LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for September 25, 2003The new Fedora ProjectLast July, Red Hat let it be known the Red Hat Linux, as a retail product, was coming to an end. Red Hat's customers would be steered, instead, at the company's "enterprise" products, which are aimed at corporate needs and, incidentally, bring in a lot more revenue to the company. The company's strategy has had some success; Red Hat's recently announced quarterly results show an increase to about 26,000 Enterprise Linux subscriptions. Those subscriptions brought in almost $15 million in revenue over the quarter (enterprise services brought in another $9 million).What replaced Red Hat Linux at that time was the "Red Hat Linux Project," an attempt to transform the process of making Red Hat's core distribution into a more open, community-oriented project. Now, this distribution has gone through another change, as announced on September 22:
Red Hat and Fedora Linux are pleased to announce an alignment of
their mutually complementary core proficiencies leveraging them
synergistically in the creation of the Fedora Project, a paradigm
shift for Linux technology development and rolling early deployment
models.
The rest of the announcement, thankfully, is in English. The old Fedora Linux Project was an independent effort to create a set of high-quality add-on packages for Red Hat Linux. Fedora had managed to put together a set of policies, a development community, and an initial set of packages. Red Hat, in its effort to kick-start the Red Hat Linux Project, saw value in all of those things. So now the two projects have merged into a single entity called the Fedora project. The project stuck with the Fedora name, among other reasons, so that the resulting distribution would not run into trademark problems with the Red Hat name. (There may yet be confusion with the Fedora Project hosted at Cornell, which is developing a free digital repository management system.) Red Hat is still putting together policies and documentation for the new project, so some of the details are still coming into focus. The project leadership role will be in the capable hands of Michael K. Johnson, one of the Red Hat originals. There will be a a steering committee appointed by Red Hat; it currently consists of Karen Bennet, Cristian Gafton, Michael K. Johnson, Jeff Law, and Stephen Tweedie. The plan also calls for an advisory committee, the makeup and duties of which has not yet been determined. Finally, there will be a "technical committee," which is simply the union of the steering and advisory committees. The Fedora project's output will consist of three distinct sets of packages:
The project planners also foresee a "Fedora Legacy" area for the maintenance of older packages, and a "third party" area that will become the Fedora equivalent of Debian's non-free. Red Hat will have nothing to do with the non-free code, however. According to the posted schedule, the "test 2" release of the Fedora core is due on September 25. There is a third test release planned for October 13, and the final release should be out on November 3. Then work begins on "Fedora Core 2", which will be, with luck, based on the 2.6 kernel. To succeed, Fedora must attract a significant amount of community interest and input. Red Hat needs external developers to help with the maintenance of the distribution and bring in new packages. It also very much needs an active user community which will test and deploy the Fedora distribution; to a great extent, Fedora will be part of the quality control process that packages go through before becoming part of the enterprise products. Bringing in developers will require making them feel like something other than unpaid Red Hat employees. That means giving Fedora a life outside of the company. Red Hat seems to understand that need; for example, Red Hat's Havoc Pennington says:
Red Hat will be doing a lot of development and other work on the
Fedora Project, but it's not a product that you can buy from
us. We're working on the Fedora Project in the same way that we
work on other projects such as Mozilla or the Linux kernel.
Of course, this claim is not entirely true: Red Hat does not name, by fiat, the members of any "steering committees" for Mozilla or the kernel. But the idea the company is trying to get across is clear: Fedora, as a project, is separate from Red Hat and its products. The degree to which that is true, and to which Red Hat can step back and let Fedora find its own path will be crucial to Fedora's success. Letting go could be hard for Red Hat to do; almost anybody who has done business with that company will attest that Red Hat, while well-intentioned, very much likes to retain control over the projects it works on. Red Hat also has a history of working well with the free software community, however; they understand well how the free development process works. So when the company says something like:
Anyway, it's not just about what Red Hat developers work on
anymore. Anybody can drive the project in a different direction by
developing the code and making a case for including it.
There is a good chance that things will work out that way.
The European software patent voteMembers of the European Parliament (MEPs) passed Arlene McCarthy's proposed patent directive this Wednesday, with numerous amendments that may mean a victory for the open source community and others opposed to software and business practice patents. The full text of the passed directive is available for those who are interested (thanks to James Heald). As a result of the Foundation for a Free Information Infrastructure (FFII) and many others, software patents in Europe have been staved off -- for now.However, we have miles to go with regards to the directive. This vote is not the final say in the matter. The European Parliament will vote again on the directive, but after it has been addressed by the European Commission (EC). It's entirely possible that the directive passed by the parliament will be rejected by the EC, or that the original directive without the amendments will be approved by the EC. LWN reader Ciaran O'Riordan notes that in the event that the original is approved, Parliament will not have a second chance to address the directive and McCarthy's original draft will be enacted. Under the amended directive, an inventor may patent a "programmed device," but patents on software and business methods are specifically excluded. Amendment 3a specifically disallows any patents in the field of data processing, while 2b specifically requires an invention to be "susceptible of industrial application." Amendment 2d specifies "industry" as the "automated production of material goods." Presumably this means that one cannot patent entertainment devices or other goods specifically targed for consumer use. Further, patent applications for programmed devices must include "a well-functioning and well documented reference implementation of such a program is published as part of the patent description without any restricting licensing terms." This means that, should the amended directive go through, inventors will not be able to prevent interoperability with their devices through obscurity. Readers in the United States may be interested to know that the U.S. government has chimed in with opposition to article 6a, which states that patents can not be used to block interoperability:
Member States shall ensure that, wherever the use of a patented
technique is needed for a significant purpose such as ensuring
conversion of the conventions used in two different computer systems or
networks so as to allow communication and exchange of data content
between them, such use is not considered to be a patent infringement.
The amended directive is a vast improvement over McCarthy's original proposal. However, Jonas Maebe, a Belgian FFII representative, says the approved draft still needs work:
The recitals were not amended thouroughly. One of them still claims
algorithms to be patentable when they solve a technical problem. But we
have all the ingredients for a good directive. We've been able to do the
rough sculpting work. Now the patching work can begin. The spirit of the
European Patent Convention is 80% reaffirmed, and the Parliament is in a
good position to remove the remaining inconsistencies in the second
reading.
That assumes, of course, that there is a second reading to be had. When speaking to Parliament during the Plenary Debate the day before the vote, EC Commissioner Frits Bolkestein issued (PDF format) a not-too-veiled threat to remove parliament from the process entirely:
If we fail in our efforts to achieve a harmonisation of patent law
relating to computer-implemented inventions in the European Union, we
may well be confronted with a renegotiation of the European Patent
Convention. The process of renegotiation of the European Patent
Convention would not require any contribution from this parliament. So
the situation is clear: there is a single objective but a choice of
means. Either we proceed using the community method, or we take a back
seat and watch while member states go via the route of an
intergovernmental treaty. It is clear that proceeding via this
Parliament would give European citizens a greater say in patent
legislation, an area which is so crucial to our economy.
A renegotiation of the European Patent Convention could be a worst-case scenario for users of open source. While those who stood in opposition to the original draft deserve congratulations and the opportunity to enjoy their victory, they'll have little time to rest.
HP offers indemnificationOn September 23, HP held a press conference in which it extended an indemnification offer to its Linux customers. If you buy a Linux system from HP, the company will take on any liability that may eventually be incurred toward SCO for the use of Linux. HP will also take on defense against lawsuits filed by SCO. All a customer has to do (beyond buying the system from HP) is to have a support contract and refrain from making changes to the code.To some, this move appears to have vindicated SCO's claims. Certainly SCO didn't miss the opportunity rush out an even stranger than usual press release on the subject:
HP's actions this morning reaffirm the fact that enterprise end
users running Linux are exposed to legal risks. Rather than deny
the existence of substantial structural problems with Linux as many
Open Source leaders have done, HP is acknowledging that issues
exist and is attempting to be responsive to its customers' request
for relief. HP's actions are driving the Linux industry towards a
licensing program. In other words, Linux is not free.
It is classic SCO to claim that indemnification supports its claims, after arguing for months that the lack of indemnification supports it claims. The market, in any case, read things slightly differently; SCO's stock fell almost 10% after HP's announcement and SCO's PR. In fact, a different interpretation makes a great deal of sense. HP, as a company, has certainly made its share of mistakes. But HP is smart enough not to wander into the path of a company prone to billion-dollar lawsuits without being sure of its ground. HP is a Unix licensee; it has everything it needs to verify for itself whether Unix code has truly been copied into Linux or not. The obvious conclusion is that HP has decided that it has little to fear. It would appear that SCO's bluff has been called.
SCO to Red Hat: you have no complaintRed Hat filed suit against the SCO group back at the beginning of August. At that time, SCO's response was nothing if not aggressive:
Be advised that our response will likely include counterclaims for
copyright infringement and conspiracy. I must say that your
decision to file legal action does not seem conducive to the
long-term survivability of Linux.
That response was filed on September 15; thanks to Groklaw, the text of SCO's response is now available online. It reads rather differently than Darl McBride's preview had suggested. Rather than escalate the fight with counterclaims and conspiracy charges, SCO is now trying to make the whole thing go away. The core of SCO's argument is that it has never actually threatened to sue Red Hat, so Red Hat cannot ask for relief. There is nothing to be relieved from.
There are no allegations that SCO has contacted Red Hat and
informed it that its product violates SCO's copyrights. Nor has SCO
done so. There are no allegations that SCO has conveyed to Red Hat
either expressly or implicitly that it intends to sue Red Hat to
enforce its copyrights. Nor has SCO done so. There are no
allegations that SCO has sued any other entity for infringement. -
Nor has SCO done so.
If you go back to SCO's response to the suit, the company quotes a letter saying:
At the time of your letter, we had expected the possibility of a
global resolution of SCO's intellectual property claims against all
Linux-related companies that would have likely included Red Hat. This
effort has apparently stalled, through no fault of SCO.
SCO's Linux license FAQ contains this statement:
All distributions of Linux 2.4 and later versions of the kernel
contain major infringments, regardless of whether Linux is being
used in a commercial or non-commercial environment.
Since Red Hat is unarguably a "Linux-related company," the first statement above could certainly be read to imply the existence of intellectual property claims against it. Since Red Hat's products include 2.4 and later kernels, the second statement is a clear claim that Red Hat's products contain "major infringements." But now SCO is trying to say that such claims do not exist. This quote is also worth noting:
Red Hat, however, has never had any license from SCO providing
access to SCO's trade secrets or other confidential information
and, to SCO's knowledge, has not stolen or otherwise
misappropriated any of SCO's trade secrets or confidential
information. Therefore, unlike companies that have contractual
obligations to SCO, Red Hat has no legal or factual basis for
apprehension of suit by SCO with respect to trade secrets or
confidential information it has licensed from SCO, and its claims
in Count II can be summarily dismissed.
So, if you work with Linux, and you have never signed a contract with SCO, you should have little to worry about. SCO states here that it has never claimed that Red Hat Linux (at least) infringes upon its copyrights, and SCO states explicitly that Red Hat cannot have stolen its trade secrets. If nothing else, SCO's statements serve as another warning against signing contracts with that company. SCO goes on to say that, even if Red Hat could prove that it is right to be worried about being sued, the court still should not hear the case.
The previously filed SCO v. IBM Case addresses most, if not all, of
the issues of copyright infringement and misappropriation. If these
issues are decided against SCO in that case, then Red Hat's lawsuit
becomes unnecessary.
One wonders how the IBM case can handle "most, if not all, of the issues of copyright infringement" when, as stated earlier in SCO's response, "There are no allegations that SCO has sued any other entity for infringement. Nor has SCO done so." The IBM case is a breach of contract case which has nothing to do with copyright infringement. One presumes that the judge in the Red Hat case will notice that. SCO claims that the rest of Red Hat's complaints (mostly variations on violations of fair trade laws) should be dismissed because SCO's behavior is a simple exercise of its first amendment ("freedom of speech") rights.
SCO's Public Statements fall outside the scope of the Lanham Act
and related state law claims and are protected under the First
Amendment to the U.S. Constitution. The Public Statements also
address or relate to pending or potential litigation and are
privileged under the common law doctrine of litigation immunity.
According to SCO, even its "Linux license" is actually speech related to ongoing litigation, and thus protected. A footnote in SCO's filing makes the interesting additional claim that "SCO has never asserted in any statement that individual, non-corporate users of Linux may be liable to SCO, or otherwise would need to purchase a right to-use-license." The filing finishes out with this fun little argument:
Indeed, SCO's Public Statements are also part of a wider debate in
the technology and music industries about the scope of intellectual
property protection in a digital age. As open source software
development becomes prevalent and digital music can be downloaded
for free, many people are simply ignoring copyright and patent
laws. Many public commentators recognize this disintegration of
property rights as a danger to our economic system. In a small way,
SCO's Public Statements are part of this debate. This is an
additional factor that weighs in favor of holding SCO's Public
Statements as fully-protected speech, not subject to the Lanham Act
or associated state law claims. It would pervert the First
Amendment to allow the Lanham Act to chill broad debate about the
relative merits, and problems, with open source software.
Free software developers are, in other words, the moral equivalent of those who distribute copyrighted music over the net. And it is SCO's right to be "part of this debate" by making its claims against Linux. The conclusion that comes from a thorough reading of SCO's response is clear: SCO does not want this fight, and is doing what it can to make it go away. This is not a surprising position; a company which has picked an intellectual property fight with IBM has little need or desire for other legal distractions. SCO's move for dismissal looks weak, however, especially when one considers that it has contradicted many of its own claims in public statements elsewhere. The Red Hat suit is not good news for SCO, and it is unlikely to be shrugged off so easily. SCO is also weakening any case it might have against any other Linux-related company. After going to such lengths to state that Red Hat has nothing to fear from SCO, and that the IBM case covers everything, SCO will will have to find some truly compelling "new evidence" before it can turn around and file another Linux-related lawsuit. As SCO backs away from its increasingly indefensible claims of direct infringement, all it really has left is a contract dispute with IBM. It is not surprising that SCO wants to free itself of the Red Hat suit and concentrate on its one, big fight.
Security Brief items A different kind of bad weekAnother week, another email worm. Your editor initially wondered how he had managed to get put on a Microsoft security mailing list, but it didn't take too long to figure out what was really going on. A quick tweak to a SpamAssassin rule made the visible part of the problem go away; after all, very few messages of interest contain Microsoft executables anyway. But, of course, the "Swen" worm continues to chew up bandwidth.Swen seems to have two ways of attacking a system:
As we have warned many times in this space, Linux is not immune to worms and viruses. We will almost certainly have a bad security day sooner or later. But Swen is a classic Microsoft worm, and, perhaps, Linux users have the right to feel just a little smug. Exposed Linux systems with two-year-old vulnerabilities are rare. Fixing problems is sufficiently easy, and Linux administrators are sufficiently aware that vulnerabilities tend to be closed quickly. Keeping patching levels high as Linux expands into more desktop and consumer-oriented uses will be a challenge, however. We have all the tools we need to keep such systems current; it's mostly a matter of ensuring that those tools get used. Imagine, however, that a widespread bug exists which, when exploited, could allow the running of arbitrary code from malicious email. The variety of mail user agents in the Linux world will restrict any such exploit to a fraction of the deployed Linux systems. The number of distributions in use will also make a universal exploit difficult. But, even if the attacker succeeds in running code on a target system, that code will be unable to kill the system's defensive processes, make "registry" (i.e. configuration file) changes, or engage in most of the other unpleasant activities carried out by Swen. To obtain that level of access to the system, the exploit code would have to find and take advantage of another, different vulnerability. Then, there is the issue of convincing users to run a malicious executable sent to them in the mail. One of the real strengths of the Linux development model is that it is highly unlikely to result in the creation of mail utilities which allow the direct execution of programs received as email attachments. Any developer or distributor who tried to release a tool with that sort of vulnerability would not soon forget the reception they would get on the net. There is simply no excuse for extending such trust to the world as a whole. A Linux utility that was so trusting would be fixed within hours. Microsoft systems have remained vulnerable - in the face of overwhelming proof of the damage caused - for years. Linux systems suffer from a constant stream of vulnerabilities, like other systems out there. The real difference, perhaps, is that our problems get fixed - almost always before they ever reach a point where they can be widely exploited. As a happy result, it is, once again, not Linux systems which are spamming the net with worm-laden email.
New vulnerabilities gopherd: buffer overflow
hztty: buffer overflow vulnerability
ipmasq: insecure packet filtering rules
openssh: multilple PAM vulnerabilities in Portable OpenSSH versions 3.7p1 and 3.7.1p1
proftpd: remote root shell
Updated vulnerabilities 2.4 kernel - several vulnerabilities
apache: multiple vulnerabilities in Apache HTTP server
autorespond: buffer overflow
bind buffer overflow vulnerability in DNS resolver libraries
Canna server: exploitable buffer overrun
eroaster: insecure temporary file
ethereal: security problems in Ethereal 0.9.12
exim: buffer overflows
Filename disclosure vulnerability in fam
fdclone: insecure temporary directory
fetchmail: buffer overflow
glibc: DNS stub resolvers contain buffer overflow vulnerability
gnupg: key validation
gtkhtml: malformed messages cause crash
KDE: Two issues in KDM
kernel-utils: setuid vulnerability
libpam-smb: exploitable buffer overflow
libpng, libpng3: buffer overflow
lynx: CRLF injection vulnerability
perl-MailTools: remote command execution
mikmod: buffer overflow
mindi: insecure file creations
mpg123 - buffer overflow
mysql: arbitrary code execution
Nessus NASL scripting engine security issues
netris: buffer overflow
net-snmp: denial of service vulnerability
nfs-utils xlog() off-by-one bug
openssh: timing attack leads to information disclosure
OpenSSH: buffer management error
pam-pgsql: format string vulnerability
perl: cross site scripting vulnerability in CGI.pm module
PHP: vulnerability in mail function
phpgroupware - cross-site scripting and other exploits
pine: remote exploits
postfix: denial of service vulnerabilities
PostgreSQL - more buffer overflows
Local arbitrary code execution vulnerability in Python
Multiple-use vulnerability in Safe.pm
sane-backends: several vulnerabilities
semi: insecure temporary file
sendmail: bad DNS reply causes crash
sendmail: remotely exploitable buffer overflow
stunnel: signal handler reentrancy DoS
sup: insecure temporary file
File overwrite vulnerability in tar and unzip
teapop: SQL injection
Multiple vendor telnetd vulnerability
unzip: directory traversal vulnerability
vim - modeline vulnerability
vixie-cron: Local vulnerability
webmin: session ID spoofing
wget:directory traversal bug
wget: buffer overflow
wu-ftpd: off-by-one bug
wu-ftpd: insecure program execution
Wwwoffle remote privilege escalation vulnerability
XFree86 4.3.0 integer overflows in font libraries
xinetd: Memory leak in xinetd 2.3.10
zblast: buffer overflow
Resources Monopolies and securityThe Computer & Communications Industry Association has published a paper (available in PDF format) titled "CyberInsecurity: The Cost of Monopoly." This paper, written by Dan Geer, Rebecca Bace, Peter Gutmann, Perry Metzger, Charles Pfleeger, John Quarterman, and Bruce Schneier, makes the claim that software monocultures are hazardous to the security of the net as a whole. When one system is vulnerable, all systems are vulnerable. The authors also take Microsoft to task for its efforts to maintain and strengthen its monopoly, and for its poor security record. Suggestions in the paper include forcing Microsoft to make Office available for Linux and other operating systems.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current development kernel is still 2.6.0-test5, which was released back on September 8.The pile of patches in Linus's BitKeeper repository continues to grow. The most notable change is probably the dev_t expansion (see below); other patches which have been merged include a device mapper update, some NFS updates, a big I2C update, Con Kolivas's and Ingo Molnar's scheduler interactivity patches, a Coda filesystem update, some initramfs tweaks, improvements in random driver locking, the removal of some ext3 debugging hooks, direct I/O support for reiserfs, some CPU frequency work, an Intel SpeedStep-SMI driver, a substantial amount of janitorial work, and various fixes. The current stable kernel is 2.4.22. Marcelo continues to work on 2.4.23; he released 2.4.23-pre5 on September 21. This prepatch adds some ACPI fixes, an omitted piece of the VM patch set that went into -pre4, and various other fixes. It remains a relatively slow period in kernel development, so this is not the longest LWN Kernel Page we have ever produced. It was hard, but we have resisted the urge to fill it out with coverage of the latest BitKeeper flame war.
Kernel development news dev_t expands at lastThe expansion of the dev_t device number type has been on the list of goals for 2.6 since the beginning. The only problem is that it has stayed on that list through the entire 2.5 development process; for various reasons, work on that project stalled for a long time. As of September 24, however, the dev_t expansion can be checked off the list; Linus has merged the required changes into his BitKeeper tree. They will appear in the 2.6.0-test6 release.For some time, it had appeared that dev_t would expand to 64 bits, with 32 bits each for the major and minor numbers. The actual change, however, is to 32 bits, with a 12-bit major number and 20 bits for the minor. That should be adequate for some time, especially given that the new registration mechanisms and sysfs make it much easier for the system to use device numbers more effectively.
Internally, the new kernel dev_t type uses the encoding one would
expect: the major number sits in the top twelve bits of a 32-bit value,
There are places, however, where an explicitly 16-bit value is passed. There is no way to change that without breaking applications. In such cases, the kernel checks whether 16 bits is sufficient; if not, the system call has no choice but to fail with an EOVERFLOW error. Beyond that, most of the groundwork for the new dev_t had already been laid over the last few months. There are, however, certain to be a few surprises left after such a fundamental change. The next couple kernels could be interesting to use while the remaining issues get ironed out.
Selectable I/O schedulers for 2.6The 2.5 development series saw the creation of a few different I/O schedulers ("elevators") for the block I/O subsystem. I/O schedulers attempt to perform requested block I/O operations in an order that maximizes performance. Given that different people (and applications) measure performance differently, it is not surprising that more than one I/O scheduler exists. So, for example, the "deadline" scheduler attempts to minimize seeks while ensuring that no request waits for more than a certain period of time. The anticipatory scheduler pauses after completing read operations on the assumption that another nearby read will show up quickly. The CFQ ("completely fair queueing") scheduler tries to divide up the available I/O bandwidth equally among processes. And there is a "noop" scheduler for devices (such as memory-based devices) which do not benefit from I/O scheduling logic at all.What has been lacking is any sort of way for a system administrator to choose between these schedulers. A system I/O scheduler can be designated with the elevator= boot parameter, but that choice applies to all drives on the system, and it cannot be changed. This restriction makes experimenting with the various schedulers difficult; in the real world, it may also be appropriate to use different schedulers for different drives. So Nick Piggin has released a patch which makes I/O schedulers selectable at run time. With the patch, a new io_scheduler sysfs attribute appears under /sys/block/<device>/queue; changing a scheduler is simply a matter of writing the name of the new scheduler into that attribute. So, for example, to go to CFQ on the first SCSI drive:
echo cfq >/sys/block/sda/queue/io_scheduler
Changing schedulers requires pausing and emptying the I/O queue, so it might not be advisable in the middle of writing a CD or controlling a nuclear power plant shutdown. But it certainly can be a useful thing to do at system initialization time, or while experimenting with scheduler performance under a certain kind of load.
The beginning of the end for devfsOne of the patches that will appear in 2.6.0-test6 is one marking the devfs subsystem as being obsolete. The patch from Christoph Hellwig reads:
Richard [Gooch] hasn't touched it for about a year and since then
only bugfixes and my changes to the kernel interface went in. No
one has stepped up to maintain it and with udev we have a proper
replacement now.
Devfs was the subject of countless heated linux-kernel battles in the years leading up to its inclusion in 2.3. It made rather less of a spash afterwards; none of the major distributors have enabled devfs in their kernels, with the (arguable) exception of Gentoo. When a subsystem does not get used, and especially when its maintainer stops working on it, that subsystem's future tends to be dim. Such is the case with devfs. Christoph has said he will continue to fix a few problems, but will do no more with it. 2.6 may be the last major kernel series that includes the devfs subsystem.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Janitorial
Networking
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials The Great Package Management ExperimentLast week's Revisiting RPM Package Management in the distribution section of LWN was quickly followed by a heated debate about software management in various distributions. Predictably, the discussion soon evolved into a full-scale "distro war", where each distribution was vigorously defended by its respective vocal fans. This heated feedback resulted in an attempt to conduct a practical experiment. It will examine the package management tools in five major binary Linux distributions (Debian, Mandrake, Red Hat, Slackware, SuSE) and provide examples of 1) installing a package not officially supplied by the distribution itself and 2) upgrading the entire distribution to a newer version. Without any further ado, let's get on with the show, in alphabetical order.Debian GNU/Linux I chose MPlayer for the test of installing a third-party package. MPlayer is a popular media player for Linux, but most distributions do not supply it due to potential legal issues with certain codecs included in the package. Debian is no exception. Luckily, visiting apt-get.org and typing "mplayer" into the site's search engine reveals the availability of MPlayer from a number of unofficial repositories, as well as instructions for adding the repository to one's sources.list. In case of Debian Woody, this is a simple matter of adding 'deb http://marillat.free.fr stable main' to /etc/apt/sources.list, then executing the following:
apt-get update
apt-get install mplayer
That's all to it, MPlayer is now installed and ready for use. As far as upgrading the Debian distribution to the latest version, this is done with a single command:
apt-get dist-upgrade
This is a well-tested, well-documented and reliable procedure for upgrading a Debian system. The ease of package installation (whether native or third-party) and system upgrades are often considered to be some of the most pleasant aspects of using Debian GNU/Linux and this is hard to argue. Overall score (on a scale from 1 to 10): third-party package installation: 10, distribution upgrade: 10. Mandrake Linux Like Debian, Mandrake does not supply MPlayer as part of the distribution. A quick trip to Penguin Liberation Front (PLF) reveals availability of the package, together with instructions on how to add the necessary sources to Mandrake's package manager - urpmi. The site also provides a well-designed three-step wizard, which enables users to specify a Mandrake version, select official Mandrake mirrors and choose to add other third-party repositories, such as PLF itself, Texstar's RPMs and Java RPMs. The wizard outputs a number of urpmi.addmedia commands that need to be executed from the command line - a simple copying and pasting those into the Konsole does the trick. As soon as the execution completes, MPlayer can be installed with:
urpmi mplayer
uprmi mplayer-gui
The first command gives an option to choose between a stable or development version of MPlayer, which is followed by a prompt to confirm installation of dependent files. Mandrake's package manager then goes on to fetch and install all the necessary files. In the test, everything installed flawlessly and typing "gmplayer" on the command line launched MPlayer in its full glory. That was nice, but let's try something more challenging - such as updating the entire distribution. At the time of the experiment, Mandrake Linux 9.2 was not yet released, but the distribution's development branch called "Cooker" was very close to what the final Mandrake 9.2 would look like, sans some last minute bug fixes. I followed the instructions in Cooker HOWTO and How to Upgrade Mandrake, updated the urpmi sources to point to a fast local mirror and executed the following commands:
urpmi.update -a
urpmi --auto-select --no-verify-rpm --auto
urpmi kernel
The entire upgrade procedure was a surprisingly pleasant experience. All completed without a single hitch and when I rebooted the system, I found myself in a brand new Mandrake Linux 9.2, almost final. Comparing the upgrade process to Debian, the only downside is that three commands are needed to upgrade Mandrake, as opposed to a single command for upgrading Debian. The overall score: third-party package installation: 10, distribution upgrade: 9. Red Hat Linux Red Hat Linux 9's only package updating tool with dependency resolution is up2date. This was primarily designed for updating an existing installation with critical bug fixes and security patches, rather than as a general purpose package management tool. It is not possible to add third-party repositories to up2date and non-subscribers require to fill in a lengthy registration form every few months. But even paying subscribers have reported frequent failures to connect to up2date servers shortly after Red Hat's security advisories. Currently, there are two third-party tools with dependency resolution capabilities for Red Hat Linux - apt-get and yum. For the MPlayer installation experiment, I settled on apt, which is trivial to set up on any recent Red Hat installation - a quick trip to freshrpms.net was all that was required to download the relevant RPM package and install it manually. Afterward, installing MPlayer and all of its dependencies was also a no-brainer:
apt-get install mplayer
As soon as the installation process completed, MPlayer was ready for use. Next came the task of upgrading a vanilla Red Hat 9 to Rawhide, which is Red Hat's development branch, probably fairly close to a new beta expected to be released shortly. Here I chose yum for the job, mainly because yum is now included in the Rawhide and presumably it will be included in the next official Red Hat Linux release. The package is also available from freshrpms.net. After configuring the sources, I issued the following commands:
yum check-update
yum -t -y upgrade
Perhaps being spoiled by a very easy Mandrake upgrade, I expected a similarly smooth flow while upgrading Red Hat. Unfortunately, it wasn't the case. The upgrade proved to be a lot of hard work and here is the summary of my observations:
Although yum is now in rawhide, I don't expect to see
it in a released version of RHL or RHEL. Why do I say this? Because the
newest up2date that will ship with the upcoming RHEL and RHL now supports
remote "yum" and "apt" repositories in addition to the native "rhn-style"
repositories. Since up2date now speaks all languages (rhn, apt, yum) there
is no need to ship those other tools.
Overall score (2 points were deducted for having to use a third-party package manager): third-party package installation: 8, distribution upgrade: 3. Slackware Linux Slackware's package manager does not have the ability to resolve dependencies. The MPlayer experiment started with a trip to LinuxPackages, where I located and downloaded the necessary package, then executed installpkg:
installpkg mplayer-1.0pre1-i686-2rob.tgz
Although no errors were reported during installation, MPlayer failed to launch due to missing libraries. Back to LinuxPackages to download alsa-lib, lame and libdvdread (the dependent packages were clearly listed on the MPlayer download page), before installing them with installpkg. This has satisfied all requirements and MPlayer was ready for action. There are three third-party packages that handle Slackware package updates - these are swaret, slackpkg and slapt-get. Both swaret and slackpkg have now been officially included in the "extra" directory of Slackware Linux, but between the two of them only swaret has the ability to resolve dependencies, while slackpkg is generally used to keep a Slackware system synchronized with the "current" branch (i.e. development branch, equivalent to Sid, Cooker or Rawhide). At this point, it is perhaps interesting to note a recent comment by Slackware's creator Patrick Volkerding, which indicates that not everybody thinks highly about advanced package management tools: "I'm not a big believer in automated dependency handling." As with all other distributions in this experiment, I wanted to upgrade a vanilla Slackware 9.0 installation to the latest available development version, which at the time of writing was Slackware Linux 9.1-beta2. This can be done with Slackware's native tools, but the process is fairly involved, it requires manual download of all upgraded packages, which then need to be upgraded with upgradepkg in a certain correct order. After downloading and installing swaret, the same could be achieved with two commands:
swaret --update
swaret --upgrade -a
Again, the process took time, but completed with no errors. Several newly upgraded packages required extra packages to satisfy dependencies and this is the only place where user intervention was called for to confirm the action. But the overall experience was very similar to upgrading Mandrake, except that it required a third-party tool. Overall score (2 points were deducted for having to use a third-party package manager): third-party package installation: 5, distribution upgrade: 7. SuSE Linux As many readers correctly pointed out, SuSE's native package manager called YOU (YaST Online Update), does indeed have dependency resolution capabilities. My apologies to SuSE users for the erroneous claim to the contrary. The reason which led me to believe otherwise was the frequency with which questions about apt-get come up on SuSE's mailing lists. Upon some investigation, it would appear that the main reason for apt-get's proliferation and preference among SuSE users is that certain third-party repositories of SuSE packages encourage users to make use of it. The popular usr local bin, which provides up-to-date GNOME packages is a good example. Another major advantage of APT for SuSE is its ability to upgrade the entire distribution with a single command and without re-installing. According to this comparison chart YOU cannot be used for this purpose. Keeping uniformity in the package installation experiment proved difficult, because SuSE is the only distribution in this list that does ship with MPlayer. However, some of the useful, but legally questionable components and plugins are missing from it, so let's try to install a more useful version, such as the one found at links2linux.de. Unfortunately, attempting to add the source of the MPlayer package to Software Source Media in YaST resulted in a "ERROR(InstSrc:E_no_instsrc_on_media)" message. But after installing apt and its dependencies, and updating apt's sources, MPlayer installed with a single command:
apt-get install MPlayer
The test of upgrading the entire SuSE 8.2 distribution to a newer version could not be done, simply because a newer version of SuSE Linux has yet to be released. It will probably be another two months before SuSE 9.0 directories appear on mirrors to give apt-get a chance to do its magic. Overall score: third-party package installation: 6, distribution upgrade: not rated. Conclusion To conclude this lengthy and time consuming experiment involving package installations and distribution upgrades, we have two clear winners - Debian and Mandrake. Debian is hard to beat when it comes to overall convenience, but Mandrake has made a lot of effort and its urpmi package management and underlying technology has just about succeeded in catching up with Debian's. The other three distributions have a long way to go. Red Hat is currently in a major transition and the question of package and distribution upgrades is probably being addressed as I write this. Slackware is easy to upgrade with swaret, a tool which will be included in the upcoming Slackware 9.1, but it doesn't handle installing packages from third-party repositories. As for SuSE, it falls short of all other distributions. YOU has a pleasant interface and it works extremely well within its official package set, but as a software management tool, it has too many shortcomings to compare well with either apt-get or urpmi.
Distribution News Debian GNU/LinuxThe Skolelinux project will be working with Debian to revive and take over the Debian-Edu sub-project. rpmseek.com has announced that rpmseek.com now indexes Debian Linux (.deb) software packages.
Gentoo Weekly Newsletter -- Volume 2, Issue 34The Gentoo Weekly Newsletter for the week of September 22, 2003 is out. This week's issue looks at the Gentoo 1.4 maintenance release 1 for x86, an experimental IA-64 stage1 that is now available, and much more.
Lycoris Desktop/LX Update 3Lycoris has released Desktop/LX Update 3. This Update features a new Help Center with interactive audio-visual tutorials, hundreds of updated drivers, crisper font handling, increased printer support for HP printers, extended digital camera support from Vivitar and Olympus, auto-configuration of WiFi connections, and exclusive Signature Wallpapers from Organic Light Photography.
Slackware LinuxSlackware Linux has announced the first release candidate for Slackware 9.1 in Monday's slackware-current changelog entry, followed by RC2 on Tuesday. It won't be long now, in fact Slackware 9.1 might be out by the time you read this.Footnotes reports that Dropline GNOME 2.4.0 for Slackware 9 is out. The package contains GNOME 2.4, AbiWord 2.0, Gnumeric 1.2, Epiphany 1.0, and a bunch of other stuff.
Minor distribution updates Astaro Security LinuxAstaro Security Linux has released v3.220 with major security fixes. "Changes: This Up2Date fixes the CAN-2003-0693 sshd vulnerability."
CDLinuxCDLinux has released v0.4.5 with major feature enhancements. "Changes: The init scripts were modified to make the booting procedure more flexible. CDlinux can now boot from almost any IDE/USB device, not only CDROMs. You can even boot it from a FAT partition. CDlinux can also run in "loop" mode if there is not enough memory to store the root filesystem in RAM."
CrashRecoveryKitCrashRecoveryKit has released v2.4.21-mdk91, based on Mandrake 9.1 (i586). "The ram filesystem for the mdk91 edition is 16 Mb and now needs at least 24Mb ram to boot. In addition the Logical Volume Manager (LVM) administration tools are added."
eMoviXeMoviX has released v0.8.0 with minor feature enhancements. "Changes: This version adds a Spanish version of the README, improves settings for the FB boot label, improves NVIDIA TV-out, and includes brand new support for installation on Debian systems."
Fli4lFli4l (Floppy ISDN/DSL) has released v2.1.4 with major feature enhancements. "Changes: Updated to Kernel 2.4.22, uClibc 0.9.20, BusyBox 1.0-pre3, gtk-imonc 0.6, and Privoxy 3.0.2. PPPoE in the kernel is now the default. You can use active-filter for ISDN. There are several minor bugfixes and changes."
INSERTINSERT has released v1.02 with minor feature enhancements. "Changes: INSERT was changed to boot with isolinux. This makes it possible to include additional boot options (e.g. for boot floppies) and eliminates the limitation on the boot disk size (more drivers). memtest86 has been added as a boot menu option. The cpio and dialog packages have been added (absence of the latter caused netcardconfig to fail). The links Web browser was upgraded to version 030709. The catchFirebird script was updated to download Firebird 0.6.1."
KNOPPIXKNOPPIX has released v3.3-2003-09-22 with minor feature enhancements. "Changes: AX25 protocol support has been added. The boot option tohd=hda1 has changed to tohd=/dev/hda1 for consistency. There is a new and improved unofficial installer "knoppix-installer", and a service menu for Samba exporting. Xchat has been re-added. ddcxinfo-knoppix now uses the extended monitor modelines from Kano by default."
MorphixMorphix has released v0.4-1 with major feature enhancements. "Changes: This version now features Gnome 2.4 along with lots of bugfixes, a partial rewrite of the installer, better themes, toram/tohd bootoptions, memtest86, supermount instead of autofs, LUFS, direct-install/execute/copy CDROM directories, a new NVIDIA driver, and more."
QuantianQuantian release 0.3.9.2 is available. This release adds many new packages and deletes a couple of others. Click below for details.
Recovery Is Possible!Recovery Is Possible! (RIP) has released v6.4 with minor bugfixes. "Changes: A few bugs have been fixed and some software has been updated. There's also a CD version that combines the Linux and FreeBSD systems on one bootable CD."
SalvareSalvare has released v0.1.3 with minor feature enhancements. "Changes: This release sets up for the 0.3.0 release in terms of architecture changes, etc.: the boot process is now entirely BusyBox based (which has been upgraded to 1.00-pre2), the system can be customised using a bootstrap floppym, and the Debian mirror can be customised during manual configuration. chkrootkit will no longer report false positives against Salvare itself (and has been upgraded to the latest version), the network card probe is less likely to hang certain hardware configurations, and localisation issues are resolved."
Slackware Live CDSlackware Live CD has released v2.9.0.22 with major feature enhancements. "Changes: Kernel 2.4.22 (with XFS support and ALSA drivers) has been added, so many more network and sound cards are supported now. This release adds CUPS for printing, mplayer 1.0pre1, and fluxbox 0.9.6pre1, and removes apache, PHP, and MySQL. proftpd and configsave/configrestore have been fixed."
uClinuxuClinux has released v20030909 with major feature enhancements. "Changes: This version features the latest 2.4.22 kernel, platform updates, more apps, and some cleanups."
WarewulfWarewulf has released v1.14 with major feature enhancements. "Changes: Support has been added for various authentication mechanisms (NIS, LDAP, etc) for the master node. Plugins have been built for Nagios so that node status can be easily monitored. Tiny RAM disk support using NFS root has been built (very experimental). Some packages have been added to the virtual node file system, and some code has been cleaned up."
wrt54g-linuxwrt54g-linux has released v0.2 with minor feature enhancements. "Changes: Several new executables and drivers were added, including a VPN daemon. An "options" subdirectory was created for executables that are not installed on the box by default. A Rendezvous daemon is now started to advertise the new Web server, and a script for transferring single files to the box was included."
Page editor: Rebecca Sobol Development gLabels Version 1.92.0Version 1.92.0 (Unstable for GNOME 2) of gLabels was released earlier this month.
gLabels is a lightweight program for creating labels and business cards for the GNOME desktop environment. It is designed to work with various laser/ink-jet peel-off label and business card sheets that you'll find at most office supply stores. gLabels is free software and is distributed under the terms of the GNU General Public License (GPL).
Essentially, gLabels is a customized drawing package with a specific purpose in mind, the creation of multiple labels that will be printed onto a sheet of adhesive labels. To create a custom label, a specific label template is chosen, and a single label of the specified size is used as a drawing canvas. The following graphical objects are used to fill the individual label:
The application supports a huge list of label sizes and shapes, including address labels, business cards, CD/DVD labels, and more. If custom label sizes are required, documentation is available for creating new templates. Label templates are stored as XML files. Take a look at the Screenshots page to see the application in use. System requirements and downloads of gLable are available here. Applications like gLabels are exactly what Linux needs to become better established in the office environment. Here at LWN, gLabels is likely to find a use in the creation of labels for homebrew beer and mead. For further reading, GnomeDesktop.org is currently running a review of gLabels.
System Applications Audio Projects Planet CCRMA ChangesThe latest changes from the Planet CCRMA audio packaging project include new versions of Qjackctl, Gmorgan, Freqtweak, and Lilypond.
Speex 1.1 ReleasedVersion 1.1 (unstable) of Speex, an open-source speech CODEC, is out. New features include a denoiser, automatic gain control (AGC), experimental echo cancellation, a jitter buffer, and an improved narrowband mode. Testers are needed.
Database Software iSQL-Viewer v2.1.6 Released (SourceForge)Version 2.1.6 of iSQL-Viewer, a cross-platform JDBC 2.0-compliant database application, has been released. "Version 2.1.6 is officially out and ready for download. This version is fairly stable however there are some new features that need some time to stabilize with a bit more usage. I am however marking it as a beta release for this reason."
knoda 0.6.1-test3 releasedA new test version of Knoda, a KDE-based database-frontend for Mysql, Postgresql and ODBC, is out. "The main feature of the next release will be the support of Python as scripting language, so it is possible to extend the capabilities of forms and reports. The feature has been implemented already and so it is time for testing and debugging."
PostgreSQL Weekly NewsThe September 18, 2003 edition of the PostgreSQL Weekly News is available with another weekly roundup of PostgreSQL database information.
ZODB 3.2b3 releasedVersion 3.2b3 of ZODB, the Z Object Database, is out." This release contains the last new work we plan to do before the ZODB 3.2 final release. We have fixed several bugs, including a deadlock problem that had been reported against 3.2b2."
Mail Software milter-sender 0.38 releasedA new release of milter/sender, a spam filter for sendmail, has been announced. "There have been lots of major fixes and enhancements since 0.36. Most notably a new build process using an autoconf built configure script. There is now support for plus detailed addresses, and an enhancement that allows you to block mail that resolve to Verisign's stupid wildcard domain server".
SpamAssassin 2.60 releasedVersion 2.60 of SpamAssassin, an email filter program, has been announced. This release features improvements to spamd, the Bayes engine, the HTML parser, the DNS blacklist system, the report system, and more.
Networking Tools husky 1.4-RC2 released (SourceForge)Version 1.4-RC2 of husky, a collection of Fidonet software, is available. "husky is a bunch of OS-independent software for fidonet. It consitsts of tosser hpt, fileechoprocessor htick, message editor msged TE, libraries fidoconfig, smapi etc. New Release Candidate is available now for downloading. It contains module 'husky-all' - all husky programs in one bundle."
InterMapper(R) 4.1.1 availableVersion 4.1.1 of InterMapper, a cross-platform network monitoring and alerting application, is out with a number of new features.
Printing Common UNIX Printing System 1.1.20rc2Version 1.1.20rc2 of CUPS, the Common Unix Printing System, has been announced. "CUPS 1.1.20 is primarily a bug fix and performance tuning release and includes fixes for 64-bit platforms, deadlock problems in the signal handling code, PDF printing issues, web interface issues, and various operating system-specific issues. The new release also adds new CUPS API functions for reading and writing files via HTTP, performing authentication, and controlling the required PPD conformance level."
Web Site Development The GNU BIS Open Source CRM applicationVersion crm-0.7 of the GNU BIS web-based Contact Relationship Management (CRM) application has been released.
mnoGoSearch-php 3.2.2 releasedVersion 3.2.2 of mnoGoSearch-php, a PHP front-end to the mnoGoSearch web site search engine, has been released. This release features some compatibility fixes.
Desktop Applications Desktop Environments KDE-CVS-DigestThe September 19, 2003 edition of the KDE-CVS-Digest has been published. Here's the summary of contents: "KWin rewrite merged into mainline KDE. Optimizations in KAbc, the addressbook library and the Konqueror listview. QtRuby can work with KDE classes. KJSEmbed, a javascript implementation for KDE, now has SQL database bindings. Plus a large number of bugfixes."
Alpha Code Shows a Strong KDE 3.2 Ahead (eWeek)eWeek plays with the first KDE 3.2 alpha. "In the alpha version we tested, KDE 3.2 impressed us with improvements to its Konqueror Web browser and file manager and with the addition of a handful of new applications, including Kopete, a multiprotocol instant messaging client."
Electronics XCircuit 3.1.24 availableVersion 3.1.24 of XCircuit, an electronic circuit drawing utility, has been released. Change information is in the source code.
Games PCGen 5.3.9 is available (SourceForge)Version 5.3.9 of PCGen, a Java-based RPG character generator, has been announced. "Data for the core 3.5e books is being actively developed on our yahoo site. It should soon be ready for inclusion in a beta release. After that release we will move PCGen to be based upon java 1.4, which means that releases after that will require users to download java 1.4."
Graphics GSview 4.42 beta releasedVersion 4.42 beta of GSview, a PostScript viewer package, has been announced. A number of bugs have been fixed. "This should be the last beta before the 4.5 release, scheduled for mid October."
PyX 0.4.1 was releasedVersion 0.41 of PyX, a Python graphics package for creating encapsulated PostScript, has been released. See the CHANGES document for more information.
GUI Packages Gtk2-Perl 1.00rc2 Released (GnomeDesktop)GnomeDesktop.org has an announcement for version 1.00rc2 of Gtk2-Perl. "Gtk2-Perl allows Perl developers to write GTK+ 2.x applications. Handlers for the "response" signal of Gtk2::Dialog now receive proper enum values, thanks to infrastructure in Glib that now allows per-signal custom marshalers. Glib::PkgConfig has been broken out into a separately-distributed module, ExtUtils::PkgConfig. A code sweep to quell compiler warnings resulted in several other minor bugfixes."
SPTK 2.0 is releasedVersion 2.0 of SPTK, the Simply Powerful ToolKit, is out. "The major change is: the license changed from GPL to LGPL. Several people asked about it, and I don't see - why not :)"
wxWindows 2.4.2 has been releasedVersion 2.4.2 of wxWindows, a C++ GUI framework, has been released. "This is a bug fix release."
Interoperability Wine TrafficIssue #188 of Wine Traffic is online. Take a look to see what's happening in the world of WINdows Emulation (WINE).
Medical Applications ODDB.org-Source ready for download. (LinuxMedNews)LinuxMedNews reports on the release of the Open Drug DataBase source code. "The interesting part of our publication is that we are actually building our business model on OpenSource, giving away our code under the LGPL. Somehow it feels strange but on the other hand it feels really good."
Music Applications Lilypond 1.9.8 releasedVersion 1.9.8 of Lilypond, a musical typesetting program, is out. "Relative to 1.9.7, it has a number of small bugfixes and sports dotted hairpin crescendos. However, this release also marks the end of my 2.0 release TODO list. In other words, 1.9.8 is the first (and hopefully only) LilyPond 2.0 release candidate."
Lemux version 0.2 releasedVersion 0.2 of Lemux, "a collection of (GPL) LADSPA instruments based on devices from the openMSX emulator and other sources, is available. In this release, all of the instruments work, and volumes have been normalized.
Tutka 0.10.3 Released (GnomeDesktop)GnomeDesktop.org has an announcement for version 0.10.3 of Tutka. "Tutka is a tracker style MIDI sequencer for Linux. It is similar to programs like SoundTracker, ProTracker and FastTracker except that it does not support samples and is meant for MIDI use only. Preferences using GConf have been added into the new version."
Office Applications Evolution 1.4.5 released (GnomeDesktop)Version 1.4.5 of Ximian Evolution, a personal and workgroup information management application, has been announced. "This update includes bug fixes as a result of community and customer feedback received since version 1.4.4."
Web Browsers New Mozilla 1.4.1 Release Candidates Available (MozillaZine)A new round of Mozilla 1.4.1 release candidates are available. "These new test builds are almost identical to the last set of 1.4.1 test builds, except for the inclusion of a fix for bug 216430."
Mozilla 1.5 Release Candidate 1 (MozillaZine)Mozilla 1.5 Release Candidate 1 has been announced. "At least one more release candidate is expected before the final release of Mozilla 1.5."
Minutes of the mozilla.org Staff Meeting (MozillaZine)The minutes for the September 15, 2003 Mozilla staff meeting are online. The MozillaZine Summary says: "Issues discussed include the purpose of the meetings, marketing and other issues."
Minutes from mozdev admin meetingThe minutes from the September 22, 2003 mozdev admin meeting have been published.
Word Processors AbiWord Weekly NewsIssue #161 and Issue #162 of the AbiWord Weekly News are online. Take a look for the latest AbiWord word processor news.
Languages and Tools Caml Caml Weekly NewsThe September 16-23, 2003 edition of the Caml Weekly News has been published, read more to find the latest Caml language news.
Java JPTC 0.2.2 released (SourceForge)JPTC 0.2.2 has been announced. "JPTC is a graphical tool for testing the performance of java-classes. JPTC is written using java and java-swing. The new release fixes some smaller bugs and adds new behaviour to the existing package".
Lisp Common Lisp UtilitiesA new Lisp-based project called Common Lisp Utilities has been launched. "Version 1.0, the first public release, contains code for data and control structures, financial functions, AI algorithms, math and cryptography."
Perl This Week on perl5-porters (use Perl)This Week on perl5-porters is out for September 15-21, 2003. "Those weeks, the perl 5 porters are in maintenance mood. Or in maintenance mode, if you prefer. Read about the progress made in the 5.8.x and 5.6.x branches."
Parrot v0.0.11 'Doubloon' released (use Perl)Version 0.0.11 of Parrot, the Perl 6 virtual machine, is available. "This release features direct generation of executable binaries, dramatically improved documentation, and a built-in bread maker!"
Perl 5.8.1 RC5 is Out (use Perl)Use Perl has the announcement for Perl 5.8.1 RC5. "Unless something serious is found in a few days, the final 5.8.1 will soon be released. The RC4 was out there for seven weeks or thereabouts, so nothing too horrible is to be expected. (Famous last words?)"
Cooking with Perl, Part 3 (O'Reilly)O'Reilly has published another excerpt from the Perl Cookbook. "In this third and final batch of recipes excerpted from Perl Cookbook, you'll find solutions and code examples for extracting HTML table data, templating with HTML::Mason, and making simple changes to elements or text."
PHP Turck MMCache for PHP version 2.4.0 is released (SourceForge)Version 2.4.0 of Turck MMCache, a multiple-platform PHP accelerator, has been released. "Support for incomlete classes in mmcache_get() was implemented. Checking of proper PHP version was added. include('x.php'); include_once('x.php') bug with php-4.3.3 was fixed. Improper "Cannot redeclare ()" error was fixed."
PHP Weekly Summary for September 22, 2003The PHP Weekly Summary for September 22, 2003 is out. Topics include: PECL gets a kick start, libgda extension, Modem status (Direct IO), More 64 bit, PHP surveys.
Python Python 2.3.1 releasedPython 2.3.1 has been released. "The Python Software Foundation (PSF) announces the release of version 2.3.1 of the Python programming language. This minor release introduces a number of enhancements based on two months of experience since release of version 2.3."
Python-dev SummaryThe Python-dev summary for the first half of September is out; it looks at undocumented methods, adding features to maintenance releases (and 2.3.1 in particular), ambiguous imports, and more.
Dr. Dobb's Python-URL!The Dr. Dobb's Python-URL for the week of September 22, 2003 is available, with links and news for the Python community.
Interactive PythonSimon Willison's Weblog has an article on using Python in interactive mode. "I adore the Python interactive interpreter. I use it for development (it's amazing how many bugs you can skip by testing your code line by line in the interactive environment), I use it for calculations, but recently I've also found myself using it just as a general tool for answering questions."
Smalltalk Unix Squeak 3.6g-2 availableVersion 3.6g-2 of the Unix Squeak Smalltalk implementation is available. See the release notes for more information.
Tcl/Tk This week's Tcl-URLDr. Dobb's Tcl-URL for September 24 is out; it looks at VirtualList, file I/O performance, and several other topics.
XML An Introduction to StAX (O'Reilly)Elliotte Rusty Harold introduces StAX on O'Reilly. "Now it's a year later, and I am very pleased to report that the next generation API is here. BEA Systems, working in conjunction with Sun, XMLPULL developers Stefan Haustein and Aleksandr Slominski, XML heavyweight James Clark, and others in the Java Community Process are on the verge of releasing StAX, the Streaming API for XML. StAX is a pull parsing API for XML which avoids most of the pitfalls I noted in XMLPULL. XMLPULL was a nice proof of concept. StAX is suitable for real work."
Grab headlines from a remote RSS file (IBM developerWorks)Nicholas Chase explains the mining of RSF information on IBM's developerWorks. "In this article, Nick shows you how to retrieve syndicated content and convert it into headlines for your site. Since no official format for such feeds exists, aggregators are often faced with the difficulty of supporting multiple formats, so Nick also explains how to use XSL transformations to more easily deal with multiple syndication file formats."
Cross Assemblers 8085 Simulator for GNOME (GnomeDesktop)GnomeDesktop.org mentions the GNUSim8085 project. "GNUSim8085 is a simulator and assembler for the Intel 8085 Microprocessor. You can write assembly code which can be assembled and simulated or debugged. You can also generate machine code listing." If only there were an equivalent package for the 68HC11, 68HC05, and Microchip PIC platforms. On that note, these projects are worthy of mention: the GNU PIC Utilities and the GNU Development Chain for 68HC11 and 68HC12.
Editors Conglomerate 0.7.2 releasedVersion 0.7.2 of Conglomerate, an XML editor with an emphasis on DocBook, has been released.
IDEs EsiObjects V4.1.1 Released (SourceForge)Version 4.1.1 of EsiObjects, an Object Oriented Programming Language and Development Evironment, has been announced. "This is the latest development environment. It contains too many new features to list."
Version Control SourceJammer 2.1.0.0 Released (SourceForge)Version 2.1.0.0 of SourceJammer, a Java-based open-source source control, versioning, and file sharing system, has been announced. This version adds many new features and bug fixes.
Miscellaneous Istrice 1.3 Released (SourceForge)Version 1.3 of Istrice, a distributed compilation environment for Unix systems, has been announced. "This version fix same bug and a new distribuited algorithm is added."
Page editor: Forrest Cook Linux in the news Recommended Reading Boot Linux faster (IBM developerWorks)IBM developerWorks examines ways to make Linux boot faster. "Although simple to understand, the technique I present here for speeding the boot process requires careful implementation; my hope is that Linux distributions will adopt this technique and users will be spared the configuration task. But if you're feeling adventurous, read on."
The 2003 Open Choice Awards (OfB.biz)Open for Business has announced the winners of the Open Choice Awards for 2003. "While some of these choices will undoubtedly be controversial, we hope that you'll appreciate our selections and find our picks helpful in making deployment decisions. Many of our selections this year are returning favorites from last year's premier of the Open Choice awards, but you will also find a few new names throughout. Without further ado, let us present this year's Open Choice winners."
Maximum Linux Kernel Performance (KernelTrap)KernelTrap takes a look at installing Andrew Morton's -mm kernel. "Andrew Morton began releasing his -mm kernel patches a little over a year ago, in the summer of 2002. The -mm tree began as a 90k patch against the 2.5.17 development kernel, merging in the remote kernel debugger, kgdb. By the release of 2.5.18, the -mm patchset had grown to nearly 238k, merging in a wide assortment of fixes and new functionality. As of this writing, the current -mm patchset is 2.6.0-test5-mm3, weighing in at nearly 5 megabytes. Andrew's -mm tree has evolved from a testing ground for numerous new technologies, to a comprehensive patchset that is usually more stable than the mainline 2.6.0-test kernel itself. This bodes well for the future of the 2.6 kernel, as Andrew Morton will soon be the official 2.6 kernel maintainer."
Trade Shows and Conferences Linux Lunacy in Alaska (Linux Journal)An ocean cruise with Ted Ts'o giving an "Introduction to the Linux Kernel"? Must be a Linux Lunacy cruise article on Linux Journal. "Ted also did a talk on "More than You Ever Wanted to Know about Filesystems", which balanced an overview of filesystem design with some practical advice for sysadmins who choose and maintain filesystems. Your best way to keep an ext2 or ext3 filesystem defragmented and running its best is not to fill it up all the way, or as Ted put it, "Overprovision like mad." Although it's difficult to come up with a benchmark that fairly measures the performance of a filesystem that has been in service for a while, the Postmark benchmark provides a good simulation of a running mail server, he said."
The SCO Problem HP to indemnify Linux customers (News.com)According to this brief News.com article, HP has taken the bait and decided to indemnify its Linux customers against suits from SCO. "'We really thought about it and we decided we were just going to move forward and assume all risk ourselves,' the representative said. 'This is what we want to do to protect our customers.'"
Companies JBoss joins Java community process (News.com)News.com covers the JBoss Group as it joins the Java Community Process. "JBoss says its software is compatible with the Java standard but that it has not gone through the formal process--and expense--of gaining J2EE certification from Sun, which controls the J2EE specification and brand. J2EE certification is valuable to corporations that want to ensure that software written according to the standard can work with other commercial J2EE products."
Red Hat Spreading Its Linux Wings (eWeek)eWeek covers Red Hat's plans for its Enterprise Linux platform. "Red Hat Enterprise Linux 3, due next month, will act as the unifying platform and be available on seven architectures for both client and server deployments."
Sun's Schwartz Speaks Out on Linux, SCO (eWeek)If you're still curious about Sun's approach to Linux, read this eWeek interview with Jonathan Schwartz, the company's software VP. "Also, let me really clear about our Linux strategy. We don't have one. We don't at all. We do not believe that Linux plays a role on the server. Period. If you want to buy it, we will sell it to you, but we believe that Solaris is a better alternative, that is safer, more robust, higher quality and dramatically less expensive in purchase price."
Linux Adoption Freeing Computers in Schools (Linux Journal)Here's a Linux Journal article with examples of how free software is opening up a whole new world, with education as one of its beneficiaries. "[A] younger child dances to the music that a program called Bump and Jump plays, a piece of software written by a team of Swedish students. The best part is nobody paid for the CD the children are using; it's not pirated either. It can be run from any computer, simply by booting from the CD-ROM drive. The CD comes in a distribution called FreEDUC."
Linux gets a phone call from Openwave (News.com)News.com covers Linux compatible phone software from Openwave. "Openwave's adoption of Linux is important because the company sells more wireless browsers than anyone else in the world, beating even handset-making king Nokia. Its software now sits inside about a third of the world's handsets."
Legal Lobbying for Linux (NewsForge)NewsForge presents a 'how to lobby' article. "A lot of coverage has been devoted to the software patents fracas, both in the USA and in the EU, and rightly so, but little has been written about the lobbying process itself and how individuals can and should approach it. This article attempts to redress the balance."
WindowsRefund.net: Marching On (Linux Journal)Linux Journal continues a look at one man's attempt to get a refund for Windows. "Getting back to my case against Toshiba, I remain fully committed to establishing a legal precedent that empowers future refund seekers to collect on the promise of the EULA. In order to prepare for the next phase of this ordeal, I have retained legal councel and am exploring options that can be used to obtain the desired outcome."
Interviews Paul Vixie on VeriSign (O'ReillyNet)Here's an interview with Paul Vixie on O'ReillyNet about VeriSign's SiteFinder. "VeriSign kicked a sleeping dog. It's a bizarre thing to do. Was it really VeriSign's decision to make, unilaterally? Did it need permission to make this decision? If so, what entity has the authority to grant such permission? As a result there will be a big policy debate now. Someone will decide if permission needed to be had. Someone will decide if it should be delegated to someone else."
Inside Prelude, an Open Source IDS (O'ReillyNet)O'ReillyNet interviews Yoann Vandoorselaere, the lead developer of the Prelude IDS. "Yoann Vandoorselaere: The popularity of IDS software can be considered to be a trend of the moment, with all the positive and negative side effect this can bring. The bad point about this is that we see more and more companies deploying an IDS without curing their security problem."
Interview With Rusty Russell (KernelTrap)KernelTrap interviews kernel hacker Rusty Russell. "Well known for his packet filtering efforts, having written both ipchains and netfilter/iptables, he has continued to make an impressive number of contributions to Linux kernel development. A large sampling of his current projects have been merged into the upcoming 2.6 kernel, including futexes, per-cpu counters, hot pluggable CPU support, and a complete rewrite of the in-kernel module loading code."
Resources Stress Testing an Apache Application Server in a Real World Environment (Linux Journal)Linux Journal present a howto article on stress testing Apache. "We've all had an experience in which the software is installed on the servers, the network is connected and the application is running. Naturally, the next step is to think, "I wonder how much traffic this system can support?" Sometimes the question lingers and sometimes it passes, but it always presents itself. So, how do we figure out how much traffic our server and application can handle? Can it handle only a few active clients or can it withstand a proper Slashdotting?
Building Unix Tools with Ruby (O'ReillyNet)O'ReillyNet takes a look at building tools with Ruby. "Once you have a properly initiated instance of the option parser, you can add code to checks which options have been selected and what mistakes have been made. GetoptLong provides a lot of help here; your job is limited to defining a few global variables and handling any errors that may occur at this stage."
Start Here to learn about Grid computing (IBM developerWorks)IBM developerWorks takes a long look at grid computing. "How much do you need to know about the evolving grid standards? It depends. IBM and other industry leaders plus researchers and representatives from many grid software vendors are actively involved in the work of the GGF to define the grid standards. Are you a corporate software developer? If so, then you'll use the grid tools and products that will be based on the new standards as they unfold. You'll want to know about the standards and be generally aware of the work that's going on. Here on the developerWorks Grid computing zone, we'll do our best to keep you informed."
Reviews StarOffice 7 is far faster and friendlier than SO 6 (NewsForge)Robin 'Roblimo' Miller reviews StarOffice 7 in this NewsForge article. "If you need to work fast, SO 7's speed certainly makes it worth the upgrade money from SO 6 or OOo, assuming you are using it as a work tool -- and don't mind spending money on software. If you would like to have a free office software package that does most of what SO 7 does, at the same speed, and don't mind waiting a little while to get it, OpenOffice.org 1.1 is almost ready for you, and the latest release candidate (RC4) looks usable enough that adventurous souls may be comfortable using it today instead of waiting for the final version."
Page editor: Forrest Cook Announcements Non-Commercial announcements Statement by the European Small Business Alliance against the Software Patent DirectiveThe European Small Business Alliance has issued a statement against the Software Patent Directive. "If the Directive is enforced as it is considered, SME's who do not possess legal advisors will be confronted with enormous additional costs, since in the future they will have to carry out wide inquiries in matters of patents for every software-project. This does not only regard developers of software, but also computer retailer and IT-branches of enterprises of application. They will also be confronted with costs for licensing for the utilisation of external patents, additional costs for the development and costs for own patents in case enterprises should try to save themselves from the attacks of others."
Groklaw's open letter to SCO's Darl McBrideThe folks over at the (always interesting and useful) Groklaw site have put together an open letter to Darl McBride, in response to his "olive branch" from a couple weeks ago. Click below to read the whole thing (and accompanying press release), or you can read the original (with comments) at groklaw.com. "Releasing software under the GPL is not the same as releasing it into the public domain. Authors retain their copyrights to software licensed under the GPL. Even when authors assign their copyrights to someone else, such as to the Free Software Foundation, the copyrights remain valid, but with the new owner. Therefore, subsequent to termination of your permissions under the GPL, you are in the unhappy position of violating the copyrights of the software authors, if you continue to distribute their software. Under copyright law, you are not allowed to distribute at all without their permission -- and they have chosen to grant that permission only by means of the GPL."
RJ Tarpley's Coffee Company Raises Over $400 for the Mozilla Foundation (MozillaZine)MozillaZine mentions that RJ Tarpley's Coffee Company has been raising money for the Mozilla foundation by selling Mozilla brand coffees.
Commercial announcements Century Releases Operating Environment for Smart Devices as Open SourceCentury Embedded Technology has released their PIXIL Operating Environment platform as open-source. "Century Embedded Technologies, a leader in graphical application technologies for embedded Linux, today announced the release of the PIXIL Operating Environment (OE) platform for embedded devices running Linux to the open source community. Source code is available under both a commercial license and the open source GPL license. PIXIL OE is the foundation for Century's PIXIL suite of complete solutions for small form factor smart flatpanel devices." Thanks to Brock A. Frazier.
Announcements from Intel Developer ForumSnapGear Inc. has announced Linux platform support for network processors based on Intel XScale(R). technology.MontaVista Software has announced that MontaVista(R) Linux(R) Professional Edition will support Intel's IXDP2401, IXDP2801 and IXDP2851 advanced development platforms.
Linux Magazine Rumania launchedLinux Magazine is now available in Rumanian. "Linux Magazin Rumania is the first Linux-oriented publication in Rumania and operates as a licensed edition of the English-language Linux Magazine, which is available in over 50 countries."
Red Hat's second quarter resultsRed Hat, Inc. has sent out a press release on its second quarter results: a $240,000 profit on revenue of $29 million. The company has now sold about 26,000 Enterprise Linux subscriptions; subscription income is now worth about five times as much revenue as retail Linux sales.
Shuttle, MandrakeSoft announce XPC, Linux bundle partnershipShuttle has announced it will ship Mandrake Linux 9.1/9.2 bundled with several XPC barebone machines: SB52G2, SB62G2, SB75G2 and SB75G2 (with i875 chipset).
Sophos acquires ActiveStateSophos, an anti-virus company, has announced the acquisition of ActiveState. Sophos is clearly after ActiveState's anti-spam products, but the release states that ActiveState's Perl / Python / PHP / Tcl tools will continue to be developed as well. More information can be found in this message from ActiveState: "Sophos is committed to supporting and extending ActiveState's involvement in the open source community. ActiveState's programming tools, language distributions, and support services will continue to be developed, supported, and marketed under the ActiveState name, in exactly the same way they have until now."
New Books "Even Grues Get Full" Released by O'ReillyFor those of you who wish to add a bit of comedy to your reading list, O'Reilly has released a new book from the cartoon User Friendly entitled "Even Grues Get Full".
"Wireless Hacks" Released by O'ReillyO'Reilly has released the book "Wireless Hacks". "A neighbor orders food online while someone across the street is using voice chat to talk to relatives (for free!) in Hong Kong, all the while someone upstairs is downloading a new album from their favorite band's web site in San Francisco. The information flows all around you without you seeing or hearing a thing. Make no mistake, wireless networking is probably the second most magical technology on the planet--just behind the Internet."
Resources Online action against Software PatentsHere are some resources to help you find out more about the Software Patent directive, and what you can do to help out.
LDP Weekly NewsThe September 17, 2003 edition of the Linux Documentation Project Weekly News is out with the latest documentation changes.
PHP Survey ResultsThe results from the 2003 PHP Survey have been published. "The PHP Survey data collection has been concluded Zend's PHP survey is a market snapshot of the PHP community. Over 10,000 respondents to the survey which was posted in June 2003."
An introduction to Thunderbird, part 8 (Nidelven IT)Kay Frode's series on Thunderbird continues with part eight, which shows how to create and use newsgroup accounts. "I've got a lot of questions about when/if Thunderbird will have a newsgroup option, the answer is simple, it's already there. :) In this article i will try to show you how to set up such an account."
Upcoming Events AMIA 2003 Program (LinuxMedNews)Linux Med News has an announcement for the American Medical Informatics Association's 2003 Annual Symposium, which will be held in Washington, DC on November 8-12, 2003. "A search of the program for Open Source yields sixteen items. Year by year we are seeing more mention of and involvement in open source at these major events."
'Demystifying Open Source' for non-profits (OpenSector)OpenSector has an announcement for the Demystifying Open Source Technology conference, to be held in New York City on October 8, 2003. "Join us October 8 at the Fund for the City of New York on "Demystifying Open Source Technology," a conference designed specifically to provide an introduction to open source technologies for the nonprofit community."
The PHP|CruiseThe PHP|Cruise has been announced, one free seat will be given away to people who sign up to the mailing list. "php|cruise is a five-day cruise (March 1st through March 5th, 2004) packed with over 50 hours of PHP training for beginners and professionals alikeall in the luxurious and fun atmosphere of a Caribbean cruise aboard one of the best ships of the Royal Caribbean Cruise Line. "
Events: September 25 - November 20, 2003
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Miscellaneous opensurvey pilot surveyThe opensurveypilot project is producing an MPL licensed web-based voting, polling, and surveying system. "To make good things better, we decided to setup up a survey regarding the future of the opensurveypilot. We and our community want to know your wishes and needs. Help us to develop a strong opensource alternative."
Page editor: Forrest Cook Letters to the editor more questions on the sco linux license
mr. riggott,
My linux servers are do *not* have tools on them
Leon brooks writes:
Feedback: McNealy and Linux
> they need to outsource data centers or buy them ready-made with
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[New user-space dev_t]](/images/ns/dev_t.png)
with the minor number in the bottom 20 bits. The encoding seen by user
space is different, however, as shown in the diagram to the right. Here,
the major number sits in bits 8-19, while the minor number is split across
bits 20-31 and 0-7. This representation may seem strange, but it has one
very nice property: old 16-bit device numbers are still valid in the new
scheme. Encoding device numbers this way helps keep no end of applications
from breaking with the new device number type. One might wonder why this
workaround is necessary, given that the C library can convert device
numbers as needed for the few system calls (mknod(),
stat(), etc.) that actually need them. The problem is that device
number pop up in a number of other contexts, such as in filesystems and
ioctl() calls, where the C library is unable to help.