LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for September 11, 2003The state of the SCO caseThe whole SCO affair started as a breach-of-contract suit against IBM. That suit is based on the language of the Unix contracts signed with ATT almost two decades ago, which reads:
AT&T grants to Licensee a personal, nontransferable and
nonexclusive right to use Software Product solely for Licensee's
own internal business purposes and solely on or in conjunction with
Designated CPUs for such Software Product. Such right to use
includes the right to modify such Software Product and to prepare
derivative works based on such Software Product, provided the
resulting materials are treated hereunder as part of the original
Software Product.
The core of SCO's claim is that anything that IBM has ever allowed to be a part of a Unix system has become a "derived product" of Unix and must be treated as if it were Unix itself. SCO cannot make any ownership claims over this code - a side letter to the contract makes that explicit - but it does claim the right to keep IBM from disclosing its own code. Through its public statements, SCO has since made claims of massive direct copying of SYSV Unix code into Linux. There is still no court case where SCO has made such claims, however. The company's experience at SCO Forum and subsequent public statements suggest that the evidence for direct copying of code - actual copyright violations - is weak at best. SCO might have a small case against SGI, depending on how a judge might choose to interpret the copyright status of 32V Unix and the true source of the ate_malloc() code. But that is between those two companies; the code in question has already been removed from current Linux kernels. Increasingly, it seems that SCO is left with its original breach of contract case. The recently issued open letter from Darl McBride does nothing to change that impression; it mentions the ate_malloc() case but does not allege any other direct copying. Instead, the company's claims are expressed as follows:
To date, we claim that more than one million lines of UNIX System V
protected code have been contributed to Linux through this
model. The flaws inherent in the Linux process must be openly
addressed and fixed.
In SCO's view, "Unix System V protected code" is a rather wider set than "SCO-owned code." In fact, at SCO Forum, the company put up a slide discussing the "more than one million lines" that it claims. Here's where they come from:
(SCO has posted the slides to its presentations on this page. You'll have to click past the cheery warning that things are optimized for Internet Explorer to view them, though.) These claims are interesting in a number of ways. Let's look at the RCU claim for a moment. In a modern Linux kernel (RCU does not appear in 2.4), the RCU implementation is contained in two files (include/linux/rcupdate.h and kernel/rcupdate.c), which add up to an amazing 402 lines. That leaves us 44 files and 109,286 lines short of the claim made by SCO. Clearly, SCO must also be making claims on any code that uses RCU in any way. If you look for files that make any use of the RCU subsystem, the results are:
So, even with such an expansive interpretion of SCO's claim, there are 17 files missing. They must be big files as well, since they must account for the remaining 84,916 lines. The "contamination" caused by RCU is evidently a very broad thing. We asked SCO where the missing files were, but were told only "[T]his level of detail is something that we will save for our court case in 2005." So we're going to have to remain in suspense for a while. But one thing is clear: SCO claims that the old AT&T licenses give it amazing powers over code that has ever breathed the same air as SYSV Unix. Anybody who claims that the GPL is overly "viral" or that it threatens intellectual property should take a good look at the powers that SCO claims its license gives it. The GPL can't compete in that league. SCO's legal argument is interesting; the company claims that Linux hackers have, while having never actually seen the SYSV Unix source, nontheless created a derived product of SYSV Unix. They are accused of copying something they never had access to. This argument seems destined to fail; how can something which contains no SYSV code be a derived product of SYSV? But that is the core of SCO's argument. An interesting question comes out of this: what if SCO wins its case? SCO will have then convinced a court that IBM released IBM's code in violation of an agreement it had with SCO. The fact that IBM released IBM's code, however, would not change. SCO does not own that code, how can it claim a right to payments from Linux users? If SCO wins, it may get a chunk of money from IBM. But it should still have nothing which entitles it to license payment from Linux users. Returning to Darl McBride's open letter, we note that there are no demands that Linux users buy SCO "licenses," and no threats of suits against users. Mr. McBride, instead, has taken a bit of a different approach:
A sustainable business model for software development can be built
only on an intellectual property foundation. I invite the Open
Source community to explore these possibilities for your own
benefit within an Open Source model. Further, the SCO Group is
open to ideas of working with the Open Source community to
monetize software technology and its underlying intellectual
property for all contributors, not just SCO.
One might point out that the free software world does, indeed, have an "intellectual property foundation." It is based on copyright law, and free licenses, including the GPL, which SCO has said it wants to break. One might also point out that the community is not in much of a mood for "working with" SCO at this point. But one's time might be better spent pondering what SCO was thinking when it published those words. SCO clearly wants to be able to put a tax on Linux systems. SCO also clearly sees the GPL as an obstacle; there is no way to make a tax stick to Linux as long as it remains freely redistributable. Could SCO be casting around for a scheme to buy off free software developers should its challenges to the GPL fail? A nice tax for SCO and a few bones tossed to developers willing to relicense their code? It is hard to see how such a scheme could possibly succeed, but it is also hard to find another way to interpret the words quoted above. In summary, the SCO case remains interesting. SCO has changed its tune several times, but, for the moment, is back where it began: a breach of contract suit against IBM. The company has yet to produce any evidence that Linux users owe it money. It is also now interested in "working with the open source community." But SCO remains unpredictable. We have not yet seen the last strange twist in this case.
An opening for OpenOffice.org[This article was contributed by Joe 'Zonker' Brockmeier] For years now, Linux users have had to struggle with the omnipresent Microsoft Office formats. Developers working on OpenOffice.org, Abiword, KOffice, Gnumeric and other applications have had their hands full trying to decipher the proprietary and obfuscated MS Office formats so that users could read and exchange documents with their MS Office-using colleagues. With Microsoft Office 2003, Redmond is taking obfuscation to new levels that may mean legal problems for developers who try to provide compatibility with Office, and huge fees for companies that try to adopt it. In addition to the usual slew of new features, Office 2003 Professional comes with Information Rights Management (IRM) tools. (Users of Office 2003 Standard can not create IRM documents.) Basically, IRM is just another name for Digital Rights Management (DRM), a term that Microsoft is avoiding because of the negative connotations that DRM has already picked up. IRM allows users to restrict what others can do with a document. Without the proper permissions, recipients of IRM-restricted documents will be unable to read or print them. Recipients of IRM-restricted e-mails will be unable to forward them as well. And users can set documents to expire. Naturally, these documents will be incompatible with previous versions of Microsoft Office, to say nothing of competing tools like OpenOffice.org, Gnumeric or Ximian's Evolution. In addition to the usual format obfuscation, however, Microsoft also has the Digital Millenium Copyright Act (DMCA) to protect it from competition. Since the format includes encryption, Microsoft will be able to threaten developers with the DMCA if they attempt to include support for IRM-restricted documents. Microsoft's IRM also depends on its server-based Rights Management Services (RMS). This means that any company wanting to adopt IRM is also forced to adopt Microsoft at the server. It doesn't preclude companies using a mixture of Microsoft and Linux servers, but it does mean that organizations that have only adopted Microsoft at the desktop would be forced to make additional investments in Microsoft software. Not only is the technology extremely restrictive, the price should be enough to give any CFO or business owner pause. To deploy RMS within an organization requires that you run Windows Server 2003. That brings some hefty licensing fees on its own, but there's more. Every user who connects to that server has to have a Windows Server 2003 Client Access License (CAL) and a RMS User CAL, not to mention the licensing fees for that user's copy of Windows XP and Office 2003 Professional. The RMS CAL alone runs $37 for a single user, or $185 for a pack of five CALs. No doubt, large organizations could get the CALs even cheaper, but it still becomes very expensive. Note that this isn't just for users who create IRM documents, but also for any user who views an IRM-restricted document. That's to use Microsoft's RMS within an organization. Companies that want to share files with users outside the organization, will need yet another license from Microsoft. According to Microsoft's pricing and licensing overview page, this license alone will run an organization $18,066 for the Windows RMS External Connector License. This fee may not be a major obstacle for large organizations, but it would certainly represent a major burden on small companies that need to share documents with clients. Believe it or not, Microsoft's new Office suite is potentially good news for the open souce community. It creates yet another opening for Linux vendors and proponents to make the case for free and open software in business. Microsoft has laid out its vision for the future of software, and it's filled with licensing fees stacked upon licensing fees -- and technologies that suck the user deeper and deeper into Microsoft's "stack" of solutions. Many organizations have been content to adopt Windows on the desktop, and other technologies at the server level. Redmond's all-or-nothing approach, attempting to force their customers to adopt their toolchain entirely, may end up driving them away completely. To use IRM/RMS, an organization would have to adopt Microsoft across the board -- and likely will require them to persuade their business partners to do the same. Few organizations can get by without sharing documents externally. Expect major levels of frustration when a company adopts Office 2003 with IRM, and tries to share documents with others using older versions of Office. Even if a company is gung-ho about IRM, their business partners may not be. If the Office 2003 strategy works, and organizations start jumping on the IRM bandwagon, it's the ultimate lock-in for Microsoft. Game over for Linux users (and vendors) trying to maintain compatibility with Windows users. This would have the potential of breaking compatibility even for reading e-mail, if you work with Outlook users who enable IRM. But it also has the potential to cause some significant backlash against Redmond when companies start tallying up the costs of switching and being fully compatible with Microsoft's document DRM. Let's not forget that most organizations are being much more stingy with their tech purchases these days. Many companies are still smarting over Microsoft's "new and improved" licensing programs and the recent security snafus. If SoBig.F wasn't enough to send companies over to Linux, Office 2003 might be the straw that broke the camel's back.
On giving backOn September 8, LynuxWorks announced the availability of a beta release of BlueCat Linux 5.0. BlueCat is the company's embedded Linux distribution; 5.0, interestingly, is based on the (still unreleased) 2.6 kernel. LynuxWorks claims to have applied a lengthy series of "ISO 9001:2000" reliability tests to this kernel. The PR also cites some of the features of this kernel which are of interest to the embedded community, including kernel preemption, the O(1) scheduler, and the improved threading support. LynuxWorks, they say, is the first embedded systems company to make these features available in a Linux-based system.The interesting thing, of course, is that all of those features were developed at other companies. Kernel preemption, in particular, was done by Nigel Gamble and Robert Love at MontaVista - a direct LynuxWorks competitor. The extensive testing done by LynuxWorks must certainly have turned up bugs; the 2.6 kernel is still an unreleased product, beta quality at best. Yet no fixes appear to have been sent back to the community. Over the last year, only one posting appeared on linux-kernel from either lynuxworks.com or lnxw.com - a request for help with a compilation problem. The 2.6 BitKeeper repository, containing all patches merged since February 2002, shows one set of patches from LynuxWorks.com: a USB Pegasus driver by Petko Manolov. The last patch was merged in May, 2002. We asked LynuxWorks if it had a list of recent contributions (which could, after all, have been sent in from a different email address), but got no response. LynuxWorks, in other words, is taking full advantage of the work of others - including its competitors - to claim to be "first to market" with a set of new features. And it has done so without contributing much of anything back to the community from which it draws the software it is selling. LynuxWorks is far from alone in this behavior, of course. LynuxWorks is also acting entirely within its rights. As long as they abide by the GPL, nobody can complain if they use the software in this way. That is what free software is all about. It is also true, however, that being within your rights and being right are not always the same thing. A company that is making money selling Linux should feel some obligation to contribute back to Linux. Especially when that company is in the operating systems business and clearly has the technical resources to make that sort of contribution. Contributing back is not just the right thing to do; it is also good business. Customers feel better when they see that their suppliers have a good relationship with the development community upon which they depend. Customers also like the feeling that a supplier understands the software well enough to make changes and get them accepted; it improves that chances that bugs can be fixed and requested changes implemented. They feel better about the software as a whole if the vendor cares enough to make it better. Software with active support from those selling it has a better chance of being around and still maintained a few years from now. Many free software companies understand this well; they point to their free software contributions as a source of pride. As users of free software become more sophisticated, they will ask for that information. Customers need to know that their suppliers can provide them with the support they need, and that said suppliers are committed to the future of the software they work with. A history of contributing back to the software in question is one of the best ways to show customers what they want to see. It also has the incidental benefits of making the software better and being the right thing to do.
The Chamberlain v. Skylink DMCA rulingOne of the many DMCA cases circulating in the U.S. court system is Chamberlain v. Skylink. Chamberlain manufactures garage door openers and, of course, the remote units which are used to open and close the garage door. Recent Chamberlain models use a "rolling code" system which is intended to protect homeowners against playback attacks; the code transmitted by the remote is different every time, so a thief with a recorder would capture nothing useful. This system also has the incidental result of preventing other companies from selling remotes that work with Chamberlain openers.Except that Skylink figured out a way to get around the code, and marketed a working remote. Chamberlain then took Skylink to court, claiming that, among other things, the Skylink remote violates the Digital Millennium Copyright Act. The problem, it seems, is that the Skylink remote circumvents the "technical measures" employed by Chamberlain to restrict access to the copyrighted software in its openers. Chamberlain was sufficiently confident of its position that it asked for a summary judgement on the DMCA argument. At the end of August, the court denied that request; the full text of the ruling is available in PDF format. One might hope that this case would have been an opportunity for the court to take a serious look at the DMCA. The DMCA, used in this way, is an effective tool to prevent the creation of interoperable products in a wide range of industries. All that's needed is a bit of internal code and a simple "technical measure" to prevent interoperation; the DMCA does the rest. Unfortunately, the ruling in this case does little to help those who would like to see the power of the DMCA reduced. The court denied the judgement for two reasons. The first is that, in the court's opinion, Chamberlain did not establish that the software inside its garage door opener was actually protected by copyright - a crucial precondition for DMCA applicability. This is a true technicality here; it is difficult to believe that Chamberlain will not have a copyright interest in the software it created. The second reason is, essentially, that Chamberlain did not tell its customers that they couldn't use competing remotes.
In this case, Plaintiff sells a GDO [garage door opener] to a
homeowner who then utilizes the product to access his or her own
garage. As pointed out above, there are no limitations placed on
the homeowner who buys the Chamberlain rolling code GDO, regarding
which type of replacement or additional transmitter he or she
purchases to access the GDO.
This second point may be enough to sink Chamberlain's DMCA argument, but it leaves the DMCA itself untouched. A simple statement on the box that only Chamberlain remotes may be used with the opener will close the hole in the future. This ruling is a defeat for a company attempting to wield the DMCA for its commercial benefit, but it will do nothing to stop this use of the DMCA in the future.
Security Brief items The apache evasive maneuvers moduleJonathan Zdziarski announced the release of mod_dosevasive 1.8 at the beginning of September. mod_dosevasive is an apache module, licensed under the GPL, which enables a web server to detect certain kinds of denial-of-service attack and take appropriate action.The core of mod_dosevasive is a set of hash tables keeping track of recent page requests. If a particular system (as identified by its IP address) starts requesting too many pages at once, or it requests the same page repeatedly too often, the module decides an attack is underway. The next request from that source will get back a 403 error response, and the site goes into the blacklist. The default blacklist period is ten seconds; each request received while the offending system is blacklisted extends its time there. mod_dosevasive can also send notification email when it detects an attack, or execute an arbitrary command. The command capability is intended to make the module work with firewalls; rather than continually failing requests with 403 errors, an administrator can set up the firewall to simply block traffic from the attacking system altogether. That approach, clearly, will be more effective against large-scale distributed attacks where the real purpose is to consume bandwidth. The mod_dosevasive web page has more information.
September CERT SummaryThe September quarterly CERT Summary is out, discussing the security issues which are currently worth noting. Most notable this time around is the fact that Linux and free software do not figure into any of the problems covered. According to this summary, all of the serious security issues of the last three months affect only proprietary software. Enjoy it while it lasts.
New vulnerabilities exim: buffer overflows
inetd: DoS attack
mah-jong: buffer overflows, denial of service
wu-ftpd: insecure program execution
Updated vulnerabilities 2.4 kernel - several vulnerabilities
apache: multiple vulnerabilities in Apache HTTP server
autorespond: buffer overflow
bind buffer overflow vulnerability in DNS resolver libraries
Canna server: exploitable buffer overrun
eroaster: insecure temporary file
ethereal: security problems in Ethereal 0.9.12
Filename disclosure vulnerability in fam
fdclone: insecure temporary directory
fetchmail: buffer overflow
gkrellm: buffer overflow
glibc: DNS stub resolvers contain buffer overflow vulnerability
gnupg: key validation
gtkhtml: malformed messages cause crash
horde: session hijacking
kernel-utils: setuid vulnerability
libpam-smb: exploitable buffer overflow
libpng, libpng3: buffer overflow
lynx: CRLF injection vulnerability
perl-MailTools: remote command execution
mikmod: buffer overflow
mindi: insecure file creations
mpg123 - buffer overflow
Nessus NASL scripting engine security issues
netris: buffer overflow
net-snmp: denial of service vulnerability
nfs-utils xlog() off-by-one bug
node: buffer overflow, format string
openssh: timing attack leads to information disclosure
pam_ldap: non-functioning host restrictions
pam-pgsql: format string vulnerability
perl: cross site scripting vulnerability in CGI.pm module
PHP: vulnerability in mail function
phpgroupware - cross-site scripting and other exploits
phpwebsite: SQL Injection, DoS and XSS Vulnerabilities
postfix: denial of service vulnerabilities
PostgreSQL - more buffer overflows
Local arbitrary code execution vulnerability in Python
Multiple-use vulnerability in Safe.pm
semi: insecure temporary file
sendmail: bad DNS reply causes crash
stunnel: signal handler reentrancy DoS
sup: insecure temporary file
File overwrite vulnerability in tar and unzip
teapop: SQL injection
Multiple vendor telnetd vulnerability
unzip: directory traversal vulnerability
vim - modeline vulnerability
vixie-cron: Local vulnerability
webmin: session ID spoofing
wget:directory traversal bug
wget: buffer overflow
wu-ftpd: off-by-one bug
Wwwoffle remote privilege escalation vulnerability
xinetd: Memory leak in xinetd 2.3.10
zblast: buffer overflow
Resources Linux Security WeekThe September 8 Linux Security Week newsletter from LinuxSecurity.com is available.
Whitepaper - Blindfolded SQL InjectionWebCohort has announced the release of a white paper on "blindfolded SQL injection," a form of SQL injection attack that does not rely on extracting information from the target server's error messages.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current development kernel is 2.6.0-test5, which was released by Linus on September 8. Changes this time include new, type-safe ioctl() command code checker (see below), a USB "gadget" framework which enables the creation of user-space drivers, a new CONFIG_64BIT configuration option, a number of futex improvements, a reworked de4x5 driver, "very basic" VIA 8237 serial ATA controller support, support for a software-implemented hard disk activity LED, Intel High Precision Event Timers support, Al Viro's first set of large dev_t support patches (covered here two weeks ago), and his second set (which fixes up filesystems and removes the kdev_t type) as well, some IDE work, a large USB update, lots of network driver fixes, a new set of iptables modules, and many other fixes. The long-format changelog has all the details.Linus's BitKeeper tree contains a number of patches including some initramfs tweaks, improvements in random driver locking (which was "consuming 60% of CPU resources in Anton's monster power5 boxes"), the removal of some ext3 debugging hooks, direct I/O support for reiserfs, some CPU frequency work, an Intel SpeedStep-SMI driver, and various fixes. The current stable kernel is 2.4.22; Marcelo has not released any 2.4.23 prepatches since 2.4.23-pre3 on September 3.
Kernel development news kdev_t is no moreAl Viro's second set of patches aimed at enabling the support of a larger dev_t type has been merged into the 2.6.0-test5 kernel. The bulk of the work is fixing up code in filesystems which made assumptions about the size of dev_t. As part of this whole process, however, Al has been converting kernel code from the kdev_t type over to using dev_t directly.kdev_t, of course, was introduced several major releases ago as a way of hiding the actual structure of device numbers. The comments in <linux/kdev_t.h> read:
As a preparation for the introduction of larger device numbers, we
introduce a type kdev_t to hold them. No information about this
type is known outside of this include file.
In practice it didn't work quite that way. When Linus changed the format of kdev_t early in the 2.5 development series, everything broke. And when the time came to really change the size of dev_t, it turned out to be easier and more clear to simply use dev_t directly. Kernel hackers tend to be skeptical of abstraction interfaces which are created without being immediately useful; kdev_t is an example of why that is so. The seventh patch (of 15) in Al Viro's second dev_t series changes the type of the much-used i_rdev inode structure field; it is, of course, a dev_t now. Since Al had already converted users of that field over to the new iminor() and imajor() macros, the effect of this change was small. But, as it turns out, i_rdev was the last kdev_t object in the kernel. So patch eight removed the type altogether. Out-of-tree drivers will, of course, be broken as a result of this change, but the fixes should not be that difficult. At this point, the bulk of the large dev_t preparation work should be done. About all that's left is to decide what the format of the new dev_t will really be and make the change. Once the dust settles, another one of the 2.6.0 "must fix" items will have been taken care of.
Straightening out ioctl() size confusionThe ioctl() system call includes a general "command" argument which specifies which operation the calling program wishes to perform. The Linux kernel has long had a mechanism for defining these command arguments, with the goal of keeping them all unique. If no two drivers implement the same command codes, there is no danger of strange things happen if the wrong code is passed to the wrong driver. A world where "rewind the tape" for one driver never translates to "initiate self destruct" for another is a safer place to be for all of us.The Linux kernel takes things a little further by encoding some useful information in the command codes. Along with driver-specific "magic" and command numbers, the ioctl() command code includes the direction of data movement (if any) between kernel and user space and the size of the data to be moved. The kernel itself does not do anything with those values, but their presence does enable a driver to perform some checks. If, for example, the size of a structure used as an ioctl() argument changes, the driver can use the size field in the command code to determine whether the application is using the older version or not. Some kernel code actually does check the sizes to be sure that things match up. The command codes are created using some macros in <asm/ioctl.h>. A driver defining codes would use one of these macros:
_IOR(type, number, size)
_IOW(type, number, size)
_IORW(type, number, size)
The macro used specifies whether the ioctl() operation reads or writes kernel-space data (or both); type is the driver's "magic" code, and number is the command-specific code. The confusion comes in with the argument called size; it is supposed to be the type of the data to be passed between kernel and user space. So, for example, the "get tape position" code is defined as:
#define MTIOCPOS _IOR('m', 3, struct mtpos)
The problem is that a number of hackers saw the size argument and assumed that they were expected to pass the size of the expected data transfer. The result was a number of definitions like:
#define CIOC_KERNEL_VERSION _IOWR('c', 10, sizeof (int))
As a result, the actual size value, as encoded within the command, was the size of the size value, or, on most architectures, four bytes. Since most code never looks at that size value, things worked, but the values defined were not as intended. Another problem that occasionally came up was that some code used very large size values, overflowing the space allotted in the command word, thus corrupting the rest of the command code. Once again, things worked, but not quite in the way people expected. One of the themes of 2.6 development has been the addition of type checking anywhere that the compiler can be coerced into doing it. So the obvious thing to do was to add checking to the generation of command codes; Arnd Bergmann submitted a patch which does exactly that. It adds a bit of preprocessor magic in the form of this macro:
#define _IOC_TYPECHECK(t) \
((sizeof(t) == sizeof(t[1]) && \
sizeof(t) < (1 << _IOC_SIZEBITS)) ? \
sizeof(t) : __invalid_size_argument_for_IOC)
The first test ensures that an actual type (as opposed to a simple size) has been passed in; the second makes sure it is not too large. All that remains is the inconvenient fact that the old, erroneous codes have found their way into a number of application programs. Changing those codes would break those applications, and that's something the kernel hackers try never to do. So, for these cases, a new set of macros (with names like _IOW_BAD() has been introduced, and the erroneous uses have been moved over to the new macros. The command codes remain unchanged, but the mistake is noted so that it is not replicated when somebody copies the code in question.
A wealth of suspend optionsPatrick Mochel has posted a new set of power management patches. Power management is, of course, one of the last unfinished projects in the 2.6.0-test kernel. So developments in that area are of interest.Much energy has gone into the suspend-to-disk implementation. Patrick has been unable to come to an understanding with (2.6) swsusp maintainer Pavel Machek; rather than keep trying, he has chosen to create his own implementation (starting with swsusp) called "pmdisk." Should Linus accept the patches, the 2.6.0-test kernel will have two separate, competing implementations of the suspend-to-disk functionality. The swsusp version has been reverted to its previous state; the patch includes the comment "Note that I would never publically admit to putting such code into the kernel." The new pmdisk implementation has since seen some fixes, though it still does not work on SMP systems, and apparently will not for some time. There is a /sys/power/state file used to control pmdisk; writing "disk" to that file will cause the system to suspend itself to disk. Beyond that, pmdisk is still mostly the swsusp implementation with a lot of cleanup work and the names of the functions and variables changed. One remaining question with the suspend-to-disk functionality is what will happen to all of Nigel Cunningham's work. Nigel has put a great deal of effort into the 2.4 swsusp implementation, with the result that it has become a reliable option for many users; see our review of that work from August. Nigel would like to port his work forward to 2.6, but is uncertain about what to port to. This whole situation could be resolved by Linus, who has not yet accepted the "fork swsusp" patch. Releasing a 2.6.0 kernel with two different suspend implementations seems like a suboptimal course which could reflect poorly on the Linux development process. Linus has made no public noises to this effect, but it would not be surprising if he imposed some sort of solution that led to a single suspend subsystem in 2.6.0.
Modules move into sysfsGreg Kroah-Hartman has posted a patch with the rather uninspiring title of "add kobject to struct module." What the patch really does, however, is enable the creation of a /sys/module directory which will contain information about the modules currently loaded into the kernel. With this patch, the only available information (beyond the name of the module) is the reference count, but that will be expanded in the future. Eventually all of the information found in /proc/modules will also appear in the /sys/module tree, though in the standard sysfs "one value per file" format. The values of parameters passed to the module will also be made available for inspection and (permissions willing) change.This patch continues the process of moving system information from /proc to /sys. It may take a couple more development series worth of work, but /proc might just end up being pared down to the process information it was originally created to hold.
Kernel debugging via the netOne nice feature that was quietly slipped into the 2.6.0-test4-mm6 release is the kgdb-over-ethernet patch, by Robert Walsh and San Mehat. As described in the included documentation, kgdbeth makes it frighteningly easy to hook into a running Linux kernel over the network and prowl around in it. It's really just a matter of setting four boot parameters:
As one would expect, the target system will only respond to debugger traffic coming from the system designated by the boot-time arguments. Once you've booted a kernel with the kgdbeth patch and the proper parameters, hooking in with gdb is simple. Here's a (slightly cleaned up) log from a quick session done here at LWN Labs:
For anybody who has wanted to be able to use gdb on a running kernel, but who has never gotten around to setting up the requisite serial lines and such, kgdbeth promises to make things easier than ever. Matt Mackall has noticed that a number of patches - including Ingo Molnar's network console code and kgdbeth - each provide their own low-level ethernet functions. Code which hooks into the kernel at such a fundamental level needs to be able to send and receive packets without involving the entire networking subsystem. As a way of addressing this duplication of code and effort, Matt put together and posted a netpoll API. The patch came accompanied by new versions of netconsole and kgdbeth, both of which are somewhat cleaned up and significantly reduced in size. An added bonus is that netpoll supports almost all interfaces out there without the need for any driver changes. As of this writing, netpoll has not found its way into an -mm release, but that could change. Of course, Linus's feelings on kernel debuggers are well known, so kgdbeth, while potentially useful for developers, is unlikely to find its way into the 2.6 mainline. So Andrew Morton will have to keep this one in -mm. At least, until Linus hands off the 2.6 kernel - to Andrew.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Networking
Architecture-specific
Security-related
Benchmarks and bugs
Page editor: Jonathan Corbet Distributions News and Editorials A Brief Tour of New Distributions[This article was contributed by Ladislav Bodnar] New Linux distributions are being created at an alarmingly high rate, currently perhaps two or three per week worldwide. While most of them will not survive the initial enthusiasm, which is soon dampened by the realization of how much work is involved, and disappear in a few short months after launch, there are undoubtedly many great ideas which might some day develop into a major project. Just take a quick look back in time - very few people knew of Gentoo or Knoppix as recently as two years ago, but today both of these projects are extremely popular distributions with many thousands of users. It is quite clear that the Linux world is full of bright people with brilliant ideas. Inevitably, much effort is also wasted on projects of little value, serving more as a learning curve for the distribution's creator than a useful tool for the rest of us.How does one spot a gem among the multitude of new projects? It is not easy, especially since many developers have little marketing or web page design talent and often lack fluency in English. But let's take a look at some of the distribution launched in the past year or so and try to foresee possible winners or at least identify those projects which are likely to be around for a while. It helps to organize them into a few simple categories, such as Red Hat/Mandrake-based distributions, live CDs, distributions for old hardware and specialist distributions. This is not meant to be an exhaustive list, but rather a look at some of the more promising, unique or unusual Linux distributions created recently. Red Hat/Mandrake-based distributions. These are distributions which take Red Hat or Mandrake as a base and add many useful applications purposely left out of Red Hat and Mandrake for various reasons. These are NVIDIA's proprietary drivers, multimedia applications with codecs of questionable legal status, Java, Flash, RealPlayer, Acrobat Reader and other commercial or unsupported applications. While installing and setting up all these is certainly possible in both Red Hat and Mandrake, it requires some searching around the Internet as well as time and effort to configure newly added applications. Several distributions are attempting to fill the gap and come pre-installed and pre-configured with some or all the above mentioned software. One of the best efforts to-date, at least judging by the overwhelmingly positive user feedback in forums, is JAMD Linux. Despite the low version number (the latest stable version is 0.0.6) and relatively short time since the distribution's launch, it has succeeded in attracting a fair amount of satisfied users and in creating a large user community. Another interesting distribution falling into this category is Aurox Linux - not so much for technical reasons, but rather for its innovative distribution model. Aurox Linux is produced by an large publishing house in Poland and is included as part of a low-cost multi-lingual Aurox Linux magazine. The idea is to get this publication out to as many retail outlets as possible, including general bookstores and supermarkets. By doing so, Aurox is trying to increase the visibility of Linux and tempt potential impulse buyers. This model has proved very successful and if you live in Europe look out for a new Aurox Linux magazine, version 9.1, due to be released this week. Two more interesting projects worth mentioning here are Canada's EduLinux (based on Mandrake 9.1) and Mexico's LGIS GNU/Linux (based on Red Hat 9 with Ximian desktop). Live CDs. This is probably the fastest growing category of Linux distributions, since it is fairly trivial to re-master Knoppix or even create a custom, bootable Linux CD from an existing installation. Damn Small Linux seems to be one of the more unique Knoppix-based live CDs; it fits on a 50MB business card-type CD and once booted, it provides a script to download and launch Firebird, the web browser, which would have taken too much space on the CD. Other live CD distributions focus on multimedia, with Dyne:bolic GNU/Linux being designed for live streaming audio while GeeXboX for general media playback with MPlayer. Another popular use of live CDs is their deployment as firewalls and Sentinix (formerly a commercial product called Compledge Sentinel, but "freed" recently) seems to be a very promising project. The last distribution worth mentioning in this category is the newly launched MEPIS Linux, a desktop distribution which one can first boot to confirm hardware compatibility before proceeding with a supported hard disk installation. The product tracks Debian's unstable branch, it is frequently updated and it supplies additional applications on supplementary CDs. Distributions for old hardware. This is one category of Linux distributions, which has sadly been neglected by most mainstream Linux integrators. Many of us have old PCs or notebooks, which not long ago used to run Windows 95 satisfactorily, but are no longer suitable for daily computing tasks. Wouldn't it be nice to get them run a light-weight distribution with a browser, e-mail and, say, a word processor in a graphical mode? Unfortunately, distributions like that are very hard to find, but perhaps DeLi Linux or Drinou-Linux could fill this gap. Both of them are based on an older Slackware release and offer light-weight Sylpheed for email, Dillo for web browsing, SiagOffice for word processing and other low resource software on top of the Fluxbox window manager. They are certainly worth a try. Specialist distributions. Problems need to be solved and Linux seems to be a perfect solutions for many computing tasks. Puppy Linux is a small distribution that runs entirely in a 48MB ramdisk and can be booted from floppy, USB or ZIP drives, as well as the more traditional hard drives or CD. Other USB pen drive-based distributions include SPB-Linux and RUNT, while NBROK is designed to be installed and run from a ZIP drive. Both RUNT and NBROK are Slackware-based distributions. Another interesting new project is BlackRhino GNU/Linux, a Debian-based distribution for the Sony PlayStation with over 1,200 software packages. And while on the subject of Debian, it is only appropriate to mention a brand new project called DebToo, which as you have probably guessed, is a Gentoo-style Debian distribution "recompiled for your system". This is of course just the tip of the iceberg and some other distribution categories immediately spring to mind. What about the dozens of floppy and embedded Linux distributions? Or distributions for various non-Intel architectures? We'll look at these in a future issue of LWN.
Distribution News Debian GNU/LinuxThe Debian Weekly News for September 9, 2003 is out. This week looks at the Rio Karma 20, possibly the first industrially manufactured digital audio player that supports the Ogg Vorbis audio format; an open letter to the European Parliament; Debian and the FSF; Politics in Free Software; and much more.A second revision of the current stable Debian distribution (woody) is underway. No dates have been set yet for the 3.0r2 release, which will add many security fixes to the stable version.
Gentoo Weekly Newsletter -- Volume 2, Issue 36The Gentoo Weekly Newsletter for the week of September 9, 2003 is out. This week looks at the success of the second Gentoo BugDay; a continuing look at Gentoo security issues; and more.
LynuxWorks Embedded Beta Based on 2.6 Kernel (eWeek)eWeek takes a look at BlueCat Linux 5.0, due out in November. "The San Jose, Calif., company this week will announce availability of a public beta program for the next version of its embedded Linux operating system, BlueCat Linux 5.0, which is based on the as-yet-unreleased Linux 2.6 kernel."LynuxWorks has also put out a press release announcing the availability of the beta release.
Mandrake LinuxMandrakeSoft has released 9.2RC2. The QA team would like to get feedback on upgrades from Mandrake 9.1/9.0/8.2, and any of those last few bugs. (Thanks to Mark Walker)
Slackware LinuxIt's been a busy week at Slackware according to the slackware-current changelog. Various sources have been patched and recompiled, including some the kernel 2.4.22 modules. Lots of packages have been upgraded, and some have been recompiled to take advantage of a new libmad. There are also more ham radio package updates from Arno Verhoeven.
Trustix Secure LinuxTrustix reports a speed bump in the mailing lists as they are being moved to a different machine. If you've been having trouble getting in touch with Trustix, or haven't been getting mail, this could be why.
Kernel patches for specialized distributionsopenMosix has released the latest clustering extensions to the Linux kernel, version 2.4.22-1.uClinux has released v2.6.0-test5-uc0 of its Linux kernel for MMU-less processors.
New Distributions evelinevelin is a Linux distribution based upon Mandrake. Its main purpose is to be kept secure and small, while providing the basic functionality that system administrators might need. It runs within its own chroot jail on an existing Linux system. The initial release is version 0.1, dated September 5, 2003.
GNOPPIX 0.5 released (GnomeDesktop)FootNotes notes the release of GNOPPIX 0.5. GNOPPIX is a live CD distribution of the Knoppix variety, but it is based around the GNOME desktop.
Linare Linux Desktop OS launchesLinare Corporation has announced its entry into the desktop Linux business; the distribution is KDE-based and retails for $19.95.
wrt54g-linuxwrt54g-linux is a mini-distribution for the Linksys wrt54g 802.11b/g access point and router. It includes basic tools such as sh, syslog, telnetd, httpd (with cgi-bin support), vi, snort, mount, insmod, rmmod, top, grep, find, nfs modules, etc. The installation script runs in about 20 seconds and installs strictly to the RAM disk. The initial release, version 0.1, is dated September 6, 2003.
Minor distribution updates Damn Small LinuxDamn Small Linux has released v0.4.6 with minor feature enhancements. "Changes: This version features many patches, the addition of traceroute, fixes for a rendering problem with netcardconfig, and modifications to startx so that it will save selected settings for the next X session."
floppyfwfloppyfw has released v2.9.5 with major feature enhancements. "Changes: This version features bridging with ebtables and iptables, ISO images, images for the Soekris NET45xx boxes (and probably other CF/DoC-based systems), and PCMCIA/HostAP support."
Recovery Is Possible!RIP! has released v6.2 with minor feature enhancements. "Changes: PPP/PPPOE support has been added."
Sentry FirewallSentry Firewall has released v1.5.0-rc4 with minor bugfixes. "Changes: In this version, the Linux kernel has been updated to version 2.4.22-ow1, along with the IPSec+X509 patches and software. Bind9 and Snort were moved to a chroot environment. The configuration scripts were also updated to include new NIC module dependencies, and network configuration support should now work properly with most 10/100BaseT NICs."
stresslinuxstresslinux has released v0.2.6 with major feature enhancements. "Changes: All boot kernels have been upgraded to 2.4.22 with some extra networking modules. ISA-Bus and ISA-PNP is now working. Syslinux, smartmontools, and netio were upgraded to new versions. Pcopy is now included for drive mirroring. A display bug in sl-wizard at 80x25 mode was fixed. ASUS-CUV4X-D was added to sl-wizard."
Distribution reviews Debian Review (Distrowatch)Distrowatch reviews Debian GNU/Linux. "Debian - there has never been any other Linux distro quite like it. Long a favorite of the geek elite, there is no doubt that Debian is popular. Sign up for the Debian-user mailing list, and you can expect to receive about 300 messages a day. Perhaps (just perhaps) there are more people using Redhat, Mandrake or SuSE. However, if bigger means better, then Debian is the undisputed champion - Debian's "stable" branch boasts 8710 "packages" (packages = precompiled software bundled up in a nice format for easy installation). In Debian's "unstable" branch there are about 13,000 packages (more than six gigabytes worth). If software was sold by the kilogram, then Debian would fetch top dollar. However, this massive collection of excellent software is free, the work of hundreds (or thousands) of unpaid volunteers. Put that in your pipe and smoke it."A discussion about this review can be found at DebianPlanet.
Page editor: Rebecca Sobol Development The Net-SNMP projectThe Net-SNMP project (formerly called ucd-snmp) consists of a set of tools relating to the Simple Network Management Protocol (SNMP), an internet protocol for managing network-connected devices.
The major components of Net-SNMP include:
Version 5.0.9 of Net-SNMP has been announced. "This does contain a security fix so all users are encouraged to update their software immediately." Also included in this release are: kerberos support fixes, documentation improvements, better augmentation table support, improved 64 bit handling, and miscellaneous bug fixes. Net-SNMP should be a useful addition to the list of available networking tools.
GNOME 2.4 releasedIt's finally official: GNOME 2.4 has been released. The extensive release notes talk about what's in this release; there's a lot of good stuff there. Congratulations are due to the entire GNOME development community.
System Applications Audio Projects Planet CCRMA ChangesThe latest changes from the Planet CCRMA audio packaging project include new versions of Qjackctl, Lilypond, Guile, Texinfo, and Gmorgan.
Database Software MySQL 4.0.15 releasedMySQL 4.0.15 - a bugfix release - is now available. This release includes a long list of fixes; see the announcement (click below) for the details.
PostgreSQL Weekly NewsThe September 4, 2003 edition of the PostgreSQL Weekly News is out. Read about the PostgreSQL beta 2 release, thread safety issues, and more.
Libraries GNU Scientific Library 1.4 releasedVersion 1.4 of the GNU Scientific Library has been released. "The GNU Scientific Library (GSL) is a collection of routines for numerical computing in C. This release is backwards compatible with previous 1.x releases. GSL now includes support for cumulative distribution functions (CDFs) contributed by Jason H. Stover."
liblrdf 0.3.2 releasedVersion 0.3.2 of liblrdf, a library for working with the Resource Description Framework (RDF), is available. "Doesn't add any features, but builds with raptor 1.0.0 and removes a dependency on the LADSPA SDK."
Mail Software milter-sender/0.36 (beta)Version 0.36 beta of milter-sender, a spam filtering package for sendmail, is available. This version features bug fixes relating to the parsing of sendmail.cf.
Networking Tools SSHVnc 0.1.2 released (SourceForge)Version 0.1.2 of SSHVnc, a Virtual Network Console that uses ssh for secure communications, is available. "This release of our secure VNC application marks a change in our software distribution policy. The installation is now catered for using the ZeroG installer, providing distributions for Linux and Windows with and without the Java 1.4.2 VM. This release also sees the inclusion of a number of useful configuration options. These include the execution of commands on connect/disconnect allowing the user to start/stop their VNC server remotely, and predefined settings for low/high bandwidth connections."
WAP11GUI version 0.12 released (SourceForge)Version 0.12 of WAP11GUI has been released. "WAP11GUI is an SNMP management application for the Linksys WAP11 wireless access point. It provides a Unix/Linux user with a graphical, QT based interface with which to configure and manage a WAP11 AP over a LAN. The biggest news (if you could call it that) in this release is that a memory leak that went unnoticed for 2 years has been fixed."
Printing CUPS 1.1.20rc1 availableVersion 1.1.20rc1 of CUPS, the Common Unix Print System, has been released. The release notes list all that is new, many bug fixes are included.
LPRng 3.8.22 releasedVersion 3.8.22 of the LPRng printer spool system is available. Change information is in the source code.
LinuxPrinting.org newsThe latest printer database changes on LinuxPrinting.org include the following: "September 7, 2003: Added Epson Stylus C83, C84, Olympus P-300E, P-300NE, P-300U, P-400, and Canon CP-100; the driver "ljet4" is not recommended any more for PCL-5e printers in the database, instead we recommend "hpijs" now due to better printout quality. The recommendations of "gimp-print" are replaced by "gimp-print-ijs" as the more modern interface of GIMP-Print. For the HP LaserJet 1200 the recommended driver is "pxlmono" now due to the bad graphics performance in the PostScript mode."
Web Site Development Working with the Echo Web framework, Part 1 (IBM developerWorks)IBM's developerWorks has an article by Tod Liebeck on Echo, a development framework. "This two-part series provides an introduction to the Echo framework, an open source, Java technology-based platform for building Web applications that look and act like rich clients. Part 1 introduces the framework and discusses what it does and how it is best used, providing an introductory walkthrough of its features."
Gallery v1.4 Release Candidate 3 available (SourceForge)Version 1.4 RC3 of Gallery, a PHP-based web site photo album management package, is available. "Version 1.4 premieres some major new features: Gallery is now multilingual, and can be displayed in 18 different languages, with more on the way! In addition, we've completely overhauled the documentation and made it more accessible and more informative. Other changes include ownership of individual album items, not just of albums, and a slew of minor improvements and bugfixes."
mnoGoSearch-php version 3.2.1Version 3.2.1 of mnoGoSearch, a web site search engine, is available. New features and bug fixes are listed in the Change Log.
Mod_python 3.1.0a alpha availableVersion 3.1.0a Alpha of Mod_python has been announced. The download page says: "This is an ALPHA release, therefore it is likely to contain bugs and is not of production quality. Additionally, some functionality may change until first beta release. We strongly recommend that you try out your application in a test environment with this release and report any incompatibilities or problems you may encounter."
Zope 3 Newsletter, Issue 10Issue 10 of the Zope 3 Newsletter is out, take a look to see what's happening with the next generation of the Zope web platform.
Documentation Babeldoc 1.1.9 released (SourceForge)Babeldoc 1.1.9 has been released. "Babeldoc is integration tool that can plumb together data flows. It is completely configurable and scriptable. It is heavily XML biased but not exclusively so. This is going to be the last development release - the next set of releases are going to be Release candidates to version 1.2. This now has the J2EE module added. Please test."
Miscellaneous Access USB devices from Java applications (IBM developerWorks)Qingye Jiang explains how to talk to USB devices from Java on IBM's developerWorks. "The Java platform has traditionally prided itself on its platform independence. While that independence has many benefits, it makes the process of writing Java applications that interact with hardware quite tricky. In this article, research scientist Qingye Jiang examines two projects that are making the process easier by providing APIs through which Java applications can make use of USB devices. While both projects are still in embryo form, both show promise and are already serving as the foundations of some real-world applications."
Desktop Applications Audio Applications ALSA Patch Bay 0.5.2 availableVersion 0.5.2 of ALSA Patch Bay has been released. This version fixes a minor build problem.
Desktop Environments Gnome-Python, PyGTK and PyORBit hit 2.0 (GnomeDesktop)GnomeDesktop.org has a multiple announcement for new versions of PyGTK, Gnome-Python, and PyOrbit.
Writing GnomeVFS modules (IBM developerWorks)Mikael Hallendal and Richard Hult show how to extend GNOME with virtual file systems on IBM's developerWorks. "This article describes how to use GnomeVFS -- a C library for accessing various file systems -- to extend GNOME and develop your own extensions to the virtual file system. The article is centered around an imaginary example file system that lets you access an in-memory directory tree."
KDE-CVS-Digest for September 5, 2003The September 5, 2003 KDE-CVS-Digest has been published. Here's the content summary: "In this week's CVS-Digest: Umbrello now has a document model code generator. Changes in menus and tab configuration in Konqueror. Optimizations in KConfig, KMail and Konqueror. Drag and drop fixes in KOrganizer. Bug fixes in KOffice and Kopete."
KDE Traffic #63KDE Traffic #63 is available. The summary on KDE.News says: "KDE Traffic #63 was released this week with news about cookie problems, discussion about Cut and Copy entries in the context menu of Konqueror, usability of the Kicker window list, the proposed move of kpdf from kdenonbeta to kdegraphics and more."
KDE Traffic #64 is OutThe KDE.News summary of issue #64 of KDE Traffic says: "KDE Traffic #64 has been released, with lots of news articles about KDatePicker, iCalendar, OpenOffice integration in KDE, the software patent fracas, a neat little devices applet for Kicker, a private extension for DCOP, and of course, a nice treat at the end."
Electronics XCircuit 3.1.21 releasedVersion 3.1.21 of XCircuit, an electronic schematic drawing program, is available. Change information is in the source code.
gEDA NewsThe latest releases from the gEDA project include new versions the Icarus verilog compiler and gaf (gschem and friends).
Games PyGame Tutorial UpdatedA new version of Shandy Brown's PyGame Tutorial is available. Take a look if you are interested in working with PyGame.
Graphics flPhoto 1.1rc3 availableVersion 1.1rc3 of flPhoto, an image management and display program, is out. See the Release Notes for change information.
GIMP 1.3.20 Released (GnomeDesktop)Development version 1.3.20 of the Gimp has been announced. "This release features a lot of bug-fixes as well a number of improvements over 1.3.19. Definitely worth an update, especially if you want to participate on the bug week."
GIMP Bug Week (GnomeDesktop)The GIMP Bug Week for version pre-2.0 has been announced. "As some of you might already know, next week is the pre-2.0 GIMP Bug Week. The first pre-releases of 2.0 will start coming out the door around the end of this month, and we need to get some concentrated testing done before then, as well as classifying known bugs into those which will be fixed before 2.0 final and those which will be fixed later."
QGIS version 0.0.12 (SourceForge)Version 0.0.12 of QGIS, a Geographic Information System built for Linux and Unix, has been announced. "The biggest change is the ability to select features in shapefiles and zoom to the selected set. Features can be selected by dragging the mouse or from the attribute table (thanks to Marco)."
GUI Packages FLTK 1.1.4 releasedVersion 1.1.4 of FLTK, the Fast Light ToolKit, is available. Change info is in the source code.
GTK+ 2.2.4 Released (GnomeDesktop)GnomeDesktop.org has an announcement for GTK+ 2.2.4. "This is a bug fix release and is source and binary compatible with previous releases in the 2.0 and 2.2 series. This is an emergency release to fix a critical GtkTreeView problem which broke context menus in several applications."
PyGTK 2.0.0 releasedVersion 2.0.0 of PyGTK, a Python language binding for GTK, has been announced.
Interoperability Samba-3.0.0 RC3 available for downloadThe Samba Team has announced Samba-3.0.0 RC3, hopefully the final RC before the real 3.0.0 release, which should take place early next week. "Unless there is a severe bug in the Samba source that would affect a large number of the community, the source/ directory in RC3 will stay the same for 3.0.0."
Wine TrafficIssue #186 of Wine Traffic has been published. "This is the 186th release of the weekly Wine Weekly News publication. Its main goal is to run amok. It also serves to inform you of what's going on around Wine."
Mail Clients Mozilla Thunderbird 0.2 Released (MozillaZine)Version 0.2 of the Mozilla Thunderbird email and news client has been released. "Based on Mozilla 1.5 Beta, Thunderbird 0.2 features a redesigned Options dialogue, spell checker improvements, enhancements to the default theme and better performance and stability."
News Readers New stable Pan releases (GnomeDesktop)GnomeDesktop.org reports on release 0.14.2 of Pan, a newsreader for GNOME. "Pan 0.14.2 fixes a configuration corruption bug in 0.14.1, which was released a few days ago."
Office Applications GanttProject 1.9.8 released (SourceForge)Version 1.9.8 of Ganttproject has been released. "After two release candidate, ganttproject 1.9.8 has been released. Ganttproject is a pure Java application thats lets you plan project using Gantt charts. It uses a file format based on XML and can export into HTML Web pages or PNG images."
Gnumeric 1.1.90 RC1 availableRelease Candidate 1 of the Gnumeric 1.1.90 spreadsheet is available. "This is primarily a spit and polish release. It fixes the missing documentation files from the 1.1.20 release. There are a few extensions to the charting engine, and a much improved image selector for objects. The main substantive change relates to the handling of empty cells passed as arguments to optional parameters."
GNOME DTP software: Passepartout 0.2 (GnomeDesktop)GnomeDesktop.org looks at version 0.2 of Passepartout, a Desktop Publishing package that is in the early stages of development.
Office Suites OpenOffice.org 1.1 RC4 is outVersion 1.1 RC4 of OpenOffice.org 1.1 is available. Also, the OpenOffice.org SDK for 1.1 RC4 has been released.
OpenOffice.org NewsletterThe September, 2003 edition of the OpenOffice.org newsletter is available with the latest OpenOffice office suite news. This issue takes aim at Microsoft Office.
Web Browsers Epiphany 1.0 Released (MozillaZine)MozillaZine reports that Epiphany 1.0 has been released. Epiphany is a GNOME web browser based on the Gecko rendering engine.
Mozilla 1.4.1 Release Candidates (MozillaZine)MozillaZine reports on the availability of the Mozilla 1.4.1 release candidate builds. "Mozilla 1.4.1 is an updated version of Mozilla 1.4 with around 100 additional bugfixes."
Arabic Localization Project and Translation Effort (MozillaZine)MozillaZine reports on the progress of the Arabic translation of Mozilla. "Nadim Shaikli writes: "With the recent improved Arabic support in Mozilla, a flurry of activity has taken place to better acknowledge the browser's enhancements. A complete localization effort is taking shape with a large percentage of the work already completed. Mozilla's homepage has also been fully translated to Arabic."
Independent Status Reports (MozillaZine)MozillaZine mentions the availability of a new set of Mozilla Independent Status Reports. "The latest set of status reports includes updates from Firebird Help, BannerBlind, Next Image, StumbleUpon, Uzilla, MozWho, MultiZilla and Mozex."
Project Orb Documentation Project Reaches Version 0.2 (MozillaZine)According to MozillaZine, version 0.2 of the Project Orb Mozilla documentation project, is available. "Since release 0.1 additional useful end user preference customizations are included, as well as several screenshots. The project is continuing to evolve in scope. Plans are in the works for a French language version of the project, as well as more information about Camino and Firebird."
Word Processors AbiWord Weekly NewsIssue #160 of the AbiWord Weekly News has been published, take a look for the latest AbiWord word processor news.
Miscellaneous Gsharp 0.2 releasedVersion 0.2 of Gsharp, an interactive, extensible editor for musical scores written in Lisp, is available.
Peacock 1.9.1 released! (GnomeDesktop)Version 1.9.1 of Peacock, an HTML editor for the GNOME Desktop, is available. "Admirers of fair creatures and HTML Editor named after them, a new version of Peacock - An HTML Editor for Gnome, v1.9.1 has been released. Sporting a new Gnome 2 look and more importantly WYSIWYG (yes! WYSIWYG) HTML Editing capabilities using the GtkHTML bonobo control (you might have bumped into it while composing a email in evo)."
Languages and Tools Caml Caml Weekly NewsThe August 26 - September 2, 2003 edition of the Caml Weekly News is out with the latest Caml language development news.
Caml Weekly NewsThe September 2-9, 2003 edition of the Caml Weekly News is out with even more Caml news.
Java Comparing Java Data Binding Tools (O'Reilly)Mette Hedin compares several open-source and proprietary Java data binding tools. "Many W3C XML Schema (WXS) data binding tools for Java are now emerging. These tools generate Java code from instances of WXS in order to represent the structures defined therein. The autogenerated code has the ability to convert from XML format to Java objects and vice versa. This gives the user a compile-time Java API customized for the specific schema used, which saves a lot of time and effort compared to utilizing generic interfaces such as DOM and JDOM. In addition it also enables Java developers with little or no XML knowledge to both consume and produce valid XML documents."
Lisp GNU CLISP 2.31 releasedVersion 2.31 of GNU CLISP, a Common Lisp implementation, is available.
Perl This Week on perl5-porters (use Perl)The September 1-7, 2003 edition of This Week on perl5-porters has been published. "September begins, holidays are over. Lots of little new things occured this week. Read about lexical pragmas, syntax warnings and good style, advancement of the maintainance branches, bugs, fixes, tests and upgrades."
PHP PHP Weekly Summary for September 8, 2003The PHP Weekly Summary for September 8, 2003 is out. Topics include: iconv compiler issues, studlyCaps, ming extension, Broken locale functionality, Servlet SAPI (continued).
phpMyAdmin 2.5.3 is released (SourceForge)An announcement for version 2.5.3 of phpMyAdmin is on SourceForge. "After three release candidates, we are pleased to release this brand new version. phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the http://www. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields."
Python InlineEgg Library for PythonVersion 1.0 of the InlineEgg library for Python is available. "InlineEgg is a collection of python classes (a "library"), that will help you write small assembly programs, either to use as eggs/shellcode for your exploits or for anything else you may need small assembly programs for. But! without writing assembly, just using python." Hopefully, those exploits will be non-malevolent.
MojoView 1.0 availableVersion 1.0 of MojoView, a Python package that assists in building PyGTK2 database applications, is available.
Python beginner's mistakesHans Nowak has published a document entitled Python beginner's mistakes. "Beginner's mistakes are not Python's fault, nor the beginner's. They're merely a result of misunderstanding the language. However, there is a difference between misunderstanding (often subtle) language features, vs misunderstanding the language as a whole, and what can (and cannot) be done with it. The pitfalls article focused on the former; this article deals with the latter."
Python anti-pitfallsRichard Jones has published a document called Python anti-pitfalls. "The following are a quick (random, off the top of various heads) list of things that I think are anti-pitfalls in Python. That is, because the language has these features, it is harder to make programming mistakes."
PyXR 0.9.3.0 releasedVersion 0.9.3.0 of PyXR, a Python-language HTML pretty-printing package, is available. Changes include better line linking and improved config file error message reporting.
Dr. Dobb's Python-URL!The September 8, 2003 edition of Dr. Dobb's Python-URL! is out with another round of links to Python language articles.
Smalltalk Unix Squeak 3.6-beta11 availableVersion 3.6-beta11 of Unix Squeak, a Smalltalk implementation, has been released, take a look to see the long list of changes.
Tcl/Tk Dr. Dobb's Tcl-URL!The September 1, 2003 edition of Dr. Dobb's Tcl-URL! has been published.
Miscellaneous Enhance Ant with XSL transformations (IBM developerWorks)Jim Creasman writes about Ant on IBM's developerWorks. "n the mid-1990s, most of the source code was C or C++. make was the tool of choice for scripting and managing code compilation. Sprinkle in a dash of batch files or shell scripts to add automation and you had a build process. Times change. Enter Java technology, XML, XSLT, extreme programming with continuous build, and a host of other new technologies and ideas. By the late '90s the playing field was looking a lot different. Perhaps the single biggest addition to the set of build tools was Ant."
Page editor: Forrest Cook Linux in the news Recommended Reading A clicking bomb (Economist)The Economist covers the software patent fight in Europe. "Now, although many patents are centrally awarded by the European Patent Office (EPO) in Munich, national courts have the final say over a patent's validity. In Britain, business methods are generally not patentable, but they can sometimes be patented in Germany. The EPO, by the way, granted Amazon a patent in May covering computerised methods of delivering gifts to third parties, a descendant of its one-click patent in America."
Patent Riots of 2003 (PC Magazine)John Dvorak looks at the European software patent fight in PC Magazine. "[T]here seems to be a strong protest movement that has begun in Europe regarding software patents. It could easily become a juggernaut that will make legislative bodies reconsider the tendency to approve dubious copyright and patent laws that benefit nobody but large corporations."
The SCO Problem SCO faces AUUG anger, claims Linux users still liable (ComputerWorld)ComputerWorld (Australia) was present at the Australian Unix Users Group conference, where SCO's Kieran O'Shaughnessy had the unenviable task of explaining his company's actions. "At the event O'Shaughnessy was forced to admit the legal threat against Linux users remained. With the audience clearly fuming at what they were hearing, O'Shaughnessy pointed out that the company's legal pursuits are not targeted at end users, but did make a reference to businesses that use Linux."
Companies New IBM Ad features Linux in a new light (NewsForge)Joe Barr takes a look at IBM advertising featuring Linux, in this NewsForge article. "It's a slick way to instruct the viewing audience on various aspects of Linux and the free/open source development memes. Alan Cox, currently on sabbatical from Red Hat and Linux kernel development to further his education, said of the ad "It's rather cool." Cox added that it is "perhaps more telling" that IBM made the ad available on its website in MPEG format as well as in Real and QT formats. Andrew Morton, the current number-two in the Linux hacker hierachy, found the ad "perhaps a little pretentious, but it's nice to see that IBM is keeping the faith."
MS' Linux obsession - time to call in the shrinks (Register)The Register responds to yet another Microsoft-funded study showing that Windows costs less than Linux. "Microsoft thinks the problem is getting the message across. Microsoft thinks Windows 'wins against Linux every time' (although it appears unwilling to share that particular case study outside its reseller community), whereas large swathes of customers think Windows is expensive and Linux much cheaper. Microsoft is therefore convinced that if it continues to place 'the facts' in front of these sad, deluded people they will ultimately accept that Microsoft is right, and Windows will triumph."
Novell 'puts entire ecosystem behind Linux' (Register)The Register reports from Novell's Brainshare conference in Barcelona. "Driving the adoption of Linux in the enterprise is central to its plans to return to profit while reaffirming its commitment to maintain support for its own NetWare operating system, the company says. Jack Messman, chairman and chief executive of Novell, (repeatedly) told delegates "we are not abandoning NetWare, we are adding Linux. It's all about choice for the customer.""Novell also announced a partnership with MySQL AB that bundles a commercially-licensed version of the MySQL(R) database with Novell NetWare 6.5.
Linux Adoption Linux is the path to a bright new future (Taipei Times)The Taipei Times covers worries that Taiwan is falling behind China in Linux adoption. "Currently there are around 20 Taiwanese companies making Linux products, such as server applications and embedded products. The government hopes to increase that number to 50 by 2007. The authorities are also setting a target to have 10 percent of personal computers and 30 percent of Internet servers used by government agencies and corporate networks run on a Linux-based system by 2007."
Linux demand in Thailand 'artificial' (Asia Computer Weekly)Asia Computer Weekly is carrying an article noting that Linux-installed systems are gaining market share in Thailand, while Windows systems are slipping. But our old friends at the Gartner Group have an explanation: "A report [Gartner] released on Aug 18 said that much of Linux's success in Thailand is due to its use as a cover for software piracy. 'Gartner believes that most of the Linux shipments will eventually have illegal copies of Windows installed-a fact that makes Linux's seeming dominance of this market somewhat misleading,' the report stated."
The Rise Of Linux (VARBusiness)VAR Business looks at the increasing use of Linux by resellers. "We aren't just talking simple Apache Web servers and Dell boxes running Red Hat, but an entire next generation of applications that takes Java, Web services and Internet infrastructure as a given and builds new and exciting businesses on top of all of that. Almost without having been noticed, Linux has become essential for building these applications."
Resources FreeBSD Jails (O'ReillyNet)In this O'ReillyNet article Mike DeGraw-Bertsch explains how FreeBSD's jails can help secure necessary applications. "Those familiar with Java recognize the security concept of a sandbox. For those that aren't, it's the concept that everyone gets a unique, well-equipped sandbox to play in, and a person in one sandbox isn't allowed into anyone else's sandbox, not even to share anything with anyone else. On FreeBSD, jails implement this concept -- they keep processes in their own part of the system, denying access to anything else."
Reviews Inside the GNOME 2.4 Desktop and Developer Platform (Ars Technica)Ars Technica has posted a lengthy review of GNOME 2.4. "GNOME 2.4 brings to the Linux desktop considerable polish, accessibility and consistency. This release is a culmination of the work done by commercial vendors and the GNOME community, as evidenced by the fact that three vendors--Sun, Red Hat and Ximian--have already shipped desktops focused on the GNOME 2 platform. The end result is a pleasant desktop that is nimble, attractive and unobtrusive. While it's not perfect, the foundation is now there and the overall product has matured."
KAddressbook 3.2 reviewedA review of KAddressbook 3.2 is online. "As preview for the upcoming KAddressbook 3.2 which will be shipped with KDE 3.2 later this year, we have some screenshots here taken from the CVS version of KAddressbook."
Review - Linux+ Certification Bible (Help Net Security)Here's a review of Linux+ Certification Bible by Trevor Kay on Help Net Security. "Since this is a Certification Bible, each chapter in this book is preceded by pre-test questions, the answers to which can be found at the end of the chapter. This gives you a glance into what you will learn that chapter. Also, at the end of every chapter, you find assessment questions that help you test the knowledge you gained while reading the chapter."
'Storage' to Replace Traditional Filesystems (GnomeDesktop)GnomeDesktop.org reviews the Storage project. "OSNews is reporting on Storage, an innovative project which aims to replace the traditional hierarchical filesystems with a new document store which is database-based (PostgreSQL). The current implementation, built under Gnome 2.x for now, offers natural language access, network transparency, and a number of other features. The project is currently in alpha (screenshots already available), and it is part of the next major generation of Gnome."
Miscellaneous Open source bookmarks Australian heritage (ComputerWorld)ComputerWorld looks at the National Library of Australia and its IT needs. "Couple its physical scope with the plethora of media types maintained by the organisation, ranging from books and manuscripts to complex digitised maps, images, audio and online data, and the need for providing innovative services has made adaptable software from the open source community appear a necessity." (Thanks to Vladimir Likic)
East Asia plans Windows rival (BBC News)The BBC reports that China, South Korea and Japan are involved in joint research into a new computer operating system to rival Microsoft Windows. "An open-source software forum will then be set up by major Japanese electronics companies such as Hitachi, Matsushita, NEC and Fujitsu, to establish what they need from the alternative software. However, Japanese officials confirmed that they planned more to work with current Windows alternatives than building a new system entirely from scratch."
Linux fan to run against Arnie in California election (Silicon.com)Silicon.com reports on a new contender for Governer of California. "Georgy Russell, is a very un-geeky 26-year-old who works for Veritas and graduated from Berkley with a computer science degree. A Democrat, she has launched a campaign promising the legalisation of drugs, gay marriages and a universal health care system." Ms. Russell is also promoting the wider use of open source software.
Page editor: Forrest Cook Announcements Non-Commercial announcements Raymond and Perens respond to SCOEric Raymond and Bruce Perens have sent out a response to SCO's "open letter." "Accordingly, we of the open-source community do not concede that there is anything to negotiate. Linux is our work and our lawful property, the distillation of twelve years of hard work, idealism, creativity, tears, joy, and sweat by hundreds of thousands of cooperating hackers all over the world. It is not yours, has never been yours, and will never be yours."
Press conference on European software patentsThe Greens/European Free Alliance has announced a lengthy press event on software patents in Europe, to be held in Brussels on September 17. A number of speakers are scheduled, including representatives from the scientific, economic, consumer, corporate, and public administration areas. Correction: Tim Berners-Lee is NOT on the agenda as is listed below..
OpenOffice.org Community Contributor VoteA vote will be held for the OpenOffice.org Community Council Representative. Voting closes on Monday, September 15, 2003.
New Roles at The Perl Foundation (use Perl)Use Perl reports on some personnel changes at The Perl Foundation. "gav writes "I have stepped into the new public relations role at The Perl Foundation. I'll be resurrecting the newsletter and providing news about TPF activities. If you have any TPF related news or questions please email me. One thing I will be doing is reporting on the events over the last few months, including the YAPCs and the latest round of grants." "TPF is also looking to fill a new role, one of grant manager."
pgAdmin3 is looking for translators!Translators are needed for pgAdmin, the PostgreSQL database admin GUI. "pgAdmin, one of the most widely used GUI's for PostgreSQL, is soon to announce it's third major release and needs more translators! It has been designed from near the beginning to handle multiple languages, and has already been mostly translated into 16 non-English ones so far: Danish, German, Farsi, French, Croatian, Hungarian, Indonesian, Japanese, Norwegian Bokmål, Polish, Portuguese-Brazilian, Romanian, Russian, Turkish, Chinese simplified, and Chinese traditional We're trying to organise for a lot more translations to be finished in time for this release, so that PostgreSQL and pgAdmin are available to the widest possible audience."
Commercial announcements Lindows offers support lineLindows has announced the availability of a 24-hour telephone support service for its distribution. A $79.95 annual fee buys access to the support line for a year.
Novell announcements at BrainShare Europe 2003Novell has issued a handful of press releases in conjunction with Novell BrainShare Europe. News includes the integration of Ximian technology into Novell Nterprise Linux Services, new versions of Novell exteNd, Nterprise Branch Office and Nsure SecureLogin, and PartnerNet for ISV/IHVs. Click below for the full list.
Zend Studio 3.0 IDE announcedZend Technologies has announced its Zend Studio 3.0 IDE. This is a development environment targeted at developers building enterprise applications in PHP, JavaScript and HTML.
New Books "Kerberos: The Definitive Guide" Released by O'ReillyO'Reilly has published the book "Kerberos: The Definitive Guide".
Resources Paper: How to Evaluate Open Source Software / Free Software ProgramsDavid A. Wheeler has published a paper on how to evaluate free software programs; it is aimed at those used to buying proprietary applications. "Examine the developer mailing list archives - is there evidence they're actively discussing improvements to the software? Are there multiple developers (so that if one is lost, the project will easily continue)? If their version management information is accessible to the public, take a look - are developers regularly checking in improvements and bug fixes?"
LDP Weekly NewsThe September 3, 2003 edition of the Linux Documentation Project Weekly News is out with the latest documentation change news.
LDP Weekly NewsThe September 9, 2003 Linux Documentation Project Weekly News is out with another round of documentation updates.
An introduction to Thunderbird, part 6The sixth article by Kay Frode on Mozilla Thunderbird has been published on Nidelven-it. "Changing to a new mail client don't need to be difficult, as long as you have a proper guide to help you. :) In this part of the introduction I will try to show you how to import and migrate all your information from your old mail client. Clients I will talk about are Outlook, Netscape and Eudora. Big topic, so buckle up. :)"
Event Reports Finnish Open Source Translators Getting OrganisedLinux-Aktivaattori ry is a Finnish non-profit organization promoting the use of Linux and other Open Source software. They recently organized the first Open Source translation workshop for the Finnish language on 29-31 August 2003 in the city of Turku. Click below for more information.
Upcoming Events Announcing the first Annual Desktop Linux ConferenceThe Desktop Linux Consortium has announced the first annual Desktop Linux Conference, which will take place on November 10, 2003, at Boston University's Corporate Education Center in Tyngsboro, Massachusetts.
Events: September 11 - November 6, 2003
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Page editor: Forrest Cook Letters to the editor Open Query: what replaces RedHat?
Yeah, I know; RedHat isn't really dying.
Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 647 1274 OS X: Because making Unix user-friendly was easier than debugging Windows -- Simon Slavin, on a.f.c
Reply to Darl McBride's Open Letter to the Open Source Community
September 9, 2003
Saving the earth from anarchy by eliminating the weakest link
Page editor: Jonathan Corbet
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Net-SNMP]](/images/ns/netsnmp.jpg)