LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for August 7, 2003Novell acquires Ximian[This article was contributed by Joe 'Zonker' Brockmeier] Every time there's a trade show, there's also a flurry of predictable press releases. New products, product upgrades, new partnerships and so on. But sometimes, a company manages to sneak in a surprise. Novell managed to throw the community a curve during the first day of LinuxWorld Expo by announcing that it had acquired Ximian. Novell executives have also hinted that the company may stop developing NetWare to focus on Linux in the future. Earlier this year, Novell announced that it would be expanding its Linux offerings, but the announcement was met with some skepticism and concern that Novell's committment to Linux was half-hearted, particularly after an early flub where Novell CEO Jack Messman called Linux "immature." Messman soon apologized, and it would appear that Novell is quite earnest in its committment to Linux. On Tuesday, I spoke to Miguel de Icaza of Ximian about the acquisition and plans going forward. De Icaza said that Ximian and Novell had already been working together as partners on some projects before Novell made the offer to buy Ximian. For the time being, expect Ximian to pretty much stay the same course as it was on before the acquisition was announced. De Icaza says that Ximian will operate as an independent subsidiary of Novell and continue with its existing schedule, and deliver the products that were in the pipeline before the acquisition. Evolution, Ximian Connector, Red Carpet, Mono and Ximian Desktop will continue to be developed. Long term, he indicated that there would be tighter integration between Novell's offerings and Ximian's. Though it wasn't mentioned in Novell's press release, de Icaza says that Novell will also be developing its own Linux distribution in addition to making its products available for other Linux distributions. Few details are available about this new Linux distribution, and de Icaza said that they had not yet established a timeline for the first release. Obviously, users can expect to see the Ximian desktop and tight integration with Ximian's Red Carpet, but details about the remainder of the distribution are sketchy at the moment. According to de Icaza, one advantage of a Novell Linux distribution is that it would give Ximian the opportunity to delve deeper into the operating system. He noted that Ximian has been somewhat limited in the features they could implement, since Ximian Desktop and other Ximian products had to integrate with other distributions whose development wasn't under Ximian's control. Making modifications to the kernel, for example, wasn't really an option. Novell will also give Ximian's product line a shot with customers that the company found it difficult to reach before teaming with Novell. The enterprise channel is tough to break into, and de Icaza indicated that Ximian had previously found that larger companies to be nervous about deploying Ximian solutions. As part of Novell, Ximian's products are now considered less risky because customers know Novell.
The fact you have a company the size of Novell that's going to be
around, from that perspective that's what gets a lot of people
interested. You have a great product, the problem is getting the product
into the hands of people...getting access to that channel is very
important to us.
Overall, the merger looks to be a good deal for Ximian, Novell and the Linux community as a whole. While Novell's influence has been waning, the company still maintains a respectable presence in the enterprise market. The addition of Novell services to Linux's bag of tricks will definitely help spur Linux adoption on both the desktop and the server in larger companies. On the other side, the acquisition of Ximian may help give Novell a little more credibility with the existing Linux community and help them to get up to speed with Linux more quickly.
Red Hat strikes backLast week, we wrote that SCO's anti-Linux campaign was not just IBM's problem, and that others needed to get into the fight. Red Hat, clearly, was thinking along the same lines; on August 4 the company announced the filing of a lawsuit against SCO in U.S. District Court in Delaware. Also announced was the creation of a fund (with a $1 million contribution from Red Hat) to defend Linux developers against infringement suits. Red Hat, seeing a threat to its business, decided to act. SCO, indeed, is not just IBM's problem.The lawsuit alleges unfair competition, trade libel, deceptive trade practices, false advertising, and interference with business opportunities. It asks for a declaratory judgement that Red Hat has not violated SCO's copyright or trade secrets, and asks for an unspecified amount of damages. LWN has published a look at Red Hat's complaint; for those wanting to go to the source, the complaint itself is available in small, easily-read text format or huge, hard-to-read PDF format. There is one interesting omission from the complaint. SCO continues to distribute a 2.4 kernel. This action is a clear violation of the GPL (SCO claims that kernel cannot be redistributed, or even run without a special license - see below), and thus an infringement of the kernel developers' copyrights. Red Hat (along with its employees) holds copyrights to a substantial amount of kernel code, but no allegations of infringement appear in Red Hat's complaint. Red Hat told us it was "unable to comment" about this omission. The GPL and SCO's continued distribution of the disputed code (whatever it is) under a GPL license will almost certainly play a role in this whole affair before it is done, but the time has apparently not yet come. SCO's response to Red Hat's suit was unyielding, to say the least.
SCO has not been trying to spread fear, uncertainty and doubt to
end users. We have been educating end users on the risks of
running an operating system that is an unauthorized derivative of
UNIX. Linux includes source code that is a verbatim copy of UNIX
and carries with it no warranty or indemnification. SCO's claims
are true and we look forward to proving them in court.
The response includes a letter sent back to Red Hat; quoting from there:
Of course, we will prepare our legal response as required by your
complaint. Be advised that our response will likely include
counterclaims for copyright infringement and conspiracy.
I must say that your decision to file legal action does not seem conducive to the long-term survivability of Linux. Remember, as you read the above, that SCO "has not been trying to spread fear, uncertainty, and doubt." If things go well, Red Hat's suit has the potential to force SCO to put its cards on the table and point out the code that, it claims, infringes upon its copyrights. At that point, it would be possible to actually evaluate those claims and determine the true origins of the disputed code. If SCO has no real claim to that code, the issue can be put to rest. If SCO's copyrights have truly been violated, the parties responsible can be identified and the stolen code excised. Of course, SCO has no interest in either of those scenerios, and will continue to fight any sort of public disclosure. It would not be possible, after all, for SCO to try to collect a tax on a system known to be free of its copyrights. But that's the subject for the next article...
The SCO taxSCO did not content itself with threatening the "long-term survivability of Linux" after Red Hat filed suit. The following day, the company announced its latest product: an "intellectual property license for Linux" (license text here). Why, one might ask? From the SCO License FAQ:
Customers have come to SCO asking what they can do to respect and
help protect the rights of the SCO intellectual property in
Linux. SCO has created the Intellectual Property License for Linux
in response to these customer needs.
It is encouraging that SCO is such a concerned, customer-oriented company. In fact, the company is even kind enough to offer a special "promotional" pricing arrangement for those who buy their licenses before October. Prices vary; a "desktop" license is $199, for a single-CPU server it's $699; for eight processors it goes up to $4999. Embedded devices get a special $32 price - but that's still enough to hurt when added to your wireless access point or video recorder. After the promotional period ends, prices will double. Of course, certain questions come to mind. Questions like "why the hell should I pay off a company to use my nicely GPL-licensed software when that company refuses to show me any proof that it has any claim on said software?" Strangely enough, this question does not appear in the SCO licensing FAQ. For what it's worth, even the Gartner Group has been quoted as recommending that potential licensees not bother until the Red Hat suit plays out. SCO, perhaps, thinks it is sitting on some sort of gold mine. All it has to do is make a tax on every Linux installation stick, and enough gold will flow to Utah to fill Canyonlands. There's only one little problem: if it were ever to become clear that Linux users actually had to pay this tax, all distribution of Linux would have to immediately stop. Distribution of a non-free Linux kernel would be a clear GPL violation, and there is little doubt that some holders of Linux copyrights would sue, if necessary, to prevent their code from being distributed as part of a proprietary product. Even SCO acknowledges this fact in its FAQ:
The IP License for Linux does not grant distribution rights, nor
does it grant any rights associated with source code. SCO
doesn't offer a license to cure the infringement on the part
of the Linux distributor because SCO's source license
agreement directly conflicts with the GPL.
So, if SCO somehow makes its license stick, it kills the whole game. Linux distribution would cease, and companies, seeing no future in Linux, would switch to something else rather than pay exorbitant fees for a dead-end system. Given that scenario, it is hard to come up with reasons why SCO would attempt this licensing program in the first place. With the application of sufficient imagination, however, a few possibilities can be found:
In the short term, however, it's a fairly safe prediction that this licensing program will not go very far. Most users are far from convinced by SCO's claims, to say the least. And SCO has very limited resources to direct toward new legal battles; the company is, after all, fighting two high-profile cases already. Of course, if you are concerned about the issue, you should get your advice from a lawyer, not from web publications like LWN.
The indemnification issueSCO has, in recent days, made a big issue out of the fact that IBM and Red Hat do not indemnify their customers against any sort of intellectual property infringement committed by use of Linux. This refusal is, it is said, is a clear indication that these companies know they are on thin legal ice. Indemnification is a distraction from the main issue (being that SCO claims its code was stolen and put into Linux), but it deserves a closer look anyway.A number of articles in the press have portrayed the refusal to indemnify as a strange thing, out of line with usual software industry practice. The authors of those articles clearly have not read the license agreements for the software they used to do their writing. It is a rare product indeed that comes with an indemnity agreement. Consider Sun, for example. This company has made indemnity an issue, but if you go read the Solaris binary code license agreement, you find this text:
UNLESS SPECIFIED IN THIS AGREEMENT, ALL EXPRESS OR IMPLIED
CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT ARE DISCLAIMED, EXCEPT TO THE EXTENT
THAT THESE DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.
(Emphasis added). Sun clearly is not interested in exposing itself to infringement claims. Microsoft's licenses are just as explicit, as are just about everybody else's. In fact, SCO's intellectual property compliance license for Linux contains the following language:
ALL WARRANTIES, TERMS, CONDITIONS, REPRESENTATIONS, INDEMNITIES AND
GUARANTEES WITH RESPECT TO THE SOFTWARE, WHETHER EXPRESS OR
IMPLIED, ARISING BY LAW, CUSTOM, PRIOR ORAL OR WRITTEN STATEMENTS
BY ANY PARTY OR OTHERWISE (INCLUDING, BUT NOT LIMITED TO ANY
WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR
ANY IMPLIED WARRANTY OF NON-INFRINGEMENT OF THIRD PARTY
INTELLECTUAL PROPERTY RIGHTS) ARE HEREBY OVERRIDDEN,
EXCLUDED AND DISCLAIMED.
SCO, it seems, is even more explicit than Sun in this regard. When SCO criticises another company for refusing to indemnify its customers, its behavior can only be described as cynical and hypocritical. So why the big push on indemnification? The issue is clearly a useful distraction from the main issue: SCO's refusal to provide evidence for its claims. There is also a darker possibility, however. Imagine, for a moment (and the following is pure speculation), that SCO's pressure convinces one or more deep-pocketed companies to offer indemnity for its increasingly nervous customers. If SCO were then to put those customers at the top of its lawyers' "to hassle" list, said customers would go immediately to their vendor, asking for relief under the promised indemnity. SCO could then, perhaps, collect a hefty sum from the company involved; said company, under pressure from its customers, may well capitulate in that situation. In SCO's teleconference this week, CEO Darl McBride said "IBM and Red Hat have painted a Linux liability target on the backs of their customers." (Do remember, hard though it may be, that SCO is not trying to spread fear, uncertainty, and doubt). A real possibility exists that the customers who are targeted first will be those whose vendor has been pushed into offering some sort of indemnity. Linux users may well be better off with the standard "no warranty" language.
UCITA runs out of steamLWN first reported on UCC-2B, a proposal for a uniform law on software licensing (and other intellectual property issues), over five years ago. UCC-2B proposed to legitimize "shrink-wrap" licenses - even if the license is hidden within the box and unavailable to the customer until after the product is purchased. Some of the worst abuses of software licensing, such as prohibitions on the publication of benchmark results or "unauthorized" product reviews and bans on reverse engineering, would have, in theory, been legalized by UCC-2B.Things got more interesting in 1999, when UCC-2B evolved into UCITA. At this point, the drafting committee added nice features like the (legal) ability to disable software remotely, non-transferability of licenses, and more. UCITA was eventually passed (in modified form) in two U.S. states, but appeared to stall otherwise. It was, after all, not a very good law. In 2002, the UCITA folks tried again with a series of amendments to the law. Remote shutdowns were taken out, and the provisions allowing the prohibition of public criticism of the software were watered down slightly. But the new version also changed the terms on warranties, to the point that it would be impossible for a free software product to ship with a warranty disclaimer. UCITA remained a bad law. Things took a turn for the worse (from the point of view of those backing UCITA) in early 2003, when the American Bar Association (the professional association for lawyers in the U.S.) refused to endorse UCITA. Versions of the law were introduced into several state legislatures, but made no real progress. UCITA, it seemed, wasn't going anywhere. This week, it would appear that UCITA has hit the end of the road: the National Conference of Commissioners on Uniform State Laws has voted to shut down the UCITA committee. UCITA has ceased to be an active effort in the U.S. There is a worthwhile lesson in this development: it is possible to defeat bad laws, at least some of the time. We should not forget another, hard-learned lesson, however: this sort of proposal tends to come back, over and over again. Consider the words of the NCCUSL president:
Clearly our efforts to find consensus and to bring all of the
interested parties together has been extraordinary. Unfortunately
in the real world, sometimes doing the right thing at the right
time is not enough.
The clearest thing here is that the people behind UCITA have learned little from its defeat; UCITA is "the right thing at the right time." UCITA is gone for now, but it shall certainly be back.
Security Brief items SuSE and IBM get Common Criteria certifiedOne of the more highly hyped LinuxWorld announcements this week has been this press release from IBM and SuSE. It seems that the two have worked together to achieve Common Criteria "Evaluation Assurance Level 2+" certification for SuSE Linux Enterprise Server 8 running on the IBM eServer xSeries server. This is a significant development - it is the first Common Criteria certified Linux distribution. Obtaining this certification is said to be expensive (several hundred thousand dollars), but it should make it easier to sell Linux solutions to certain kinds of customers.An EAL2 certification, however, does not actually mean a whole lot. The Common Criteria is an extensive standard; those who are curious can find it documented on commoncriteria.org; bear in mind that it's several hundred pages of grim technical text in PDF format; print it out and take it to bed. Those documents describe seven evaluation assurance levels. EAL1 is the lowest, described by Jonathan Shapiro as "the vendor showed up for the meeting." EAL7 requires formal designs, proofs that the implementation match the design, independent verification of all test results, etc. EAL2, the level achieved by IBM and SuSE, is described as follows:
EAL2 requires the cooperation of the developer in terms of the
delivery of design information and test results, but should not
demand more effort on the part of the developer than is consistent
with good commercial practice. As such it should not require a
substantially increased investment of cost or time.
EAL2 is applicable in those circumstances where developers or users require a low to moderate level of independently assured security in the absence of ready availability of the complete development record. Such a situation may arise when securing legacy systems, or where access to the developer may be limited. In other words, EAL2 requires the developers to have actually thought a little bit about security, but "should not require a substantially increased investment of cost or time." It does require that the system be tested (by the developer) against known vulnerabilities. But, in the end, EAL2 certification says that the developers thought about security, generated a big pile of paper, and spent a chunk of money. Not much more. IBM and SuSE are aiming for EAL3 certification later this year. The requirement for EAL3 is:
EAL3 permits a conscientious developer to gain maximum assurance
from positive security engineering at the design stage without
substantial alteration of existing sound development practices...
An EAL3 evaluation provides an analysis supported by "grey box"
testing, selective confirmation of the developer test results, and
evidence of a developer search for obvious vulnerabilities.
For what it's worth, some versions of Windows and most proprietary Unix systems are certified at EAL4. Red Hat (with Oracle's help) submitted Red Hat Enterprise Linux AS 2.1 for EAL2 certification last February. According to the press release, they planned to be the first CC-certified Linux. Looks like SuSE won that race.
New vulnerabilities atari800: buffer overflows
gallery: cross-site scripting
man-db: buffer overflow, command execution
postfix: denial of service vulnerabilities
wget: buffer overflow
wu-ftpd: off-by-one bug
xconq: buffer overflows
xfstt: remote exploits
xtokkaetama: buffer overflows
Updated vulnerabilities 2.4 kernel - several vulnerabilities
apache: multiple vulnerabilities in Apache HTTP server
Apache: denial of service vulnerabilities
bind buffer overflow vulnerability in DNS resolver libraries
Canna server: exploitable buffer overrun
ethereal: security problems in Ethereal 0.9.12
Filename disclosure vulnerability in fam
fdclone: insecure temporary directory
fetchmail: buffer overflow
glibc: DNS stub resolvers contain buffer overflow vulnerability
gnupg: key validation
gtkhtml: malformed messages cause crash
konqueror: information disclosure vulnerability
kernel-utils: setuid vulnerability
libpng, libpng3: buffer overflow
lynx: CRLF injection vulnerability
perl-MailTools: remote command execution
mikmod: buffer overflow
mnogosearch: Remote buffer overflow vulnerabilities
mpg123 - buffer overflow
Nessus NASL scripting engine security issues
net-snmp: denial of service vulnerability
nfs-utils xlog() off-by-one bug
openssh: timing attack leads to information disclosure
perl: cross site scripting vulnerability in CGI.pm module
PHP: vulnerability in mail function
PHP: Cross site scripting vulnerability
phpgroupware - cross-site scripting and other exploits
PostgreSQL - more buffer overflows
Local arbitrary code execution vulnerability in Python
Multiple-use vulnerability in Safe.pm
semi: insecure temporary file
stunnel: signal handler reentrancy DoS
sup: insecure temporary file
File overwrite vulnerability in tar and unzip
teapop: SQL injection
Multiple vendor telnetd vulnerability
unzip: directory traversal vulnerability
vim - modeline vulnerability
vixie-cron: Local vulnerability
webmin: session ID spoofing
wget:directory traversal bug
Wwwoffle remote privilege escalation vulnerability
xinetd: Memory leak in xinetd 2.3.10
Events RAID 2003The Sixth International Symposium on Recent Advances in Intrusion Detection will be held in Pittsburgh, PA on September 8 to 10.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current development kernel is 2.6.0-test2; Linus has not released any development kernels over the last week.Linus has been busy, however; his BitKeeper tree contains a substantial pile of patches, including a merge of the SELinux security module, a new print_dev_t() function which is portable across architectures (and dev_t size changes), some power management and software suspend fixups, an ALSA update, some disk readahead changes (avoiding work if the drive is too busy to do readahead anyway), and, of course, a vast number of fixes. The current stable kernel is 2.4.21, but 2.4.22 is getting closer: Marcelo announced the first release candidate on August 5. The time has come for those with a serious interest in 2.4.22 to do some real testing and shake out the remaining problems.
Kernel development news Swsusp approaches readinessYour editor recently replaced his venerable Sony 505-FX laptop. That machine had a nice feature - hitting a certain magic function key sequence would cause the APM BIOS to take over, save the contents of memory to disk, and suspend the system. The Linux APM code would let the kernel trap the events and do things like flush out disk buffers (before suspending) or reset the system clock (after). It all "just worked."The new laptop has the same little "suspend" symbol on the same key, but it doesn't work. In the modern, ACPI world, it is the operating system which is responsible for suspending and resuming the system. This change is, somehow, presented as progress. The version of Windows shipped with the laptop is able to perform this operation, of course. Strangely, Sony does not support Linux to the same level. Your editor, it seems, was doomed to head off to the Kernel Summit and OLS with a non-suspending laptop. Then came the announcement that software suspend for 2.4, v1.0, was available. LWN has covered the swsusp patch before, but swsusp has long been in the "almost works" category. For a long time, it appeared that not much was being done in that area. More recently, the swsusp effort has picked up steam (as more kernel hackers get new laptops, perhaps). Thus, the 1.0 release. The swsusp tarball yielded a series of patches; the user has to decide which ones to apply depending on what other patches are of interest. For example, if the target (2.4.21) kernel has the ACPI patches in it (pretty much mandatory for many laptops), a separate swsusp "option" patch must be applied as well. The swsusp "Applying" file covers the necessary patches (and required order) reasonably well - for somebody who is comfortable messing with highly patched kernels. The patch also comes with a "hibernate" script which is used to actually kick off a software suspend operation. This (lengthy) script tries to get everything into shape for a graceful suspend; in many ways, it behaves like a partial shutdown. Certain processes are killed off, as many modules as possible are unloaded, etc. On resume it restores the clock, reconfigures network interfaces, and, perhaps, engages in some complicated gymnastics in an effort to get X and the video hardware back in sync. The bottom line is: it works. On your editor's laptop, an invocation of hibernate saves state and takes the system to a power-off state in 16 seconds. Returning to a full X display takes a little longer: 34 seconds, after the BIOS finishes its power-on ablutions. To say the least, this is a nice functionality to have in a laptop, especially when one is attempting to cover a conference. The one bit of remaining difficulty is the laptop's Radeon video hardware, which refuses to come back into any sort of reasonable, useful state. There is, evidently, a patch for XFree86 which makes this problem go away. But your editor, who has no trouble with patching a kernel to a pulp, shies away from patching and installing XFree86. It was far simpler to tell X to run in the unaccelerated, dumb frame buffer mode, which works just fine. For those who are interested in 2.4 software suspend, the first swsusp 1.1 release candidate was announced on August 5. There's a number of useful changes in this version, but the largest is probably the ability to save system state to swapfiles (previous versions only worked with swap partitions). Software suspend support in 2.6 is in more of a state of flux; the power management changes have still not been merged, and work is being done to make the swsusp support cleaner, more flexible, and more robust. 2.6 should eventually have a solid swsusp implementation, though it may still be stabilizing when 2.6.0 comes out. It is unclear whether swsusp will ever be merged into the 2.4 kernel; it is a somewhat invasive patch to apply to a stable series.
The scheduler saga continuesAt the conclusion of last week's episode, Con Kolivas and Ingo Molnar were busily trying to improve interactive response in the 2.6-test scheduler through a variety of techniques. Con had picked up some of Ingo's changes, but had passed over others. In particular, Con thought that Ingo's nanosecond timekeeping functionality added extra overhead without really helping with interactive scheduling.So it was, perhaps, a surprise to some when Andrew Morton's 2.6.0-test2-mm3 kernel came with a little note: "Con's CPU scheduler rework has been dropped out and Ingo's changes have been added." There is a useful lesson here that has been learned several times on linux-kernel: when Ingo starts to think seriously about a development issue, it's usually worthwhile to pay attention to what he comes up with. (Incidentally, Andrew merged Ingo's 4G/4G patch as well). In particular, it seems that Ingo's nanosecond timekeeping in the scheduler was necessary after all. The interactivity patches try to give a priority boost to processes which perform short sleeps, and tracking those sleeps in jiffies (usually 1/1000 second in 2.6) was insufficiently precise. Con reworked his patch to use the higher-resolution times; the resulting O12.2int patch found its way back into 2.6.0-test2-mm4. Beyond the timekeeping change, the patch continues to tweak the various parameters, but mostly sticks to the techniques for discovering interactive processes that were discussed last week. Con's O13int goes a little further, however, and denies an interactive bonus to processes for non-interruptible sleeps. This type of sleep (which shows up in ps output as the dreaded "D" state that can mark a non-killable process) is usually (but not always) associated with a wait for disk I/O. Con's observation was that processes which are pounding on the disk are usually not performing truly interactive work, and shouldn't get the associated bonus. This approach has a problem, however: the recently merged anticipatory I/O scheduler will, on completion of a read request, idle the disk briefly on the expectation that the reading process will immediately issue another, nearby request. But if the scheduler makes the reading process wait (since it was in a non-interruptible sleep and doesn't appear to be interactive), the next read request may not arrive in time, with the result that the I/O pause was done in vain. Idling a disk for no useful purpose does not help response, interactive or otherwise. In the end, Con tweaked the code to allow tasks to build up enough credit in non-interruptible sleeps to just barely qualify as "interactive." Since then, scheduler tweaking activity has slowed a bit. For the time being, it seems, most of the ideas in circulation have been tried out. Perfection in the scheduler is probably an unattainable goal; it may be that it will soon be time to declare victory and move on to other issues.
IA-64 milestoneIt may seem like a small victory for some, but David Mosberger seemed pleased enough when he announced that, as of August 4, the official Linus kernel builds correctly on the IA-64 architecture with no additional patches needed. Non-x86 architectures often require external patches to build correctly, and Itanium has been no exception. In fact, IA-64 required a larger set of patches than most; the port was initially done with a rather un-subtle hand. It has taken a lot of work from numerous developers to bring the two trees back together; congratulations are due.
Changing RCU in 2.6.3?Dipankar Sarma recently posted a pair of patches which change the interface to the read-copy-update functionality in the kernel; these patches shrink the rcu_head structure and change the prototype of the call_rcu() function. Andrew Morton's response was that the patches looked good, but now the focus was on stabilization, not improvements. He went on to say:
Oh I'd be okay with merging a change like this into (say)
2.6.3-pre1, without it having had a run in 2.7. We need to be able
to do things like that.
The only problem with this plan, of course, is that such a change would break all code using RCU - during a stable series. The rcu_head structure changes would break binary modules; very few developers are particularly concerned about that. The call_rcu() prototype change, however, would be a source API change; that sort of thing worries more people. Some objections were raised, but it appears that Andrew's plans have not changed. RCU users may want to bear in mind that an API change may well happen early in the 2.6 series.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Xandros, Inc.: Time for Change?[This article was contributed by Ladislav Bodnar] While working on a review of Xandros Desktop 1.0, the author of this article happened to replace his Matrox graphics card with a new NVIDIA GeForce one. Anyone who has done a similar hardware upgrade knows that a change like that would not go unnoticed during the next attempt to start the X Window system; in fact, even Microsoft's operating systems would be caught off-guard with likely prompts to install a new driver. So how did Xandros handle the change? In one of the most impressive displays of user-friendliness, the Xandros operating system detected the change, installed the necessary NVIDIA drivers, reconfigured XF86Config and booted into KDE -- without as much as a single prompt! Needless to say, this experience, together with many other innovative features considerably increased the author's respect for the Xandros distribution. Other reviewers felt similarly; an article in the January 2003 edition of UK's Linux Format magazine concluded:
Xandros is a great, great distribution. Although you may think that
I am on commission for writing such a glowing review, I am not, but
I am simply very impressed at what they have managed to do. Xandros
has successfully managed to take a solid base distribution (Debian)
and make it simple to install and use for the masses. I am usually
quite despondent about shelling out the £££ for a
Linux distribution, but I would be happy to pay for Xandros Desktop
- they have managed to implement a feeling that you are getting
real value for money with the product.
The above examples illustrate two things. Firstly, the distribution decision makers at Xandros have done some usability studies and came up with a range of unique ideas. The highly useable Xandros File Manager, the ability to resize NTFS partitions, the "switch user" option allowing users to start new X sessions and easily switch between them, the Xandros Help Center and many other features have yet to be surpassed by most other so-called user-friendly distributions -- even now when Xandros Desktop 1.0 is nearly one year old. Secondly, Xandros employs talented developers who are capable of bug-free implementation of these ideas. Surely, a combination like that should assure not only glowing reviews, but also a steady revenue from satisfied and loyal users. Why, then, is Xandros Desktop not the most widely used desktop Linux distribution on earth? Some will argue that the $100 price tag is a relatively steep admission fee to enjoy the benefits. Especially since there is no way to try the product beforehand, while there is an abundance of other distributions which can be had for no more than the cost of the bandwidth to download them. But is that the only reason? Isn't there something else that Xandros could do to gain a larger customer base? Here are a few ideas that might help:
Distribution News The end of the road for Eridani LinuxThe developers of Eridani Linux have sent out an announcement that development of the distribution has ceased. "There will be no further updates for Eridani Linux 6.3, and our advice to existing users is to upgrade to a current supported distribution."
Debian Weekly NewsThe August 5 edition of the Debian Weekly News is out; it looks at the freeness of MPlayer, the philosophy behind Knoppix, DebConf 2005, Debian in Schools, and several other topics.
New experimental version of APT with DDTP SupportA new experimental version of Debian's APT packaging system is available. "The DDTP team and the Debian-BR project are proud to announce the new public release of APT featuring support for translated package descriptions."
Gentoo Weekly NewsletterThe August 4 Gentoo Weekly Newsletter is available; it looks at Gentoo's LinuxWorld presence, the first Gentoo BugDay, and the removal of WineX from Portage.
Gentoo Linux 1.4 releasedThe lengthy Gentoo 1.4 development process has finally come to an end - the final version of Gentoo Linux 1.4 is available. There does not appear to be a release announcement as such, other than a brief item on gentoo.org. There you can also find a list of mirrors to download from.
Knoppix Auto-configuration for Installed DistributionsA Mandrake port of the Knoppix Auto-configuration for Installed Distributions is available. "Knoppix Auto-configuration for Installed Distributions provides ports of Knoppix's Live CD automatic hardware detection system to installed systems."
Mandrake Linux Community NewsletterThe July 31 Mandrake Linux Community Newsletter is out; this one looks at the 9.2 Beta 1 release, a new MandrakeClub benefit, the business case of the week, and more.
OpenPKG 1.3 releasedVersion 1.3 of the OpenPKG meta-distribution has been announced. OpenPKG now has some 400 packages, and can be run over several Linux distributions, FreeBSD, and Solaris, with "partial support" for several other Unix-like systems.
OpenPKG Security Engineering now covering 1.2 and 1.3 onlyThe 1.1 release of OpenPKG is now officially deprecated. Users of OpenPKG should upgrade to version 1.2 or 1.3.
Slackware LinuxThis week's Slackware Changelog mentions that updates are available for the latest wu-ftpd buffer overflow security update.
Minor distribution updates New version of BG-Rescue LinuxBodo Giannone has released version 0.1.5 of BG-Rescue Linux. "This is a very small Linux distribution that fits on either two floppy disks or one eltorito-boot cd". See the Change Log for details about this version.
CDlinux 0.4.4 releasedVersion 0.4.4 of CDlinux has been released. The changes include minor bugfixes and minor feature enhancement.
Damn Small Linux 0.4.2Version 0.4.2 of Damn Small Linux is out. This release adds Xpaint, XzGV, emelFM, and Sylphed.
JACK fix for AudioslackA new package for the JACK Audio Connection Kit is available for Audioslack. "I have also discovered a very important Jack packaging bug, which had to do with the source tarball used for the original compilation. If you were finding that Jack was not working for you, this should fix the problem of the missing /usr/lib/jack directory, and associated files in that directory."
New Mindi Linux snapshotsTwo new versions of the Mondo Rescue version of Mindi Linux are out. "New 1.6x, 1.7x snapshots are out. They fix a couple of silly bugs which were floating around for months but which I could not fix because I did not possess suitable hardware for testing my bugfixes. I do now, thankfully."
Announcing SME Server 6.0beta3Mitel Networks has announced version 6.0beta3, an unsupported developer release, of SME Server. "The changes in this release include engineering improvements, a new look and feel and Spanish language support for the server manager web interface, and the inclusion of a port forwarding panel." Thanks to Brock A. Frazier.
stresslinux 0.2.2 availableVersion 0.2.2 of stresslinux, "a minimal linux distribution running from a bootable cdrom or via PXE", has been released.
Trinux updatedThe Trinix ramdisk-based distribution has had some recent changes. The status page says: "Over the last few weeks, the following new packages have been added: packit, disco. The following existing packages have been updated to the latest version: apache, darkstat, amap."
Warewulf 1.12 availableVersion 1.12 of Warewulf, an easily scalable cluster implementation, is available.
Distribution reviews Libranet: TCO-Friendly GNU/Linux (Open For Business)Open For Business reviews the Libranet distribution. " Libranet is a bit different than the other GNU/Linux distributions we are considering this time around. In an era when distributions are often judged by the glitz that their installer and customized desktop provides, Libranet has neither glitz nor much of a customized desktop. At first glance, the Libranet installer could very well cause one to fear the worst about how long and arduous the installation might be."
Page editor: Forrest Cook Development Natively compiled EclipseA group of hackers from the GCJ project have been awarded the Fast Free Eclipse Prize:
Andrew Haley and Tom Tromey led a team of gcj (GNU Compiler for Java)
hackers at Red Hat who won the Fast Free Eclipse prize. The Fast Free
Eclipse challenge was to produce a free and fast version of the
Eclipse development environment that would run on a completely Free
Software system like GNU/Linux. Tom and Andrew not only accomplished
all the goals of the original challenge, but they went far beyond that
to produce the fasted Eclipse based development environment to
date. This accomplishment means that the Free Software movement now
has another high productivity environment for creating software that
can be freely used, modified and distributed.
"Eclipse is a kind of universal tool platform - an open extensible IDE for anything and nothing in particular." The Eclipse project FAQ is quite comprehensive, it covers many questions about the project.
Eclipse is an open source software development project dedicated to providing a robust, full-featured, commercial-quality, industry platform for the development of highly integrated tools. It is composed of three projects, the Eclipse Project, the Eclipse Tools Project and the EclipseTechnology Project, each of which is overseen by a Project Management Committee (PMC) and governed by its Project Charter.
Eclipse is being distributed under IBM's Common Public License. Downloads of Eclipse are available here. RPM packages of Natively compiled Eclipse, as well as dependency packages have been made available by Red Hat. Thanks to Mark Wielaard.
System Applications Audio Projects Jack Audio Connection Kit 0.75.0Version 0.75.0 of the Jack Audio Connection Kit( JACK) has been announced. Change information is available in the source code.
Planet CCRMA newsThe latest news from Planet CCRMA, a project that has assembled a collection of audio related RPM files, includes the dropping of support for Red Hat 7.2, and lots of updated packages. See the Change Log for details.
Database Software Firebird 1.5 Release Candidate 5Version 1.5 RC 5 of the Firebird database is available. "The Release Candidate means that we're "almost there", and we turned our focus to remaining known issues and rough edges, final testing and bug squashing. We made a lot of progress with it thanks to your feedback. The fifth Release Candidate should become the final release, so we are eager to hear about your experience (good or bad) with it."
OSDL Database Test 2 Support for PostgreSQL (SourceForge)Version 0.8 of DBT-2 is available. "Database Test 2 (DBT-2) v0.8 now includes C stored functions for PostgresSQL. The OSDL Database Test Suite aims to create database workload test kits used to simulate heavy user loads for OLTP, Decision Support, and e-commerce database transactions."
PostgreSQL Weekly NewsThe July 30, 2003 edition of the PostgreSQL Weekly News has been sent out. Take a look for the latest PostgreSQL database news.
knoda 0.6.1-test1 releasedVersion 0.6.1-test1 of knoda, a database frontend for KDE, has been released. "The main feature of the next release will be the support of Python as scripting language, so it is possible to extend the capabilities of forms. The feature has been implemented already and so it is time to start testing and debugging. Scripting support for reports will follow."
Embedded Systems BusyBox 1.0.0-pre2 releasedA new version of BusyBox, the minimalist replacement for a collection of command line utilities, has been released. "The last prerelease (pre1) was given quite a lot of testing (thanks everyone!) which has helped turn up a number of bugs, and these problems have now been fixed. Highlights of -pre2 include updating the 'ash' shell to sync up with the Debian 'dash' shell, a new 'hdparm' applet was added, init again supports pivot_root, The 'reboot' 'halt' and 'poweroff' applets can now be used without using busybox init. an ifconfig buffer overflow was fixed, losetup now allows read-write loop devices, uClinux daemon support was added, the 'watchdog', 'fdisk', and 'kill' applets were rewritten, there were tons of doc updates, and there were many other bugs fixed."
Mail Software milter-sender/0.31 new and improvedVersion 0.31 of milter-sender, a real-time sender address verification package for sendmail, has been announced. "Many important bugs fixes in this release such as a FreeBSD gethostbyname() fix and some other subtle bugs that may have caused milter-sender to silently crash in the past (which I've been hunting down for ages). There is also a long awaited enhancement: the successful sender cache is now preserved across milter-sender restarts, provided it was compiled with Berkeley DB support, which makes use of -m option and FullCallback: tag for sites like Yahoo more reasonable."
POPSurgeon v1.2 released (SourceForge)Version 1.2 of POPSurgeon has been released. "This release allows the inspection of message by looking at the header, the body or both. POPSurgeon is a program to perform discrete deletion on a POP3 server."
Networking Tools GNU Zebra statusThe GNU Zebra project is a GPL licensed packet routing system. The current maintainer, Kunihiro Ishiguro, has stated that the project may need help from a new maintainer, and may also need to fork into a new project. Interested developers may want to lend a hand. Thanks to Simon Lyall.
Posadis 0.60.0 is out (SourceForge)Version 0.60.0 of Posadis, a DNS server, has been released. "Posadis 0.60.0, which is a complete re-write of Posadis, now supports caching and resolving, it has a plug-in system, and it can monitor your files for activity."
Sussen 0.5 releasedVersion 0.5 of Sussen, a GNOME client for the Nessus Security Scanner, is available. "The first big change is dropping the embedded MySQL server backend and converting over to GNOME-DB. This will allow you to use a wide range of databases (Oracle,SQL Server,MySQL,Postgres, and more) for a backend."
Peer to Peer giFT 0.11.3 Released (SourceForge)SourceForge has an announcement for giFT 0.11.3. "giFT is a project designed to completely abstract low-level filesharing protocol communication while allowing seamless support for multiple networks. Currently available plugins include: OpenFT, Gnutella, and FastTrack (third party). This release features only build environment improvements and new command line options to override the local, home, plugin, and data directories that giFT was configured to use."
Printing New Ghostscript font releaseThe Ghostscript project has released a new set of fonts. "It's been quite some time since the last update to the free URW standard postscript font set we ship with Ghostscript. In fact, the recommened font set has been unchanged since the 6.0 release almost 4 years ago. Thus, we're very pleased to be able to recommend an updated free postscript font set, based on Valek Filippov's work. The new collection, packaged as ghostscript-fonts-std-8.11.tar.gz is recommended for all Ghostscript users, regardless of version."
New releases from CUPSThe CUPS site has an announcement for ESP Ghostscript 7.07.1rc1. "With the increasing number of Linux distributions shipping, or considering shipping CUPS as their standard printing system, we have had many requests to provide patches to the standard GNU Ghostscript source distribution so that they can ship a single version of Ghostscript. Thanks to funding from EPSON, this has finally happened. Easy Software Products now produces maintenance updates of GNU Ghostscript under the name ESP Ghostscript. These updates incorporate bug fixes to the current GNU version of Ghostscript as well as the latest CUPS, GIMP-print, and other add-ons to Ghostscript." Also, version 1.14 of the PyKota print quota system is available.
LinuxPrinting.org newsThe latest Printer Compatibility Database updates on LinuxPrinting.org include new drivers for several Brother printers, improvements to the pxlmono/pxlcolor drivers, a new HP Business Inkjet 1100 driver, and more.
Web Site Development NewsMonster 1.2 Released (MozillaZine)Version 1.2 of NewsMonster, a cross-platform weblog manager, is available. "This is a significant update from 1.1 which fixes a number of performance issues and focuses on usability."
phpBB 2.0.6 released (SourceForge)Version 2.0.6 of phpBB, a flat-style discussion software package, is available. "This release had been made to fix a number of potential security related issues and more annoying bugs. Work continues on 2.2.0 and again we do not plan on further releases of 2.0.x except where critical issues arise."
Symbio 1.6 released (SourceForge)Version 1.6 of Symbio, an open-source site commenting system, has been announced. "Symbio 1.6 is out, with exciting new features such as IP banning and themable statistics, plus lots of tweaks for your convenience."
Miscellaneous CueCat driver 0.8.2A new version of the CueCat driver, a driver for the CueCat barcode scanner, is available: "0.8.2 is out, with a new patch against Linux 2.4.21".
Desktop Applications Audio Applications Audacity sound editor 1.2.0-pre1 (SourceForge)SourceForge has an announcement for version 1.2.0 of Audacity. "Audacity 1.2.0-pre1 is a public test release of the free Audacity sound editor. This release has improved professional-quality audio processing; major new features such as the ability to speed up, slow down, and alter the pitch of a track; and many bug fixes since the last beta version 1.1.3."
Ceres V0.40 releasedVersion 0.40 of Ceres, a program for generating sound effects and displaying sonograms, has been released.
gmorgan-0.09 releasedVersion 0.09 of gmorgan, an organ synthesizer with auto-accompaniment, has been released. New features include a virtual chord keyboard, a new look, more patterns and songs, new functions, and bug fixes.
zinf-2.2.4 (SourceForge)Version 2.2.4 of zinf, a cross-platform audio player, has been released. "A new relese of zinf with bug fixes, enhancements, and a new build system! Zinf is the continuation of FreeA*p and has all the same features as FreeA*mp: MP3, Vorbis, WAV and audio CD playback, streaming (SHOUTcast, Icecast, RTP) support, a powerful musicbrowser/playlist editor, a themed interface and a RMP download manager."
Desktop Environments GNOME Development Series Desktop 2.3.5: (GnomeDesktop)Version 2.3.5 of the GNOME Development Series Desktop is available. "This release is a feature-frozen, development series snapshot. It is used by developers and testers as their day-to-day working desktop, and is ready for wider testing by our user community."
MultiSync 0.80 released (GnomeDesktop)Version 0.80 of MultiSync, a GNOME application for connecting to portable computing devices, is available for download. Change information is documented in the release notes.
KDE-CVS-DigestThe August 1, 2003 edition of the KDE CVS Digest has been published. The summary says: "QtRuby, Ruby bindings for Qt are now in Kdebindings. Kdevelop has a new class browser. An OBEX kio-slave has been added. Kwallet is enabled for compilation and testing. Plus Kwin improvements, lots of work on Kpilot conduits and many bugfixes."
Open Palmtop Integrated Environment 1.0KDE.News is carrying the announcement for the 1.0 release of Opie - the Open Palmtop Integrated Environment. Opie is a fork of Qtopia with a number of new features and, it is said, improved usability. See the announcement for an impressive list of capabilities.
PYWM, the Python Window ManagerPYWM is a Python language based X window system manager. "Some window managers are mouse heaven and keyboard hell. Other window managers are the other way around. But PYWM aims to be very comfortable to use from either. PYWM is a "pythonised" version of the fast light FLWM window manager, and gives you easy-to-use tools to create your own personal dream desktop. Control Freak Heaven." The most recent version of PYWM is version 0.1, dated June 2, 2003.
Financial Applications GNUe TrafficTwo issues of GNUe Traffic have been published with lots of GNU Enterprise news. Take a look at Issue #91 and Issue #92.
Games Exult 1.1Beta1 released (SourceForge)SourceForge covers the release of version 1.1Beta1 of Exult, a game engine for running Ultima 7. "This release includes many bug fixes and usability enhancements, including combat improvements, OGG Vorbis support, additional artwork, party-formation, and the port to the Zaurus."
ScummVM 0.5.0 released (SourceForge)Version 0.5.0 of ScummVM has been announced. "ScummVM is a cross-platform adventure game interpreter, supporting Simon the Sorcerer 1/2, Beneath a Steel Sky, and many LucasArts adventures. A new stable release of ScummVM, version 0.5.0, is available. Along with the usual bugfixes, this version supports several new games (Enhanced Maniac Mansion/Zak McKracken, Beneath a Steel Sky). This version has undergone extensive testing, and we are confident it is our best yet."
Interoperability Wine TrafficIssue #181 of Wine Traffic is on the web. Topics include: SecurityFocus Article, Profiling Wine, Debug Problem With Win98 Version, Testing Controls with Mono, and Library of Microsoft Compression Formats.
Office Applications Bluefish 0.11 releasedVersion 0.11 of the Bluefish html editor is available. "Bluefish 0.11 is a minor update. It contains two critical fixes for the custom menu. In 0.10 the config file format for the custom menu changed, but the conversion was broken, this is fixed in 0.11. Also replace entries in the custom menu where broken, causing a segfault in some cases, this is also fixed in 0.11."
Video Applications Freevo version 1.3.3 is out (SourceForge)Source Forge has an announcement for version 1.3.3 of Freevo, a Linux application that works as a multimedia jukebox. "This release includes many new features, one important feature is Xine support to have DVD navigation (optional)."
Web Browsers Epiphany 0.8.2 (GnomeDesktop)Version 0.8.2 of the Epiphany browser for GNOME is available. This release features many code changes, interface improvements, and bug fixes.
Jazilla Milestone 2 Released (MozillaZine)According to MozillaZine, Milestone 2 of Jazilla has been released. "The Jazilla project aims to rewrite Mozilla in Java. Check out the Jazilla M2 Release Notes and Changelog for more details and download a Jazilla binary from SourceForge.net."
Trunk Freezes for Mozilla 1.5 Beta (MozillaZine)MozillaZine has an announcement for the Mozilla 1.5 Beta trunk freeze. "During the freeze, only fixes approved by drivers@mozilla.org will be allowed to land. The freeze will remain in effect until the 1.5 final branch is cut, currently scheduled for Friday 29th August."
Word Processors AbiWord Weekly NewsThe August 3, 2003 edition of the AbiWord Weekly News is out. "In this week's episode, Nadav's relaunches a far more advanced version of the Open Text Summarizer, OTS: Stemming the Tide. Dom releases 1.99.3 to the world, which is already available on Latest Releases page. We learn that we cannot --enable-gnome due to header issues from GNOME 2.2. Most interesting of all, Dom releases the AbiWord 2.2: TSWMRCAUSSWVLSD RoadMap. Lots of discussion and a criawips screenshot waiting within."
Miscellaneous Evolution 1.4.4 is out (GnomeDesktop)Version 1.4.4 of Evolution, the GNOME groupware suite, has been announced. This is a bug-fix release, see the release notes for more information.
Gnome Jabber 0.2 Released. (GnomeDesktop)Version 0.2 of Gnome Jabber, an instant messaging client, is out. "A month on from the first release, Gnome Jabber's second installment is now available for download. Improvements include new icons, a few new features and more stability."
Languages and Tools C Secure Cooking with C and C++, Part 3 (O'ReillyNet)O'Reilly has published part three in the Secure Programming Cookbook for C and C++ series. "In the final installment in this three-part series of sample recipes from Secure Programming Cookbook for C and C++, the authors discuss what you need to do to verify that a supplied email address, which your program has accepted as input, is valid."
Caml Caml Weekly NewsThe July 29 - August 5, 2003 edition of the Caml Weekly News has been distributed. Topics include lablgtk status on Mac OS X, GODI available for download, ocaml courses, and GD4O.
Java Apache Geronimo: developing a free J2EE implementationThe announcement has gone out regarding the launch of the "Geronimo" project within the Apache Software Foundation. Geronimo will be a free implementation of the Java J2EE specification - and they plan to get it certified. The project is looking for developers interested in helping to carry this ambitious effort forward.
jfox release 1.0 DR version (SourceForge)A preview release of Jfox, an open-source J2EE based application server has been released. "jfox 1.0 Development Release with a fast scaleable ejb container and a lot of excited features, but DR version is not the final version, only a preview for java developers interested in jfox, the final version is in developing."
GCJ NewsThe GCJ site has a bunch of news items this week. Red Hat has released Naoko, a packaging of RPMS for Ant and Tomcat. RPMS are available for the Eclipse developer platform, and a new tree-ssa branch patch has been submitted for GCJ.
Getting the Most Out of the Struts Tag Libraries (O'Reilly)Chuck Cavaness discusses the Java Struts Tag Libraries on O'Reilly. "The popularity of JSP Custom Tags has been rapidly growing since they were first introduced in the JSP 1.1 specification. The Struts framework, which was introduced in 2000, includes a set of Tag libraries that are instrumental in harvesting the fruits of the Struts framework. This article looks at some of the ways to get more out of those tags and helps make sense out of a few of the more complicated tasks."
Start here to learn about Java technology (IBM developerWorks)IBM's developerWorks has published an introduction to Java technology. "developerWorks offers this page to provide an overview of Java technology basics within the overall context of the language (especially as it pertains to application development and e-business). This resource delivers starting points in the form of relevant developerWorks articles, tutorials and tips, IBM learning services education, Webcasts, workshops, and IBM products for further investigation."
Perl Perl 5.8.1 RC3 and RC4 (use Perl)Use Perl has an announcement for Perl 5.8.1 RC3. "Please test extensively, even if you had no problems with RC1 or RC2. In RC3 we turned on by default the new "hash randomisation" feature which means that the "order" of hash elements is now even more random. If an application mistakenly assumes a repeatable ordering of hash elements, you will find it out now."Perl 5.8.1 RC4 was also announced this week. "The same bat channel as for RC3, almost the same perldelta as for RC3. The main change from RC3 was a bunch of module updates (most importantly the CPAN.pm 1.76 which does not force feed Module::Signature)."
This Week on perl5-porters (use Perl)The July 28 - August 3, 2003 edition of This Week on perl5-porters has been published. "This week will undoubtedly be known to the future generations as the two-release-candidate-week. Be the first to read about it. And don't miss the other interesting parts : this week's summary is full of action, suspense and bug fixes."
PHP PHP Weekly Summary for August 4, 2003The PHP Weekly Summary for August 4, 2003 is out. Topics include: 4.3.3 RC 2 ready, Manual translation to Indonesian, BC issues with functions and references, "Tidy" extension for PHP 5, expat compile warnings, virtual_realpath(), Libtool optimizations.
PHP Security, Part 1 (O'ReillyNet)O'Reilly is running a series on PHP Security "If you have users, you'll undoubtedly have bad guys trying to break things. As a PHP developer, it's your responsibility to make sure your code is secure. John Coggeshall demonstrates one common PHP error that can leave you vulnerable, and he explains how to think like a bad guy to prevent these mistakes in the first place."
Turck MMCache version 2.3.21 released (SourceForge)Version 2.3.21 of Turck MMCache, a PHP Accelerator, Optimizer, Encoder and Dynamic Content Cache, is available.
Python Python Standard Library: New Modules in Python 2.3Fredrik Lundh has documented the new modules in Python 2.3.
Jython 2.2 alpha 0 availableVersion 2.2 alpha 0 of Jython, an implementation of the Python language in Java, is available. "Experimental, unstable release of Jython now available. This is an alpha release, in that it is not feature complete for a Jython 2.2 release, and there are significant known issues."
Python WartsAndrew Kuchling talks about some areas where Python could improve with his Python Warts presentation. "While I think Python has a very elegant design that successfully straddles the fine line between the minimalism of Lisp and the rococo complexities of Perl, it's certainly not perfect. There are various design features that I consider ugly, or at least suboptimal in some way. This essay will examine the most significant problems in Python as I perceive them, assisted by suggestions from the comp.lang.python crowd."
Ruby Ruby 1.8.0 releasedVersion 1.8.0 of the Ruby language has been announced. See the Changes Document for details on what's new.
XML XML Source Highlighting (O'Reilly)Kyle Downey discusses the highlighting of XML source code on O'Reilly.
Debuggers Valgrind 20030725 availableA new stable release of Valgrind, an open-source memory debugger, was recently made available. Thanks to Jos van den Oever.
Miscellaneous Q Equational Programming Language version 4.3.1Version 4.3.1 of the Q Equational Programming Language is out. The NEWS file says: "Fixes for latest autotools and FreeBSD compatibility, bug fixes."
Five Lessons You Should Learn from Extreme Programming (O'ReillyNet)Chromatic introduces Extreme Programming on O'Reilly. "Extreme Programming (XP) is yet another popular idea gaining press. It adapts several of the best ideas from the past decades of software development. Whether or not you adopt XP, it's worth considering what XP teaches. In no particular order, here are five lessons you should learn from Extreme Programming."
Declarative Programming and Mini-Languages (O'Reilly)David Mertz talks about declarative programming techniques on O'Reilly. "This article extends my discussion of advanced programming, but strays into an area that is not exclusively object oriented. What we are interested in for this installment is ways of writing programs that are declarative rather than imperative. In many cases, simply notating facts is more concise and less error prone than providing instructions. A number of less common programming languages make declarative styles predominant, but it is also possible to use a declarative style within generally imperative languages. In this article, as with the others in this series, I will focus on techniques as exemplified in Python."
Page editor: Forrest Cook Linux in the news Recommended Reading Study: Linux nears Windows XP usability (ComputerWorld)ComputerWorld reports on a German study which concludes that Linux is almost as easy to use as Windows XP. "Linux users, for example, needed 44.5 minutes to perform a set of tasks, compared with 41.2 minutes required by the XP users. Furthermore, 80% of the Linux users believed that they needed only one week to become as competent with the new system as with their existing one, compared with 85% of the XP users." (Thanks to Karl Vogel).
Microsoft Takes Linux For A Test Drive (TechWeb)TechWeb covers a Microsoft lab that tests Linux. "At its Enterprise Engineering Center in Redmond, Wash., Microsoft has installed the Linux operating system, Apache Web server, MySQL database, and Open LDAP directory-access software on Intel-based computers, according to Martin Taylor, the executive who recently assumed responsibility for Microsoft's strategy for competing against Linux."
SCO ready to clean out Linux users for $1399 per CPU (Register)The Register covers today's horrifying SCO teleconference. "But SCO claims that IBM and Red Hat are the ones that forced it to put the blame on Linux users. Since IBM and Red Hat won't rush to the Linux community's rescue and hand over millions for unproven claims, SCO must attack the little guys."
Trade Shows and Conferences Sun pragmatic about open-source software (News.com)News.com reports from Sun VP Jonathan Schwartz's LinuxWorld keynote. "'When we out-ship Windows in desktop volume, we will look very seriously at open-sourcing Java on the desktop,' he said."
Linux spat clouds annual conference (Mercury News)The (San Jose) Mercury News has an article about LinuxWorld, but really about SCO. "'The SCO case is one of the best things that could have happened for Linux right now,' said Don Marti, editor in chief of Linux Journal. He added: 'Having a common enemy always brings a community together.'
LinuxWorld Opens Hunting Season (Wired)Wired News looks forward to LinuxWorld. "Robots will be hunting penguins at the LinuxWorld Conference and Expo this week. The robots aren't part of some nefarious plot to replace Linux's cuddly mascot, Tux, with a fiercer emblem. The bots will be conducting demonstration search-and-rescue missions. 'No penguins will be hurt during the demos,' program head Regis Vincent promised."
Companies Novell may nix NetWare development (News.com)News.com reports that Novell is looking to drop NetWare in favor of Linux. "Although company representatives haven't said that Novell will stop all development on the NetWare platform, they did say the company is looking to Linux as the future. The revenues from NetWare have declined 9 percent to 14 percent a quarter, said one representative, making the switch a no-brainer."
SCO and Linux, This One Will Run And Run (IT-Director)Here's another Robin Bloor column on IT-Director.com on SCO. "A number of people are questioning why SCO simply doesn't declare what the violated code/IP in question is. My guess is that it actually exists (it's hard but not impossible to believe that SCO would do this if it had nothing to complain about) and that it came from someone in IBM. However as soon as SCO declares what it is, the Open Source movement will rewrite the offending code, leaving SCO with zero traction."
SuSE Linux gets security credentials (ZDNet)Linux systems from SuSE and IBM have been certified with the international Common Criteria standard, according to an article on ZDNet. ""It certainly raises the viability and increases the trust level of Linux in government contracts," IDC analyst Chris Christiansen said. Though commercial buyers don't usually give Common Criteria certification much more than passing notice, "the government market is very large," he said."
Linux Adoption The state of Linux at the retail store (NewsForge)NewsForge examines the difficulties in selling Linux systems in computer stores. "We are used to paying for almost every single service and product we use, and our bills are steadily increasing every year. To expect someone to suddenly accept the idea that they can have a reliable and powerful tool to control their expensive, high-tech hardware for no cost at all is quite an assumption. 'Free software' flies in the face of everything the customer would expect. It simply doesn't make sense to them."
Commentary: Dances with penguins (News.com)News.com is running a Forrester Research pronouncement on the use of Linux in financial institutions. "Wallflower firms should screw up their courage, get on the dance floor--and enjoy the benefits of Unix reliability at Intel prices."
Legal Advocates form open-source trade group (News.com)Here's a News.com article on the newly-formed Open Source and Industry Alliance, which appears to be a sort of free software lobbying group. "[The] OSAIA also will take a broad approach to open source, tracking intellectual property laws and international treaties, fighting those that would weigh on the software. And it plans to examine the procurement codes of different organizations and governments, making sure their buying plans don't discriminate against open-source software."
Interviews Lindows CEO: Taking a bite from Microsoft (ZDNet)ZDNet talks with Lindows CEO Michael Robertson. "[Our contract with SCO] doesn't indemnify us, but we had a working relationship with SCO back when it was called Caldera. We paid them money to do some Linux work for us. And because of that, I think we're in great shape when it comes to dealing with the licensing type of issues involved here."
Reviews Galeon, A HistoryA document called Galeon, a history has been published. Take a look to see how the Galeon project was started, where it is headed, and how the Epiphany browser project came to be. "Once upon a time, Marco Pesenti Gritti decided to make a web browser. He liked the Mozilla project, but wanted something that integrated well with his system and that was fast enough to be usable. Marco wanted a good, solid, simple browser for The Average User, in the Gnome environment, and so around June of 2000, Galeon 0.6 was released."
Don't be afraid: Linux is good for you (Globe and Mail)Tired of FUD? Here's a feel-good article in the Globe and Mail. "Linux is free, therefore hard to compete with. But it's not that it's just like free beer. It's also free like the English language, in that anyone can see how it works and add new parts that make it better. And it's free in that it runs on computers from many manufacturers, meaning more competition. Linux is also better. It's reliable. It doesn't crash much. It resists hacker attacks."
Host-based intrusion detection with samhain (NewsForge)NewsForge reviews the Samhain intrusion detection system. "Probably the neatest characteristic of samhain, which separates it from other host-based IDSes, is the stealth features. The designers have put a tremendous amount of paranoid code into this project, and a well-configured samhain installation can resist almost any subversion."
Miscellaneous Linux on Itanium passes milestone (News.com)News.com reports on the support for the Itanium processor in the 2.5 Linux Kernel. "The Itanium version of Linux crossed an important threshold Monday, developers said: It now can be built from the standard software maintained by Linux leader Linus Torvalds rather than requiring special patches."
Page editor: Forrest Cook Announcements Non-Commercial announcements LPI Plans Linux Desktop Certification InitiativeThe Linux Professional Institute has announced its plans for a Linux desktop certification program. "The Linux Professional Institute, the premier international professional certification program for the Linux community, is planning a Linux desktop certification initiative to seek support and prospective partnerships to build a community/commitment to meet the market demand for the Linux desktop."
OSDL Releases Position Paper on SCO and LinuxThe Open Source Development Lab has announced the availability of a "position paper" on the whole SCO mess; the paper was written by FSF counsel Eben Moglen. There is a summary of the paper's points in the announcement, or the whole thing is available in PDF format. As one might imagine, the paper does not take a particularly friendly position towards SCO's claims.
Commercial announcements Gartner's Australian Linux seminarsRemember the Gartner Group, which recently proclaimed that Linux would remain a niche technology in Australia? It turns out that the company is offering a set of seminars in Australia entitled "Open Source Revealed." "Open Source software has emerged as a stunning agent of change for enterprise technology today. It will be considered as a viable contender for at least one-third of all large-scale projects by the end of next year." As niches go, that's a nicely sized one. For those who are interested, the one-day events are happening in Canberra, Melbourne, and Sydney starting in late August. (Thanks to Con Zymaris).
Linux For You publishes Indian language magazineLinux For You, an Asian Linux magazine, is now available in all of the major Indian languages.
RealNetworks launches Helix Player projectRealNetworks has announced the launch of the "Helix Player" project - an effort to create "a comprehensive open source media player" for Linux and Unix systems. It appears that, to be truly "comprehensive," this player will still require binary plugins for the RealAudio and RealVideo formats, however.
Sun and SuSE make a dealHere's the press release describing the deal between Sun and SuSE. Essentially, SuSE includes Sun's Java virtual machine in its distribution, and Sun sells x86 systems with SuSE preinstalled.
Sun Joins OSDLSun may yet become a Linux company; it has just announced that it has joined the Open Source Development Laboratory. Sun plans "...to help drive the development of open-standard software including Linux and to lend its expertise in the data center and carrier-grade markets."
LinuxWorld press releasesHere is a carefully-chosen subset from the large pile of press releases that were issued during the LinuxWorld Conference & Expo.
New Books "PC Hardware in a Nutshell, Third Edition" Released by O'ReillyA new edition of "PC Hardware in a Nutshell" has been published. "A longtime favorite among PC users, the third edition of the book now contains information for people running either Windows or Linux operating systems."
Resources Evans Data survey on the SCO suitEvans Data has announced the results of a new survey. "Of more than 400 developers focused on Linux development more than 70% said that the SCO lawsuit will 'probably not' or 'absolutely not' impact their companies decision to use Linux, 12% said that the lawsuit will affect adoption plans and 17% had no opinion." The survey also has concluded that there are more KDE than GNOME users.
Linux Gazette Issue 93Issue #93 of the Linux Gazette has been published by the folks at Linux Journal.
Event Reports KDE at UKUUG Linux 2003Jonathan Riddell has published a report on KDE at the UKUUG Linux2003 Conference. "The KDE stall was helped along by Eilidh the booth babe and Kenny the booth boy (photo with me in middle). This was a technical conference so everyone knew what KDE was but people were interested in some of the new applications such as JuK and Kexi. KPlayer, while not part of KDE itself, impressed everyone by being a media player with a useable interface. We also demonstrated the Kolab server to a couple of people interested in using it for their clients."
Upcoming Events YAPC::NA 2004 Call for Venue Reminder (use Perl)A Call for Venue has been issued for the 2004 YAPC::NA Perl conference. "The YAPC::NA Conference Committee is planning to choose the 2004 venue, in roughly two weeks (August 15th). This date will be flexible enough to insure that all interested parties have enough time to finalize submissions."
Events: August 7 - October 2, 2003
Web sites GNOME Hacks (GnomeDesktop)GnomeDesktop.org has an announcement for the new GNOME Hacks web site. "I've just thrown together a site called GNOME Hacks which I hope will become a repository for those little cool and useful tricks we all pick up. If you've learnt something neat that you think other people will find useful, why not submit it so that we can all benefit from your experience."
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Page editor: Forrest Cook Letters to the editor Preventing future SCOs
SCO undoubtedly thinks that they're making a show of strength by suing
Hard questions I bet SCO is unwilling to answer
Here are some questions I'd like to see SCO executives answer,
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Eclipse]](/images/ns/eclipse.jpg)