safely remove modules remains. Without reference counts, how does the kernel know when it can actually get rid of a particular module? With Rusty's patch, a different approach is taken: modules are never actually removed. If an administrator invokes rmmod, the module's cleanup function will be called and all kernel knowledge of the module will go away - but the module code itself will remain in the kernel. The patch thus sacrifices some system memory on every unload as a way of avoiding unload races.
Some developers liked this patch, others didn't. For a kernel hacker who is debugging a module, a little lost memory for each load/unload cycle is probably not a big problem; the system will likely be rebooted soon anyway. The patch does present a bigger problem for Linux installers, however; many of these do hardware detection by loading almost every module available and seeing which ones actually find something. On a "small" system (that is, say, 64MB), it is possible that some distribution installers would simply run out of memory and die.
Rusty proposed adding a special rmmod option which would clean up
memory left behind by deleted modules (while also marking the kernel
tainted). For now, however, all of this has been made irrelevant by Linus,
who decreed: "First off - we're not
changing fundamental module stuff any more.
" This statement drew an amused response from Rusty ("OK. Who
are you and what have you done with the real Linus?
"), but the
general sigh of relief from most kernel hackers could be heard worldwide.
It seems that Linus is truly holding the line and keeping out potentially
disruptive changes this time around.
Reiser4 is coming
The final part of the 2.3 development series featured a strong campaign to get the ReiserFS filesystem merged. That campaign was successful; ReiserFS was added in 2.4.1. Now it appears that history may repeat itself with the 2.6 kernel. Hans Reiser has posted a note asking that the soon-to-be-posted Reiser4 patch be merged into 2.6.0-test.Reiser4 is not an updated version of ReiserFS; it is an entirely new filesystem. According to the posted benchmarks, Reiser4 outperforms ReiserFS and ext3 on several fronts. According to Hans, the performance of Reiser4 is now good enough to justify including it in 2.6-test.
The truly interesting part of Reiser4 is not limited to performance, however. Reiser4 is presented as a fully atomic filesystem - every operation either executes fully or not at all. It thus offers the same sort of crash resistence found in journaling filesystems, but with a couple of differences. One is that, it is claimed, the "wandering log" technique used in Reiser4 offers greater speed, since, unlike with other journaling schemes, it is not necessary to write data twice. And the other is that the "fully atomic" nature of the filesystem can extend beyond individual operations. Reiser4, in other words, can provide actual transactions.
A typical journaling filesystem works by writing all of the blocks to be changed in a given operation to a special journal file, followed by a "commit record." Once the operation is committed, the blocks can be copied from the journal to their real destination on the disk. If the system dies before the commit record is written, the operation is simply discarded and the filesystem is unchanged. If, instead, a fully committed operation is found in the journal, it can be replayed. With a scheme like this, an operation may be lost in a crash, but the filesystem itself will not be corrupted.
The Reiser4 wandering log technique works a little differently. It does not overwrite blocks in the filesystem; instead, blocks to be changed are relocated and the data is written in the new spot. The block pointers in the filesystem are changed in an (also relocated) directory block. This process continues up the filesystem tree until, with a single write pointing to the new root block, the whole operation is committed. The elimination of the need to write data separately to a journal file can increase performance, but this technique also has the potential to fragment files across the disk, hurting read performance. For that reason, Reiser4 allows for plugin modules which can look at operations and opt for a more normal journaling scheme when it makes sense. There will also be a "repacker" program which will go through occasionally and rearrange disks for better read performance.
The ability to perform multi-operation, multi-file transactions is what will make Reiser4 truly unique, however. A transactional capability will allow applications to perform complicated operations without the need to resort to tricks with fsync() and file renaming, and without the need to use a separate database manager. Of course, there are a few residual issues, like the fact that the standard Unix system calls make no provision for starting, committing, and rolling back transactions. So a new system call interface will be required. The Reiser4 developers are working on this interface, but have not yet posted it for wide review.
Linus has not committed himself with regard to merging Reiser4 into 2.6. It's worth noting that, when ReiserFS was merged, it had been stable and widely used for some time. That is not the case for Reiser4, which is still in an early stage. Chances are that Reiser4 will have a harder time getting into the kernel than ReiserFS did. (For more information on Reiser4, see this document on transactions, and this one on wandering logs, dancing trees, and other journaling topics).
Patches and updates
Kernel trees
Core kernel code
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Networking
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
Linux in Spain
[This article was contributed by Ladislav Bodnar]
While Germany's Munich has been stealing the headlines with its effort to convert the city's public administration infrastructure from Windows to Linux, another European country has been even bolder and more successful in adopting open source software for similar tasks. This country is Spain. Based on its many success stories and the determined approach of several regional governments, it won't be an exaggeration to claim that Spain -- of all European countries -- is furthest along the road to Linux adoption and is setting a notable precedent for other countries to follow.Although Linux had always been popular with the geek segment of Spain's computer users, its wide-spread adoption really got off the ground with the announcement in April 2002 of the LinEx project. The LinEx distribution, based on Debian GNU/Linux and with GNOME as its default desktop environment, was created by the regional government of Extremadura in Western Spain. Extremadura had set itself some clear goals: create conditions for wide-spread adoption of information technology and increase computer literacy among the citizens. Various ideas for achieving those goals were followed by clear plans -- until the realization that the cost of providing the hardware in combination with inevitable software licenses would be unbearable.
Refusing to give up at the first hurdle, the Extremadura government turned to open source software. It did not hesitate to employ engineers to create a customized Linux distribution which would meet its exact needs. Although the first releases of LinEx were not without problems, the subsequent ones have seen dramatic improvements, especially in the area of hardware support. There was no shortage of testers, as the government gave away the product CDs at every opportunity - in government offices, magazines and even daily newspapers. There was a determined campaign to get LinEx out to everybody. Finally, the effort bore fruit and the Extremadura government announced last month that it had successfully deployed 80,000 LinEx computers in schools, or one system per two students, and it had also created 33 computer centers for use by the general population.
Enthusiam for free software tends to be contagious, so few people were taken by surprise when the neighboring province of Andalusia, the largest in Spain and roughly the size of Minnesota or Austria, also began flirting with Linux. It wasn't long before a firm policy was declared in March of this year. It demanded, among other things, that all software development carried out by "La Junta de Andalusia" or any official educational entity be developed with free software. Additionally, all hardware acquired by official educational centers was to be fully compatible with Free Software operating systems, which was to come pre-installed on all newly purchased computers. All official Internet access points were required to be equipped with Free Software.
Next in the line of "infected" regions was Aragon, another large province in the North East of the country. Earlier this month, its government introduced intensive 40-hour Linux courses in Zaragoza, the region's capital, while the local Linux enthusiasts have launched the Zaralinux portal and even their own distribution called Augustux. Augustux is a Knoppix-based live CD with full support for the local language and its latest version is freely available for download. It is worth noting that Richard Stallman visited Zaragoza earlier this month to take part in a conference on Free Software movement and GNU/Linux.
Even if the remaining regional governments of Spain have yet to declare any open source software initiatives, they are undoubtedly watching the progress made by the pioneers in Extremadura and Andalusia with keen eyes. After all, politics and finance play important roles in every society. If other regions can save substantial amounts of money and provide their citizens with access to technology at the same time, then opposition parties and taxpayers in other provinces will have every reason to demand the same. This in turn will create further opportunities for commercial companies in software development, education and technical support.
And indications are that this is already happening. Spain has always had a fair share of Linux distributions and while some of them are no longer around, new ones are being established regularly. The oldest ones are HispaFuentes and ESware. Although HispaFuentes seems to have withdrawn from developing their Red Hat-based distribution and is concentrating instead on custom solutions, support and security, ESware continues with active development of its Debian-based desktop and server products called ESware365. The company also provides consultation and support services as well as educational and certification programs. Several new Linux companies have sprouted recently. Among them is BlueSock Linux Solutions, a company creating a Debian-based distribution called BlueSock Linux (a first beta release is now available for download) and Lambdaux (λux), a commercial company producing yet another Debian and LinEx-based distribution. Both of them also offer a range of Linux training and certification services.
Spain is a country which has embraced Linux and free software with open arms for the benefit of both its population and its economy. Between the government initiatives, volunteer efforts, commercial companies and non-profit communities, the country has pioneered Linux adoption like no other on this planet. Determination in overcoming difficulties, resistance and FUD of those whose livelihood depends on the current status quo, together with a clear plan of action has made Extremadura and LinEx an example to follow. Many countries are a lot poorer than Spain, yet they still run their public administration on expensive proprietary software and channel their taxpayers' money out of the country. As Extremadura has shown us, it doesn't need to be that way.
Distribution News
Mandrake Linux 9.2 Beta 1 Officially Released
Mandrake Linux 9.2 Beta 1 has arrived to offer you the opportunity of an entertaining summer of bug squashing. It's got lots of updated packages and it's waiting to be downloaded now. Just be sure not to use it in production environments, and report those bugs.Red Hat Enterprise Linux 3 Beta 1
Red Hat has announced a public beta release of Red Hat Enterprise Linux 3. This release is available for several architectures, and includes a heavily patched 2.4.21 kernel (Native Posix Threading, FUTEXes, per-device block I/O locking, reverse-mapping VM, huge pages, the O(1) scheduler, ACPI 2.0, 4G/4G memory split, asynchronous I/O, TUX, filesystem ACLs, cryptographic API, IPSec, etc.) along with a very current set of applications. See the announcement for details.Xandros Desktop
Xandros, Inc. has released a 1.1 edition of Xandros Desktop Deluxe. It's got the Mozilla communications suite 1.3.1 with spell checking and spam filtering; the OpenOffice.org office suite 1.0.3; the Evolution groupware client 1.2.4; Enhanced hardware detection; plus printed documentation and 30 days of e-mail support.Xandros has announced a giveaway of Xandros Desktop Deluxe to attendees of the San Francisco LinuxWorld convention.
Debian GNU/Linux
The Debian Project had a successful conference in Oslo. According to Debian Project Leader, Martin Michelmayr, Debcamp was particularly impressive. ""This year's debconf and especially the preceding debcamp were a great success. The idea of having a debcamp in which people can work on various projects together was born during last year's debconf and got realised this year. We have seen that it is very effective when you can put people who normally work together via the Internet into a single room. Many design and implementation issues have been discussed and have successfully been resolved. We will try to hold more debcamps in the future, possibly smaller ones in different countries.""
The Debian Weekly News for July 29, 2003 is out. This week's issue looks at the Open Group's new strategy; a review of the CheckInstall tool; and much more.
The ZopeMembers site reports that a Debian package for OpenFlow is available for download from the Icube website.
Gentoo Weekly Newsletter -- Volume 2, Issue 30
The Gentoo Weekly Newsletter for July 28, 2003 is out. This week looks at radical changes to Perl module handling; the first Gentoo Bug Day on August 2; Gentoo Linux 1.4 for PowerPC now available for pre-order; and Indonesian documentation team in need of translators.Slackware Linux
This week Slackware Linux has upgraded USB modules to 2.4.21, and packages such as gawk, dvd+rw-tools, binutils, distcc, apache, mod_ssl, and nfs-utils. As usual the details can be found in the slackware-current changelog.
New Distributions
SPB-Linux
SPB-Linux is a USB distribution that boots from a memory stick. The current stable version is 2.0, but the most recent version is 2.1 beta 1 which features kernel 2.4.21 with usb 2 support, X, mozilla and more. (Thanks to Fred Mobach)ScummLinux
ScummLinux creates a bootable Linux CD which includes ScummVM and your favorites Scumm games, so you can play them anywhere. The initial version of ScummLinux is 0.1, released July 27, 2003.
Minor distribution updates
Damn Small Linux
Damn Small Linux has released v0.4.1 with minor feature enhancements. "Changes: This release offers a choice of two X servers, Xvesa and Xfbdev. Xfbdev uses the framebuffer provided by the Linux framebuffer device, which can be a much better choice for older laptops. Also new is the emelFM file manager." Version 0.4.2 is also out.
Fli4l (Floppy ISDN/DSL)
Fli4l (Floppy ISDN/DSL) has released development v2.1.3 with major feature enhancements. "Changes: You can now specify MX entrys in the nameserver configuration. The packet filter config is much-improved, and you can also switch to an alternate configuration scheme for enhanced packet filter configuration. Portforwarding now works with whitelists and you can forward a whole protocol (e.g., GRE). You can now do DSL with the Fritz!DSL from AVM and use the in-kernel PPPoE to reduce your CPU load. It is now also possible to install and boot on DiscOnChip and USB-Memory-Sticks. Included in the ISDN package is the CAPI for ISDN cards from AVM."
Knoppix
Knoppix has released v3.2-2003-07-26 with major feature enhancements. "Changes: Many software upgrades, new drivers, and boot options."
System-Down::Rescue
System-Down::Rescue has released v1.035 with minor feature enhancements. "Changes: This release should be considered a release candidate for 1.0. The uncompressed ISO image has been reduced in size to only about 18 MByte, with a lot of free space on the CD-cards available for upgrades. The scripts and the library directory have been cleaned and the various file systems have been changed. Ext2 is now used for the initrd image and cramfs is used for the images to allow them to be mounted runtime, reducing RAM usage and improving general performance. Many bugfixes were made to the net libraries, so ping and ftp now work."
Page editor: Rebecca Sobol
Development
Python 2.3 is out
Following last week's release of Python 2.3c2, the final Python 2.3 release has been announced.![[Python]](https://static.lwn.net/images/ns/python.jpg)
Some of the highlights of this release include:
- A new version of the Python IDE, IDLE.
- A large collection of new and improved library modules.
- Lots of new and improved built-in functions.
- Deprecation of obsolete functions.
- New doctest extensions.
- Extended slice capabilities.
- A universal newline mode for reading files with different newline types.
- Source code encoding declarations.
- The ability to import from zip files.
- FutureWarnings for performing unsigned operations on integers.
- Improved list.sort() speed.
- Sped up multiplication of longs.
- A more efficient pickling protocol.
- Optional timeouts on all socket module operations.
- Tkinter GUI improvements.
- A new boolean type.
- Better support for comma-delimited files.
System Applications
Audio Projects
Alsa 0.9.6 sound driver
Version 0.9.6 of the Alsa sound driver has been released. Change information is in the source code.
Clusters and Grids
xCAT overview (IBM developerWorks)
IBM's alphaWorks has published an updated overview of xCAT, the Extreme Cluster Administration Toolkit. "xCAT (Extreme Cluster Administration Toolkit) is a tool kit that can be used for the deployment and administration of Linux clusters."
Database Software
Druid 3.0 final released (SourceForge)
Version 3.0 final of Druid has been released. "This is mainly a bug fix release with only a few adds: a new PDF doc gen module and localization of the XHTML doc gen module (see changes in the files section). All the docs have been moved from HTML to PDF to be printed and have been revised and improved. Druid is a tool that helps the dba/developer to handle database tables."
PostgreSQL Weekly News
The PostgreSQL Weekly News for July 25, 2003 has been published. "Well we are still technically in feature freeze, with beta now planned to start next week. Don't confuse feature freeze with no activity, far from it actually. In fact, there are now plans to release a 7.3.4 before beta testing begins. The need arises from a potentially serious (although extremely low probability) bug in 7.3.3 when restarting the server."
PostgreSQL 7.3.4 Now Available
Version 7.3.4 of the PostgreSQL database is available. "The PostgreSQL Global Development Group has released PostgreSQL version 7.3.4. It is highly recommended that those running earlier version of the 7.3 branch upgrade at their earliest convenience."
SAP DB Version 7.4.03.27 available now
A new version of the SapDB database is available. See the release info document for a full list of changes.
Electronics
gEDA News
The latest news from the gEDA site includes new versions of the SAVANT VHDL analyzer, and the Icarus Verilog electronic simulation language compiler.
Mail Software
First open source release of MailManager (ZopeMembers)
The first open-source release of MailManager has been announced on Zope Members News. "MailManager is a multi user system where all mail is stored centrally in the ZODB. This allows mail to be allocated between groups of users, provides tools for prioritising and answering mail quickly, allows service levels to be set and provides management reports on volumes of mail and user performance."
Defending Your Site Against Spam, Part 2 (O'Reilly)
Dru Nelson explains qmail spam filtering on O'Reilly. "This article is the second and final installment describing my efforts to defend my systems from spam. The first article explains some necessary concepts and terminology. This article will dig more into the details of an actual implementation with my mail system."
Networking Tools
Etherboot 5.0.11 (production) released (SourceForge)
Production version 5.0.11 of Etherboot has been released. "Etherboot is Open Source code for creating boot ROMs for network booting x86 platforms. It is also a coordination point for information about free software related to network booting."
Printing
PPR 1.51 released (SourceForge)
A new version of PPR has been released. "PPR is a print spooler especially designed to work with PostScript printers and with Ghostscript. It supports parallel ports, serial ports, SMB, TCP/IP, and AppleTalk."
Web Site Development
Simplify Your Life with Apache Virtual Hosts (O'Reilly)
Russell Dyer writes about Apache virtual hosts on O'Reilly. "Web designers and systems administrators sometimes don't consider reconfiguring Apache to solve some of their web problems. Sometimes with the help of a few directives, web designing can be easier and server costs can be reduced. The VirtualHost directive is one of these helpful but often overlooked features. It can be used for running several domains on a single server with one or many static IP addresses. I can think of at least two scenarios in which this could be useful. One made web designing easier for me. The other cut my server costs significantly."
GroupUserFolder 1.3 released (ZopeMembers)
A new version of GroupUserFolder, a Zope group-oriented component, is available. "This new version adds a very nice feature : groups nesting. GRUF Groups can now belong to other groups transparently. Also, this version includes nice ZMI improvements: groups and users displayed as a tree, a click-on-everything management interface, and minor bugfixes."
Issue Dealer 0.9.1 released (ZopeMembers)
Version 0.9.1 of the Zope product Issue Dealer has been released. Changes include a name change, bug fixes, and more.mnoGoSearch 3.2.14 search engine released
Version 3.2.14 of mnoGoSearch, a web site search engine, is available. The development history page lists the changes, a number of bugs have been fixed.Rilke CMS 0.84 released! (SourceForge)
Version 0.8.4 of the Rilke CMS has been released. "Rilke CMS provides easy content management for non-geeks. It allows you to easily publish a weblog, update a public website, or collaborate on a private Intranet site."
Tiki 1.7 RC3 released (SourceForge)
Version 1.7 RC3 of Tiki is available. "The rc3 replaces the rc2 and fixes the registration verification bug that is blocking in rc2. Tiki is a powerful CMS/Groupware. Features: article, forum, newsletter, blog, file/image gallery, wiki, drawing, tracker, directory, poll/survey & quiz, FAQ, chat, banner, webmail, calendar, category, ACL, etc in Single Sign-on or LDAP. (PHP/MySQL/Smarty)"
Ninth Zope 3 Newsletter
Issue #9 of the Zope 3 Newsletter is out with the latest Zope 3 news.Zope 2.6.2 Beta 5 Available (ZopeMembers)
Zope Members has announced the availability of ZOPE 2.6.2 Beta 5. "Zope 2.6.2b5 represents a development step in the next Zope release formed with a large number of community contributions."
Zope Tips
John Udell's Web Log features some tips on using the Zope web application platform. "Although Zope's written in Python, you lose this immediacy because like any Web application server, Zope introduces a bunch of intermediate layers: templates, scripts, the browser. But I learned of a few ways to make exploring Zope a more interactive affair."
Miscellaneous
Barbecue 1.0.6b3 released (SourceForge)
Version 1.0.6b3 of Barbecue, a barcode generator, has been released. The announcement says: "Fixes bugs with Code 39 implementation and barcode heights. All b1 and b2 users should update to this release. Production users should remain at 1.0.5 or earlier."
Squashfs1.3 released (SourceForge)
Version 1.3 of Squashfs is available. "Squashfs is a highly compressed read-only filestem for Linux. Release 1.3 adds support for FIFOs and sockets. It also has numerous optimisations and small bug fixes."
Desktop Applications
Audio Applications
amSynth 1.0 rc4 available
Version 1.0 rc4 of amSynth, the Analogue Modelling SYNTHesizer, has been released. Changes include bug fixes and an improved startup procedure.gmorgan 0.06 released
Rapid development continues on gmorgan, an organ synthesizer with auto-accompaniment. Version 0.06 adds performance improvements, bug fixes, and some new features.
CAD
Ninth Development Release of PythonCAD
A new release of PythonCAD has been announced. "The ninth release concentrated on internal improvements to the code. The storage and manipulation of optional values was heavily reworked. The first batch of changes regarding storing various drawing entities was finished, with the handling of colors having the largest number of changes. Linetypes and drawing styles will be updated in a similar manner to colors in future releases."
Desktop Environments
KDE 3.1.3 released
KDE 3.1.3 has been released. The full list of changes can be found in the changelog, but it makes relatively dry reading - 3.1.3 is a maintenance release. (Thanks to Volker Blum).KDE-CVS-Digest
The July 25, 2003 edition of the KDE-CVS-Digest has been published. "This week's CVS-Digest: Find out who is paid to hack KDE. A new application, KLogo-Turtle, for teaching children. KPrinter adds access to online printer database. Kontact adds a to-do list plugin. A redesigned font installer. The beginning of KWallet. And many more features and bugfixes."
Financial Applications
LinuxTag 2003: KSpread Development Roadmap
KDE.News covers the new KSpread Development Roadmap that resulted from discussions at LinuxTag 2003, with a look at the upcoming KSpread 1.3.
Graphics
GIMP 1.3.17 Released (GnomeDesktop)
GnomeDesktop.org has the announcement for version 1.3.17 of the GIMP. "GIMP Lots of new features are being added while the GIMP developers are preparing for camp and GIMP is approaching feature freze."
JFreeChart 0.9.10 released (SourceForge)
JFreeChart 0.9.10 is available. "The focus of this release is the support for multiple range axes (instead of the current limit of 2 range axes per chart). Some other minor enhancements and bug fixes are also included. JFreeChart is a class library, written in Java, for generating charts. Utilising the Java2D APIs, it currently supports bar charts, pie charts, line charts, XY-plots and time series plots."
OpenRM Scene Graph 1.5.0 released (SourceForge)
SourceForge has an announcement for version 1.5.0 of OpenRM Scene Graph, a 2D/3D Scene Graph rendering engine. "New in OpenRM Scene Graph 1.5.0 is direct support for distributed memory parallel rendering when combined with Chromium (chromium.sourceforge.net)"
GUI Packages
FLTK 1.1.4rc2 released
Version 1.1.4rc2 of FLTK, the Fast Light ToolKit, has been released. The development team is searching for bugs until August 12, 2003 at which point the 1.1.4 version will be released.Trolltech Releases Qt 3.2 (KDE.News)
KDE.News covers the release of Qt version 3.2. "User desktop improvements include a "completely re-written, faster font rendering engine." Developer improvements include new QSpashScreen and QToolBox objects." See the announcement from Trolltech for more information.
GUI Toolkits for The X Window System (FreshMeat)
FreshMeat has reviewed a number of X window system GUI toolkits. "This article is aimed at Unix developers who already have some experience with programming languages and want to start developing GUI applications (mainly for The X Window System, though portability is discussed). It may also come in handy if you have used a particular GUI toolkit for some time and want to know whether others might suit your needs better. The main focus is comparison and introduction, but it serves as a bit of tutorial, as well."
Mail Clients
Columba 0.12.0 (stable) released (SourceForge)
Version 0.12.0 of Columbia has been released. "Columba is an email client written in Java, featuring a user-friendly graphical interface with wizards and internalionalization support."
Mozilla Thunderbird 0.1 Released (MozillaZine)
MozillaZine has an announcement for version 0.1 of Mozlla Thunderbird, a standalone mail and newsgroup client. The release notes detail all of the changes in this version.
Office Applications
HylaFAX 4.1.7 Released
Version 4.1.7 of HylaFAX, a Fax modem utility, has been announced. "This is a corrective release that fixes the PageChop feature that we inadvertently broke in the 4.1.6 patch-level, and is otherwise identical to 4.1.6."
Web Browsers
gcjwebplugin 0.0.2 released
Version 0.0.2 of gcjwebplugin is available. "gcjwebplugin is a plugin for Mozilla and other web browsers for the execution of Java applets. It uses the JVM provided by GCJ." The project is still in the testing and proof of concept phase.
Mozilla Firebird 0.6.1 Released (MozillaZine)
According to MozillaZine, verion 0.6.1 of the Firebird browser has been released. "mozilla.org has just released a minor upgrade to their Mozilla Firebird 0.6 milestone, to fix a few key issues regarding security and stability, including the autocomplete crash."
Independent Status Reports (MozillaZine)
The Tuesday July 29th, 2003 Mozilla Independent Status Reports are out. "The latest set of status reports includes updates from Download Sort, Enigmail, Gnusto, mozdev, Java and BlackConnect."
Word Processors
AbiWord Weekly News
Issue #154 of the AbiWord Weekly News is out. The summary says: "A possible standard for spell checking management, Enchant, is finally released after last week's announcement. The Open Text Summarizer reaches a level of complexity that will blow other summarisers out of the water. More GNOME HIGrrrification, help with OSX X11 and more we enter the week that will bring us 1.99.3."
AbiWord 1.99.3 released! (GnomeDesktop)
GnomeDesktop.org has the announcement for version 1.99.3 of AbiWord. "Wow, just 3 weeks since the last release of our Word Processor and we have tons of improvements."
Miscellaneous
gFTP 2.0.15rc1 has been released (GnomeDesktop)
A new release of gFTP, an ftp client, has been announced. A long list of changes is included.LilyPond 1.7.28 released
A new release candidate of GNU LilyPond, a music typesetting system, has been released. This version features bug fixes and installation improvements.
Languages and Tools
C
Secure Cooking with C and C++, Part 2 (O'ReillyNet)
O'Reilly has published part two in a three part series on secure programming in C/C++ "In part two in this three-part series of sample recipes from Secure Programming Cookbook for C and C++, the authors discuss some of the factors to consider to properly decode a URL, and they provide example code programmers can use to securely decode URLs." You may want to start off with part one of the series.
Caml
Caml Weekly News
The July 22-29, 2003 edition of the Caml Weekly News is out, take a look for the latest Caml language news.
FORTRAN
gcc-g95 integrated into the GCC CVS repository
The GNU Fortran 95 compiler has been integrated into a branch of the GCC CVS repository. "This branch of GCC will become part of official GCC releases by the time GCC 3.5 is released."
Java
HTML Parser Integration Release 1.4-20030727 (SourceForge)
SourceForge has an announcement for a new version of HTML Parser, a Java library. "This release includes a preliminary drop of the new I/O subsystem (which isn't integrated yet), incorporates JUnit and Apache commons-logging liraries (also not used yet), and adds several new tests of the contents of the StringBean."
Using the Jakarta Commons, Part 3 (O'Reilly)
O'Reilly has published Part 3 of Vikram Goyal's series on Jakarta Commons. "Jakarta Commons is a Jakarta subproject that creates and maintains independent packages unrelated to any other framework or product. The packages are a collection of components that serve small, useful purposes in their own right, and are usually server-centric."
RSSOwl 0.3a released (SourceForge)
Version 0.3a of RSSOwl has been released. "RSSOwl is a RSS reader written complete in Java using SWT as fast graphic libary. Some features are saving of RSS favorites in different categories and a TabFolder that shows multiple RSS feeds. The following features were implemented in version 0.3a: Open RSS feed from URL or local file, save RSS feed favorites in categories, Change language english / german, Change fontsize."
Lisp
SBCL 0.8.2 released
Version 0.8.2 of SBCL (Steel Bank Common Lisp) is available. "This is mostly a bug fix release, with changes featuring an improved MACHINE-VERSION, better ANSI compliance, optimizations to character compare routines, and improved disassembler functionality on PPC."
Perl
Exegesis 6 (Perl.com)
Perl.com has published Damian Conway's Exegis 6. "This Exegesis explores the new subroutine semantics described in Apocalypse 6. Those new semantics greatly increase the power and flexibility of subroutine definitions, providing required and optional formal parameters, named and positional arguments, a new and extended operator overloading syntax, a far more sophisticated type system, multiple dispatch, compile-time macros, currying, and subroutine wrappers."
gtk2-perl beta 0.91 released (SourceForge)
Version 0.91 beta of gtk2-perl is available. "This project provides perl bindings for gtk+ 2.x and a few related libraries. This release includes several bugfixes, portability issues, and missing functions in the latest betas for Gtk2 and Glib. Some dependency issues for Gnome2 and Glade were also fixed."
This Week on perl5-porters (use Perl)
The July 21-27, 2003 edition of This Week on perl5-porters has been published. "This week, a lot of porters went to YAPC::Europe in Paris, so the list traffic on the list was less important. It wasn't less interesting."
PHP
kses 0.2.0 released
Version 0.2.0 of kses is available. "kses is an HTML/XHTML filter written in PHP. It removes all unwanted HTML elements and attributes, no matter how malformed HTML input you give it. It also does several checks on attribute values. kses can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks, among other things."
PHP Weekly Summary for July 28, 2003
The PHP Weekly Summary for July 28, 2003 is out. Topics include: PHP 4.3.3 RC 2, PHP 5 TODO list, getenv() with THTTPD SAPI, Disabling @ operator, OCI8, temporary LOB, Apache2Filter, PHP 5 OO issues.phpMyAdmin 2.5.2 released (SourceForge)
Version 2.5.2 of phpMyAdmin has been released with security fixes. "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the http://www."
Turck MMCache for PHP version 2.3.20 is released (SourceForge)
SourceForge has an announcement for a new version of Turck MMCache. "Turck MMCache is a PHP Accelerator, Optimizer, Encoder and Dynamic Content Cache. It increases performance of PHP scripts by caching them in compiled state, so that the overhead of compiling is almost completely eliminated. Also it uses some optimizations for speed up of PHP scripts execution. Turck MMCache typically reduces server load and increases the speed of your PHP code by 1-10 times."
Python
Tcl/Tk
XML
Why Choose RSS 1.0? (O'Reilly)
Tony Hammond illustrates the advantages of RSS for serials news feeds. "RSS, a set of lightweight XML syndication technologies primarily used for relaying news headlines, has been adapted to a wide range of uses from sending out web site descriptions to disseminating blogs. This article looks at a new application area for RSS: syndicating tables of contents for serials publications."
Extending RSS (O'Reilly)
Danny Ayers talks about RSS flavors on O'Reilly. "This article shows how the RDF foundation of RSS 1.0 helps when you want to extend RSS 1.0 for uses outside of strict news item syndication, and how existing RDF vocabularies can be incorporated into RSS 1.0. It concludes by providing a way to reuse these developments in RSS 2.0 feeds while keeping the formal definitions made with RDF."
IDEs
DrJava Stable Release (SourceForge)
A new version of DrJava, an open-source Java IDE, is available. "This release includes many large new features, including a more interactive debugger, Javadoc support, and support for reading input from System.in."
Profilers
OProfile 0.6 released
Version 0.6 of OProfile, a system-wide source profiler for Linux, has been released.
Miscellaneous
make++ version 1.19 (stable) released (SourceForge)
Sourceforge has an announcement for version 1.19 of make++. "make++ (or makepp) is a powerful but nearly 100% compatible replacement for make that includes many features required for reliable builds of complicated projects, such as automatic include file dependencies, automatic recompilation."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Reconsidering Linux (News.com)
Ian Murdock says "Linux is not a product. It is a process.", in this article on News.com. "Let's step back a bit and look at why people are flocking to Linux. It's an open platform that is not owned or controlled by any single company. It comes with unmatched customization, optimization and integration possibilities. It is the ideal "invisible engine" for driving the next generation of applications and services. And it gives its users greater control over the evolution of the underlying platform, putting the user firmly in control of product release timelines and rollout schedules. In short, with Linux, the balance of power has finally shifted back from company to user."
SCO License Fees Would Hurt Linux Market (ZDNet)
Here is the latest Gartner pronouncement on SCO, via ZDNet. "Don't ignore the problem by hoping IBM will win or settle its lawsuit (that could take a year or more). An IBM win would not prevent SCO from pursuing individual claims, which, if successful, could cost far more in penalties than buying a SCO license would." The article as a whole is somewhat FUDdish, but it may well be true that the community is putting too much of its faith in IBM's lawyers.
Big Blue assuages customers about SCO (News.com)
News.com reports that IBM is sending memos to its customers. "SCO's latest actions broadened its case against Linux beyond the $3 billion lawsuit it has filed against IBM. Likewise, IBM's new message to its sales force--the chief way it communicates with customers--is a significant expansion of its defense over the narrower memos it sent earlier. Those memos said that IBM will stand by its customers and defend itself vigorously."
SCO's claims have absolutely no credibility (ZDNet)
Here's a ZDNet opinion column about SCO which pulls no punches. There's not much new there for LWN readers, but it's nice to see it all together in that forum. "SCO's System V copyrights do not include rights to any of the code they are discussing: RCU, NUMA, JFS, SMP. RCU is patented by IBM. NUMA is not present in System V, and was independently developed by Sequent, SGI, and IBM (not SCO). SMP in Linux was originally assisted by SCO Caldera, and newer work includes functionality that no SCO product has ever included. IBM authored JFS originally for OS/2, not System V."
Companies
Novell sets date for move towards Linux (vnunet)
Novell will support Linux with its next release of the NetWare platform. "The firm described the offering as "a key stepping stone as customers prepare for future NetWare versions when all NetWare features will also run on Linux". Novell recently detailed plans for the launch later this year of Novell Nterprise Linux Services, which extends many of the network services in NetWare 6.5 to Linux servers."
SCO Group Gains Psychological Edge (ZDNet)
Yankee Group analyst Laura DiDio was one of the people who signed the SCO NDA and came away talking about what a great case SCO had. If there was any question of where she is coming from, this Yankee pronouncement (on ZDNet) should make things clear. "SCO has wisely elected to adopt a flexible and reasonable position on the licensing fees it seeks from IBM corporate customers... SCO is well advised to pursue its current course and not seek retroactive fees dating back two years ago when IBM first shipped Linux 2.4."
Legal commentators weigh SCO's chances (Inquirer)
Here's an article in the Inquirer on SCO's real mistake: upsetting the free software community. "Judging from its statements, SCO did not anticipate that Linux developers and users would oppose its schemes so passionately and publicly. But it should have known that it couldn't attempt to steal the work of thousands of people with impunity. SCO has miscalculated -- attacking Open Source will prove its undoing in the final reckoning."
Trade Practices Act Is Basis for Australian Complaint Against SCO (Linux Journal)
Con Zymaris explains how the Australian Trade Practices Act is being used against SCO in this Linux Journal article, and encourages similar action worldwide. "You should alert your consumer watchdog that you believe that SCO is entering into conduct both misleading and deceptive to all Linux users in your country. SCO has no verified claims whatsoever on Linux, and the company is using the press to scare Linux users into forking over money for protection."
SCO execs cash in on suit spotlight (ZDNet)
Bear with us as we put up one more SCO story. ZDNet has finally gotten around to looking at insider trading in SCO stock. "Considering the company has only 13.5 million shares floating around, it is conceivable that the issuance of 45 million shares at a tenth of a cent each may dilute the list price somewhat."
Sun Sees Road To Prosperity Paved With Its Own Products (TechWeb)
TechWeb looks at Sun's plans. "Although Sun no longer makes its own Linux distribution on the server side, it plans to release by October its open-source Mad Hatter desktop operating system. Sun claims to have 60 PC makers, including Dell and Sony, lined up for Mad Hatter."
Unilever Joins OSDL
The consumer products company Unilever has joined the Open Source Development Lab (OSDL). ""Unilever is a significant addition to OSDL's membership and is the first of many Global 2000 corporations that we expect will be joining us to contribute in improving Linux," said Stuart Cohen, CEO of OSDL. "We have expanded our charter to increase our participation in the Linux development community and with IT vendors, and with Unilever to begin investing in more programs for corporations to help ensure that Linux meets their requirements and solves their real-world business problems."" Thanks to Craig Oda.
SuSE, SAP team on customer support (News.com)
News.com reports on a partnership between SuSE and the database company SAP. "The new support deal between the two companies is aimed at streamlining the process for customers who run SAP business software on the SuSE Linux Enterprise Server. SuSE said those customers can now receive centralized support from engineers specifically trained in the combination of SuSE and SAP software. The engineers will provide assistance ranging from help with SAP applications to assistance with issues surrounding the Linux source code."
Linux Adoption
Web sites unfazed by SCO threats (News.com)
News.com reports that web sites continue to shift toward Linux, despite threats from SCO. "In May, SCO Group sent about 1,500 large companies letters alleging that Linux illegally includes Unix intellectual property SCO owns. SCO went a step further Monday, saying companies could avoid potential legal action by paying a licensing fee. But a survey shows that large companies are increasingly using Linux for their Web sites."
Why governments should be allowed to specify Open Source software (NewsForge)
Robin 'Roblimo' Miller takes a look at some government and military specifications to show that open source specifications are not so outlandish. "If the federal government suddenly decided to acquire and use nothing but Open Source software, this would not stop Microsoft, Adobe, and other big proprietary software vendors from bidding on government contracts. It would simply mean they'd need to open some of their source code if they wanted to do business with the government."
Open Asia: Under the radar, FLOSS thrives (NewsForge)
NewsForge looks at GNU/Linux in Asia. "GNU/Linux is already reporting some interesting deployments in the populous cash-strapped countries of the region. In India, it is no coincidence that a number of low-cost PCs hitting the market are now opting for Free Software-based solutions. China has already worked out national distros of GNU/Linux that are in the local language and also meet national concerns in terms of security. Pakistan has seen government initiatives to boost the role of FLOSS, so as to become less dependent on proprietary software, with it accompanying allegations of piracy against countries with low incomes and poor conversion rates against the dollar. Thailand is finding GNU/Linux a useful solution in its Schoolnet program."
Interviews
Galeon Developers Interview (Galeon)
Here's an interview with some of the Galeon developers on the Galeon website. This MozillaZine article has a pointer to the article and to discussions on the article. When asked about the health of the project Yanko Kaneti wrote: "Pretty healthy all things considered. Not being "the official GNOME browser". Excluded from Red Hat rawhide. Dissed for all the wrong reasons by uninformed people. - Yet people still seem to be interested and most importantly "external" patches seem to have picked up recently, which is just great. Many thanks."
Interview with Brian Kernighan (Linux Journal)
Linux Journal has an interview with Brian Kernighan, one of the creators of AWK and AMPL. "LJ: You have worked in Bell Labs, alongside Bjarne Stroustrup, Ken Thompson and Dennis Ritchie. What kind of relations do you have with them? Were you like a big, wise family? BK: We were all friends and close colleagues for many years, all in the same small group at Bell Labs. Ken, Dennis and I are all about the same age, and we all came to the Labs about the same time; Bjarne came 10 years later. I wouldn't call it family, but it was definitely good friends, and I miss seeing them all every day, which is the way it was for many years."
Interview with Bruce Eckel
The Borland developer network features an interview of Bruce Eckel. "OOP guru Bruce Eckel talks about his initial skepticism about C# (but now calls it "a better Java"), wishes Borland would create a Python IDE, explains why he's suspicious of Mono, and asks us to click the wombat."
Resources
Making Mac and Linux play nicely together (NewsForge)
Joe Barr writes about his experiences networking an eMac to a Linux box. "I recently decided to start making more use of a neglected computer of mine. It's an eMac that has been sitting quietly on my kitchen table the past two years. I decided to explore how best to share files, printers, and applications between a Macintosh and my desktop Linux box."
Building a wireless access point on Linux (IBM developerWorks)
Peter Seebach shows how to set up a Linux-based wireless access point on IBM's developerWorks. "n this article, I'll take you through the process of building a wireless access point running Linux. I won't cover every last line of code, every intermediate step, or every detail of hardware; that would take a book and would be obsolete by the time you read it. The goal is to show you what kinds of concerns and pitfalls you'll face should you want to do this. For this piece, we build the access point to operate as a bridge; simply forwarding packets between the wireless network and a local ethernet. This allows wireless devices to simply be turned on and attached using your existing network -- no new configuration, no special routing."
Reviews
Scribus excels at DTP (NewsForge)
NewsForge reviews Scribus 1.0. "It still has bugs to be found and fixed, features to be added, distribution-specific installation and quirks to be resolved, and documentation to be written. But even with that to-do list, it's starting in much better shape than Seabiscuit did. Scribus is destined to join the GIMP as one of the crown jewels of the free software world."
Zinf: The Linux Answer to iTunes
A review of Zinf, with comparisons to other Linux music players, as been published. "Zinf is a fairly new arrival on the scene of Linux music players. Yet, it already has the grace and feature set of a mature application. This is due to the fact that is a descendent of the defunct freea*p project. Zinf smoothly handles playing sound files, CD tracks and streams from the Internet."
Miscellaneous
WorldWatch Week in Review (Linux Journal)
This week's WorldWatch Week in Review from Linux Journal covers FUD-slinging from SCO, Linux in Afganistan and a guest editorial reprint from LinuxFrench.net on the EU patent vote, and other news from around the world.
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
An Open Source Strategy for the Open Group
The Open Group, owner of the Unix trademark, has been working with Bruce Perens to develop an Open Source strategy for the Group. Now a draft strategy document is out, and the Open Group is soliciting comments. "The Open Group is faced with challenges and opportunities regarding Open Source software. Foremost is the organization's responsibility to guide its members in use of, and participation in, Open Source. Secondarily, as an organization we must catch up: we couldn't have known that Open Source would be this successful, and it brings profound changes to our main areas of practice: Open Systems and Standards. We must now fully integrate Open Source into our operation. If not, it's time to change the name of our organization."
Road to Lisp Survey
If you are using the Lisp language, you may want to take a few minutes to fill out a few questions on Kenny Tilton's The Road to Lisp Survey.
Commercial announcements
IBM sells Opteron cluster in Japan
Here's a press release from IBM announcing yet another Linux cluster sale; this one is going to the Japanese Institute of Advanced Industrial Science and Technology. The announcement is interesting in that the cluster is made up of IBM's eServer 325 systems, which will be announced at LinuxWorld. The 325 is based on AMD's Opteron ("Hammer", "x86-64", "AMD64") processor, and it will be, it is said, the most powerful Linux cluster in the world.MandrakeSoft shareholder newsletter
MandrakeSoft has posted a shareholder newsletter for the first half of fiscal 2003. The company lost EUR 1.2 million on EUR 2.1 million in revenue over that time. Despite the loss, the company claims to be cash-flow positive since January. MandrakeSoft's bankruptcy period ends on July 27, but the company is looking to extend it for another six months.Sleepycat Software Bundled with Latest Python and Zope
Sleepycat Software has announced that their Berkeley DB database software now ships with Python 2.3 and a recent version of Zope.SuSE teams with SAP
SuSE Linux and SAP have announced a a support agreement that is aimed at supporting corporate customers around the world. "Under the agreement, SuSE will collaborate with SAP on support for joint enterprise customers -- providing optimum support for mission-critical SAP(R) business solutions on SuSE Enterprise Server, powered by United Linux."
ZopeMag available at a discount (ZopeMembers)
Subscriptions to the print magazine ZopeMag are available at a discount for several weeks.
New Books
"Building Wireless Community Networks, Second Edition" Released by O'Reilly
O'Reilly has released the second edition of "Building Wireless Community Networks"."Secure Programming Cookbook for C and C++" Released by O'Reilly
O'Reilly has published the "Secure Programming Cookbook for C and C++".PNG book FDL'd, online
O'Reilly has published an online version of "PNG: The Definitive Guide", by Greg Roelofs.
Resources
GNOME Installation Guide Updated (GnomeDesktop)
GnomeDesktop.org mentions the availability of an updated GNOME Installation Guide. This version includes information on GNOME 2.2.2.LDP Weekly News
The July 29, 2003 edition of the LDP Weekly News is out with the latest Linux documentation updates.
Contests and Awards
LinuxWorld Names Finalists for Product Excellence Awards
IDG World Expo has announced the finalists for the LinuxWorld Product Excellence Awards, to be presented at LinuxWorld Conference & Expo next week.Nominations are now open for the Open Source Awards
Nominations are open for the first Open Source Awards, to be presented at OSCON 2004.
Upcoming Events
Bruce Perens Press Event at LinuxWorld
Open-source evangelist Bruce Perens will give a speech entitled the "Open Source State of the Union" on August 6, 2003 during the LinuxWorld Conference.Silicon Valley Linux Picn*x12
Several Bay Area Linux groups will be holding an event known as Picn*x12 on August 9 in Sunnyvale, CA, following the LinuxWorld Expo conference. The theme is the celebration of the birthday of the Linux operating system. "The picnic event is completely free, and free food will be served. It's a family-oriented gathering, so bringing the spouse and kids is encouraged! You must RSVP in advance, however."
YAPC::EU::2004 Venue Chosen (use Perl)
According to Use Perl, the YAPC::Europe 2004 conference will be held in Belfast, Northern Ireland.YAPC::Israel::2004 - first call for papers (use Perl)
Use Perl has an announcement for the YAPC::Israel::2004 conference, to be held in February. "After the successful year of 4 YAPCs we would like to announce the first call for participation, papers and sponsorship of YAPC::Israel::2004".
GUADEC 5 - Host Wanted! (GnomeDesktop)
The GNOME Foundation is looking for a host city for the GUADEC 2004 conference.Events: July 31 - September 25, 2003
| Date | Event | Location |
|---|---|---|
| July 31 - August 3, 2003 | UKUUG Linux Developers' Conference(LINUX 2003) | (George Watson's College)Edinburgh Scotland |
| July 31 - August 2, 2003 | The 10th Annual Tcl/Tk Conference | Ann Arbor, Michigan |
| August 4 - 7, 2003 | LinuxWorld Conference and Expo 2003 | (Moscone Convention Center)San Francisco, CA |
| August 5 - 7, 2003 | 5th Annual CERT Conference(NEbraskaCERT) | (Scott Conference Center)Omaha, NE USA |
| August 7 - 10, 2003 | Chaos Communication Camp 2003 | Paulshof, Altlandsberg, Germany |
| August 18 - 21, 2003 | New Security Paradigms Workshop 2003(NSPW 2003) | (Centro Stefano Francini)Ascona, Switzerland |
| August 22 - 30, 2003 | KDE Developers' Conference | (Zamek Castle)Nove Hrady, Czech Republic |
| August 27 - 29, 2003 | International Conference on Principles and Practice of Declarative Programming(PPDP 2003) | (Uppsala University)Uppsala, Sweden |
| September 3 - 4, 2003 | LinuxWorld Conference & Expo (Cancelled) | (The NEC)Birmingham, UK |
| September 8, 2003 | Boundaryless Information Flow: Open Source in the Enterprise | (Hilton London Paddington)London, UK |
| September 11 - 12, 2003 | Python for Scientific Computing Workshop(SciPy'03) | (CalTech)Pasadena, CA |
| September 15 - 18, 2003 | LogOn Web Days | Across Europe |
| September 15 - 18, 2003 | Embedded Systems Conference(ESC) | (Hynes Convention Center)Boston, Mass |
Event Reports
GUADEC Desktop BOF Slides and post-paper posted (GnomeDesktop)
A set of slides and a post-BOF conclusion paper have been posted for the GUADEC BOF session, "KDE, Mac Os X, Windows: What can we learn (copy or improve) from them?".
Web sites
Project Aims to Combine Mozilla and Java (MozillaZine)
MozillaZine examines the new java.mozdev.org site. "Brad GNUberg writes: "The goal is simple. Build a Mozilla application so that a Java backend can be used to interact with a Mozilla/XUL front-end. It makes sense. Combine the power of Java's server libraries with the interactivity and user interface capability of Mozilla. Kevin Burton and Brad GNUberg are proud to announce java.mozdev.org, a central repository for open-source projects making this vision true."
French Geckozone Site Launches (MozillaZine)
MozillaZine mentions the launch of a new French language Mozilla site, Geckozone. "Initiated by several members of the Frenchmozilla localization team, this new site is targeted to French-speaking people seeking information, help and tutorials on Mozilla-based products."
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Miscellaneous
zWebit interface engine released as GNU/GPL (LinuxMedNews)
According to LinuxMedNews, HSC has released their zWebit interface engine under the GPL. "zWebit has proven stable and reliable in a 250 bed hospital supporting twelve interface connections."
Page editor: Forrest Cook