LWN.net Weekly Edition for December 24, 2003
Looking back at 2003
This is the last LWN.net Weekly Edition for 2003, so this is an appropriate time to look back at the last year and ponder what has happened. As a way of maximizing our own embarrassment, we'll start with the predictions we posted at the beginning of the year and see how we did.We predicted:
- Governmental use of Linux would increase. Nobody can say that
we missed on that one. Legislation requiring (at a minimum) proper
consideration of free software in public purchasing has been
introduced, and often passed, in many countries. Nations like Brazil
and South Korea have committed to increasing their use of free
software. Cities like Munich and Key Largo have made big jumps into
free software. All this goes to show: it's easier to make correct
predictions if you stick to obvious developments.
- There would be high-profile desktop deployments. Opinions
remain mixed on whether Linux is ready for serious desktop use now,
but few dispute that it is getting there. Desktop Linux provides all
the functionality that many users need, and it gets better every day.
Big deployments have happened in many places, perhaps topped by Sun's
large Linux sale in China, which could eventually add up to
millions of desktop systems.
- We predicted a major patent challenge for Linux. A big legal
challenge did come in the form of the SCO suit, but patents were not
involved. The stage remains set for serious patent problems in the
future, perhaps coming from Microsoft's increasing interest in its
patent portfolio. But 2003 wasn't the year for that.
- We also predicted "a watershed year" in intellectual property
law driven by a number of high-profile cases. Certainly a lot has
happened; the Grokster and Skylink rulings went against oppressive
copyright enforcement, UCITA died a well-deserved death, and, perhaps
most significantly, an attempt to impose software patents on Europe
was defeated - for now. On the other hand, the U.S. Supreme Court
refused to limit copyright terms in the Eldred case. All told, it was
not a watershed year, however; one year later, the situation is almost
the same as it was before. All of the problems we had a year ago are
still there.
- The 2.6 kernel would be released. That happened, of course,
though it wasn't that far from slipping into 2004. We did say
it would happen late in the year.
- We predicted a "SourceForge crisis." Some projects have moved
away from SourceForge, and the site now has a donation box out to help
cover its running expenses. But certainly there has been no "crisis."
- UnitedLinux would not save all four participants; at least one of them would exit the distribution business by the end of the year. Well, that happened, but not quite as we had envisioned. But UnitedLinux member SCO is certainly out of the distribution business, and UnitedLinux has passed into irrelevance. We also said that MandrakeSoft would find a way to pull through and become a viable company. That appears to be happening, albeit via a period in bankruptcy proceedings.
We also missed a few things. The small resurgence in acquisitions of Linux companies (Scyld, Ximian, SUSE, Sistina) was a pleasant surprise, for the people involved if nobody else. The importance and commercial success of "enterprise Linux" distributions, along with the resulting backlash, was and is an important story for 2003. The increasing level of attacks on the community's infrastructure was an ominous development. And the SCO Group's rampage took us by surprise, along with just about everybody else.
What we didn't even bother to predict was that development would continue, the code would get better, and that Linux would continue to grow. That was too obvious even for LWN. But it happened, and will continue to happen. It is still true that the free software story is just beginning.
(Tune in during next week's break, when we will publish our predictions for 2004. We're still trying to get the crystal ball booted up properly as of this writing; contrary to some rumors, the crystal ball has not been taken down by a security compromise. Trust us).
Johansen wins round two
Jon Johansen received an early Christmas present from the Norwegian appeals court in Oslo. Judge Wenche Skjeggestad handed down the unanimous decision of the seven-judge panel Monday, which upheld the lower court's ruling. According to the appeals court, Johansen had done nothing wrong in the creation and distribution of the DeCSS DVD descrambling code, and Norwegian citizens are free to access content and make personal copies of legally-purchased DVDs. While many have been watching the case with interest, it still came as a surprise that the verdict, which was not expected until January, was rendered so quickly.Johansen was charged with criminal violation of Norwegian law in 2000 for writing and publishing DeCSS. The case was set in motion after the DVD Copy Control Association (DVD CCA) and Motion Picture Association of America (MPAA) complained to the Norwegian Economic Crime Unit (Økokrim) about the distribution of DeCSS. According to the letter sent to Økokrim by the DVD CCA's lawyer, Simonsen Musæus:
However, the court noted that prosecutors had failed to prove that DeCSS had been used for copyright infringement, and that it was reasonable to make copies of DVDs for personal use. As the Electronic Frontier Foundation's Cindy Cohn noted when Johansen was first acquitted by the lower court, "It really feels like there is some sanity creeping in."
Sanity has, apparently, failed to make a stop at the MPAA. The association has rushed to condemn the Norwegian court's decision and released a statement that dubbed Johansen a "serial hacker" and calling on the Norwegian parliament to "move quickly" to "correct this apparent weakness in Norwegian law." It is, unfortunately, also possible that Johansen's legal travails are not quite over yet. Norwegian prosecutors have two weeks to appeal the appellate court decision to Norway's supreme court.
If found guilty, Johansen could have been sentenced to two years in prison. Prosecutors, however, had asked the court for a lesser suspended sentence in the Johansen case, apparently aiming to set precedent rather than seeking to jail Johansen.
The Johansen case makes it quite clear that the entertainment industry is seeking more than a way to curtail illegal copying. While the prosecutors and the MPAA have claimed that DeCSS opens the door to copyright infringement, there is no need to decrypt DVD content to make copies of DVDs -- and no evidence that DeCSS is being used to "pirate" movies.
It is, however, necessary to use DeCSS or a similar tool to decrypt content to make use of the content legitimately on Linux or other systems that lack DVD playback software. The choices available to movie enthusiasts on Linux are somewhat unpalatable: Risk legal prosecution for creating or using tools such as DeCSS, use other operating systems to play movies on laptops and home PCs, or remain unable to watch legitimately-purchased movies on a computer at all.
The Johansen verdict is a welcome victory, but it is hardly a major one. While those in Norway may breathe easier (at least for the moment), those of us in other countries with more repressive laws still lack the legal ability to make copies of legitimately-purchased media.
Holiday cheer from the SCO Group
The SCO Group has kicked off the holiday season with a couple of new press releases, some interesting disclosures of which code it is claiming, its fourth quarter results, and, of course, the inevitable conference call. This article will look at all of the above, with an emphasis on the company's new copyright claims. Those claims look to be on shaky ground, to say the least.We'll start with the quarterly results, as described in this press release. The company lost $1.6 million on revenue of $24.3 million. Of that, $10.3 million came from licensing agreements - all from Microsoft and Sun. It would appear that there are still no other paying licensees. In the conference call, SCO management stated that license revenue in the next quarter would be "minimal." Some direct questions were asked about just what sort of revenue was being received by other licensees, but the answers were, to put it charitably, evasive.
The more interesting part of today's activity is a view into the claims SCO plans to make in the coming months. To that end, there has been another press release, and a new letter being sent to Linux users. What the letter makes clear is that SCO now considers part of the Unix application binary interface (ABI) to be its property. Linux implements the Unix ABI, so SCO has picked out several dozen files which, it claims, violate its copyright. The full list is in the letter, but what it comes down to is each architecture's version of errno.h, signal.h, ioctl.h, plus a few others.
These include files all have the same form: they are really just long lists of #define statements assigning values to symbols. They define the various error codes returned by the kernel, the numbers associated with signals, and the numbers for ioctl() commands. Many of these numbers have nothing in common with any version of Unix, but many others do. So, if you compare the first part of the definitions in the 32V version of user.h with a 2.4 errno.h, you see:
| 32V version | 2.4.x version | |
|---|---|---|
#define EPERM 1 #define ENOENT 2 #define ESRCH 3 #define EINTR 4 #define EIO 5 #define ENXIO 6 #define E2BIG 7 #define ENOEXEC 8 #define EBADF 9 #define ECHILD 10 #define EAGAIN 11 #define ENOMEM 12 #define EACCES 13 #define EFAULT 14 #define ENOTBLK 15 #define EBUSY 16 #define EEXIST 17 #define EXDEV 18 #define ENODEV 19 #define ENOTDIR 20 ... |
#define EPERM 1 #define ENOENT 2 #define ESRCH 3 #define EINTR 4 #define EIO 5 #define ENXIO 6 #define E2BIG 7 #define ENOEXEC 8 #define EBADF 9 #define ECHILD 10 #define EAGAIN 11 #define ENOMEM 12 #define EACCES 13 #define EFAULT 14 #define ENOTBLK 15 #define EBUSY 16 #define EEXIST 17 #define EXDEV 18 #define ENODEV 19 #define ENOTDIR 20 ... |
The 2.4 version has comments on each line which have been removed in the above listing, but, even taking those into account, there is clearly a high degree of similarity between the two. The definitions in Linux are obviously taken from older Unix systems. That is not surprising; Linux was intended to implement the same interface. Linux is not alone in having reproduced the Unix error numbers; if you look at the Minix version of errno.h, you see the same interface used. Microsoft uses the same numbers. Modern BSD systems also use the same definitions, of course. The basic Unix numbers for errors and signals have been widely reproduced, to say the least.
If the files in question were, indeed, copied from an ancient Unix distribution, then the Linux developers have arguably violated the associated BSD license by leaving out the copyright headers. This is a copyright violation, but it is also easy to fix by simply restoring those headers. There are enough other sources for these numbers, however, that proving that they came into Linux via any particular path could be hard.
There are a couple of things that one should keep in mind, however, when evaluating SCO's new claims. One is that the copyright status of ancient Unix is uncertain at best, as has been reported many times. The judge in the BSDI case came to the conclusion that USL's chances of enforcing its copyrights were poor. SCO will not have improved those chances. Novell's recent reassertion of its claim to still own the Unix copyrights could also complicate matters for SCO.
The truly important issue, however, is that the old Unix ABI is exactly that: a well established ABI. Copyright law allows for the protection of expressions of an idea, but not the idea itself. Concepts used in an ABI, like "the number 12 means no memory is available," can be very difficult to copyright. If there is only one way to express an idea, you cannot get copyright protection for that expression. In this case, there are truly few alternatives to:
#define ENOMEM 12
SCO will have a hard time convincing a judge anywhere that copyrights can protect this sort of code - especially given that the error names (but not the associated numbers) are part of the POSIX standard.
SCO seemingly intends to try, however - at least for as long as it takes to shake down some nervous users. To that end, the company is taking two approaches. One is to threaten anybody who distributes Linux with the offending files; that is what the letter was sent out for. From statements made in the conference call, one could conclude that SCO thinks it has users in a bind; constants like error and signal numbers cannot be changed without breaking binary applications. By claiming something that cannot be easily removed, SCO apparently hopes to inspire companies to pay up instead.
The other approach is described in the second press release: SCO is sending notices to its Unix licensees requiring them to "certify" that they are in compliance with the Unix agreement. The letter requires a long list of promises from Unix licensees, including:
It has long been clear that signing a contract with the SCO Group is a Bad Idea. The SCO Group is using its contracts to go after its customers - something which does not generally inspire those customers to buy anything else. The Unix contract is being used as a lever to force those customers to "certify" that they are not running Linux. Needless to say, at this point, few of these customers will be in a position to do that. They are now in a bit of a difficult situation; they can refuse to certify, pay SCO, or claim that Linux does not actually contain any copyrighted ABI code.
As a short-term strategy for SCO, this move must look pretty good. The use of the existing contracts in this way may well succeed in applying enough pressure to make some customers give in. None of those customers are going to appreciate this behavior, however; one would assume that many of them will decide (if they have not already) that entering into any other agreements with the SCO Group is not in their best interests. SCO is destroying whatever future business it may have still had to expedite a short-term shakedown.
A couple of other notes from the conference call are in order. It began with a statement that the call is copyrighted by SCO, and any reproduction ("in whole or in part") is prohibited. Transcripts will certainly be posted; it will be interesting to see if SCO tries to get them taken down. Analyst Dion Cornett (Decatur Jones Equity) appears to be getting a clue: he asked SCO whether it really believed it had a valid license to distribute Samba. Strangely enough, SCO's answer did not address that question at all. Finally, Darl McBride presented the SCO litigation scheme as "a model many companies will adopt" in the near future. If SCO succeeds in its attempts, that statement could well come true. The foundation of SCO's new claims appears weak at best, however. SCO is more likely to become a very different sort of example.
More SCO cheer
Since the above article was published, a few more things have happened on the SCO front...Linus has posted a response to SCO's claims of ownership of various include files in the Linux kernel. In particular, he examines the "ctype" macros, which he wrote personally, tracing their development from very early kernels. Needless to say, he does not concur with SCO's claims in this regard.
Since then, a significant effort has been underway to find the true origins of the errno.h include file. This file, it turns out, was added in version 0.97 of the kernel; Linus has concluded that it was automatically generated from libc-2.2.2 (note that's "libc", not "glibc", which came much later). Tracking down the source for that version of the library was a challenge, but, once it turned up on an FTP site, Linus was able to verify that it was the source for errno.h. The next question would be how the error numbers and descriptions got into libc, but, as Linus says:
In any case, errno.h was not copied from anything owned by SCO.
It is also worth looking into ancient history (October, 2003) to review a quote by SCO's spokesperson Blake Stowell:
Files like errno.h have been in the kernel since well before 2.2, which, apparently, "includes no infringing code." Either SCO has changed its mind in the last couple of months, or they know that this code does not actually infringe upon any copyrights owned by the SCO group. We requested clarification from Mr. Stowell, but, predictably, got no response.
Meanwhile, SCO has announced the abrupt departure of Steve Cakebread from its board of directors, ostensibly due to "personal time constraints." We note (thanks to a pointer from Don Marti) that Mr. Cakebread's day job is Chief Financial Officer at Salesforce.com, which is a heavily Linux-based application service provider. Could it be that Salesforce.com got a shakedown letter from SCO, and has given its response?
SCO's offices are, apparently, shutting down for the holidays. Expect more interesting developments in January after they return to work and, according to the Monday conference call, set a significantly larger staff on the task of shaking money out of Linux users.
Interview: Public Patent Foundation's Dan Ravicher
While the SCO saga is absorbing our attention in the short term, many are concerned about software patents and they worry that the real test for GNU/Linux will be in the future, from patent lawsuits. There have been numerous patents granted that to programmers seem to have been wrongly issued. The Amazon One Click patent springs to mind. Now Microsoft has announced it will be charging for use of the FAT filesystem, and that too makes some worry.
The Public Patent Foundation has recently been established for the purpose, as its web site puts it, of protecting "civil liberties and free markets from wrongly issued patents and unsound patent policy by providing those persons and businesses otherwise economically, politically, and socially deprived of access to the system governing patents with representation, advocacy and education."
Dan Ravicher is the patent attorney -- and programmer, incidentally -- who started PubPat, and he is its Executive Director. He was kind enough to answer some questions about patents and the work his organization is doing to educate the public and counter patent abuses. He says he is looking into the Microsoft FAT patents situation and has about a hundred pieces of prior art which were not reviewed by the examiner which they are currently reviewing. Dan was kind enough to answer the following questions.
What made you decide to start your foundation and can you tell us what it does?
In information technology industries, abuse of the patent system means illicit restraint of civil liberties and unjustified disproportionate burdening of small businesses. In life science industries, abuse of the patent system has even more devastating results, including the exacerbation of pain and suffering by those who cannot afford medical technologies covered by undeserved patents. This situation is abhorrent and the Public Patent Foundation is beginning a campaign against such abuses.
PubPat's four core activities are (1) challenging patents that threaten the public's health, freedom, or other interests, (2) helping small businesses defend themselves from patents being asserted against them, (3) establishing patent commons within markets crippled by patent thickets, and (4) educating the public regarding these issues and advocating for reform of the patent system.
If you plan on contesting any patents, can you tell us what patents you have in mind currently? And what would the process involve, from your standpoint?
To expand on one of the examples above, the Microsoft FAT patents are part of Microsoft's first attempt at building a licensing line of business akin to the one rolled out by IBM several decades ago. This causes concern for us because Microsoft is an admitted monopolist with a proven track record of driving competition from various markets through any mechanism available to it. They may now be focussing on patents as yet another avenue to foreclose competition, including specifically that from free software.
Beyond these atmospheric concerns, our analysis of the FAT patents has produced a substantial amount of prior art that was not before the patent office when it issued those patents to Microsoft. For a company with a nefarious past to be seeking revenue for patents that very likely did not deserve to be issued, is a malign scenario indeed. PubPat intends to ensure that the public's interest in being protected from such bahavior is properly represented.
Should there be software patents at all?
One thing the Public Patent Foundation is doing is compiling the data and performing the analysis I mentioned above, so that all reasonable persons can be presented with evidence supporting or condemning the policy decision made by the courts that "anything under the sun made by man" is patent eligible.
What is the international impact of American patent law on world business?
Computers are extensions of the human brain; computer storage is an extension of human reading and writing; electronic communication is an extension of the human voice. How do you feel about patents which use computers to do things that humans have been doing for millennia?
If a patented technology accomplishes a very old function, but with structure that is new and unobvious, then that satisfies the requirements for patentability. Further, one may need to recognize that functions are not necessarily the same simply because their result is the same. For instance, few humans who can do in a day (week, year) the complex calculations machines do today in mere nanoseconds. The function, in that case, is not getting the answer; it is getting the answer in virtual real time, which is something that humans have never done.
Security
Brief items
Linux security in 2003
Here in the free software world, we had no shortage of security problems in 2003. Vulnerabilities were announced in many packages, including (but not limited to) apache (several), balsa, bind, bugzilla, cdrecord, cfengine, cron, cups, cvs, ethereal (many), evolution, exim, fetchmail (many), fileutils, gdm, ghostscript, glibc, gnupg, gzip, hylafax, inetd, iproute, KDE, kerberos, kernel (several), lprng, lsh, lynx, mailman, man, mozilla, mpg123, mplayer, mutt, MySQL, openssh, openssl (several), perl, pine, PHP, postfix, PostgreSQL, proftpd, python, rsync, samba, screen, sendmail, snort, stunnel, sudo, tcpdump, vim, webmin, wget, wu-ftpd, xchat, XFree86, xinetd, xpdf, and zlib. All told, 304 entries were added to LWN's vulnerability database in 2003. Needless to say, that is far too many - and it does not count all of the problems which were silently fixed without going though a security alert process. As a community, we have to strive to do better in 2004. For all that we believe Linux and free software are more secure, there is no doubt that they are not, yet, secure enough.The truly worrisome security trend in 2003, however, is the increasing level of attacks on the community's infrastructure. Servers were compromised at the GNU Project (twice) and the Debian Project (multiple servers in one incident). A mirror server for the Gentoo distribution was also broken into. There was also a compromise of the kernel's CVS server and an attempt to insert a trojan horse into the kernel itself. None of these attacks ended up with compromised code being made available to users, but most of them could have been exploited in that way.
Maybe these are all just random attacks (though an attempt to trojan the kernel can only be so random), or maybe somebody is making an attempt to mess with the server structure which holds this community together. Either way, chances are that, eventually, one of these attacks will succeed in causing serious damage, far beyond the service disruptions and lost time we have seen so far. The real lesson from 2003 is that there really are people out there with evil intent, and they are looking our way.
New vulnerabilities
ethereal: protocol dissector and other vulnerabilities
| Package(s): | ethereal | CVE #(s): | CAN-2003-0925 CAN-2003-0926 CAN-2003-0927 CAN-2003-1012 CAN-2003-1013 | ||||||||||||||||||||||||||||||||
| Created: | December 19, 2003 | Updated: | February 13, 2004 | ||||||||||||||||||||||||||||||||
| Description: | Serious issues have been discovered in two ethereal protocol dissectors. Both vulnerabilities will make the Ethereal application crash. The Q.931 vulnerability also affects Tethereal. It is not known if either vulnerability can be used to make Ethereal or Tethereal run arbitrary code. (CAN-2003-1012 and CAN-2003-1013) | ||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||
irssi: remote denial of service
| Package(s): | irssi | CVE #(s): | |||||
| Created: | December 23, 2003 | Updated: | December 23, 2003 | ||||
| Description: | Versions of irssi prior to 0.8.9 have a remotely exploitable denial of service vulnerability - but only on non-x86 systems. | ||||||
| Alerts: |
| ||||||
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current development kernel is 2.6.0 (we're not quite ready to call it a fully stable kernel yet). This kernel was released by Linus on December 17, right after last week's LWN Weekly Edition went out saying it hadn't been released. Linus, we think, does this on purpose. Anyway, this kernel contains a small number of very small patches; see the long-format changelog for the details.As of this writing, there are no patches in Linus's BitKeeper repository.
The current stable kernel is 2.4.23; Marcelo released the second 2.4.24 prepatch on December 22. This prepatch adds some ACPI fixes, various driver updates, an XFS update, and various other fixes.
Kernel development news
2.6.0 is out - now what?
Linus and Andrew have, at long last, released the 2.6.0 kernel. What happens now?If you are a potential user of the new kernel, and you have not worked with 2.5-series development kernels thus far, there are some resources to check out:
- Dave Jones's Post-Halloween
document, which has been updated to 2.6.0. Here you'll find an
extensive description of what has changed, what issues remain, and
what tools you may have to update to run this kernel.
- Joe Pranevich's Wonderful
World of Linux 2.6 continues his tradition of documenting the
features available in the new stable kernel.
- Andrew Morton's notes on what to expect from 2.6.0 are also worth a read.
If you are a developer looking to update out-of-tree code to the new kernel (and there seem to be quite a few people answering to that description out there), we humbly recommend the LWN.net Driver Porting Series. It answers a number of questions which have been posted to linux-kernel recently.
Where do things go from here? As Linus pointed out in the 2.6.0 announcement, Andrew Morton is now the maintainer for 2.6. This is the first time that Linus has passed off responsibility for the stable series before moving on to the new development tree. So the most likely place to look for patches likely to go into 2.6.1 (and subsequent kernels) is Andrew's -mm tree, currently at 2.6.0-mm1. That tree contains an impressive 384 patches, some of which are significant. There are also quite a few patches in the hands of their respective developers which will surface as soon as it appears they might go in.
Looking at all of these patches can be a little discouraging; it is easy to envision a 2.6.x kernel which, after a big patching frenzy, is rather less stable than 2.6.0. Certainly things have worked that way with some previous stable kernel releases. There is cause for optimism, however. Andrew has a strong interest in keeping the stable kernel truly stable, and many of the patches in -mm have been there for quite some time. Not all of the -mm patches will go into 2.6, but those which do will have already been put through their paces by users of the -mm tree.
The question of more interest to many developers is: when will the 2.7 tree open up? The stabilization period between 1.0 and 1.1 was all of 34 days. With 1.2, however, things began to stretch out; it took 97 days before 1.3 started. Developers waited 113 days for 2.1 and 105 days for 2.3. The delay between 2.4.0 and 2.5.0 was the most stressful of all for kernel hackers; it took a full 323 days. There is reason to hope that the wait for 2.7 will not be anywhere near as long; 2.6.0 is in better shape than 2.4.0 was. But it would be surprising if the stabilization period were shorter than it has been for other 2.x releases. So we can expect to wait at least three months, putting the beginning of 2.7 sometime in March, 2004 or thereafter. But that, of course, is just a guess.
Improving kill_fasync()
Unix systems, and their variants, provide a number of ways for processes to manage multiple I/O streams simultaneously. One of those is through the use of I/O signals; a process can request to receive a SIGIO whenever a given file descriptor becomes available for reading or writing. Inside the kernel, this signalling is handled via a file-specific fasync_struct structure and a couple of helper functions. One of them, called fasync_helper(), simply helps the kernel (filesystem or driver) code track which processes have requested notification for a given file. The other, kill_fasync(), is invoked to actually deliver a signal to interested processes when the time comes.The kernel uses a single reader/writer spinlock (fasync_lock) to serialize all calls to either helper function. In some situations, it would seem that this lock is starting to hurt performance. It seems that more types of devices support I/O signalling than was once the case, and the increasing number of calls to kill_fasync() is creating lock contention. So Manfred Spraul did something about it, in the form of a patch which switches the I/O signalling code over to the read-copy-update mechanism for mutual exclusion. The result for his particular test load was an 80% reduction in the time required to send out I/O signals.
Linus, having issues with how some of the locking was done, didn't much like the patch, But he also had some ideas for reworking the whole I/O signal mechanism to get rid of a lot of unneeded code. The key is in the understanding that the list of processes wanting I/O signals is very similar to the list of processes simply waiting for the I/O itself. Either way, it is a list of processes that needs to be notified when data becomes available or the file descriptor becomes writable. There is not a whole lot of difference between sending a SIGIO to the process and simply waking it up.
During the 2.5 development process, the wait queue mechanism was generalized somewhat; this Driver Porting Series article describes some of the changes which were made. The kernel function wake_up() (with several variants) is called to wake processes which are waiting on a wait queue; in 2.4 and prior kernels, it performed that wakeup directly. In 2.5, however, all wake_up() really does is call a special wakeup function, a pointer to which is stored in the wait queue entry. This indirection allows different processes to be awakened in different ways.
So far, there are few cases where a non-default wakeup function is used. But there is no real reason why, with a suitable wakeup function, wait queues could not be used for any of a number of different process signalling tasks. The whole I/O signalling mechanism and its fasync_struct structure could really be replaced by a wait queue with a special wakeup function.
The only problem with this nice, elegant idea is that it won't work. kill_fasync() takes a "band" argument which eventually gets passed though to the target process as signal data. There is currently no way to pass that information to a wakeup function via wake_up(). Adding a data parameter to wake_up() would fix that problem and, perhaps, enable a number of other potential uses for wait queues. Such a change appears likely to happen - but not until 2.7. Such changes really shouldn't be made in 2.6, now that the 2.6.0 kernel has come out.
Use of patented code in the kernel
A kernel developer recently asked: should code implementing an algorithm known to be patented be submitted for incorporation into the Linux kernel? Given that Linus has promoted an approach to software patents in the past that some see as being a bit cavalier, one might be forgiven for not knowing the answer in advance. But Linus's answer was clear: "Don't submit, and find an unencumbered algorithm."
The two points of view expressed by Linus are entirely compatible. Code which is known to have patent encumbrances cannot go into the kernel, because such inclusion is (or could lead to) a knowing act of infringement. On the other hand, kernel developers should not go out of their way looking for potential patent problems with their code. That way lies madness -- there's no end of bogus software patents out there. Known problems should be kept out of the kernel; the rest should not be worried about until something comes up.
That said, a couple of interesting points were raised in the discussion. One is that the exclusion of patented code hurts all users of the kernel, even though many of them (a majority, even) are, for now at least, in jurisdictions which do not recognize the patents in question. Rather than exclude code with patent encumbrances, why not create a configuration option making the code available to those who can legally use it? The burden would then be on the end users to think about what they can do before explicitly turning on an option which would enable patented code.
Various objections can be raised to this scheme, of course. It would turn our free kernel into a partially proprietary system, at least in some countries. Patents are public knowledge, so publishing an implementation should not be a problem as long as the patented code is not used in places where the patent is recognized. But somebody might still try to file a suit complaining that the kernel (and its developers) are contributing to an infringement. The community also does not need another reason for certain critics to proclaim that Linux is putting its end users into legal danger. For all these reasons, the inclusion of patented code with a configuration option seems unlikely.
There is one other potential issue, however; as Jamie Lokier pointed out, there is already some code in the kernel with patent issues. There is a documentation file in the kernel source which discusses the SB-Live mixer code - and patents which may cover it. If there is a license which allows those patents to be used in the kernel, the file fails to mention it. The kernel also contains a "flash translation layer" memory card driver; the FTL format it implements is subject to a patent owned by M-Systems. The license that goes with that code allows the use of the patented technology - but only with PCMCIA cards. The covered code is, thus, not entirely free.
Given the nature of the software patent regime (especially in the U.S.), it seems certain that more patent-encumbered code will be found in the future. It would not be surprising if, one day, we were faced with a patent covering an important piece of code in a heavily-used kernel subsystem. At that point, some difficult choices will need to be made. Until then, however, there is little to be done.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Security-related
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
The Year-end Wrap-up
With only a few days remaining in 2003, it is perhaps a good time to look back at some of the more interesting events of this year and look ahead to see where the main distributions are heading in the coming year.Red Hat Linux and Fedora Core. The year 2003 turned out to be a year of transition for the world's most popular Linux distribution, with Red Hat Linux as we knew it, finally ceasing to exist. It was replaced by Fedora Core, a supposedly community-driven project for Linux enthusiasts, while the name Red Hat is now exclusively reserved for use in "Red Hat Enterprise Linux" (RHEL). The decision has left a gap between what is often perceived as Red Hat's experimental product (Fedora Core) and what is beyond financial reach of many small businesses (RHEL). It also resulted in confusion of some long-term Red Hat users and supporters who felt deceived by the policy change. For others though, Fedora Core is more than an adequate replacement: perhaps lacking Red Hat's traditional attention to quality control and slightly rough around the edges during the transitional period, but still a great product for those willing to share their experiences and solutions on the developers' mailing list. Fedora Core 2 is scheduled to enter a new testing phase in early February, with the final release expected on April 5th. The two critical features of this release are the inclusion of the 2.6 kernel and SELinux functionality.
Mandrake Linux. MandrakeSoft seems to have just about recovered from the financial troubles that were made public just over a year ago. The company released Mandrake Linux versions 9.1 and 9.2, with the ISO images of the latter version being made available exclusively to the MandrakeClub subscribers weeks before general release. The reviews have been mixed; some reviewers found the 9.2 version rather buggy, with a large number of post-release bug fixes by Mandrake confirming these observations. Still, Mandrake Linux has retained its reputation as a home users' favorite distribution by providing freely downloadable ISO images, by including excellent graphical configuration tools and by maintaining a highly active user and developer community. Mandrake Linux 10.0 with kernel 2.6 is scheduled to be released in March next year, with the first beta expected on January 1st.
Debian GNU/Linux. Not many people will be surprised to hear that the Debian project has gone through 2003 without producing a new stable version. Debian Sarge was originally scheduled for release in early December, but the release manager's optimistic prediction turned out to be way off the mark. The unfortunate compromise last month of several servers hosting the Debian project has further delayed the release. As the critical bug count still remains unacceptably high, don't be surprised if we don't see a stable Debian Sarge until well into the second half of 2004. Despite the setbacks, Debian has been one of the winners after the policy changes at Red Hat, with many users clearly finding the non-commercial nature of Debian more re-assuring and a lot more resistant to unpopular policy shifts than its commercial competitors. And although the latest stable release, Debian Woody, is badly outdated with its default kernel now two generations old, the Debian developers continue to support it with timely security patches.
SUSE LINUX. This was a big year for the German Linux company. Besides a name change (from SuSE Linux to SUSE LINUX), several new product releases and partnership announcements, SUSE's main presence in the media was triggered by two big events: one was the decision of the City of Munich to switch 14,000 servers and workstations to SUSE LINUX, while the other was the acquisition of SUSE by Novell. Like Red Hat, SUSE also appears to be focusing on large enterprises and volume customers. However, it is likely to continue with a twice-a-year release cycle of Personal and Professional editions of SUSE LINUX, of which the Professional edition will serve as a base for the company's less frequent enterprise-class products. We can expect a new version of SUSE LINUX, likely shipping with the 2.6 kernel, early in the second quarter of 2004.
Gentoo Linux. After the exponential growth of the increasingly popular source-based Gentoo Linux earlier this year, the distribution is entering a period of stabilization with more planning and predictability than before. This is already reflected in the updated release schedule for 2004, in which the Gentoo versions will change to a year-based scheme. Each quarter will see one new stable release with version 2004 expected in January, 2004.1 in April, and so on. Gentoo Linux 2004 will also incorporate the new 2.6 kernel, which will possibly make Gentoo the first distribution shipping with the new kernel. Besides general releases, other exciting development efforts abound at Gentoo; these include a new portage-ng, the successor of the Portage package management, as well as catalyst, a tool for building customized stage tarballs and live CDs.
Slackware Linux. Uncharacteristically, Slackware produced two stable releases this year - versions 9.0 and 9.1. The latter was declared "kernel 2.6 ready" and we can expect a new Slackware release soon after XFree86 4.4 and KDE 3.2 are declared stable. In July, Slackware also celebrated a 10-year anniversary since the initial release of Slackware Linux 1.0; this makes Slackware the oldest surviving Linux distribution available today. And despite the absence of any official dependency resolution package management tools and graphical configuration utilities (or perhaps because of it), Slackware remains one of the most popular, best loved and widely used Linux distributions on the market, especially on servers.
Knoppix. It would be wrong to conclude this story without mentioning Knoppix. As a truly innovative product, the Knoppix live CD has had an enormous impact on the distribution market in terms of Linux advocacy and adoption among users who had never tried Linux before. Besides being a great demonstration and rescue tool, Knoppix has also caused an explosion in other live CD projects, as evidenced by the Knoppix Customizations page at knoppix.net, which now lists no fewer than 70(!) Knoppix-based distributions and related projects. The success of the Debian-based Knoppix has also alerted developers and fans of other main distributions, with several Red Hat, Mandrake and Slackware-based live CDs all competing for our attention. Year 2003 can safely be declared as the "Year of the Linux live CD"!
Finally, a personal note. It has been a great privilege, as well as an interesting experience, to write these weekly articles for LWN.net. I would like to use this opportunity and express my gratitude to all readers who have contributed corrections, suggested improvements and provided feedback in the form of comments or personal emails here and at distrowatch.com. I will use them to gauge readers' interests, keep the pulse on happenings at popular distributions and perhaps uncover a hidden gem or a unique idea among the many interesting projects out there. Thank you all and happy holidays!
Distribution News
Conectiva Linux 10 Preview Release
Conectiva has announced a preview release of Conectiva Linux 10 with Linux kernel 2.6.0, glibc 2.3.3, XFree86 4.3.99.14, KDE 3.2 beta2, GNOME 2.4, and more.Debian Weekly News - December 23rd, 2003
The Debian Weekly News for December 23, 2003 is out. The Debian website is functional again; there's a plug for FSF Europe. There is a HOWTO for Debian-Installer translations; the installer source has moved to Alioth. Read about these and other topics by clicking below.Mandrake Linux
MandrakeSoft has summarized its product-life policy and Open Source commitment. "At a time when some of the established Linux companies are turning away from their Open Source roots and progressively abandoning full-time commitment to Open Source Software, many people have asked MandrakeSoft to clarify its position regarding product-lifetimes and its Open Source development model."As per the policy mentioned above, here is a reminder that Mandrake Linux 9.0 has entered it's last phase of support and as a result will only be receiving critical updates to the base OS. It's time to upgrade.
Mandrake Linux 9.2 bug fixes:
Fedora updates
Here are some updates for Fedora Core 1:- gnucash: upgrade to 1.8.8
- dia: update to version 0.92.2
- sed: enables 'fastmap' in v4.0.8-2
- binutils: bug fixes in v2.14.90.0.6-4
- gphoto2: upgrade to 2.1.3
- bash: bug fixes in v2.05b
Red Hat Linux - 2.4 kernel update
Red Hat has updated kernel packages containing numerous bug fixes, available for Red Hat Linux 7.1, 7.2, 7.3, 8.0 and 9.Slackware Linux
This week the slackware-current changelog shows 2.6.x kernel in testing/, and upgrades to dvd+rw-tools-5.14.4.7.4, mysql-4.0.17, vorbis-tools-1.0.1, koffice/i18n-1.2.95, libao-0.8.4 and libvorbis-1.0.1.Trustix updates
Trustix Secure Linux 2.0 bugfix advisories:- kernel: fixes a minor memory leak, cleanup
- anaconda, hwdata: kernel module changed name
- findutils, setup: minor bug fixes
New Distributions
LORMALinux
LormaLINUX is Lorma Colleges' very own Linux Distribution that has been optimized and customized to meet the needs of educational institutions and its students. It is a full-featured Operating System specifically created for ease of installation, ease-of-use and functionality. LORMALinux 4, based on Fedora, was released December 9, 2003.
Minor distribution updates
College Linux
College Linux has released v2.5 (ObiWan). "One of the innovations is our CollegeLinux server robot which install & configure automatically (almost no question asked) Apache, PHP, MySQL, SQLite, Webmin and Phpmyadmin (mysql front end) and SQLiteManager (sqlite frontend) your complete server & development environment. It is the easiest tool ever seen on linux to build your very own server up and running at the end of the installation."
Devil-Linux
Devil-Linux has released v1.0.3 with major security fixes. "Changes: Some source has been updated because of vulnerabilities and some minor bugs have been fixed. Kernel MPPE support is working again."
KnoppiXMAME
KnoppiXMAME has released v1.1 with major feature enhancements. "Changes: This release uses the 2.6 kernel. It supports more joysticks, and ALSA ISA cards. The CD is more modular now, allowing the replacement of the kernel or xmame executable. Because xmame development is very rapid, this should be a welcome addition."
Linux LiveCD
Linux LiveCD Router has released v1.8.3 with minor feature enhancements. "Changes: This release adds new linux-wlan-ng-0.2.1-pre16 drivers for Prism2 wifi cards and a new acx100-0.2.0pre6 driver for some DLink wifi cards in /opt/drivers. The documentation in /opt/doc has been updated."
Openwall GNU/*/Linux (Owl) 1.1 release
Openwall GNU/Linux has released Owl 1.1, currently available for purchase on a CD and will also be available for download after January 7, 2004. Click below for more information.SmoothWall Express
SmoothWall has released Smoothwall Express 2.0 with major feature enhancements. "Changes: SmoothWall GPL is now SmoothWall Express. SPI using Linux 2.4 kernel with iptables and netfilter. The installer, the Web user interface, VPN, graphs, and proxy performance were improved. Connectivity device support was improved, including USB/PCI ADSL and USB BT HH ISDN. uPnP support was added for Microsoft Windows XP users. Static DHCP assignments are now possible. The time can be synced with an internal or external NTP server. The configuration can be backed up or restored to a floppy disk. Simpler port forwarding was added. An external IP blocking feature was added. A new Java SSH client was added."
Source Mage GNU/Linux
Source Mage GNU/Linux has released v0.8.0 "Mending". Among the changes; sorcery 1.6 is used (no more lockexec), latest stable grimoire, kernel 2.4.23 with XFS patches, JFS support added while installing, and more.
Distribution reviews
Lorma Linux V4 -based on Fedora Core 1
cahtech.co.nr reviews LormaLinux and its parent Fedora Core 1. "Although I was going to review only Lorma Linux I thought it would be impossible to do it without bringing Fedora into the equation. This is because Lorma is the first derivative of Fedora Core to be released. Lorma Linux is developed by the MIS Department of Lorma College in the Philippines. It is a recompiled and optimized version of Fedora for i686 computers, so it should be faster and more responsive. Instead of Fedora's 3 CDs it only occupies 1, but also integrates software from the Linux Terminal Server Project (LTSP) for setting up disk-less workstations. Although Fedora is a Gnome centric release and the session list contains gnome in gdm, it uses KDE. In contrast Fedora has both KDE and Gnome but is really gnome centric and their implementation of it truly is slick."
Face-off: Fedora Core 1 versus the free version of SuSE 9.0 (NewsForge)
NewsForge compares Fedora Core 1 to SuSE Linux 9.0. "While Linux still has a long way to go in the arena of security, both distros have done some very good things that deserve mentioning. In both cases unnecessary services are initially turned off, a firewall is installed by default, and patch management is handled with intelligence and grace. SuSE has a slight edge over Fedora in their firewall tool, and Fedora has a slight edge in patch management."
Page editor: Rebecca Sobol
Development
The Rivendell Radio Automation System
A new project, known as the Rivendell Radio Automation System, has been announced. The initial beta version of the software is now available. Rivendell has been released under the GNU General Public License.
The system is being developed by
Salem Radio Labs:
"This group is responsible for development of new systems and applications. With a primary focus on development of Linux-based Open Source systems, these applications are designed to be accessible and useful to the entire Christian Broadcasting community.
"
The software looks like it would also be a good fit for
community broadcast stations that operate with limited funds.
Currently, Rivendell consists of the following tools:
- RDAdmin - a tool for system configuration and management.
- RDLogEdit - a tool for editing program logs.
- RDLibrary - a tool for maintaining an audio content library.
- RDAirPlay - a live audio playback application.
- RDCatch - an automatic recorder for incoming audio feeds.
Some of the Rivendell features include:
- Designed for efficient on-the-air use by professional broadcasters.
- Support for (optional) touch screen input.
- Completely GUI-controlled configuration.
- A playback system for both live-assist and walk-away operation.
- A built-in audio file library.
- Support for cart-style (short segment) programming.
- A Cut Marker Editor for adding segues, timers, and transition features.
- FreeDB support for deriving CD track information.
- Built-in control for approved audio devices.
- Support for external broadcast switching and satellite receiver hardware.
- Support for PCM16 and MPEG Layer 2 audio file formats.
- Works with analog and AES3 (digital) audio streams.
- Integrated program log editing system with support for multiple automation logs.
The Screen Shot Gallery is worth looking over, it shows many of the capabilities of the various system tools.
In all, Rivendell looks to be a nicely designed system that could prove to be very useful for a wide range of radio broadcasters.
System Applications
Audio Projects
JACK 0.92.0 released
Version 0.92.0 of JACK, the JACK Audio Connection Kit, is out with bug fixes and other minor changes.Planet CCRMA Changes
The latest changes from the Planet CCRMA audio utility packaging project include new versions of Hydrogen, the MCP, REV, and VCO plugins, and the Alsa Modular Synth.
Database Software
MySQL Version 4.0.17 Now Available
Version 4.0.17 of the MySQL database has been announced. "This is a maintenance release for the current MySQL production version, and it is now available in source and binary form from the MySQL download pages. MySQL 4.0.17 resolves all valid bugs identified by Reasoning Inc. and reported in a press release titled, Reasoning Study Reveals Code Quality of MySQL Open Source Database Ranks Higher than Commercial Equivalents. Reasoning's inspection study shows that the code quality of MySQL is six times better than that of comparable proprietary code."
PostgreSQL 7.4.1 Released
Version 7.4.1 of the PostgreSQL database is out. "Its been almost 4 weeks since PostgreSQL 7.4 was released, and, as with all new releases, several bugs have been identified as administrators migrate their production databases up from older releases."
PostgreSQL Weekly News
The December 15, 2003 edition of the PostgreSQL Weekly News is out with the latest PostgreSQL database news.PostgreSQL Weekly News
The December 22, 2003 edition of the PostgreSQL Weekly News is out with even more PostgreSQL database news.SwingSet 0.6.0-beta released
Version 0.6.0-beta of SwingSet, "an open source Java toolkit that allows the standard Java Swing components to be made database-aware", is out. "
The latest release includes utilities for developing data grids, so that datasheet/spreadsheet/table views of database queries can be added to Java graphical user interfaces (GUI's). Version 0.6.0 also adds "masked" editing of text to provide greater control over user input."
Mail Software
milter-sender 0.49 released
Version 0.49 of milter/sender, an email spam filter, is available. "I'm releasing milter-sender/0.49 with a specific fix to block attempts to use milter-sender's callback to provide an indirect means of probing for valid email addresses, which I recent discovered being done on my server. Also provided a workaround option -H to disable the "claims to be us" test for some situations." A new version of MailShell Tool has also been announced.
Sendmail 8.12.0.Beta0 released
Version 8.12.0.Beta0 of Sendmail has been announced. The description says: "It contains several enhancements for the handling of queue ids, and fixes for problems when creating qf files (which were introduced in 8.12.10)."
TMDA 1.0 final available
Version 1.0 final of TMDA has been announced. "After nearly three years of collaborative hacking, TMDA 1.0 has been released. This release is highly stable, and is in production level use at many locations. TMDA is a pure-python open source anti-spam system and local mail delivery agent for Unix and Unix-like systems. TMDA fights spam using a combination of whitelists, blacklists, challenge/response system, and tagged addresses, which are special-purpose e-mail addresses such as time-dependent addresses, and addresses which only accept certain kinds of communication."
Security
Sussen 0.7 Released (GnomeDesktop)
Version 0.7 of Sussen, and new versions of related software are available. "After a brief hiatus, we're back, just in time for Christmas. MMG Security is pleased to announce the release of sussen v0.7, sussen-sensor v0.2, and sussen-plugins v0.2. Sussen is a security scanner which remotely tests computers or other devices and provides a report on their vulnerabilities. It features Python-based security tests, a GNOME interface, a GNOME-DB backend, and customizable reports."
Web Site Development
Araneida 0.83 and CLiki 0.4.2 released
New versions of Araneida and CLiki are available. "CLiki is a Wiki-style collaborative authoring environment with which the popular Lisp community site with the same name is implemented. Araneida is the HTTP server on which the CLiki infrastructure is based. Both CLiki and Araneida are written in Common Lisp."
Roll your own secret Santa Web application (IBM developerWorks)
Merlin Hughes shows how to build a Secret Santa application on IBM's developerWorks. "For the uninitiated (as I was just a short time ago), a secret Santa is a solution to the excesses of holiday gift-giving in a large family. Instead of each family member giving a gift to every other family member, each person picks a name from a hat and anonymously gives a gift to that one recipient. Each person therefore gives and receives just a single gift. This article presents a J2EE implementation of a secret Santa."
Miscellaneous
gmodconfig 0.6 released (GnomeDesktop)
Version 0.6 of gmodconfig has been announced. "gmodconfig aims to provide a simple way for end-users to download, install, configure and update Linux kernel modules, in the language of their choosing, through an easy-to-use graphic interface. This release provides the core of gmodconfig as a Bonobo control. On Linux this enables applications to easily provide a driver configuration and installation interface to their users."
Desktop Applications
Audio Applications
Tkeca 3.2.1 released
Version 3.2.1 of Tkeca, a gui-frontend to the Ecasound multitrack audio utility, has been released. This version fixes several bugs.
Desktop Environments
A Preview of Qt/KDE Accessibility
KDE.News looks at new accessibility features for Qt and KDE. "With the new Qt-ATK bridge, Qt/KDE applications will integrate seamlessly with existing assistive technologies on GNU/Linux desktops as well as other Unixes that support Sun's accessibility framework."
KDE-CVS-Digest
The December 19, 2003 KDE-CVS-Digest is out with another round of KDE news. The KDE.News summary says: "In this week's KDE-CVS-Digest: KImageMapEditor, an HTML image map editor is now part of Quanta. KConfEdit now supports editing remote KDE configurations over a network. KChart gets update from KD Chart. Kapture, an APT frontend for KDE and KDebConf, a Debian configuration front-end, were imported into the repository."
XFce 4.0.2 is out!
Version 4.0.2 of XFce, a lightweight desktop environment, has been announced. The Change Log says: "Xfce 4.0.2 is the third release of the stable 4.0 tree. This tree will only see bug fixes and new translations added. No new feature will be added to the 4.0 tree."
XFree86 4.4.0 RC 2 available
The second release candidate for XFree86 4.4.0 has been announced. "We have another Release Candidate for the 4.4.0 release. The last one, well she did not make it. It was a glorious death though, and she should be proud. This next one though, Candidate Number 2, it's got potential. It's better than the first. It's stronger, with more fixes. We think this one looks good! On the downside of things, we are slightly off-track for making the original Release Target, as we have to through the whole cycle again to see if this Candidate is as good as we think. So a lot of checking, poking, probing and testing to make sure that this Candidate is stable and secure enough to be marked with the highest accolade that this Project can bestow Release."
Financial Applications
SQL-Ledger 2.2.2 released
Version 2.2.2 of SQL-Ledger, a web-based accounting system, has been announced. The What's New page documents the changes.
Games
Marauroa 0.11 released (SourceForge)
Version 0.11 of Marauroa is available. "Marauroa wants to be a massive multiplayer role playing game that you can access through your internet connection. It is a virtual world, and you have an unprecedented degree of freedom to shape your own destiny. Social interaction, combat, or just hanging out with friends will all be parts of your experience." This version features lots of bug fixes.
NetHack 3.4.3 Release (SourceForge)
Version 3.4.3 of the game NetHack is available. "With the November tournament period now over it is time for the NetHack DevTeam to release NetHack 3.4.3, the third bugfix release for NetHack 3.4."
Atari800 1.3.2 released (SourceForge)
Version 1.3.2 of Atari800, an Atari game platform emulator, is available.
GUI Packages
FLTK Updates
New versions of FLU, a small collection of FLTK Widgets, and flPhoto, an image archive, have been announced on the FLTK site.
Imaging Applications
gThumb 2.2.0 released (GnomeDesktop)
Version 2.2.0 of gThumb, an image viewing application, has been announced. "Since the development version 2.1.4 was released, August 9 2003, I've not added any new features, but fixed as many bugs as possible trying to make the 2.2.0 release a very stable version."
LinPHA 0.9.1 released (SourceForge)
Version 0.9.1 of LinPHA, the Linux PHoto Archive, has been announced. "This release adds a Web-based filemanager with upload capabilities and a much more cleaner CSS layout which allows you to create your own styles by changing just one file. A new theme called iLinPHA, a new fullscreen slideshow, and support for viewing 360 degrees panorama images (PTViewer) were added. Support for "vservers" was improved, and many other fixes and improvements were made."
Interoperability
Vstserver 0.3.0 released
Version 0.3.0 of Vstserver, a library for running windows vst audio plugins under Unix, is out with a number of bug fixes.Wine Traffic
Issue #201 of Wine Traffic has been published. Take a look to see the latest Wine discussions.
Multimedia
GStreamer 0.7.3 released
Version 0.7.3 of the GStreamer streaming multimedia framework is available. "The goal of this release series is to stabilize it towards a 0.8 release series which will be part of the GNOME 2.6 releases and hopefully eventually KDE 4.x. The 0.7 series is a development series and is aimed at developers."
RTMix 0.76 released
Version 0.76 of RTMix, an interactive multimedia performance system, is out. The main change involves RTMix joining the AGNULA project.
Music Applications
gmorgan 0.19 released
Version 0.19 of gmorgan, a rhythm station, is out. "This version is internationalized with gettext. French and Spanish languages and full documentation in pdf and Open Office formats has been added."
horgand 1.04 released
Version 1.04 of horgand, an FM synthesis organ application, is available and features a number of bug fixes as well as work on the default bank system.Hydrogen 0.8.1 released
Version 0.8.1 of Hydrogen, an advanced drum machine, is out with a pile of new features.
Office Suites
KOffice 1.3 Christmas Preview
A preview release of KOffice 1.3 has been announced. "The official release of KOffice 1.3 was originally planned for this week but since many people are already preparing themselves for the upcoming end-of-year festivities we are afraid that binary packages may not become available for all platforms in time. For that reason we have decided to release a special KOffice 1.3 Christmas Preview for all of you who can't wait to give this new KOffice a try over the upcoming holidays."
Video Applications
PupuEdit 0.0.2 Released (GnomeDesktop)
Version 0.0.2 of PupuEdit is available. "Pupuedit is a non-linear video editor for atleast Linux. Written in C++ and it is using OpenGL, Gtkmm, hopefully GStreamer(mm) or OpenML, libGlade. Features intuitive user interface, channel based editing of video and audio. Offline editing is the first aim."
Web Browsers
Branch Cut for Mozilla Firebird 0.8 (MozillaZine)
MozillaZine has an announcement for a new Mozilla Firebird web browser branch. "A branch has been created for the forthcoming release of Mozilla Firebird 0.8. The branch will allow Firebird 0.8 work to continue without the uncertainity caused by the daily changes made to the main Mozilla development trunk (currently frozen for Mozilla 1.6). However, critical trunk fixes will be merged into the new Firebird 0.8 branch."
Galeon 1.3.11a released (GnomeDesktop)
Version 1.3.11a of Galeon, an minimalistic web browser, has been announced. "Crispin Flowerday wrote: We are pleased to announce a brand new release of Galeon. This release contains quite a lot of bug fixes, and, all being well, will be the last bonoboui based release of Galeon. The future is libegg, and Gtk 2.4."
Mozilla Branches for Final 1.6 Release (MozillaZine)
MozillaZine has a report on the Mozilla 1.6 branch status. "Yesterday, Mozilla branched for the forthcoming 1.6 release and the trunk opened for 1.7 Alpha development. It is now expected that the final 1.6 builds will not be available before Christmas and the milestone is currently slated for an early January launch. Look for release candidates of 1.6 early next week."
mozilla.org Staff Meeting Minutes (MozillaZine)
The minutes are available for the December 15, 2003 mozilla.org staff meeting. "Issues discussed include Mozilla 1.6 final, localisations, the mozilla.org website, Mozilla Firebird 0.8, Camino 0.8 and Talkback."
Minutes of the mozdev Admin Meeting (MozillaZine)
The minutes are available for the December 19, 2003 mozdev admin meeting. "Issues discussed include the mozdev newsfeed, a standardised date format, the Board of Directors, redesigning the website and upgrading Bugzilla."
Independent Status Reports (MozillaZine)
The December 21, 2003 version of the Mozilla Independent Status Reports are available. "The latest set of status reports include updates from Forumzilla, Bugxula, MozManual, Moji, ConQuery, Launchy, Keyword Repository and Xprint."
Word Processors
AbiWord 2.1.0 (development snapshot) released (GnomeDesktop)
Version 2.1.0 of AbiWord has been announced. "Three months and 73,000 lines of code after our 2.0 release, the AbiWord team is pleased to announce the first snapshot of our new development branch, AbiWord-2.1.0. This branch will eventually become AbiWord-2.2."
Languages and Tools
Caml
Caml Weekly News
The Caml Weekly News for December 16-23, 2003 is out. Topics include SWIG-1.3.20, ChartPak 1.0a2 -- an OCaml-based Web graphics tool, and Automake support for OCaml.
Java
Top 15 Ant Best Practices (O'Reilly)
Eric M. Burke gives some tips on the use of Ant. "Before Ant, building and deploying Java applications required a hodgepodge of platform-specific scripts, makefiles, proprietary IDEs, or manual processes. Now, nearly every open source Java project uses Ant. A great number of companies use Ant for internal projects as well. The widespread use of Ant in these projects has naturally led to an increased need for a set of well-established best practices. This article summarizes several of my favorite Ant tips or best practices."
Java-Gnome 0.8.2 released (GnomeDesktop)
Version 0.8.2 of Java-Gnome, a set of libraries for creating GTK+ and GNOME applications under Java, is available. "The restructuring of the source tree was done so that we can comply with the rules of the new GNOME bindings release set. This is a new group containing gnome bindings, signifying quality of bindings; it is also the first step toward getting applications written in languages other than C accepted in the main gnome desktop."
Perl
Blosxoms, Bryars and Blikis (O'Reilly)
Simon Cozens writes about the application of Perl in the world of web logging. "Recently we heard from Kake Pugh about the OpenGuides project, a wiki-based collaborative city guide system; previously, we heard from Brian Ingerson about his Kwiki wiki implementation. Guides, wikis, blogs ... the new fashion in software engineering at the moment is the use of software to help organize, document, and facilitate collaboration -- the social software movement is gaining momentum, and Perl is one of the best languages for it. In this article we'll look not just at some of the existing social software tools in Perl (focusing, naturally, on my own Bryar blog toolkit), but we'll look at some ways to break, bend, and embed them in other tasks."
This Week on perl5-porters (use Perl)
The December 15-21, 2003 edition of This Week on perl5-porters has been published. "A year ends in the little world of the Perl 5 porters, and perl itself turns older. Hopefully this doesn't mean that the development is stalled. Read below what happened this week among the porters."
PHP
PHP 5.0 Beta 3 released!
The Beta 3 release of PHP 5 is available. "The third beta of PHP is also scheduled to be the last one (barring unexpected surprises). This beta incorporates dozens of bug fixes since Beta 2, better XML support and many other improvements, some of which are documented in the NEWS file."
Pitfalls of Transactions with PHP (O'Reilly)
Kimberlee Jensen writes about database transactions and PHP on O'Reilly. "Initially, the MySQL DBMS did not support transactions. As of version 3.23-max, MySQL supports transactions with two additional table types, InnoDB and BDB. InnoDB is recommended for its CPU efficiency and support of row-level and multiple-concurrency locking. Now that MySQL has full transaction support, PHP developers need to incorporate them effectively. Although PHP 4.x lacks native transaction functions, transaction statements can be used the same way as standard SQL queries."
Python
Python 2.3.3 released
Python 2.3.3 has been announced. "This is a bug-fix release for Python 2.3 that fixes a number of bugs, including a couple of serious errors with weakrefs and the cyclic garbage collector. There are also a number of fixes to the standard library". The release notes have all of the details.
PSF acquires python.org
Guido Van Rossum announced the acquisition of the python.org site by the Python Software Foundation. "The good news is that the PSF is now the official, proud owner of the domain, after a successful transfer from CNRI, which has taken good care of it for many years. Nothing will change operationally, with one exception mentioned below." That exception is the discontinuation of the Ultraseek-based Python search service.
Ruby
New Ruby Change Requests site
RCRchive is a new site for managing Ruby Change Requests (RCRs). Take a look to see how the language is evolving.
Shells
GUI for (shell-)script languages (GnomeDesktop)
GnomeDesktop.org covers the GTK-server project, which brings GUI development to shell scripts. "The concept of a GTK server was born. The basic idea behind this concept is a binary, which can be started from within a script. The script has to communicate with this binary by using 2-way pipes (stdin/stdout) or by using sockets (tcp). The script sends original GTK commands as plain text to the pipe or the socket, and the gtk-server sends information back which must be captured by the script."
XML
xmltramp and pxdom (O'Reilly)
Uche Ogbuji reviews xmltramp and pxdom on O'Reilly. "In this article I cover two XML processing libraries with very disjoint goals."
Content feeds with RSS 2.0 (IBM developerWorks)
James Lewin works with RSS 2.0 on IBM's developerWorks. "A lot has happened in the RSS world since developerWorks last looked at RSS: Two new specifications have come out, RSS has become one of the most popular XML standards, and tools and feeds are popping up everywhere. RSS has contributed to the explosion of weblogs, and it is becoming a standard part of other Web sites, too. This article reviews RSS 2.0, looks at new RSS developments, and jump-starts your understanding of this important format."
Atom Authentication (O'Reilly)
Mark Pilgrim covers authentication issues with Atom on O'Reilly. "I wish I didn't need to write this article. My life would be much simpler if Atom could just use existing HTTP authentication, as-is. But it can't; I'm going to tell you why and then I'm going to tell you what we're doing instead. Let's back up. Atom, in case you missed it, is a new standard that uses XML over HTTP to publish and syndicate web-based content."
Editors
Jext 3.2pre4 available
Version 3.2pre4 of Jext, a programmer's source code editor, is available. Change information is in the source code.
Miscellaneous
Synopsis 0.6 released
Version 0.6 of Synopsis, a source code documentation tool that works with IDL, C++, and Python, has been released: "I finally released synopsis 0.6 as the refactoring work stabilizes. More changes will come, but this is a major milestone that merrits a release, as everything appears to be stable and the new tutorial contains sufficient content to get users started."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
The Free Software Act (Groklaw)
Groklaw has published a draft copy of the Free Software Act. "I noticed an article on something called the Free Software Act, which is currently being drafted by the Free Software Consortium Legal Governing Body. I was interested to note that some brain power is going into figuring out a way to prevent any future SCO-like events. There is an effort to create something internationally useful, stronger than the license-on-top-of-copyright GPL, a law specifically designed to protect free software. I especially noted the wording on warranty."
The Interpretation of Dreams: An Explanation of the Electric Sheep Distributed Screen Saver (O'Reilly)
Scott Draves writes about a distributed computing project that generates animated fractal screen saver images. "The name Electric Sheep comes from Philip K. Dick's novel Do Androids Dream of Electric Sheep. It realizes the collective dream of sleeping computers from all over the Internet. Electric Sheep is a distributed screen saver that harnesses idle computers into a render farm with the purpose of animating and evolving artificial life forms. The project is an attention vortex. It illustrates the process by which the longer and closer one studies something, the more detail and structure appears."
Trade Shows and Conferences
KDE-NL at Linux-Bijeenkomst 2003
KDE.News has coverage of the Linux-Bijeenkomst 2003 event that was held in the Netherlands. "We have published a small bilingual impression of that ay and, included as a bonus, is a small IRC snippet where we discuss some usability issues with Aaron Seigo, chief commander of the KDE Usability Project."
Ruby's Present and Future (O'ReillyNet)
O'Reilly's OnLamp looks at the Ruby programming language and the 2003 Ruby Conference. "Some of the major events of 2003 for Ruby were its tenth birthday, the release of Ruby 1.8.0 in August, and the first European Ruby Conference. Ruby 1.8.0 contains several improvements in the core language over 1.6.x, as well as the inclusion of some of the more popular packages available from the Ruby Application Archive (RAA). Rubyforge, a site for hosting Ruby-based projects, was launched in July 2003."
The SCO Problem
Creator of Linux defends its originality (News.com)
News.com is carrying the New York Times article on Linus's response to SCO. "Darl C. McBride, the chief executive of SCO, said he stood by the company's assertions. He said a Linux expert who will testify in the SCO suit against IBM, which was filed last March, went over the code closely." Certainly Darl's "Linux expert" can be expected to know more than Linus on this sort of topic.
Companies
Red Hat reports a profit and a purchase (News.com)
News.com reports from Red Hat's quarterly conference call, where the company announced a $4 million profit and that it is acquiring Sistina. "Sistina programmers lead the development of Linux's logical volume manager, software that makes computers more flexible by insulating them from changes in storage hardware. In addition, Sistina creates file storage software that can be used to share data across a cluster of database servers."
Linux Adoption
OpenOffice CDs live for lending in Scottish libraries (Register)
The Register reports that OpenOffice CDs are becoming available for lending public libraries throughout the UK. ""Librarians love this stuff," says Kerr. "Most don't know what it is or what they can do with it. They need a trusted source of CDs and cannot accept them from members of the public. It may be more cost efficient if they had a Kiosk that is not connected to the internet but could create CDs from images rather than CDs on shelves (they have photocopiers). A CD like the Gutenberg project, TheOpenCD is of more value to them than Linux distributions."
EU site pushes open-source education (ZDNet)
ZDNet covers a the launch of a new EU web site site aimed at improving understanding of open-source software. "The EU has launched a number of open-source initiatives since 1998, and currently funds 20 research projects directly supporting open source, under the Fifth Framework Programme (1998-2002). In preparation for the Sixth Framework Programme, the EC has recommended that governments encourage the use of open source as a way of ensuring interoperability."
Legal
DVD-Jon wins new legal victory (Aftenposten)
Aftenposten reports that Jon Johansen has been acquitted again. "A verdict in the case, which has caught international attention, wasn't expected until early January. But the appeals court (Borgarting lagmannsrett) apparently didn't see any need to wait with its decision." (Found on Slashdot).
The Circuit Court of Appeals Trims the RIAA's DMCA Wings (Groklaw)
Groklaw has a detailed explanation of the RIAA v. Verizon ruling, which has made it much harder for the recording industry to force ISPs to identify customers. "It isn't every day you read a judge write that a party's argument 'borders upon the silly', but that is exactly how the judge here characterized one of the RIAA's arguments."
Interviews
Interview: Marcelo Tosatti (KernelTrap)
KernelTrap talks with Marcelo Tosatti, maintainer of the 2.4 Linux kernel. "I heard about Linux when I first had access to the Internet (around 1995/1996), and I bought "Linux FT" from some company in my hometown. At the time I was working on a local ISP, and I replaced some of the NT servers they used with Linux. Then I had the chance to work with development at Conectiva (where I worked for the next 6 years and got interested in kernel development)."
Interview with Sodipodi Developer Lauris Kaplinski (KDE.News)
KDE.News interviews Sodipodi developer Lauris Kaplinski. "Lauris Kaplinski: Sodipodi is quite usable as generic vector drawing application and more specifically, as SVG creation tool. It is nothing near in quality or feature set to big commercial programs, but people have used it to design icon themes, posters, business cards and much more. Most expected features are there - basic shapes, bezier paths, gradients, bitmaps, transformations, transparency, grouping and so on. One interesting feature is direct access to the SVG document tree, so users can hand-tune elements if the UI does not support certain feature." (Thanks to Navindra Umanee)
Mini Interview with Ximian's Robert Love (OSNews)
OSNews talks with Robert Love about what he will be working on at Ximian. "There is no specific definition of what I want to accomplish, because it is my mandate to do whatever is necessary at the kernel and system-level to improve the quality of desktop Linux and thereby take Linux on the desktop to new levels." (Found on Footnotes)
Interview with GNU TLS developer Nikos Mavroyanopoulos (GNU-Friends)
GNU-Friends.org interviews Nikos Mavroyanopoulos, one of the main developers of the GNU TLS transport layer security library. "Nikos Mavroyanopoulos: GNUTLS is a library implementation of the SSL 3.0 and TLS 1.0 protocols. Its purpose is to provide applications an authentication and encryption layer over an existing transport layer such as TCP/IP. The authentication part includes implementation of the X.509 certificate authentication framework, the OpenPGP framework as well as password authentication with SRP." (Thanks to Ciaran O'Riordan)
Red Hat's Owen Taylor on GTK+ (OSNews)
OSNews interviews Owen Taylor, Red Hat engineer and project leader of the GTK+ multi-platform toolkit. "It's hard to say exactly what will make GTK+-2.6, though I think dock, toolbar editor, and wizard (druid) widgets are likely. An exciting future direction for GTK+ is switching to Cairo as our primary rendering API, but that's more likely a GTK+-2.8 feature, than a GTK+-2.6 feature." (Found on Footnotes)
Trouw: Snowflake Becomes Avalanche
KDE.News has an English translation of an interview with several KDE contributors that appeared in the Dutch newspaper Trouw. "Fabrice Mous, "There is not one person who has a final say in this, like Linus Torvalds has with Linux. Everybody is equal and every contribution is equal. Although we have the concept that we have people with an account when they want to touch the code themselves, and people without these accounts. This is because not everybody is going to be involved for a long time. When it looks like somebody is going to stick around for a while then it is useful to get write access. It is a also meant as some form of security. You don't want outsiders to do a lot of damage to a program.""
New FOSDEM interviews
Two new FOSDEM interviews are now available. The first is from Dominique Colnet who will be speaking about SmartEiffel. The second one is with Robert Love who will be speaking about the Linux kernel and the desktop.The organizers of FOSDEM have also announced the FOSDEM background contest. You must be registered at FOSDEM.org to participate.
Rekall Revealed (KDE.News)
KDE.News has an interview with Mike Richardson and Shawn Gordon. "Some time ago there was an announcement on the Dot about the GPL'ing of Rekall. So the Dot editors decided to contact the two parties who are involved on this matter: Mike Richardson and Shawn Gordon. We compiled a nice interview for your reading pleasure." Rekall is a database front-end.
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
LSB Certification Bulletin - Year 2003 to date
The Linux Standards Base project presents an annual certification report. "As of Dec 19 2003 we are pleased to announce that the number of certified LSB Runtime systems has reached 30, with 19 of those certifications in year 2003 to date."
Mozilla Foundation Launches Holiday Donation Campaign (MozillaZine)
The Mozilla Foundation has launched a holiday donation program. "Supporters can donate either $25, $50 or $100 and receive free Mozilla gifts for themselves or their friends in return. A $25 donation entitles the giver to a free Mozilla 1.5 CD, $50 rewards him or her with a Mozilla CD annual subscription or a Mozilla T-Shirt and $100 bags the donor both a CD subscription and a T-Shirt."
Tis the season for giving (GnomeDesktop)
GnomeDesktop.org has posted a plea for donations for the GNOME Foundation. "You can help support the foundation's activities bringing GNOME to the developing world and subsidizing the participation of young developers and students in the GNOME Users and Developers European Conference(GUADEC) and the Summit."
Commercial announcements
E-commerce for Mom & Pop Shops
BLACKSUN networks, Inc. has announced the launch of a new E-commerce service aimed at making it quick and easy for small "Mom & Pop" businesses to build online stores using open source software.LinuxCertified Announces Debian Certified Laptop
LinuxCertified, Inc. has announced the release of its first Debian Certified Laptop. The LC2430 model was added to the line of LC2000 series laptops, with pre-configured Debian GNU/Linux.MAIT announces association with Linux Asia
MAIT has announced its association with Linux Asia. "MAIT, the apex body representing the hardware, training and R&D services sectors of the IT industry in the country, today announced an association with Linux Asia. Under this association, MAIT will be working alongwith EFY Group in organizing and promoting Linux Asia."
MandrakeMove LiveCD+USB Key is now available
MandrakeSoft has announced the release of MandrakeMove, a complete Linux desktop system that runs "on the fly" from a single bootable CD and uses a USB key to save personal data.Novell reasserts Unix copyright claim
Novell is back with a new press release claiming, once again, that it never transferred its Unix copyrights to SCO. The press release is brief, but points to a PDF file containing some correspondence between the two companies. The actual ownership of these copyright could well blow up into a court battle in its own right. Meanwhile, the existence of these claims is not going to help SCO's shakedown attempts.Novell has apparently put in a copyright registration covering the relevant Unix code; see this Groklaw article for the details.
Board of Directors changes at SCO
The SCO Group has announced some Board changes, including the abrupt resignation of Steve Cakebread ("due to personal time constraints"). As has been pointed out elsewhere, Mr. Cakebread is also Chief Financial Officer at Salesforce.com, a high-profile application service provider based on Linux. It seems entirely possible that Salesforce.com got a copy of that letter SCO sent out, and this is their response.
Resources
LDP Weekly News
The LDP Weekly News is out for December 17, 2003. Take a look to see the latest documentation changes.
Contests and Awards
Linux 2.6 Kernel Pool Results
The 2.6 Kernel Pool Results are now available. Steve Ratcliffe, Master Software Project Estimator, has most correctly estimated the release of the Linux version 2.6 kernel. On January 6, 2001 (within 4 hours of when the 2.6 kernel pool was opened), he entered a guess which was accurate within 15 hours. Check the results for some interesting statistics and submit your guess for the 2.8 pool.openMosix Wins 2003 Editor's Choice Award
openMosix has been awarded the 2003 OSDir.com Editor's Choice Award for Best of Linux. You can find the complete list of winners in this OSDir.com article.SCOX: Linux User Wins SCO Loss Pool
Don Marti reports that Linux user Rob Walker has won the SCO Loss Pool by correctly predicting The SCO Group's loss of $1.6 million for the quarter ended October 31, 2003.
Upcoming Events
Call for Submissions - LogOn Briefings 2004
A Call for Submissions has been posted for the LogOn Briefings Europe 2004 sessions, which will take place in various European cities in January, March, and May, 2004.Effective Security using Open Source Security Tools
Open Source Chicago is featuring a presentation by Bob Radvanovsky on Effective Security using Open Source Security Tools. The event will take place in Chicago, IL on January 22, 2004.EclipseCon 2004 Announced
Eclipse has announced EclipseCon 2004 will be held in Anaheim, CA on February 2-5, 2004. ""EclipseCon is the first event where the powerful ecosystem forming around Eclipse will come together to exchange experiences and chart the future of this key open technology," said Skip McGaughey, Chairperson of the Eclipse Board of Stewards. "This is an important event for many users that are considering making the choice to incorporate Eclipse based technology into commercial projects, research, instruction and general development efforts.""
IDG World Expo Brings LinuxWorld Conference & Expo 2005 to Boston
IDG World Expo has announced that the East Coast LinuxWorld Conference & Expo will take place in Boston beginning in 2005. The Boston debut will be held February 14 - 17, 2005. The next LinuxWorld is still set for January 20 - 23, 2004 at the Javits Center in New York City.O'Reilly OSCON Call for Participation
A Call for Participation has gone out for the 2004 O'Reilly Open Source Convention, The event will take place in Portland, OR on July 26-30, 2004.Events: December 24, 2003 - February 19, 2004
| Date | Event | Location |
|---|---|---|
| January 12 - 13, 2004 | Linux.Conf.au Miniconfs | Adelaide, Australia |
| January 12 - 13, 2004 | EducationaLinux 2004 | Adelaide, Australia |
| January 14 - 17, 2004 | Linux.conf.au | Adelaide, Australia |
| January 20 - 23, 2004 | LinuxWorld Conference & Expo 2004 | (Jacob K. Javits Convention Center)New York, New York |
| January 31 - February 1, 2004 | WineConf 2004 | (Court International Building)St. Paul, Minnesota |
| February 2 - 6, 2004 | EclipseCon 2004 | (Disneyland Hotel)Anaheim, CA |
| February 2 - 4, 2004 | Open Standards and Certification Conference | (San Diego Marriott Mission Valley)San Diego, CA |
| February 3 - 5, 2004 | Linux Solutions 2004 | Paris, France |
| February 9 - 12, 2004 | O'Reilly Emerging Technology Conference(ETech) | (The Westin Horton Plaza)San Diego, CA |
Web sites
The PHP Community Site
The PHP Community Site has been formed as a location for PHP developers to congregate and share ideas. "PHP has one of the largest developer communities in the world, yet we have no community gathering place like those you can find for other languages (Perl has http://use.perl.org/, for example)."
Savannah.gnu.org back online
Some weeks after being taken down due to a security compromise, the GNU project's Savannah server is back online - sort of. Quite a few subsystems are still not operational; see this posting on the current situation and the changes that have been made. The remaining site functionality should come back in January. What is also needed, however, is a detailed explanation of how the system was compromised, and for how long.
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Page editor: Forrest Cook