|
|
Subscribe / Log in / New account

LWN.net Weekly Edition for October 9, 2003

The future of the FUD mill

There's yet another Microsoft-funded analyst study out there; this one, done by VeriTest, compares deployment times for Microsoft Windows Small Business Server and Red Hat Enterprise Linux. No doubt everybody will be surprised to hear that the study (available in PDF format) concludes that Windows is better. Four tasks were set out: install the system with basic services, set up performance monitoring and reporting, set up an intranet web site, and configure the network for remote management. Doing these tasks with Windows took, they say, 4 1/2 hours and 125 steps. Linux required 7 1/2 hours and 555 steps.

It is not hard to poke holes in the study, of course. Somehow it was possible to set up an intranet server on Windows with zero steps - but it still took seven minutes. Somehow the report didn't comment on the discouraging time per step required to accomplish this task on Windows. Errors made by the (Microsoft-hired) consultants performing the Linux installation were counted as steps. Tasks like checking the system with nmap were also counted. Setting up remote administration took 100 steps; we could suggest a shorter way of doing that:

  1. Enable sshd.

The VeriTest people, instead, set out on a series of tasks involving installing the kernel source, setting up PPTP, and carrying out several tasks on the Windows client - all of which counted as steps, of course.

One could go on about this report for a long time; see, for example, the letter from Leon Brooks on this week's Letters Page. The more interesting development, however, is that Forrester Research has, after having Microsoft trumpet one of its studies, issued this statement on the integrity of its reports.

Recently, in two isolated and unrelated cases, we conducted privately sponsored studies for two vendor clients. We stand by the integrity of both studies. However, we erred in allowing those clients to publicize the research findings. In response to these two isolated events, Forrester has taken immediate steps to tighten our internal process and clarify our Integrity Policy. As part of this clarification, the company will no longer accept projects that involve paid-for, publicized product comparisons. This move revalidates and strengthens Forrester's research integrity.

Forrester, in other words, is getting out of the analyst-for-hire FUD business. Given that this business can only be lucrative, Forrester's decision to leave it behind is worthy of note.

FUD-for-hire has long been an important business tool in the technology world. Analysts have been happy to have the business, and they have been able to live with the fact that their output always seems to support the sponsor's agenda. Technical journalists have long liked these reports; they can easily be cast into a story without requiring much in the way of creative or critical thought. The whole system worked smoothly as a way of shaping public perception of technology products.

Something has happened over the last decade or so, however. The net has made it easy for interested parties to rip apart biased or poorly-done studies. And the rise of free software has greatly increased the number of people who feel some sort of ownership interest in the systems they use. As a result, anybody publishing a report critical of free software had better be very sure of his ground, because that report will be subjected to intense scrutiny. Some of the people performing that scrutiny will know far more about the subject manner than the analysts who wrote the text, and they will not be afraid to say, in public, what they think. Shoddy research and skewed studies do not fare well in the modern environment.

It has been noted for years that FUD attacks on Linux tend to backfire; even Microsoft has commented on this fact. The combination of the net and the Linux community has managed to neutralize - or at least strongly diminish the effect of - FUD. Analyst companies which are seen as taking part in outright FUD attempts have seen their own credibility suffer; remember MindCraft? Now some analyst companies, concerned about the perception of their integrity, are realizing that the FUD business is a poor place to be in the long run. That is a victory for the Linux community, and for the level of technology industry discourse in general.

Comments (5 posted)

An Evening with Bruce Perens

October 8, 2003

This article was contributed by Joe 'Zonker' Brockmeier.

Bruce Perens was in Denver this week for IBM's Linux strategy briefing and offered to speak to the Colorado Linux Users and Enthusiasts (CLUE) Linux User Group the night before the IBM event. The talk was billed as "The Future of GNU/Linux and Free Software," but Perens talked a great deal about the history of free software as well.

After covering his history with Linux and the open source movement, Perens turned to current events. He talked a little bit about how many companies doing Linux-related business suffer from multiple personality disorder. On the one hand companies like HP are looking to push Linux and are trying to embrace Linux and do the right thing for the Linux community. On the other hand, these companies have to maintain relationships with companies like SCO and Microsoft and participate in groups like CompTIA that actively work against open source. Perens cautions the community to pay attention to everything a company does, not just its support for open source.

We know that both Hewlett-Packard and the other members of CompTIA were sponsors of the so-called Software Choice Initiative, which works against open source. So, it's important to watch our friends.

Perens also noted that the next likely legal attack against open source would be via software patents, and said he thinks its unlikely that corporations like HP or IBM would help the community in that event.

Though Perens says he hasn't made up his mind yet, he indicated he was thinking seriously about trying to form a community-driven answer to Red Hat's enterprise products.

I'm wondering if it's time for a grass-roots enterprise Linux, and the way I figured I would do this... is first of all take Debian, why is there a Fedora project when there's Debian, a ten-year-old project with all its policies done...with over a thousand developers? That is what the Fedora project should be. Take that, and get together the community of enterprise users who depend on Linux and really want a zero-cost enterprise distribution.

After the talk, we caught up with Bruce for a few minutes one-on-one to ask about issues not covered during his talk, and to get further information on the grass-roots enterprise Linux effort. The first question was about the disagreement between the Free Software Foundation and the Debian Project over the GNU Free Documentation License (FDL). Perens has helped mediate between the groups, and says that they're on their way to working it out.

I wanted to take the emotion out of the whole thing, and it looks like we're succeeding at that. I'm not tremendously happy to have coverage of Debian and FSF bickering, we have a lot more important things going on.

I think that it's going to take care of itself more or less now. You probably will have some conference calls that are exciting... I'm not asking either organization to compromise with each other, I'm asking each organization to follow their own rules. I feel that it's not permissible for Debian to compromise its ethos for FSF nor is it permissible for the FSF to compromise its ethos for Debian and resolution of this issue does not call for either.

Perens also clarified his thoughts on a possible "grass-roots" enterprise-ready Linux distribution:

It's something I'm still thinking about. I think I will go ahead and do a call for people to work on it. Obviously I'm open for people who want to discuss it. The project is not yet announced. I really debated this in my own head for weeks now, and part of the reason was that, I feel that it's a big personal expense to me to do any large project. On the other side every open source thing I've ever done has paid back much more than I've put into it... I feel that I must participate because I'm one of the few people in the community with the cachet to pull this off, who can talk to all the people on the executive side and all the people on the community side and has reasonable credibility with both of them. That doesn't mean I have to run it, definitely doesn't mean I want to be its CTO, it does mean I would be evangelizing it publically for quite some time.

I'm thinking about whether it is time for the community... to provide directly a Linux distro certified to LSB and to proprietary software providers that are willing to do so, guaranteed to be free software and free beer, free speech and free beer. A certified distribution that is zero cost, free software... and I'm convinced that creating a Linux distribution is a expense-sharing system rather than a profit-making system, even Red Hat now admits this as they attempt to offload production of their distribution to the community.

We also asked Perens how he felt about companies that use open source software, but do not contribute substantially to the projects they use.

I have a scale for commercial collaborators with the community. It has four points. It runs benefactor, partner, user, parasite. Benefactor: NASA's a great example. They funded most of Linux's Ethernet drivers at one time. At that time they were not able yet to make extensive use of Linux, now they are. They put in more than they got out. Most companies would not want to be benefactors, it looks bad to your stockholders.

Partner is what companies should be if they expect the cooperation of the free software community. At Hewlett-Packard, we could not get them to help us with the IA-64 kernel until we made the printers work. Very good lesson for companies, we put out 60 printer drivers on Linux because of that.

User is a company that makes use of Linux and open source that complies with the licensing, but does not make any contribution unless they just can't avoid it. The usual GPL. I put Linksys in the user category if they finish resolving the issues they're working on with the FSF right now. Linksys is a division of Cisco, a very big company, that's important.

Parasite, SCO comes to mind. They're making fraudulent claims to get value out of the Linux and open source community by kiting their stock and you can quote me on "fraudulent," "libelous," "slanderous," no problem with that. Other parasites, well who sold Linksys and Cisco that wireless access point? A chip company with a "B"... a number of engineering companies that seem to be in Taiwan and Korea, transfered intellectual property that was not theirs to Linksys and Cisco, in ways that did not comply with the licensing, leaving these companies whose goodwill we want out of compliance with our licenses and they don't know how to resolve the problem. So I don't like it because those Taiwanese or Korean companies made us enemies with Cisco when we want those guys to put Linux in their next product, we just want them to comply with the licenses and they should have been given full directions for doing so when they bought those WAP designs.

Finally, we asked Perens if he had any thoughts on Eric Raymond's prediction that Sun is doomed.

Yeah, I wish Eric hadn't written that, actually. At least not quite the way he wrote it, because first of all not having worked at HP as I have, Eric doesn't understand how long a company can run on a legacy product which is an extremely long time. And, secondarily, I think Eric was angered by things Sun has been saying about Linux not belonging in the data center and Sun's explicit collaboration with SCO spreading FUD. However, Sun also helps us. Remember what I said about corporate multiple personality disorders. They've done $70 million dollar investment in OpenOffice, and I don't see where it paid off for them. They bungled the strategic aspect of it, they need help with it, but it was a very large contribution to Linux and open source. So, first of all, Sun's not going away, they're not dying. If anything, they'll be acquired. They're still a company with some value, and obviously their price is becoming more attractive. Who will acquire them? I think it's either Microsoft or IBM.

We thank Bruce for taking the time to talk with us.

Comments (27 posted)

VeriSign backs down - for now

The September 18 LWN Weekly Edition asked "whose Internet is it?" in response to VeriSign's deployment of its "SiteFinder" service. SiteFinder is an attempt to profit from mistyped domain names; it is implemented as a set of wildcard entries in .com and .net which direct the user to VeriSign's paid index pages. VeriSign's unilateral change broke a number of network services, modified how DNS works with no input from anybody else involved, and raised a great many privacy concerns. Nonetheless, VeriSign seemed determined to weather the storm and keep its changes in place. That is not a surprising position, given that the company expected SiteFinder to generate a revenue stream in the millions of dollars.

Among other things, VeriSign had ignored a request from the Internet Corporation for Assigned Names and Numbers (ICANN) to suspend the service. It would seem, however, that ICANN is not entirely without clout - or value. On October 3, ICANN sent a more strongly written letter to VeriSign:

In addition, our review of the .com and .net registry agreements between ICANN and VeriSign leads us to the conclusion that VeriSign's unilateral and unannounced changes to the operation of the .com and .net Top Level Domains are not consistent with material provisions of both agreements....

Given these conclusions, please consider this a formal demand to return the operation of the .com and .net domains to their state before the 15 September changes, pending further technical, operational and legal evaluation. A failure to comply with this demand will require ICANN to take the steps necessary under those agreements to compel compliance with them.

In response, VeriSign grumbled a little, then removed its wildcard entries and turned off the service. However, anybody who thinks that VeriSign has seen the light and realized that, as the steward of a public resource, it needs to act in a more responsible manner would be well advised to read this column by Mark McLaughlin, a VeriSign VP.

ICANN appears to have bought into claims that the Internet has broken or will break. Anyone who has used it in the last three weeks knows that claim to be false. More likely, ICANN caved under the pressure from some in the Internet community for whom this is a technology-religion issue about whether the Internet should be used for these purposes.

The company also had some strong words at the special ICANN meeting held on October 7. Among other things, it said that it may have other surprises to spring on the net in the future. VeriSign, in other words, is absolutely unrepentant. This company's history suggests that it will not give up on the SiteFinder idea anytime soon. At the moment, it appears that the net's governance mechanisms have brought about the right result. But it would be a mistake to assume that this particular episode is over.

Comments (5 posted)

Quick SCO update

Many people have wondered how it could be that SCO's stock price continues to increase even as the company's claims are publicly torn to pieces. A partial answer to that question came to light this week, in the form of this SEC filing. It would seem that Royce & Associates, the manager of the "Royce Technology Value Fund," now owns over 1.4 million shares of SCO. That is, as it turns out, over 10% of all the outstanding shares in the company, and almost 20% of the shares in active circulation. For whatever reason, Royce has made a huge bet on SCO, and has managed to keep the price high in the process.

This fund is managed by Jonathan Cohen; some information about Mr. Cohen and SCO can be found on this page. Among other things, he has been talking up SCO stock in a number of forums; see, for example, this posting on MSN/CNBC. "Cohen said the company's stock has done well this year on the back of solid fundamentals. It has an enormous base of intellectual property rights, he added." Solid fundamentals indeed.

Meanwhile, more documents on the IBM case, and, in particular, the pre-trial discovery process have come to light; they can be found on the always useful Groklaw site. There's some fun stuff there. Consider the following from "Exhibit E," SCO's response to IBM's discovery demands:

Please identify, with specificity (by product, file, and line of code, where appropriate) all of the alleged trade secrets and any confidential or proprietary information that plaintiff alleges or contends IBM misappropriated or misused...

...SCO notes that discovery has just begin and it has not yet received responsive discovery from IBM that would allow it to fully answer this question because part of this information is peculiarly within the knowledge of IBM.

SCO responds to a number of questions in this way. One way of translating this response into English would be something like "we don't know, we were hoping IBM would tell us." It is hard to imagine a judge being impressed.

IBM also asked for information on "any person on whom plaintiff intends to rely as a witness, declarant, or affiant in this action." SCO's response was "None at this time." Could the company really have no witnesses at all?

IBM has filed a motion with the court attempting to compel SCO to back up its claims. The company has also asked for an oral argument before the judge on the issue.

Good cause for oral argument exists because of the nature of the discovery issued upon SCO and the significance of its refusal to respond. SCO has the burden to prove the existence of a trade secret or misappropriation by IBM of confidential or proprietary information, and there is no presumption in SCO's favor in this regard... As a result, SCO's apparent inability to respond to IBM's interrogatories as required under the Federal Rules of Civil Procedure has potentially outcome determinative consequences.

In other words, if SCO can't back up its charges, it's time to call the show over. Nobody ever thought IBM's lawyers would make it easy for SCO.

Finally, Drew Streib is still trying to buy an SCO "Linux license," but still has not succeeded. "I can't believe that a sales force is this incompetent, or instead of that possibility, that SCO could be so blatantly outright in their lying about license availability." SCO also continues to state that it will not be sending out invoices because the "response has been adequate." One might conclude that the company is having second thoughts about its licensing program.

Comments (1 posted)

Authors wanted

It has been the better part of a year since we first started taking externally written articles for LWN. That effort has had its ups and downs, but, overall, we have been pleased with the result. Externally contributed material has allowed us to bring new content and viewpoints to LWN. We have convinced ourselves that we can bring in more content and maintain the quality of our publication.

So, the time has come to expand our external author program. Writing for LWN will not be easy; as editors, we are fussy and difficult to please. And it certainly will not be a path to riches, or even away from the day job. But it is a way to get your byline out there and help us make a better LWN. If you think you might be interested, please take a moment to look at our author guide. If you're still interested afterward, we would like to hear from you.

Comments (none posted)

Page editor: Jonathan Corbet

Security

Brief items

The EFF's report on trusted computing

The Electronic Frontier Foundation has released, to a fair amount of fanfare, its report on trusted computing. The report's author (Seth Schoen) has concluded that, while trusted computing architectures offer a number of security benefits, there are also potential problems that need to be addressed.

The report mentions four different technologies that make up current trusted computing efforts:

  • Memory curtaining. Modern operating systems already go to considerable lengths to keep one process from being able to mess with another process's memory. Memory curtaining takes things further by improving memory isolation support in the hardware, so that even the kernel cannot modify one process's memory while working on behalf of another process.

  • Secure I/O is the creation of a data path from the keyboard (or other input devices) to the application, and from the application to the screen which cannot be seen or modified by other processes. It is an attempt to stop software keystroke loggers, screen readers, and other eavesdropping tools.

  • Sealed storage works by hiding encryption keys within the system hardware, so that encrypted data cannot be read anywhere else.

  • Remote attestion is a hardware-supported mechanism for ensuring that the software running on a system has not been modified. The technology allows the generation of certificates that can allow a remote application (a web server, say) to be sure of the software it is talking to.

The report acknowledges that all of these technologies can help to improve the security of computer systems. With a trusted computing architecture in place, a worm which is able to exploit a hole in one program will find its ability to do anything interesting on the system much reduced. The EFF does not have any real problem with most of the technologies discussed.

That is not true, however, for remote attestation:

TCG attestation conspicuously fails to distinguish between applications that protect computer owners against attack and applications that protect a computer against its owner. In effect, the computer's owner is sometimes treated as just another attacker or adversary who must be prevented from breaking in and altering the computer's software.

A few cases where the remote attestation feature could backfire on users are mentioned. One is web servers which refuse to talk to anything other than the One Chosen Browser. There are sites which do that now, but most modern browsers are capable of masquerading as something else, so these techniques are not effective. Remote attestion would change that. Other examples include software interoperability (i.e. eliminating Samba forevermore), forced upgrades, and forced use of digital rights management schemes.

As a solution, the EFF suggests an "owner override" feature. The owner of a system could, while physically present at the machine, force it to produce an attestation for software that the owner has modified or replaced, making it look like something else. This feature would solve the problem for suitably capable users. It is hard to imagine users developing a widespread ability to safely perform overrides, however.

The real conclusion to be taken from this report is that the owners and users of computers need to maintain control over their machines. When your own computer treats you like an attacker, it has ceased to be truly yours, and it becomes a tool for controlling your behavior. Free software users have understood this point for years, of course. We have built a system that allows us to stay in control. But we need to be careful that the hardware platforms of the future do not take that control away from us.

Comments (10 posted)

New vulnerabilities

cfengine: stack overflow

Package(s):cfengine CVE #(s):
Created:October 8, 2003 Updated:October 8, 2003
Description: Versions of cfengine prior to 2.0.8 contain a stack overflow in the network I/O code which can be exploited remotely. See this advisory for details.
Alerts:
Gentoo 200310-2 cfengine 2003-10-04

Comments (none posted)

Resources

Analysis of the MediaMax CD3 copy-prevention system

John A. Halderman has analyzed the "CD3" copy protection system for audio CDs and posted his results. It seems that this technology works by loading a special driver via the Windows autorun feature; the driver interferes with read operations, thus thwarting copy attempts. But only if the driver is actually loaded. "MediaMax's protections are ineffective because the driver program can easily be disabled or, depending on the system configuration, it might never be installed to begin with. As a result, audio content is vulnerable to copying in virtually 100% of deployed systems.... Computers running Linux or Mac OS 9 can't run the MediaMax software at all, so they can always copy the recording." Sometimes the lack of Linux support is a good thing.

Comments (21 posted)

LinuxSecurity.com newsletters

This week's Linux Advisory Watch and Linux Security Week newsletters from LinuxSecurity.com are available.

Comments (none posted)

Events

EICAR 2004

The 13th Annual EICAR Conference will be held at the Hilton Luxembourg in Luxemburg City from May 1 to 4, 2004. "Participants can expect a variety of academic and leading edge technical presentations from around the world, with an emphasis not only on technical aspects of IT-security, but also the legal and social issues rapidly becoming the new thorn in everyone's collective side." The call for papers has gone out, with a submission deadline of January 15.

Full Story (comments: none)

Page editor: Jonathan Corbet

Kernel development

Brief items

Kernel release status

The current development kernel is 2.6.0-test7, which was released by Linus on October 8. Changes this time include a bunch of janitorial work, some IDE driver updates, a new filesystem mount option parsing scheme, a change to how module array parameters are declared, some video for Linux updates, an ACPI update, an XFS update, a reserved system call for the vserver project, and lots of fixes. See the long-format changelog for the details.

As part of the announcement, Linus has stated that he is tightening up the criteria for accepting patches.

The more interesting thing is that I and Andrew are trying to calm down development, and I do _not_ want to see patches that don't fix a real and clear bug. In other words, the "cleanup and janitorial" stuff is on hold, and -test8 and then -test9 should be for _stability_ fixes only.

The current stable kernel is 2.4.22; the last 2.4.23 prepatch was 2.4.23-pre6 on October 1.

Comments (1 posted)

Kernel development news

Alternative kernel trees

Much attention is paid to official kernel releases from Linus and Marcelo. There are, however, a number of other kernel trees out there, many of which offer different views of how the kernel should be or where its development should go. It has been a while since we've looked at the alternative kernel trees which are currently being maintained, so it is a good time for an update. We'll start with the 2.6-based trees.

Andrew Morton's -mm tree (currently at 2.6.0-test6-mm4) remains the largest staging area for code headed toward the mainline. The -mm kernels give big patches a place where they can be examined and tested without breaking the mainline kernel. This tree currently contains, beyond lots of fixes, a full set of kgdb patches, the current versions of the must-fix and should-fix lists, a bunch of VFS work from Al Viro (aimed at making hot removal of disks work properly), the CFQ disk I/O scheduler, Intel MSI and EFI support, the 4G/4G large memory patch, a lot of direct and asynchronous I/O work, and a patch called "support-zillions-of-scsi-disks."

Stephen Hemminger recently released 2.6.0-test6-osdl1. This relatively small patch has been reborn; it now concerns itself with features that will be merged after the 2.6.0 release, if ever. Thus, it includes a patch adding file extents to ext3, Ingo Molnar's ExecShield, the Linux kernel crash dump facility, the kexec system call, and a few others.

Martin Bligh continues to release occasional -mjb kernels; the latest is 2.6.0-test6-mjb1. These kernels have "mainly scalability and NUMA stuff, and anything else that stops things from irritating me." The patch currently includes a configuration option for the internal clock speed, a number of tunable parameters for the scheduler, the lockmeter patch, the object-based reverse mapping patch, and a number of NUMA-related patches.

Randy Dunlap posts an occasional -kj tree; 2.6.0-test6-kj1 was released on September 29. This is not the tree for people seeking exciting new features; its purpose is to serve as a collection area for janitorial patches that might otherwise fall through the cracks.

Alan Cox's departure from the kernel scene has left a large hole where his 2.4-base -ac tree used to be. Many distributors based their stock kernels on something close to Alan's tree. The -ac tree has technically been taken over by Bernhard Rosenkraenzer, but his last release was 2.4.23-pre4-pac2 on September 17.

Andrea Arcangeli has, of late, started announcing more of his -aa trees to the world. His latest (2.4.23pre6aa2) includes a new "desktop" boot parameter which sets several options for optimal desktop performance, run-time configurable internal clock speed, some virtual memory work, the TUX HTTP server, kgdb, the 2.6 "futex" feature, XFS version 13, Jens Axboe's "laptop mode" patch, and many others. Andrea plans to include Jeff Garzik's "libata" disk drivers soon.

James Bourne maintains a "-uv" patch series which is limited to compilation and security fixes for the current stable kernel. The latest is 2.4.22-uv2.

Comments (1 posted)

Relayfs

Tom Zanussi has posted a new version of the "relayfs" filesystem code; the full set of patches can be found in the "patches" section, below. Relayfs is an attempt to provide a common framework for kernel code which must exchange large amounts of data with user space. The initial application would appear to be for kernel event tracing and profiling, but one can certainly imagine other ways to use such a system as well.

Relayfs is, of course, yet another virtual filesystem implemented by the kernel; it must be explicitly mounted by user space to be available. Kernel code can then create a relay with relay_open(); it will show up as a file under relayfs. User space can then open the relay and employ all of the usual file operations - including mmap() and poll() - to exchange data with the kernel. To an application, a relayfs file descriptor looks much like a Unix-domain socket, except that the other end is a piece of kernel code rather than another process.

The interface on the kernel side is a bit more complex. The expected relay_read() and relay_write() functions exist and can be used to move data to and from user space. But relayfs also exposes much of the internal structure to kernel code that needs to know about it. So special-purpose code can obtain a pointer into the relayfs buffer and copy data there directly, for example. There is also a set of callbacks for kernel code that wants to know about relayfs events, and a set of utilities for manipulating the buffer size, optimizing the locking used, etc.

Relayfs is a non-intrusive patch - it does not affect parts of the kernel that are not explicitly changed to make use of it. So it is conceivable that this patch could yet make it into a 2.6 release. The reimplementation of printk() which uses relayfs might have to wait a little longer, however.

Comments (none posted)

Driver porting

kobjects and hotplug events

October 7, 2003

This article was contributed by Greg Kroah-Hartman.

Last week, in the article about kobjects, it was mentioned that a kset has a set of hotplug operations. This week we will introduce the hotplug operations, and detail how they work.

Remember that a kset is a group of kobjects which are all embedded in the same type of structure. In the definition of a kset, a pointer to a struct kset_hotplug_ops is specified. If this pointer is set, whenever a kobject that is a member of that kset is created or destroyed by the kernel, the userspace program /sbin/hotplug will be called. If a kobject does not have a kset associated with it, the kernel will traverse up the kobject hierarchy (using the parent pointer) to try to find a kset to use for this test.

struct kset_hotplug_ops is a structure containing three function pointers and is defined as: 

    struct kset_hotplug_ops {
	int (*filter)(struct kset *kset, struct kobject *kobj);
	char *(*name)(struct kset *kset, struct kobject *kobj);
	int (*hotplug)(struct kset *kset, struct kobject *kobj, 
                       char **envp, int num_envp, 
		       char *buffer, int buffer_size);
    };

Hotplug filters

The filter function will be called by the kernel before a hotplug operation happens. The kobject and the kset which are being used for the hotplug event are passed as parameters to the function. If this function returns 1 then the hotplug event will be generated; otherwise (if the function returns 0), the hotplug event will not be generated. This function is used by the driver core and the block subsystem to filter out hotplug events for kobjects that are owned by these systems but which should not have hotplug events generated for them.

As an example, the driver core's hotplug filter is contained in the file drivers/base/core.c and looks like: 

static int dev_hotplug_filter(struct kset *kset, struct kobject *kobj)
{
	struct kobj_type *ktype = get_ktype(kobj);

	if (ktype == &ktype_device) {
		struct device *dev = to_dev(kobj); 
		if (dev->bus)
			return 1;
	}
	return 0;
}

In this function, the first thing that happens is the type of the kobject is checked. If this really is a device type of kobject, then we know it is safe to cast this kobject to a struct device, which is done in the line: 

    struct class_device *class_dev = to_class_dev(kobj);

If this class device has a class assigned to it (dev->bus), the filter function tells the kobject core that it is acceptable to generate a hotplug event for this object. If any of these tests fail, the function returns 0 stating that no hotplug event should be generated.

The filter function allows objects in the device tree to own kobjects themselves (to create subdirectories, and for other uses) and prevent hotplug events from being created for these child kobjects.

Hotplug event names

When /sbin/hotplug is called by the kernel, it only has one argument passed to it, the name of the subsystem creating the event. All other information about the hotplug event is passed in environment variables. For detailed examples of some of the hotplug events and environment variables, see the Linux Hotplug project website.

For the kobject core to know what kind of name to provide to this hotplug event, the name function callback is provided. If the kset associated with this kobject wants to override the name of the kset for the hotplug event, then this function needs to return a pointer to a string that is more suitable. If this function is not provided, or it returns NULL, then the kset's name will be used.

For example, all struct device objects in the kernel belong to the same device kset (the device, driver, and class model sits on top of kobjects and ksets, making it simpler for driver authors to use). This kset is called "devices". It would not make much sense for every USB or IEEE1394 device that was plugged into, or removed from the system to generate a hotplug event with the name "devices". Because of this, the device subsystem has a name function for its hotplug operations: 

static char *dev_hotplug_name(struct kset *kset, struct kobject *kobj)
{       
	struct device *dev = to_dev(kobj);

	return dev->bus->name; 
}

In this function, the kobject is converted to a struct device, and then the name of the bus associated with this device is returned. This allows USB devices to create hotplug events with the name "usb" and IEEE1394 devices to create hotplug events with the name "ieee1394".

One note about this function: the only way that we know it is safe to directly cast this kobject into a struct device is that it has passed the filter function first. In that function, the type of the kobject and the fact that the device had a pointer to a bus was verified. Without that filter function, that information would have to be checked before blindly casting and following two levels of pointer indirection.

Hotplug environment variables

All calls to /sbin/hotplug provide the majority of information within environment variables. The three variables that are always set for every hotplug call are the following:

Variable Value Description
ACTION add or remove Describes if the kobject is being added or removed from the system.
SEQNUM numeric Provides the sequence number of the hotplug event. It is used for userspace to determine if it has received the hotplug event out of order or not. The value starts out a 0 when the kernel boots, and increments with every /sbin/hotplug call. It is a 64-bit number, so it will not roll over for a very long time.
DEVPATH string The path to the kobject that the hotplug event is happening on, within the sysfs file system. To get the true filesystem location for this kobject, add the mount point for sysfs (usually /sys) to the beginning of this string.

These variables are usually enough for userspace to determine what is happening with this hotplug event, but a lot of subsystems want to provide more information. This is especially true when a kobject is removed from the system, as the sysfs entry for the device will also be removed, preventing userspace from being able to look up any attributes about the device that was just removed. Because of this, the hotplug callback is provided for the kset to provide any additional environment variables that it wants to.

The hotplug function callback is allowed to add any additional environment variables that the kset might want added for this call to /sbin/hotplug. To review the prototype for this function: 

    int (*hotplug)(struct kset *kset, struct kobject *kobj, 
                   char **envp, int num_envp, 
		   char *buffer, int buffer_size);

Here, kset and kobj are the objects for which the event is happening, envp is a pointer to an array of environment variables (in the usual "NAME=value" format), num_envp is the length of envp, buffer is a buffer where additional variables can be put, and buffer_size is the size of buffer. The hotplug function should create any additional environment variables that are called for, store pointers to them in envp, and terminate envp with a NULL. If the hotplug callback returns a non-zero value, the hotplug event is aborted, and /sbin/hotplug will not be called.

The driver and class subsystems pass hotplug calls down to the bus and class owners of the kobject that is being created or removed, allowing these individual subsystems to add their own environment variables. For example, for all devices located on the USB bus, the function usb_hotplug() in the drivers/usb/core/usb.c file will be called. This function is defined as (with much of the boring code removed): 

static int usb_hotplug(struct device *dev, char **envp, int num_envp,
		       char *buffer, int buffer_size)
{
	struct usb_interface *intf;
	struct usb_device *usb_dev;
	char *scratch;
	int i = 0;
	int length = 0;

	/* ... */
	intf = to_usb_interface(dev);
	usb_dev = interface_to_usbdev(intf);

	/* ... */
	scratch = buffer;
	envp[i++] = scratch;
	length += snprintf(scratch, buffer_size - length, "PRODUCT=%x/%x/%x",
			   usb_dev->descriptor.idVendor,
			   usb_dev->descriptor.idProduct,
			   usb_dev->descriptor.bcdDevice);
	if ((buffer_size - length <= 0) || (i >= num_envp))
		return -ENOMEM;
	++length;
	scratch += length;

	/* ... */
	envp[i++] = NULL;
	return 0;
}

The lines: 

	scratch = buffer;
	envp[i++] = scratch;
set up the environment pointer to point to the next location in the buffer passed to us. Then the big call to snprintf creates a variable called PRODUCT which is assigned the value of the USB device's vendor, product and device ids separated by a '/' character. If snprintf succeeded in not overrunning the buffer provided to us, and we still have enough room for one more environment variable, then the function continues on. The last environment variable pointer is set to NULL before returning.

All that work for a simple result

With the combined effort of the kset hotplug function callbacks every kset can customize the call to /sbin/hotplug in whatever way it likes while still providing userspace a consistent interface from the kernel. Every kobject that is registered with sysfs can generate this call easily, so all parts of the kernel that use kobjects and ksets automatically get the /sbin/hotplug interface for free. This allows userspace projects such as the module loading scripts, devlabel, udev, and D-BUS valuable information as to what the kernel is doing whenever a change in the kobject tree occurs.

Comments (1 posted)

Patches and updates

Kernel trees

Linus Torvalds Linux 2.6.0-test7 - stability freeze ?
Andrew Morton 2.6.0-test6-mm3 ?
Andrew Morton 2.6.0-test6-mm4 ?
Martin J. Bligh 2.6.0-test6-mjb1 ?
Stephen Hemminger 2.6.0-test6-osdl1 ?
Andrea Arcangeli 2.4.23pre6aa1 ?
Andrea Arcangeli 2.4.23pre6aa2 ?
James Bourne 2.4.22-uv2 patch set released ?

Core kernel code

Peter Aechtler [1/2] posix message queues ?
Peter Aechtler [2/2] posix message queues ?

Development tools

Robert Williamson Linux Test Project October Release Announcement ?

Device drivers

Long Nguyen Updated MSI Patches ?
Greg KH USB fixes for 2.6.0-test6 ?
Jeff Garzik libata update posted ?
Gerd Knorr v4l: videobuf update ?
Gerd Knorr v4l: saa7146 driver update ?
Gerd Knorr v4l: bttv driver update ?
Gerd Knorr saa7134 driver update ?
David Brownell [patch 2.6.0-test6] usbcore and driver model (0/3) ?
David Brownell [patch 2.6.0-test6] rm interface.driver (1/3) ?
David Brownell [patch 2.6.0-test6] usbfs updates (2/3) ?
David Brownell [patch 2.6.0-test6] usbnet (3/3) ?
Greg KH gadget serial driver -- patch for 2.6 ?

Documentation

H. Peter Anvin Horribly overdue update to unicode.txt ?

Filesystems and block I/O

Roman Zippel new HFS(+) driver ?
Tom Zanussi relayfs (1/4) (Documentation) ?
Tom Zanussi relayfs (2/4) (include files) ?
Tom Zanussi relayfs (3/4) (VFS and scheme-specific code) ?
Tom Zanussi relayfs (4/4) (public API and common code) ?

Networking

Jim Keniston Net device error logging ?
Netfilter Core Team Release of iptables-1.2.9rc1 ?

Benchmarks and bugs

Christian Kujau crypto benchmark results with 2.6.0-test6 ?
Mike Benoit File System shootout... ?

Page editor: Jonathan Corbet

Distributions

News and Editorials

A Feature Tour of New Distribution Releases

October 5, 2003

This article was contributed by Ladislav Bodnar

A flurry of recent release announcements from Slackware, Mandrake and SUSE have created plenty of excitement, so characteristic of this time of the year, when many commercial Linux companies are finalizing their new products. What can we expect? At first sight, it would seem that this round of distribution releases lacks any visible advancements - at least compared to the March/April release round with the then new XFree86 4.3.0, KDE 3.1, new font anti-aliasing technologies, NPTL threading library, zeroconf and many other interesting features. Six months later, we have a new GNOME 2.4, as well as the first edition of the GNOME Office suite, version 1.0, but the much awaited 2.6 Linux kernel series is still in heavy development and so are XFree86 4.4 and KOffice 1.3, while KDE 3.2 has only just entered the alpha stage. Let's take a brief tour of the features found in the latest distribution releases.

Slackware Linux 9.1

Slackware Linux 9.1, released last week, is a pleasant surprise. Gone are the ugly default fonts from version 9.0 and the overall look and feel of both GNOME 2.4 and KDE 3.1.4, as well as half a dozen of other desktop environments is much improved. This is the first time ever that Slackware Linux ships on two installation CDs - despite the developers' best efforts, it is no longer possible to include the latest versions both GNOME and KDE together with a base Linux system on a single CD. The kernel is version 2.4.22 with support for SCSI and ATA RAID volumes, PCMCIA, CardBus, APM for notebooks and USB hotplug. Advanced package management tools for Slackware packages (slackpkg and swaret) are now included in the /extra directory, so keeping a Slackware installation up-to-date with security patches has never been easier. Also worth mentioning is "ZipSlack", claimed to be the fastest Linux installation ever: "ZipSlack provides a basic text-based Linux system as a 41 megabyte ZIP archive. Simply unzip on any FAT or FAT32 partition, edit your boot partition in the LINUX.BAT batch file, and you can be running Linux in less than five minutes." A highly positive early review of Slackware Linux 9.1 has been published by OSNews.

SUSE LINUX 9.0

SUSE has announced SUSE LINUX 9.0 with general availability on October 24 (slightly earlier in Europe). The occasion was accompanied by substantial design changes to SUSE's web sites, its logo, slogan and even the product name - from "SuSE Linux" to "SUSE LINUX": "As part of the overall effort to update our look, it was felt that upper casing all of SUSE LINUX brought more attention to the name." SUSE's new slogan is "Simply Change", which is: "on one hand a challenge to switch from monopolistic software to the flexibility of SUSE and on the other signifies how simple this shift can be."

On the technical side of things, the LSB-certified SUSE Linux 9.0 comes with a new NTFS partition resizing tool and a much improved -- especially in terms of compatibility with MS Office -- OpenOffice 1.1 final. The overall theme is that of an easy migration from Windows to Linux, both for home and office users. Other improvements include new features for mobile computer users, where the already excellent range of networking and power management features have been expanded by an increased number of supported Winmodems as well as a "profile manager" with a single-click hardware re-configuration for frequent travelers and commuters. The YaST setup tool now comes with a remote administration feature through a web browser and VNC. Last but not least, SUSE 9.0 also comes in a 64-bit edition for the Athlon 64 PC processor.

Mandrake Linux 9.2

MandrakeSoft has yet to provide a full release announcement of the upcoming Mandrake Linux 9.2, expected to ship on October 15, but its beta information page does give some details of what we can look forward to. Besides the usual range of package updates and a new network profiles manager called "Netprofiles", this version seems to be a consolidation release, with main improvements focusing on its look-and-feel, localization and Mandrake configuration utility - DrakConf. Like SUSE, MandrakeSoft has also announced a 64-bit edition of Mandrake Linux 9.2 for AMD64 processors and the first beta release is now available for download and testing.

Technical aspects aside, MandrakeSoft's most significant changes seem to be taking place in the way the company conducts its business. Up until version 9.1, Mandrake Linux ISO images were always available for download immediately after being finalized, and often many weeks before the boxed sets were offered for purchase via Mandrake's online store or traditional software shops. This is no longer the case. Although beta testing of Mandrake Linux 9.2 was completed last week, the product will not be released until boxed sets are manufactured and ready for shipping. Even then, the ISO images will initially be offered exclusively to members of the MandrakeClub and to contributors, with general availability scheduled for the end of November. These measures are designed to help MandrakeSoft overcome its financial setbacks and ensure a speedy recovery.

Comments (3 posted)

Distribution News

Debian GNU/Linux

The Debian Weekly News for October 7, 2003 is out. This week: an amusing DivisionTwo.com article about a fictitious Barbie OS based on Debian; LPI certification manuals from LinuxIT now available under a free license; a look at emDebian; European conferences; and much more.

The Debian project will be at several conferences in Europe this month. Interested people are invited to attend these conferences and meet Debian developers and users.

Debian Planet reports that Russian Debian, a site for the Russian Debian community, is now online.

Comments (none posted)

Gentoo Weekly Newsletter

The October 6 Gentoo Weekly Newsletter is available; the main topic this time around is Gentoo performance metrics. "The conclusions we can glean from this are that the default optimizations in Gentoo Linux for Pentium III make a significant difference in in 'real world' application load-time performance."

Full Story (comments: 7)

Slackware Linux

Slackware Linux has a variety of bug fixes available for slackware-current. OpenSSL libraries have been rebuilt, followed by some applications using those libraries. Missing swat files in Samba have been fixed, and many other applications have been upgraded. See the change log for details.

Comments (none posted)

SUSE LINUX Unveils New Advertisement Campaign, Corporate Design and Logo

Here is a press release from SUSE LINUX explaining their new look.

Full Story (comments: 1)

Tawie Server Linux

Tawie Server Linux has released bug fixes for proftpd, rsync, rpm, release, and swup/swupconf.

Full Story (comments: none)

New Distributions

Linux Router Project

A new Linux Router Project - LR101 was started in the summer of 2003 with the goal of developing a real hardware based Linux router. The web site is in German, but there are PDF files available in English on the site, such as this English language info sheet (pdf format).

Comments (2 posted)

Phlak

Phlak is a LiveCD Linux distribution with a focus on pen-testing, forensics, and network analysis. It includes two lightweight GUIs (XFCE4 and Fluxbox) and loads of tools, including crackers, sniffers, MITM utilities, and data recovery and duplication utilities. It includes a seven-step GUI to install to your hard drive if you desire. The initial version, 0.1, was released October 1, 2003.

Comments (none posted)

Snootix

Snootix is a source-based distribution that installs Linux From Scratch and allows users to add BLFS and Snootix-specific packages of their choice. It features a number of game console emulators and more up-to-date packages than those featured in the BFLS book. The initial version, 0.1, was released October 5, 2003, followed by version 0.2 beta on October 6, 2003.

Comments (none posted)

Minor distribution updates

Bernhard's Bootable Linux CD

Bernhard's Bootable Linux CD (BBLCD) has released v0.7.10 with major feature enhancements. "Changes: The varimg.tgz file was created from a configuration file. Manual editing ("cleaning") of the /var-directory is no longer necessary."

Comments (none posted)

BG-Rescue Linux

BG-Rescue Linux has released v0.2.2 with minor feature enhancements. "Changes: This release adds ms-sys 1.1.0, a program that writes MS-compatible boot-records to fat12, fat16, and fat32 partitions/floppies. This makes BG-Rescue Linux a full backup/restore system for MS Windows up to ME. The optional F-Prot is now loaded before executing "/bgrescue.rc" and "/bgrescue/bgrescue.rc" from the CDROM at startup, so you can now automate the virus scanning of your system with the scripts."

Comments (none posted)

ClusterKnoppix

ClusterKnoppix has released v3.3-2003-09-24-EN-cl1 with minor bugfixes. "Changes: This release syncs with latest Knoppix release, updates gomd to 0.1beta, removes OpenOffice, upgrades gcc to 3.3.2, fixes the terminal server/etherboot bug, and adds a working bcm4400 driver."

Comments (none posted)

Devil-Linux

Devil-Linux has released v1.0-RC1. A few highlights include:
  • enhanced Kernel security (GRSecurity)
  • almost all program are compile with the stack smashing protector
  • entire OS is on CD, only variable data is loaded into the ramdisk
  • harddisk support for storage of large data or for permanent storage
  • USB and PCMCIA support
  • Spam and Virus Protection

Full Story (comments: none)

dyne:bolic

dyne:bolic has released v1.1 with major bugfixes. "Changes: This release fixes OpenMosix cluster configuration, unencrypted nesting, encryption support in mailsystem, and various other minor issues."

Comments (none posted)

Mepis Linux

Mepis Linux has released v2003.08.01 with major feature enhancements. "Changes: In this release, the contents of CD #1 and CD #2 were tweaked in response to user feedback. Now CD #2 contains 865 additional packages. This version also includes the MEPIS Installation Center, MEPIS Control Center, and MEPIS User Tweaks apps."

Comments (none posted)

NSA Security Enhanced Linux

NSA Security Enhanced Linux has released v2003100110 with major feature enhancements. "Changes: Kernel patches for 2.6.0-test6 and 2.4.21 are available. The updated kernel patches include support for an selinux boot parameter and improved auditing. A number of bugfixes and improvements have been integrated into the user space tools and utilities. SRPMs for newer Red Hat packages are available. The star package has been added. The example policy has been updated. Improvements have been made to existing policy tools, and a new policy analysis tool has been added."

Comments (none posted)

Oralux

Oralux has released v0.05 with major feature enhancements. "Changes: Based on Knoppix 3.3 (2003-09-24). Emacspeak Festival MBROLA (EFM) is included. It supplies English or French software synthesis. The Castillan Spanish or German files of the DECtalk software (a commercial voice synthesis) can be automatically installed. If the ALSA driver is required, the ALSA cheatcode will be typed once, and will be automatically restored for the following boots. The introductory menu is now available in 4 languages (Castillan Spanish and German have been added)."

Comments (none posted)

Quantian

Quantian has released 0.4 (which is identical to 0.3.9.3).

Full Story (comments: none)

Sentry Firewall

Sentry Firewall has released v1.5.0-rc5 with minor feature enhancements. "Changes: Snort, OpenSSH, OpenSSL, sendmail, and ProFTPD were upgraded. The default Linux kernel was updated to include the bridge+netfilter patches. The ebtables utility was also added."

Comments (none posted)

stresslinux

stresslinux has released v0.2.6 with major bugfixes. "Changes: Busybox, lshw, smartmontools, netio, openssl, and openssh have been upgraded to new versions. A new Tyan S2723 sensors.conf and three new mainboards in sl-wizard have been added."

Comments (none posted)

TopologiLinux

TopologiLinux has released v4.0Beta1 with major feature enhancements. "Changes: This release is based on Slackware 9.1rc2, and a new boot manager for Windows NT/XP is included. KDE and kernel source are temporary removed in this beta version, and will be back with many other apps in the final 4.0 release."

Comments (none posted)

Distribution reviews

Mepis Linux Developer Interview (PCLinuxOnline)

PCLinuxOnline interviews Mepis Linux creator Warren Woodford. "I plan to use MEPIS LLC to develop new technologies and business opportunities in the Morgantown area. MEPIS Linux is a labor of love and I don't know if it will be commercially successful. I'm building MEPIS to work the way I want Linux to work. Want you see now, is just a start."

Comments (none posted)

Page editor: Rebecca Sobol

Development

The Linux Brochure Project

The first stable version (1.0.0) of the Linux Brochure Project, an application that is used for the generation of Brochures, has been announced.

Our overall goal is simple; document essential Linux information on the two sides of a single letter-sized sheet of paper which is Z-folded into six mini-pages of a brochure that LUGs and other Linux organizations can use for publicity. The LBP data and scripts required to build the brochure are released under the GPL which means the information collected and organized here cannot be hijacked by proprietary interests.

The project was conceived by a small group of developers working with the Victoria Linux Users Group (VLUG). The group needed to build and maintain a Linux Information Brochure, and decided to package and release their efforts.

The LBP is composed of a collection of existing open-source packages: "The software consists of LaTeX and pdfLaTeX scripts; Sketch input files; and a Makefile to keep the brochure build organized."

The project documentation also mentions the use of ps2eps, pstops from the ps-utils package, and montage from the ImageMagick suite. In other words, LBP is an example of a solution to a specific task that is built from a collection of general purpose open-source tools.

A few example brochures exist, more are apparently on the way.

The Linux Brochure Project has been released under the GPL, the code is available here.

Comments (8 posted)

System Applications

Audio Projects

Ogg Traffic

The September 30, 2003 edition of Ogg Traffic is out with the latest Ogg Vorbis audio compression software news. "The bad news is that Vorbis 1.0.1 is being held hostage by Win32 build problems, but the good news is that Monty is already bravely charging ahead to work on Vorbis 1.1."

Comments (none posted)

Planet CCRMA news

The latest changes from the Planet CCRMA audio application packaging project include new versions of Anjuta, Libzvt, and Snd.

Comments (none posted)

Database Software

MetaCoretex DB Security Scanner

The initial public release of MetaCoretex, a database capable security scanner, has been released.

Full Story (comments: none)

PostgreSQL Beta4 Tag'd and Bundle'd ...

The Beta 4 release of PostgreSQL 7.4 is available. "This release, depending on the bug reports received, will most likely flow into our first Release Candidate by end of next week, so we encourage every(and any)one that can to download and test her, so that our first Release Candidate can be as clean as possible ..."

Full Story (comments: none)

PostgreSQL Weekly News

The October 8, 2003 edition of the PostgreSQL Weekly News is out with the week's PostgreSQL database news.

Full Story (comments: none)

SwingSet 0.5.0-alpha released

Version 0.5.0-alpha of SwingSet, a Java toolkit that makes the Java Swing components database-aware, has been released. For more information, see this NewsForge review. Thanks to Brian E. Pangburn.

Comments (none posted)

ZODB 3.2 release candidate 1

Version 3.2 rc 1 of ZODB, the Zope Object DataBase, has been released. This version features improved performance, a new ZEO authentication protocol and configuration language, bug fixes and documentation updates.

Full Story (comments: none)

Mail Software

New milter mail filters

The milter.org site has an announcement for new versions of the milter-sender, milter-spamc, and milter-date mail filters for sendmail.

"milter-sender has a new -M option that will probably replace FullCallback and -m, better support for virtual users under Cyrus IMAP, and several fixes."

"milter-spamc has a new -A and -R options. The -R option is of significant interest since it patches Sendmail 8.12.10 to support a new type of libmilter return code: "

"milter-date likewise has a new -R that uses the same patch from milter-spamc."

Comments (none posted)

Networking Tools

Big Sister NUT UPS monitoring module released (SourceForge)

A new UPS monitoring module is available for the Big Sister SNMP aware network and system monitor. "The "nut" module monitors uninterruptable power supplies under control of the NUT (Network UPS Tools) free software suite. It sends alerts on power breakages, overload and battery problems. The longterm graphing may point you to battery aging problems."

Comments (none posted)

Purify 0.1 released

The initial release of Purify has been announced. Apparently, IBM also has a project with the same name, so the search is on for a new name. "Purify is a graphical tool used to make the management of PureFTPd a little easier. It uses the GTK+2.x widgets for its GUI and thus are not dependent on a specific desktop environment such as GNOME or KDE. It is, however, designed with the GNOME Human Interface Guidelines in mind so it should integrate nicely with at least GNOME."

Comments (3 posted)

Web Site Development

Bricolage 1.6.6 Released

Version 1.6.6 of Bricolage, a web site content management and publishing system, has been released. "This maintenance release addresses a number issues discovered since the release of version 1.6.5."

Full Story (comments: none)

HarvestMan 1.2 released

Version 1.2 of HarvestMan, a Python-based web crawler, is available.

Full Story (comments: none)

Introducing mod_python (O'ReillyNet)

Gregory Trubetskoy introduces mod_python on O'Reilly. "mod_python is an Apache module that gives Python programmers full access to the Apache API. If that's not enough, it can speed up your Python web programming substantially."

Comments (none posted)

Miscellaneous

The first stable Xen release

The first stable release of the Xen "virtual machine monitor" has been announced. Xen is an x86 emulation system that allows the running of multiple operating systems simultaneously; it serves a function similar to, for example, VMWare or Bochs. The project's developers claim just "a few percent" overhead, however, making Xen rather faster than the alternatives. There is a Linux 2.4.22 kernel running over Xen now; FreeBSD and Windows XP are in the works. Click below for the announcement, or see the Xen web page for more information.

Full Story (comments: 6)

Desktop Applications

Audio Applications

jackEQ 0.3.3 released

Version 0.3.3 of jackEQ, an audio equalizer for the JACK audio system, has been announced. "This is just to let those who are interested know that I just commited some fixes which greatly improve the sound quality in jackEQ and allow the crossfaders to be fully functional including mute and all fader options. Apart from being able to internally assign jack i/os I feel this version qualifies for professional mixing use."

Full Story (comments: none)

WaveSurfer 1.5.4 released

Version 1.5.4 of WaveSurfer, an audio editing package, is out. The changes include a menu reorganization, help system improvements, and more.

Comments (none posted)

Desktop Environments

XFree86 4.4.0 Release Schedule

The release plans have been published for version 4.4.0 of the XFree86 window system.

Comments (none posted)

KDE Under The Microscope

KDE.News covers a couple of studies done on the KDE project. "While the KDE project continues to research and develop the ideal desktop environment, the KDE community and development processes itself have been researched and examined by two different efforts: Christian Reinhardt of University of Innsbruck chose to study KDE for his "Collaborative Knowledge Creation in Virtual Communities of Practice" Master's thesis." The article also contains excerpts from another study of the KDE project.

Comments (3 posted)

Wallpaper Tray 0.4.0 Released (GnomeDesktop)

Version 0.4.0 of Wallpaper Tray, a wallpaper manager, is available for GNOME.

Comments (none posted)

KDE-CVS-Digest

The October 3, 2003 edition of the KDE-CVS-Digest is online. Here's the content summary: "Quanta gets a table editor. KSvg improves with new gradient algorithms. KStars implements suggestions from the KGUS, aka K Girlfriend Usability Study. Many bugfixes in KMail, KHTML and elsewhere."

Comments (none posted)

KDE Traffic

KDE Traffic has come out in two parts this week. The KDE.News summary for part 1 says: "This issue covers KDE 3.2, KDE 3.1.4, apidox, KMail, audiocd, db-aware applications, giving KDE a flak jacket, Jabber, JPEG, and more."

The part 2 summary says: "This traffic contains news on KPovModeler, the kdesupport module, Konqueror (what issue would be complete without it?), KMail, KPaint and last but not least, giant pink fluffy bunnies. OK, nix the bunnies, but it's still a decent issue."

Comments (none posted)

Desktop Publishing

Conglomerate 0.7.5 released

Conglomerate version 0.7.5 ("Now you see it, now you don't") has been released. Conglomerate is an XML editor which we reviewed just over a month ago. This version is still considered to be unstable, but it does address one of the major issues we had with 0.7: Conglomerate now has an "undo" feature. A number of other improvements have gone in as well; see the announcement for details.

Full Story (comments: none)

Games

PCGen 5.3.11 is available (SourceForge)

A new version of PCGen, a cross-platform Java-based RPG character generator and maintenance program, has been announced.

Comments (none posted)

Graphics

GIMP 1.3.21 released (GnomeDesktop)

GnomeDesktop.org mentions the release of version 1.3.21 of the GIMP, the GNU Image Manipulation Program. "The GIMP developers have released a new development snapshot, version 1.3.21 aka the path to excellence release. Among numerous bug-fixes, this release features an improved path tool with SVG import/export and much nicer path stroking based on libart2."

Comments (1 posted)

Mail Clients

Mozilla Gains Support for Adding and Editing vCards (MozillaZine)

MozillaZine reports on new support for vCards in Mozilla Messenger. "A vCard is like a business card attached to your message as a .vcf file."

Comments (none posted)

Office Suites

OpenOffice.org Newsletter

The October OpenOffice.org newsletter is out; it looks at the 1.1 release, the new Community Council, the QA project, and a vast number of other topics. "45,0% of the respondents in a German online survey (Computerwoche) say that their company will switch to StarOffice or OpenOffice.org instead of Office 2003".

Full Story (comments: none)

Web Browsers

Epiphany 1.0.1 released (GnomeDesktop)

GnomeDesktop.org has an announcement for version 1.0.1 of the Epiphany web browser for GNOME. "This new release features numerous bugfixes and support for mozilla 1.4.1 and 1.6a."

Comments (none posted)

Minutes of the mozdev Admin Meeting

The minutes have been posted from the October 6, 2003 Mozdev admin meeting. Topics include: abandoned projects, backups, non-profit status, admin tools, spam, and integrated projects.

Comments (none posted)

Word Processors

AbiWord Weekly News

Issue #164 of the AbiWord Weekly News is available. "This week's concept is flow control, specifically, writing over images and around tables, gold stars if you can guess how that affects the development our favourite presentation programme, criawips! Win32 still suffers without aide. Marc brings us the fine world sweet, sweet SVG rendering (with screenshot!). And, why you should worry about Fedora (unless your an archeologist). Plusse, have you ever seen me write in another linguie? Well, here's proof that you're hallucinating!"

Comments (none posted)

Miscellaneous

Arkpandora TTF - The MS Webfonts Replacement (GnomeDesktop)

GnomeDesktop.org mentions the availability of the Arkpandora font set. "Many people are still getting (by whatever means) the core MS fonts for their Linux Desktop. This project is meant to be as a replacement for some of these main fonts. They have been designed to match similarly with the fonts they replace."

Comments (none posted)

Languages and Tools

C

Manipulating Fixed-Width Integer Data Types (O'ReillyNet)

Michael Barr writes about fixed data size issues and the ISO C99 standard on O'Reilly. "In the process of manipulating memory-mapped I/O registers, embedded programmers who use C or C++ often require fixed-size integer data types that aren't provided by the language standards. Here's a new look at this old problem, complete with a final solution to the issue of naming fixed-width integer data types."

Comments (none posted)

Caml

Caml Weekly News

The September 30 - October 7, 2003 edition of the Caml Weekly News is out with another week of Caml language news, links, and projects.

Full Story (comments: none)

The Caml Light / OCaml Hump

New Caml language software on The Caml Light / OCaml Hump includes the CamlTemplate template processor library, a ViM extension for parsing .annot files, and OX for integration of XML into Objective-Caml.

Comments (none posted)

Java

IRClib 1.01 (SourceForge)

Version 1.0.1 of IRClib has been announced. "IRClib is a Java library for IRC client applications." This is a bug-fix release.

Comments (none posted)

Advanced DAO programming (IBM developerWorks)

Sean C. Sullivan illustrates the use of Data Access Object patterns on IBM's developerWorks. "J2EE developers use the Data Access Object (DAO) design pattern to separate low-level data access logic from high-level business logic. Implementing the DAO pattern involves more than just writing data access code. In this article, Java developer Sean C. Sullivan discusses three often overlooked aspects of DAO programming: transaction demarcation, exception handling, and logging."

Comments (none posted)

Lucene Intro (O'Reilly)

Erik Hatcher introduces Jakarta Lucene, a Java-based text search engine. "Lucene is a high-performance, scalable, search engine technology. Both indexing and searching features make up the Lucene API. The first part of this article takes you through an example of using Lucene to index all the text files in a directory and its subdirectories. Before proceeding to examples of analysis and searching, we'll take a brief detour to discuss the format of the index directory."

Comments (none posted)

Lisp

SBCL 0.8.4 released

Version 0.8.4 of Steel Bank Common Lisp (SBCL) has been released.

Full Story (comments: none)

Perl

This Week on perl5-porters (use Perl)

The September 29 - October 6, 2003 edition of This Week on perl5-porters has been published. Topics include: a few Perl 5.8.1 bugs, hidden dependencies, a bleadperl snapshot, documentation patches, 64 bit configurations, and more.

Comments (none posted)

Identifying Audio Files with MusicBrainz (O'Reilly)

Paul Mison shows how to access the MusicBrainz audio CD database with Perl. "During 1999 and 2000, however, the CDDB (after its acquisition by Gracenote) moved from an open position (with GPLed downloads of its data files) to a proprietary one. During this time it stopped access to clients speaking the first version of the CDDB protocol, and instead moved to licensing -- at some cost -- CDDB2 clients, and stopped offering downloads of its data. However, a few projects started up, taking advantage of the data that had been freely available until this point. One of these was FreeDB, which quickly established an open replacement for the CDDB. The other is MusicBrainz, which is much more interesting."

Comments (1 posted)

PHP

Apply probability models to Web data using PHP (IBM developerWorks)

Paul Meagher explains probability modeling on IBM's developerWorks. "To help developers learn to fit the benefits of probability modeling into Web application development, Paul Meagher introduces you to basic concepts, techniques, and PHP-based tools that define the area of probability modeling and probability distributions. He demonstrates how to develop univariate probability models in PHP; discusses how to fit empirical data distributions to a theoretical probability distribution; and showcases an important tool for all this -- the Probability Distributions Library (PDL)."

Comments (none posted)

PHP Weekly Summary for October 5, 2003

The PHP Weekly Summary for October 5, 2003 is out. Topics include: 4.3.4 RC 1, error message length, array_merge_replace, array_merge_recursive, SAPI input filter.

Comments (none posted)

Modular PHP Development with FastTemplate (O'Reilly)

Daniel Solin writes about FastTemplate on O'Reilly. "I don't know about you, but all these documents about dividing web programming into logic, presentation, and content always irritate me. Most of them miss an important point: often at least three people develop a web page--the programmer (i.e, the PHP or Perl guru), the web designer who provides the presentation (the HTML designer), and the content developer (perhaps a marketing person). If you're working for a multilingual company, you probably have to make the pages available in several different languages as well, with one marketing person responsible for each language. Most documentation on this subject tends to forget, or at least doesn't bother to notice, either the web designer or the marketing person."

Comments (none posted)

Python

Python 2.3.2 (final) released

The final release of Python 2.3.2 is available. "Python 2.3.2 is a bug-fix release, to repair a couple of build problems and packaging errors in Python 2.3.1."

Full Story (comments: none)

Dr. Dobb's Python-URL!

The Dr. Dobb's Python-URL for October 2, 2003 is available, with weekly news and links for the Python community.

Full Story (comments: none)

Python Glossary Wiki

A new Python glossary wiki is being assembled. "This is a Wiki used to collect terms for a Python glossary. For the time being, simply edit this page and add your definitions. Once it's got enough terms, I'll add a glossary section to the appropriate piece(s) of Python documentation (perhaps at the back of the Language Reference Manual)."

Comments (none posted)

Dive Into Python 4.3

Version 4.3 of Mark Pilgrim's online Python book Dive Into Python is online. "This book is still being written. The first three chapters are a solid overview of Python programming. Chapters covering HTML processing, XML processing, and unit testing are complete, and a chapter covering regression testing is in progress." See the book's revision history for a list of new contents.

Comments (none posted)

Tcl/Tk

This week's Tcl-URL

Dr. Dobb's Tcl-URL for October 6 is out with the usual collection of happenings in the Tcl/Tk development community.

Full Story (comments: none)

Cross Compilers

Alpha Release 2.90 of GDC for 68HC11/68HC12

For those of you who are interested in developing microprocessor applications under Linux, release number 2.90 Alpha of the GNU Development Chain for 68HC11 & 68HC12 is available. "It is based on Binutils 2.14, Gcc 3.3.1, Gdb 5.2.1 and Newlib 1.11.0."

Comments (none posted)

Debuggers

GDB 6.0 released

Version 6.0 of the GNU debugger (GDB) has been released. The project website has still not been updated as of this writing, but the announcement can be found in the download area. There's a lot of new stuff in this release, including Objective C support, "useable" Java support, the ability to work with the new Native POSIX Threads and thread-local storage, the ability to separate executables and debugging symbol information, and much more. (Thanks to Marko Myllynen).

Comments (5 posted)

Editors

Leo 4.0 beta 2 released (SourceForge)

Version 4.0 beta 2 of Leo has been announced. Leo is a Python scriptable cross-platform programmer's editor, browser, data organizer, and project manager. This release includes quite a few bug fixes.

Comments (none posted)

Miscellaneous

Corejava Release 1.1.1 (SourceForge)

Version 1.1.1 of Corejava has been released with some minor improvements and bug fixes. "It contains Java source code for Z annotated syntax trees, reading and writing XML files etc." Z is the Z specification language, see the Community Z Tools (CZT) site for more information.

Comments (none posted)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

Seth Nickell on Replacing the Aging Init Procedure on Linux (OSNews)

OSNews talks with Seth Nickell about his current projects. "Seth Nickell: I'm planning to fully replace the init system, not just bridge to it. I *am* providing full backward compatibility with initscripts (SystemServices can use them), but of course they will only offer as many features as initscripts already have written into them (not much :-)."

Comments (27 posted)

After Sun goes out (NewsForge)

NewsForge has an essay by Eric S. Raymond on the Sun's future. "Nobody should cheer the prospect of Sun's demise. Sun screwed up some major decisions very badly, from wrecking Unix standardization efforts in the 1980s to throttling the dream of Java ubiquity by keeping the language proprietary. But nobody should forget that Sun was founded by Unix hackers for Unix hackers. For most of its lifespan Sun remained the archetype of an engineering-driven company. Sun was, mostly, among the good guys; to hackers and geeks, disputing with Sun was almost a family quarrel."

Comments (28 posted)

Open-Source, Closed Minds (CIO Insight)

Lawrence Lessig wrote this article on CIO Insight. "The point in each case is not that we'd be better off without proprietary technology, or without property at all. The point, instead, is one that has been obvious since the birth of our republic--that a balance between proprietary and nonproprietary property is better than either extreme. As Bradford Smith, general counsel of Microsoft Corp. has written about software, "Both open-source and commercial software are integral parts of the broader software ecosystem." Either alone, I might add, would produce a weaker "software ecosystem.""

Comments (6 posted)

Trade Shows and Conferences

Free software in Russia? Da! (NewsForge)

NewsForge takes a look at Linux in Russia. "In July, more than 200 Linux enthusiasts from across the former Soviet Union met up in Borovsk in Russia's Kaluga region -- in other words, in the middle of nowhere -- for Linuxfest. Linux devotees from as far away as Kazakhstan and Ukraine showed up to pitch tents in the woods and share experiences and expertise. The informal weekend conference has become an important annual event for open sourcers here, underscoring how the movement remains as much about philosophy and community as about making money."

Comments (none posted)

The SCO Problem

SCO's case gets clearer (CNN)

CNN looks at the SCO case from an investor's point of view. "SGI's code comparison gave observers their first glimpse of how much infringement there actually is. Granted, SGI's tests don't carry the same weight that a neutral party's might (SGI is due to lose its SCO Unix license on Oct. 14 unless the companies can reach an agreement), but the 200 lines of infringing code SGI found is a far cry from SCO's claim of 119,130 infringing lines. In SCO's suit against IBM, it claims 'over a million' lines of infringing code."

Comments (11 posted)

Companies

AOL Lays Off Netscape/Mozilla Transition Team (MozillaZine)

MozillaZine reports on the layoff of the last Netscape employees by AOL. "AOL has not completely ended its involvement with the Mozilla project yet - the transition is not entirely complete and the online giant has promised to give the Mozilla Foundation $1 million in addition to the $1 million donated so far. All the members of the transition team are expected to be hired by the Mozilla Foundation in the next few weeks."

Comments (none posted)

VeriSign fends off critics at ICANN confab (News.com)

News.com's Declan McCullagh went to the special ICANN meeting on VeriSign's "SiteFinder" service, and has written this report. "But VeriSign made clear during the open meeting convened by ICANN's Security and Stability Advisory Committee that it had no intention of turning Site Finder off for good. Executives from the company said they were considering turning on Site Finder again but disabling the 'wild card' service for e-mail deliveries to nonexistent domains..." Declan has also posted a set of photos from the meeting.

Comments (10 posted)

Linux Adoption

Some like it cold (Economist)

The Economist looks at technology spending trends. "The hottest 'cold' technology is Linux, an operating system that comes free, except for maintenance costs. In March, Forrester, an IT consultancy, found that 72% of corporate IT managers were intending to move their server-computers to Linux from Microsoft and Unix software."

Comments (6 posted)

Interviews

Interview: SCO sets out its defence (PC Pro)

PC Pro interviews SCO PR director Blake Stowell. "Linux users need to respect the copyrights that SCO has that they are infringing upon.... Can the community replace the code in question? They can certainly try, but programs like NUMA, RCU, JFS, XFS and others have taken multiple years to develop and would be very difficult to replace overnight." Of course, SCO has no copyrights over the subsystems ("programs") listed by Mr. Stowell...

Comments (47 posted)

Interview with Jeroen Wijnhout of Kile (KDE.News)

KDE.News interviews Jeroen Wijnhout, maintainer of the TeX/LaTeX editor and GnuPlot frontend Kile: "programming is alot of fun and even more so if you can work on a program that is used by many people all over the world. Editing TeX/LaTeX source files can be a pain sometimes and, since I love KDE so much, it would be a pity if there wouldn't be a tool available for KDE."

Comments (none posted)

Building an open source-based business in Jordan (NewsForge)

NewsForge talks with Kefah Issa about building an open source business in Amman, Jordan. "Your desktop looks slick. Is it Arabic-only, or something I should look at/test/review in English? (It looks a lot like Lycoris. Or is that just the background image and icons?) And are many individual or corporate customers using it yet?
It is not Arabic only, but it targets the Arab corporate users specifically. freeDESKTOP introduces Arabic enhancements (fonts, Arabic-supporting software, and several fixes). The look and feel is important to minimize the learning curve. We also have plans to certify freeDESKTOP against ICDL (International Computer Driver's License), a common education certification in Jordan."

Comments (none posted)

Interview with the Master Chef of Linux Cuisine, Marcel Gagne (Tinyminds)

Tinyminds.org interviews Marcel Gagne about his new book, which is about moving to Linux. "MG: I've been using Linux for so long, and before Linux I was a Unix user. I have to admit that if I'm going to be moving a number of files from one directory to another, I'm not going to bring up a graphical interface and click on this and that. It is so much easier for me to just type in "mv blah blah". I had to train myself, in the course of writing "Moving to Linux", to think like a Windows user."

Comments (none posted)

Resources

Quickly Create Graphical Applications with SashXB (Linux Journal)

Here's a Linux Journal how-to on using SashXB to create graphical applications. "You can't write ultra-complex code or fast embedded applications with SashXB. SashXB is a good choice, however, for any small networked graphical programming project."

Comments (none posted)

Reviews

Mozile: What You See is What You Edit (O'ReillyNet)

Conor Dowling reviews Mozile on O'Reilly. "Today, developers compose most of the Web in stand-alone web editing applications or in simple text editors. Modern browsers render, but they don't allow users to edit what they see. There is no fundamental reason for this gulf between editing and viewing. After all, the Web is about interaction, not dumb page flipping, so you should be able to hit "edit" in your favorite browser and manipulate content as easily as you view it, WYSIWYG-style. Mozile, which stands for Mozilla Inline Editor, is a new Mozilla plug-in for in-browser editing. This article provides an overview of Mozile and what in-browser editing means today."

Comments (none posted)

An introduction to Mozilla Firebird (Nidelven IT)

Kay Frode reviews the Mozilla Firebird on Nidelven IT. See part one and part two in the series.

Comments (none posted)

Mad Hatter Preview (Linux Voodoo)

Linux Voodoo reviews the Mad Hatter desktop preview. "This Sun Java Desktop System is a good product overall, built on the well-established SuSE system with integration from Sun. It delivers what appears to be a very useful desktop OS and it has the chance to make a dent in the Windows monopoly. The same holds true for all of the key Linux players though, so Sun will have to differentiate itself on its quality, hardware, services and reputation."

Comments (5 posted)

pcHDTV: for the Linux geek on your shopping list (NewsForge)

NewsForge looks at the HD-2000 High definition TV card for Linux. "HDTV, in case you haven't kept up, is to regular TV what the monster mega-pixel digital cameras available today are to the first digital cameras made a few years ago. More mega-pixels means a picture that is bigger, sharper, and clearer. Oh, and HDTV includes 5.1 channel Dolby digital sound as well. There is a wonderful article about how HDTV differs from regular TV on howstuffworks.com if you're interested in learning more."

Comments (none posted)

Page editor: Forrest Cook

Announcements

Non-Commercial announcements

SourceForge.net update (SourceForge)

The folks at SourceForge.net have published their September 30, 2003 news update. "SourceForge.net is approaching its 4-year birthday. Forty-six months ago the site started off with only a handful of second-hand computers, two megabits of bandwidth, a few hundred projects, and a goal. The goal was, and continues to be, to create a place for Open Source projects and the Open Source community to thrive and be successful. When we launched the site, we never dreamed that it would be so successful, or that its growth rate would be so high. Today, we host nearly 70,000 projects on 85 computers. The amount of bandwidth we consume at any one time, including the mirrors, is approximately 225 megabits. We continue to add about 700 new users and 70 new projects per day. In fact, we just crossed our 700,000 registered user milestone."

Comments (none posted)

Commercial announcements

IBM brings Linux to British and Russian governments

IBM has sent out two press releases describing its latest governmental Linux deals. The first release describes nine "proof of concept pilots" being run by the British Office of Government Commerce and Office of the eEnvoy. The pilot programs are meant to support the Offices' policy of increasing use of free software as an alternative to proprietary offerings. "These initial trials are being run by IBM and will measure the effectiveness and cost-benefits of IT systems based on OSS products, when compared against proprietary software solutions". In Russia, instead, IBM is setting up a Linux "competency center" in Moscow. "The new center will be set up to help customers of every size from industry, academia and government to take full advantage of the reliability, flexibility and total cost of ownership that Linux provides."

Comments (1 posted)

Jupitermedia Announces Sponsors for Its Enterprise Linux Forum

Jupitermedia Corporation has announced the sponsors for its Enterprise Forum Conference & Expo this Fall. Oracle, IBM, Red Hat and NetIQ will sponsor the event.

Comments (none posted)

Linux Networx Provides Cluster for John Deere

Linux Networx has announced that it has sold a Linux-based cluster to John Deere, a tractor and heavy equipment manufacturer. "John Deere is using the Linux Networx cluster for advanced engineering analysis including computational fluid dynamics and structural finite element analysis. The cluster has demonstrated improved computing performance for the company, performing several classes of analysis jobs at more than double their previous speed."

Comments (none posted)

SuSE launches Standard Server 8

SuSE has announced the expansion of the SUSE LINUX Server family with the release of SUSE LINUX Standard Server 8 - aimed at small and medium-sized businesses. "Available for Intel and AMD 32-bit processors (x86) and supporting up to two CPUs, SUSE LINUX Standard Server 8 includes features such as Internet access, e-mail, file and print services, plus graphical configuration wizards - enabling Linux novices in small and medium-sized organizations to easily set up the server as a Windows domain controller, file and print server in Windows environments, Internet gateway, E-Mail server, application server, DNS server and DHCP server."

Full Story (comments: 3)

New Books

"The Art of UNIX Programming" by Eric S. Raymond Released

Addison-Wesley has announced the release of "The Art of UNIX Programming", by Eric S. Raymond.

Full Story (comments: 20)

Resources

EFFector 16.26

The Electronic Frontier Foundation has sent out issue 16.26 of its EFFector newsletter. This one features the EFF's report on trusted computing, library book tagging, a new report on the DMCA ("still damaging after all these years"), and several other topics.

Full Story (comments: none)

LDP Weekly News

The Linux Documentation Project Weekly News for October 7, 2003 is available with a look at new and updated documentation, HOW-TOs and more.

Full Story (comments: 2)

Linux Gazette #95

Linux Gazette issue 95 for October 2003 is now available. Some of the articles in this edition: Quick and Dirty Data Extraction in AWK, by Phil Hughes; Integrating Tomcat and Apache on RedHat 9, by Mike Millson; Linux Through an Oscilloscope, by Pramode C.E; Software Engineering, by Gustavo Rondina; Mexico is conquered by FLOSS, by Felipe Barousse Boue; and more, plus the usual monthly features.

Comments (none posted)

Contests and Awards

2003 Linux Medical News Achievement Award Nominees (LinuxMedNews)

LinuxMedNews has posted its list of 2003 Achievement Award nominees. They are the care2x project, and doctors Thomas Beale, David Kibbe, and Stanley Saiki Jr. The list is a good view of what kind of work is being done in the area of free medical software.

Comments (none posted)

Upcoming Events

CONASOL Call-for-Papers (GnomeDesktop)

GnomeDesktop.org mentions the upcoming CONASOL conference. "The Congreso Nacional de Software Libre call-for-papers is up now. The conference will be held in Talca, Chile, on November 10-12 2003. Rodrigo Moya and Federico Mena, from the GNOME project, will be speaking."

Comments (none posted)

Lightweight Languages 2003

Presentation proposals for the Lightweight Languages 2003 conference are due in by October 17, 2003. The conference will take place on November 8 at MIT in Cambridge MA.

Comments (none posted)

Linux.Conf.Au 2004 program posted

The schedule for Linux.Conf.Au 2004 has been posted. The conference has gone to a four-track program this year with a number of interesting talks. There are also several single-topic "miniconfs" happening before the main event; see the announcement for details.

Full Story (comments: none)

GNU/LINUX Free software and copyright seminar, Finland

A GNU/LINUX Free software and copyright seminar has been announced in Finnish and in English. The event will take place in Vaasa, Finland on October 22 and 23, 2003. Thanks to Niklas Vainio.

Comments (none posted)

Events: October 9 - December 4, 2003

Date Event Location
October 12 - 15, 2003International Lisp Conference 2003(ILC 2003)New York, NY
October 14 - 16, 200310th Linux-KongressSaarbrücken, Germany
October 15 - 17, 2003The First Plone Conference(Tulane University)New Orleans, Louisiana
October 21 - 24, 2003PHP-Con WestSanta Clara, CA
October 22 - 23, 2003Enterprise Linux Forum(Washington Convention Center)Washington, D.C.
October 26, 2003
October 27 - 31, 2003		Large Installation Systems Administration Conference(LISA)(Town & Country Resort Hotel)San Diego, CA
October 27 - 29, 2003LinuxWorld Conference & Expo 2003(Fairgrounds Frankfurt)Frankfurt, Germany
October 29 - 31, 2003Asian Enterprise Open Source Conference(AEOSC)(Suntec International Convention and Exhibition Centre)Singapore
October 30 - 31, 20034to Encuentro LinuxValparaiso, Chile
November 2 - 3, 2003International PHP Conference 2003(Astron Hotel Frankfurt-Mörfelden)Frankfurt, Germany
November 6 - 7, 2003HiverCon 2003(Davenport Hotel)Dublin, Ireland
November 6, 2003Netherlands Unix Users group fall conference(Conference Center De Reehorst)Ede, the Netherands
November 8, 2003Lightweight Languages 2003(LL3)(MIT)Cambridge MA
November 10, 2003Desktop Linux Conference(Boston University Corporate Education Center)Tyngsboro, Massachusetts
November 10 - 11, 2003Congreso Nacional de Software Libre(CONASOL)(Universidad de Talca)Talca, Chile
November 14 - 16, 2003Third International Ruby Conference(Red Lion Hotel)Austin, Texas
November 16 - 19, 2003ApacheCon 2003Las Vegas, Nevada
November 22, 2003Southern California Linux Expo(SCALE)(Los Angeles Convention Center)Los Angeles, CA
November 24 - 26, 2003Open Standards and Libre Software in Government Conference(EGOVOS 3)Paris, France
December 2 - 4, 2003Linux Bangalore/2003Bangalore, India

Comments (none posted)

Event Reports

Report from the SCO road show

"Compactible Dave" reports from SCO's road show in Toronto. "During the 'we be so profitable' section of the spiel, one reseller in the crowd asked 'where does the money come from?' The response was largely a pointer to the SCO source initiative. The response? 'What you are profitable in will not make me profitable.'"

Comments (2 posted)

Software announcements

This week's software announcements

Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:

Comments (none posted)

Page editor: Forrest Cook

Letters to the editor

Only a fool would believe a Microsoft study after this!

From:  Leon Brooks <leon-AT-cyberknights.com.au>
To:  lwn-AT-lwn.net
Subject:  Only a fool would believe a Microsoft study after this!
Date:  Thu, 9 Oct 2003 00:19:52 +0800

This Microsoft-sponsored Microsoft-engineered report caught my eye, but 
a few things in it really were outstanding, and I mean outstanding like 
large lime green and orange paint squares chequerboarded onto a Rolls.

    http://www.veritest.com/clients/reports/microsoft/mssmbiz.pdf

The "Linux consultants" mentioned in this study wanted 24 programmer 
hours to be able to automatically email out server stats?

    unlike Windows SBS 2003, the monitoring and reporting solution
    used for Red Hat Enterprise Linux ES did not support sending
    performance and usage reports to an email address at regular
    intervals. Linux consultants estimated that this support could
    be added through custom scripting at a cost of 24 hours of
    development time.

urpmi wget metamail
cat > send-usage-updates.sh
    #!/bin/sh
    #
    # send usage charts by email
    # works OOtB for MRTG, RRDtool and Webalizer but for the URL
    # might want to change to and from addresses to suit
    #
    SCRATCH=/tmp/stats-$!.tmp
    mkdir $SCRATCH
    cd $SCRATCH
    wget -nH -nd -p http://url.of.stats/page/index.html
    metasend -F tux-AT-propaganda.morons.inc -z -t billg-AT-morons.inc \
      -s "Stats for $(hostname) at $(date)" -e base64 -b \
      -D "Stats for $(hostname) at $(date)" -f index.html -m text/html \
      $(ls *.png | gawk '{ print "-n -m image/x-png -D image -f",$1 }'
    cd
    rm -rf $SCRATCH

Seventeen minutes including testing ("yup, them's my server stats"), 
while doing other stuff in background. Gawrsh, that was hard. AUD$34.00 
at my normal rates, except I have a one-hour minimum.

I guess I have to charge AUD$120.00*24*60/17 == AUD$10165.00 an hour for 
programming time now, to stay on the same efficiency level as 
Microsoft's amazing Linux consultants.

If our performance ratios are generalisable, it would have taken me two 
minutes and three steps to do the Linux OEM install, three minutes and 
four steps for the full install (roughly 29 and 75 times faster than 
Microsoft SBS 2003, respectively).

I'm not quite that good, just ask anyone who knows me, but experience 
tells me that whacking in an enterprise edition of Mandrake 9.1 as far 
as Step 1 with Yes against every single feature listed for both 
platforms, plus a whole lot more, takes about 35 minutes for a single 
internet domain on a dual P3-1000 box with 2GB of RAM and paired 18GB 
SCSI hard drives.

With Wayne's permission, I can show you that box running thin clients 
today. This is not a theory.

I'm not a Red Hat fan, but I don't understand how Microsoft's testers 
managed to *avoid* Red Hat's installation wizard - maybe it didn't have 
"Wizard" printed all over it, or had more than one choice per page? 
Shrug.

Again I can't speak for Red Hat, but setting up a DHCP server on 
Mandrake is one checkbox in DrakConnect. If ("Ooh, Lordy, Lordy! Oh, 
please, Brer Fox, don't make me edit the config file!") I had to edit a 
DHCP config, it's all of - what, six or eight lines of code? Horrors!

I feel compelled to ask this: is a person incapable of doing or 
unwilling to do that very simple chore the kind of person you want 
running your Internet-exposed servers? Really?

As for wizards reducing download/install times for new packages, even 
Red Hat's very boring GUI package manager must have been too awesome 
for these skilled testers to dirty by touching. It sounds kind of like 
they were drag-racing against a sleigh in summer.

I must admit, however, that Windows SBS 2003 does win on Step 3, "Build 
an intranet web site for information worker collaboration". Sounds 
impressive, doesn't it? Um, question for VeriTest: how do zero steps 
occupy seven minutes and nineteen seconds?

Putting up a Wiki or PostNuke does involve either opening a shell and 
typing a short one-liner or 5 clicks to accomplish (either 29 or 17 
times more efficient than their "Linux consultants").

Again I'm pressed to ask: isn't Windows constantly getting into hot 
water for having services switched on by default? Why then is it a good 
thing that SBS 2003 arrives with them enabled?

I'm also wondering how "urpmi vncviewer rdesktop openssh-server" and the 
installation of PuTTY and TightVNC on the XP workstation managed to 
chew up over 100 minutes for VeriTest's Linux gurus. That's all you 
need to do to complete Step 4 on Mandrake, maybe twenty seconds for the 
server and three or four minutes on the XP workstation for full 
connectivity both ways.

You could even add vnc2swf to that urpmi line and make Flash movies of 
the XP box doing stuff while you waited for the Microsoft guys to win 
the battle with their wizards.

Maybe I should apply for a job at VeriTest? I could charge triple time 
and they'd still save buckets of money on consultants.

It seems the war of words has degenerated here into a war of headlines. 
Anyone looking at the details with half a brain will be either totally 
gobsmacked or laughing too hard to protest. It seems that either 
VeriTest have shifted their research labs into the Ministry of Truth 
building - and no longer seriously claim objectivity - or their 
calendar is six months out of sync.

This only serves to throw Forrester's recent decision to actively avoid 
participating in such charades into sharper relief. It's nice to see 
that at least a few consultancies still take their audience seriously.

Cheers; Leon

-- 
http://cyberknights.com.au/     Modern tools; traditional dedication
http://plug.linux.org.au/       Committee Member, Perth Linux User Group
http://slpwa.asn.au/            Committee Member, Linux Professionals WA
http://linux.org.au/            Committee Member, Linux Australia

Comments (1 posted)

After Sun goes out

From:  "Eric S. Raymond" <esr-AT-snark.thyrsus.com>
To:  wire-service-AT-snark.thyrsus.com
Subject:  After Sun goes out
Date:  Thu, 2 Oct 2003 07:43:59 -0400

Sun Microsystems crossed the line from "troubled" to "doomed" yesterday.
This is sad news for the open-source community, and we need to think
about how we're going to deal with it.  The most pressing questions
are "What becomes of Java?" and "What becomes of OpenOffice.org?"
These are questions that matter.

Sun's troubles have been mounting for a while.  Founder Bill Joy's
departure was an ominous recent symbol, but the substance of their
problem is that their hugh-margin server business is being eroded from
the low end by PCs running Linux at a rate that doesn't leave it
much of a future.

Nobody should cheer the prospect of Sun's demise.  Sun screwed up some
major decisions very badly, from wrecking Unix standardization efforts
in the 1980s to throttling the dream of Java ubiquity by keeping the
language proprietary.  But nobody should forget that Sun was founded
by Unix hackers for Unix hackers.  For most of its lifespan Sun
remained the archetype of an engineering-driven company. Sun was,
mostly, among the good guys; to hackers and geeks, disputing with Sun
was almost a family quarrel.

But inside Sun, I hear that talent is bailing out of the company
because they just don't believe the Solaris-will-prevail story
management is peddling.  Most of Sun's techies are running Linux on
their PCs at home.  They can see the handwriting on the wall.

In retrospect, the recent pronunciamento that Sun has no Linux
strategy was their final admission of failure. Sun can't run at the
lean profit margins that are all a commoditized Linux server market
will support, their cost structure is all wrong for it.  They got
trapped in a classic innovator's dilemma and didn't cannibalize their
own business while they had the investor confidence and maneuvering
room to do so.  Cuddling up to SCO didn't help, either.

And now it's too late[1]. Moody's has just about dropped Sun into the
junk-bond basement.  The stock closed at $3.31, 15% off for the day
and falling in heavy trading.  The recent product announcements have
been duds, and the upcoming quarterlies are going to be a disaster.
Wall street analysts are calling for drastic job cuts and speaking the
code phrases that mean "run for the hills!"  The smell of death is in
the air.

Any of Sun's people and tangible assets that don't scatter to the four
winds will probably wind up in the hands of IBM, HP, and Dell -- three
companies that have shown they do know how to play the
commodity-computing game.  The SCO lawsuit probably won't be
affected. Sun was the lesser-known of of SCO's sugar daddies along
with Microsoft, but Redmond can pick up Sun's share of funding the
lawsuit out of petty cash -- and it undoubtedly will.

The real question is twofold: can OpenOffice.org survive without Sun, and
where will Java land?  Probably not at Microsoft; with C# in the 
picture, it is unlikely that Microsoft even wants to own Java any more.
I have to guess that IBM is the most likely to shoulder both technologies, 
simply because nobody else is really positioned to do it.  But that,
of course, raises other worries -- is it really good for us if IBM
has a lead position in everything?

[1] http://reuters.com/financeNewsArticle.jhtml?type=hotStocksNews&storyID=3535714
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

All governments are more or less combinations against the
people. . .and as rulers have no more virtue than the ruled. . .
the power of government can only be kept within its constituted
bounds by the display of a power equal to itself, the collected
sentiment of the people.
	-- Benjamin Franklin Bache, in a Phildelphia Aurora editorial 1794

Comments (none posted)

Page editor: Jonathan Corbet


Copyright © 2003, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds