LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for January 8, 2004Red Hat borrows $500 millionRed Hat has a balance sheet that many other companies would envy. The company was lucky (and smart) enough to be the first Linux company to go public during the brief Linux portion of the dotcom bubble; it even had sufficient time to do a second offering to bring in another pile of cash. That windfall, along with careful management, left the company with $329 million in cash and investments at the end of November, 2003 (the last quarter for which numbers are available). That cash pile has been growing in recent quarters; Red Hat certainly need not be concerned about running out of money anytime soon.So one might well wonder why Red Hat has just issued $500 million in bonds. Why take on half a billion dollars in long-term (20 years) debt when you haven't really figured out what to do with the cash you already have? We asked the company, and were told:
We decided to take this great opportunity to capitalize our company
for the purpose of achieving our goal to become the defining
technology company of the 21st century. We are focused on building
and expanding our organization long term.
There are no specific plans for the cash at this time. In other words, they aren't telling. One may well speculate that there are acquisitions (big ones) in the works; this idea is reinforced by this (Raleigh) News & Observer article:
"We believe the time for us as a company to take control of the
market is now," said chief financial officer Kevin Thompson. "What
we've done is capitalize ourselves so that we can react very
quickly to opportunities that come up in the marketplace."
Customers are demanding products that Red Hat can't offer, Thompson said. It likely will have to buy other companies to add new products and services. One assumes that Red Hat has some "opportunities" in mind, but they are not ready to talk about them at this time. The truth of the matter is that Red Hat was able to get this money on great terms. The interest rate on this loan is 0.5%. So Red Hat could simply put the money into certificates of deposit (currently paying 4% or so in the U.S. for long terms), pay off the loan in 20 years, and pocket the interest. If Red Hat invests this money in this way, it has just acquired a few million dollars per year in free income for the next two decades. This is not a deal the company could afford to turn down. The real question, perhaps, is why the (unnamed) investors decided to loan money to Red Hat on such terms. Long-term U.S. treasury bills pay 4.2% as of this writing - eight times what Red Hat is paying. The U.S. government is unlikely to reinvest such money as wisely as Red Hat, but it has the advantage of its coercive powers when payback time comes. Treasury bills pay more, and are safer too. The answer to that question can only lie in the conversion feature of these bonds. The purchasers can convert the bonds to stock at a rate of about $25/share at any time. That rate is significantly above Red Hat's current stock price ($18.50, as of this writing) but, remember, these investors are working with a twenty-year horizon. The bonds are, essentially, a long-term call option which enables the investors to get their funds back if the stock price never goes above $25. Unless Red Hat goes into bankruptcy, the bond holders will probably do OK. Red Hat started the first Linux financial boom with its IPO. What we may be seeing here is the beginning of the second, more sustainable boom. Serious money is, once again, flowing into Linux companies. The first boom changed the industry in many ways, and left numerous investors rather poorer than they were before. The second boom may be seen as when Linux really took off; it will doubtless bring changes as well. As always, it is going to be interesting to watch.
LWN's Obviously Incorrect 2004 PredictionsThe new year is upon us, and so, like many other publications, we feel an irrational urge to wave our hands in the air and make predictions for what we think the coming year will bring us. So here we go. Needless to say, anybody who is thinking of acting on any of the following would be well advised to get a second opinion...
Enterprise LinuxThe "enterprise Linux" business came into its own in 2003, as Red Hat, in particular, found a steady stream of willing customers which drove the company into a profitable state. Red Hat's enterprise offerings must be providing value to the company's customers, given the claimed 90% renewal rate on enterprise support contracts. But the per-system licensing of Red Hat Enterprise Linux has rubbed some community members the wrong way; many developers feel that Red Hat's contracts do not reflect the sort of world they thought they were helping to build. So, we predict that, in 2004, the enterprise Linux backlash will grow, and we will begin to see whether that backlash can change the enterprise Linux market. A number of free enterprise Linux projects are out there, including CaOS, Whitebox Linux, and UserLinux. These projects have an uphill road ahead of them; to be successful, they will have to convince skeptical companies that they will be able to provide high-quality support for many years into the future. They will also have to make independent vendors see them as important enough to certify applications for. Oh, and, of course, they will have to create a top-quality distribution aimed at the needs of this sort of customer. Creating that distribution will not be easy, but it may prove to be the simplest of the challenges faced by any would-be challenger to Red Hat's enterprise offerings. The interesting thing is, of course, that these challenges look remarkably similar to those faced by Linux itself a few years ago, when the idea that Linux could pull the rug out from under proprietary Unix systems and challenge Microsoft seemed ludicrous to many. But it happened. Now, challenging enterprise Linux with truly free Linux looks like a daunting task. But it may yet be that a free distribution combined with a distributed network of supporters could supplant today's enterprise offerings in just the same way that Linux has taken Unix's place. The community is capable of amazing things. Not everybody would see such an event as a good thing, but it could happen.
Desktop LinuxThe desktop wars will heat up again in 2004. For those of us who remember the KDE/GNOME flame wars of years past, the relative calm and cooperation which has prevailed more recently has been a welcome thing. But there are pressures building which threaten to upset the peace.The first of those pressures is licensing. Ironically, KDE's choice of the GPL for its libraries may work against it here. The looser GNOME library licensing allows its toolkits to be used, royalty-free, with proprietary applications. Proprietary KDE applications can only be distributed by paying royalties to Trolltech, which owns the Qt libraries. Many users and developers would rather not see proprietary applications exist at all, or, at least, not without paying those who have developed the underlying toolkit. These people are happy with KDE's licensing. Most users, of course, don't care. Distributors, however, usually want to enable vendors to sell applications on their platforms. This interest will push them toward the GNOME camp. The other point, however, is that distributors are increasingly under pressure to make a choice. Supporting two desktop systems adds to the total workload of maintaining a distribution, and that costs money which may not be available. There is a common perception at this point that the two desktops are functionally identical in all the ways that matter; if that is true, why bother with two of them? In 2004, these pressures will lead to rising emotions in the camps of both desktops as they see decisions being made for or against them. Perhaps the result will be a greater degree of cooperation between the two development communities via freedesktop.org or other mechanisms. Or, perhaps, our newsgroups, web sites, and mailing lists will once again play host to heated debates and flame wars in vain attempts to establish one desktop as being superior to the other. Beyond that, however, the hackers will stay busy and desktop Linux will amaze us again. In 2003, it was widely recognized that Desktop Linux has everything that many, if not most, business users need to get their jobs done. 2004 will be the year that desktop Linux stops playing catch-up (in some areas, at least) and truly begins to blaze interesting trails of its own. Projects like Dashboard, GNOME Storage, and Reiser4 are just the beginning of a wave of innovative projects which will change how we use our computers. 2004 may not, however, bring Linux into many more homes. A Linux system is more than adequate for Grandma to send email and wander around on the web. Your editor insists that his children use Linux for their email, browsing, and homework tasks, and it handles those jobs well. The sad truth, however, is that there still needs to be a Windows system around for other vital tasks - such as playing games. Home users are not interested in dual-boot systems; until Linux can do everything they need, they will stick with the same old stuff. Linux may eventually have a free application base which replaces many of the commercial offerings currently filling the shelves of computer stores, but it remains hard to imagine free games, for example, which can compete with the hit-driven commercial variety. Until there is a lively market for commercial Linux applications, there will be some hard limits to how many desktops we can occupy.
Legal issuesThe SCO case will drag on, and become more complicated, in 2004. IBM may well succeed in getting many of SCO's complaints dismissed early in the year, but SCO probably has a good chance of keeping some of its breach of contract charges alive. SCO may have to retreat to some of its earliest charges (i.e. JFS, RCU, NUMA, SMP), but IBM may have to go to trial to prove that its code in those areas is not derived from SCO's Unix. SCO can probably muddy the waters enough to keep the judge from dismissing the case outright.Even if the IBM case is dismissed in 2004, however, there is the issue of SCO's threats of copyright infringement suits against Linux users. One may be tempted to dismiss these threats as just that much more empty SCO bluster. It is worth considering, however, the pressures that SCO will be under, including the agenda of its lawyers and the looming "dividend" payments on the BayStar investment. SCO has no hopes for increasing revenue from its remaining software products at this point; it must litigate further to bring in cash. With the lawyers in charge, chances are that SCO will, indeed, launch new suits. In fact, the company may well find backbone-challenged Linux users that will cave in and pay up rather than risk a court battle. Such an event will do short-term wonders for SCO's stock price and cash flow. The simple fact is, however, that the SCO Group has still put forward very little evidence to back up its claim, and what evidence it has presented has mostly been laughed off the stage. The company's claims to own the "Unix ABI" will get no further. Beyond that, Novell's new copyright assertions have the potential to stop the show dead, at least until that dispute has its own day in court. But, regardless of the validity of Novell's claims, SCO's case is empty and the world, increasingly, is seeing that. By the end of 2004, the SCO cases will probably still be alive in some form, but the end will be in sight. As an aside, Novell will face a severe test of its credibility in the eyes of the community. Nobody wants to see the SCO case resurrected in the future by a Novell which, perhaps after a management change or two, decides that its Unix copyrights (if they are Novell's) might yet be worth something. If Novell is serious about being a part of the Linux community, it needs to make a statement, soon, about just what it intends to do with the Unix copyrights it claims to own.
The GPL may have its day in court. The SCO Group has, of course, stated its intent to break the GPL in court. But that company's arguments, thus far, have failed to impress. SCO's GPL challenges should not get far. More interesting GPL-oriented cases may come from a different direction. Many developers working in the industry are full of stories of rampant GPL violations, especially where embedded systems are involved. Last year's episode with the LinkSys WRT54G router is just the small tip of a large iceberg in this regard. To an extent, people have been willing to look the other way; it just hasn't seemed worth the trouble to challenge closed-source uses of GPL-licensed code in many cases. There are developers, however, who are increasingly unwilling to close their eyes to violations of their licenses. Expect more challenges against vendors using GPL-licensed code in non-licensed ways. The lack of any court decisions on the GPL will eventually embolden a violator to try his luck in front of a judge. At that point, we will begin to see what the judicial system really thinks of the GPL. Security2004 will make us care more about security. In 2003, we saw an ominous string of attacks against the servers which support the Linux development community. There is no reason to believe that these attacks will stop anytime soon. Sooner or later, perhaps in 2004, somebody is going to do some real damage on a scale we have not yet seen. A major breach, perhaps compromising the systems of many Linux users, will cost us money, time, and much credibility.In recent years, most attacks against Linux systems have exploited known vulnerabilities for which patches existed. A well-managed site is nearly immune to attacks using known vulnerabilities; all of the major distributors are quite good (usually) about quickly preparing updates when a problem comes to light. The attacks we saw at the end of 2003, however, made use of previously unknown holes in rsync and the kernel. Defending against unknown vulnerabilities is much harder, and there do exist attackers who realize this, and who are smart enough to find such problems. In the coming year, we may well see some truly scary exploits of this sort of "zero-day" vulnerability. There is some good news, however. By the end of 2004, we will see wider deployment of hardened Linux systems. The incorporation of SELinux and various other security technologies into the Fedora Core distribution (and, from there, into Red Hat Enterprise Linux) will drive much of this deployment, and threats from the outside will do the rest. Adding SELinux is a significant step in the evolution of Linux distributions; if this work is done properly, Linux users should soon have a much higher level of security available with a default system install. Proper containment of security breaches should, for example, make that next web server buffer overflow be much less of a threat than it is now.
Kernel2.7 kernel development will begin after the 2.6.0 kernel has had a few months to stabilize. Expect the 2.7 development series to be quite different from 2.5, however. By the time that 2.5.0 came out, there was a massive backlog of patches waiting for inclusion. The 2.4 stabilization process had taken nearly a year, and there was a long shopping list of planned changes for 2.5, including the block layer rewrite, expanding the dev_t device number type, a new loadable module subsystem, a new kernel build mechanism, asynchronous and direct I/O, and many others.On the eve of 2.7, the "patch pressure" is far lower. There's no end of ideas for 2.7, including virtual memory work (page clustering, shareable page tables, etc), the never-ending desktop interactivity work, and much internal reworking to eliminate race conditions, and so on. But many users are (or will be) far happier with 2.6 than they were with 2.4, and the list of features that the Linux kernel must have to not be jealous of its Unix predecessors is shrinking. The Linux kernel is maturing, in other words. It may well be that, with 2.7, the pace of change begins to slow a little. Or maybe the kernel hackers will come up with some amazing new ideas and run with them; at that point, all bets are off.
To conclude...It's going to be an interesting year. That, perhaps, is the only truly safe prediction to be found among all the others on this page. All the rest are offered with no warranty as to their veracity, suitability for any particular purpose, or connection with any sort of reality whatsoever. LWN.net does not provide indemnification for users of its predictions - though purchasers of our "predictions license" (available for a limited-time special half-price deal through January, 2007) will get a promise from us to not sue them.
Some LWN notesWe recently received a message complaining about the lack of "LWN status update" news in recent times. It is true we have backed off on such articles; LWN should carry the news, not be the news. But, for those who are wondering, here's a brief update.When we started the subscription program, we set our goal at 4000 individual subscribers as a minimum needed to keep going. We have not achieved that goal; there were just over 3000 subscribers when the "great expiration" hit at the end of September. At that point, about 1000 subscriptions ran out over the course of a few weeks. We have since clawed our way back up to just under 3000 subscribers again. It is gratifying, to say the least, that the renewal rate was so high. 3000 subscriptions is sufficient to keep us going for now, but we still need to find a way to increase that number substantially. We are pondering various ideas; stay tuned over the next few months as we figure out how to proceed. Meanwhile, thanks to the generosity of the folks at HP, LWN editor Jonathan Corbet will be attending (and speaking at) Linux.Conf.Au from January 14 to 18. We look forward to reporting from what is, by all accounts, an outstanding conference. There is also a distinct appeal to going to a place where the temperature is above freezing. Finally, LWN.net will celebrate its sixth anniversary in about two weeks. Six years ago, we could never have dreamed of the directions LWN would take us - it was, after all, simply intended to be an attention-getter for a Linux consulting and support company. It has been (and continues to be) a great ride, however, and we expect to keep doing this for a long time. Thanks to all of you for being such a great and supportive reader community.
Security The Savannah Compromise - what really happened?2003 hasn't been a banner year for computer security, and that includes Linux. The CVS repository for the Linux kernel was attacked (if clumsily), several servers related to the Debian project were compromised, and the GNU Project's Savannah server was also broken into recently. Since there has been little information published about the nature of the Savannah compromise, we contacted Bradley Kuhn, executive director of the Free Software Foundation for more information.Kuhn described the Savannah compromise as "almost identical to what happened to Debian." (A detailed account of the Debian compromise can be found here.) Kuhn said that he believes that the Savannah compromise and the Debian attacks were related, and happened at about the same time. However, he said that the project has not put a great deal of time and effort into analyzing the attacks because it was more important to put Savannah back online and to try to harden the system to see to it that a similar compromise doesn't happen again. The hard drives from Savannah have been saved for future reference, but the project is not putting its efforts into thoroughly analyzing the attacks. For the most part, Savannah has been restored and changes have been made to try to ensure a similar attack will not be possible. However, there are still some features that remain unavailable, including Web CVS access and new projects are not being approved for the time being. According to the Savannah website, new projects will probably be accepted sometime before the end of January, 2004. Has there been an attempt to insert a trojan into any of the code residing on Savannah? Kuhn says that they've asked the owners of projects on Savannah to go through and verify the code that is on Savannah to be sure that it hasn't been trojaned. So far, there have been no reports of tainted code. However, not all of the projects have reported their status. Kuhn also noted that projects on the Savannah website will soon have an indicator to report whether or not the developers have verified that they have checked the integrity of their software. We also asked if there was any sensitive information on Savannah that may have been compromised. Kuhn said that the useful information on Savannah mostly consists of the code for the various projects, and that the only other information of interest would be developers' passwords. The passwords on Savannah have been reset, of course, and the developers have been encouraged to "investigate their own personal security." For now, the GNU Project is not actively pursuing criminal prosecution of the attacker or attackers. Kuhn says that the project is not "ethically opposed" to prosecuting the intruder, but that with limited resources he'd rather divert time and energy to restoring the services and trying to harden systems to make future attacks more difficult and easier to contain. To that end, the compromise may actually be a good thing in the long run. Kuhn said that they have contacted the CVS maintainers and have offered to pay for development of features that would allow GPG signing of commits through CVS -- making it much more difficult for changes to be inserted unnoticed into code held in a CVS repository. He said that they have also contacted the GNU Arch maintainer about adding GPG signing. Though it may take some time to develop, the addition of GPG signing to commits would be a welcome feature. Kuhn said that he expects that the future will bring more attacks on the community, as free and open source software become more prevalent. Opponents of the open development model will no doubt be using these events as an illustration of the "dangers" of open source. Though the recent intrusions have mostly been an inconvenience, it's important that the community learn from these attacks, and redouble efforts to prevent them in the future.
New vulnerabilities cvs: possible root compromise
fsp: buffer overflow and directory traversal
jabber: denial of service
kernel: two vulnerabilities in 2.4.23
mpg321: format string vulnerability
nd: buffer overflows
xsok: bad privilege handling
Updated vulnerabilities apache: buffer overflows in mod_alias, mod_rewrite
apache2: Denial of Service vulnerability
bind: cache poisoning
CUPS: denial of service
ethereal: protocol dissector and other vulnerabilities
Filename disclosure vulnerability in fam
fetchmail may crash on specially crafted message
fileutils/wu-ftpd: denial of service
glibc: DNS stub resolvers contain buffer overflow vulnerability
GnuPG: ElGamal signing keys compromised
gtkhtml: malformed messages cause crash
iproute: local denial of service
kernel: local root exploit in 2.4.22
kernel-utils: setuid vulnerability
lftp buffer overflows
libnids: remotely exploitable buffer overflow
libpng, libpng3: buffer overflow
mikmod: buffer overflow
mpg123: heap overflow
mplayer: remotely exploitable buffer overflow vulnerability
Nessus NASL scripting engine security issues
Net-SNMP: security bugs in versions before 5.0.9
nfs-utils xlog() off-by-one bug
openssh: timing attack leads to information disclosure
postfix: denial of service vulnerabilities
proftpd: remote root shell
rsync - remotely exploitable heap overflow
Multiple-use vulnerability in Safe.pm
sane-backends: several vulnerabilities
screen: privilege escalation
File overwrite vulnerability in tar and unzip
Multiple vendor telnetd vulnerability
vim - modeline vulnerability
zebra: denial of service vulnerability
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 kernel is 2.6.0. Linus released the second 2.6.1 release candidate on January 6 without an announcement; the (relatively small) list of changes can be seen in the long-format changelog. Previously, 2.6.1-rc1 (announcement, changelog) had been released on December 31. It included quite a few fixes, along with a couple of internal API changes (see below), the restoration of the old /proc/pid/maps formatting, the ability to compile with -Os on embedded systems, message signaled interrupt support (covered here last August), and extensible firmware interface (EFI) support.Linus's BitKeeper tree contains a very small number of fixes added since 2.6.1-rc2 came out. The latest tree from Andrew Morton is 2.6.1-rc1-mm2. Recent additions of interest include the laptop mode patch (see below), a mechanism for rate-limiting printk() messages, a number of architecture updates, and a great many fixes. The current 2.4 kernel is 2.4.24, released by Marcelo on January 5. Unusually, Marcelo deferred the patches in the 2.4.24 prepatches and released a kernel containing only the mremap() and RTC security fixes and a couple of other small repairs. The previous 2.4.24 prepatches have been reissued (with the addition of some ext2/ext3 filesystem updates, a number of architecture updates, and various other fixes) as 2.4.25-pre4.
Kernel development news Subverting mremap()The mremap() system call allows a user process to make changes to an existing memory mapping. This call, as exported by the C library, allows changing the size of a mapped region. The underlying call provided by the kernel, however, has an extra parameter which can be used to request that the entire region be moved to a different virtual address. That capability is rarely used, but it turns out to be the key to a new kernel exploit.The code implementing mremap() makes several checks to ensure that the calling process is not trying to do anything overly strange. The kernel developers forgot to check, however, whether the user has asked to remap a zero-length memory region. In that case, the code does the wrong thing, and creates a new memory area with a length of zero at the requested address. Since numerous places in the virtual memory subsystem code assume that zero-length VM areas do not exist, the creation of such an area is, in effect, a corruption of the kernel's virtual memory data structures. The existence of a zero-length virtual memory area is not necessarily a problem; since it does not actually cover any memory, it cannot be used directly to access a memory range which should be off-limits to the process. Where things go wrong is when the kernel makes a pass over a process's entire virtual address space. For example, the fork() system call must copy the process's memory space. The code used implements (in a complicated way) a do loop that assumes each virtual memory area contains at least one page. As a result, it copies page table information which does not actually exist. The situation is complicated by the fact that mremap() is happy to create this zero-length area just above the end of the virtual address range allocated to user space--at the beginning of kernel space, in other words. When fork() tries to copy the page table information for that area, it can get tangled up in the special large page table entries used for the kernel. The result is a mess. What will usually happen (as people who have tried an exploit posted on Bugtraq have found out) is that the system panics and reboots. It is not clear to many people who have looked at the problem (including Linus) that this bug can be exploited for anything other than a denial of service attack. It is worth noting, however, that the advisory posted by Paul Starzetz claims:
Proper exploitation of this vulnerability may lead to local
privilege escalation including execution of arbitrary code with
kernel level access. Proof-of-concept exploit code has been created
and successfully tested giving UID 0 shell on vulnerable
systems.... We have identified at least two different attack
vectors for the 2.4 kernel series.
It would not be a good idea to wait and see whether these claims are borne out or not. Prudent administrators will upgrade to the 2.4.24 kernel, or apply the update provided by their distributor. (The 2.6.0 kernel is also vulnerable; the fix can be found in the 2.6.1-rc2 release).
Two API changes in 2.6The kernel developers usually try to keep the internal kernel programming interface unchanged over the course of a stable kernel series. There are never any guarantees, however, and things can change at any time. Experience has shown, in particular, that internal APIs can take a little while to stabilize after a new stable series begins. The 2.6 kernel looks like it will follow this pattern; a couple of small changes have already found their way into the code base.The first is a simple addition:
int can_request_irq(unsigned int irq, unsigned long flags);
This function will return a non-zero value if an attempt to request the given interrupt number (possibly shared, as directed by flags) would succeed. It is intended to be used in situations where multiple interrupt numbers could be used and the code would like to find an idle one. There are, of course, no guarantees; a kernel routine could get a positive result from can_request_irq(), but find that somebody else had slipped in and allocated the request number immediately thereafter. As of this writing, can_request_irq() is not exported to modules and is not supported by all architectures. The other change has the potential to create minor trouble for some external modules. Code which implements virtual memory areas (to allow device memory to be mapped into user space, for example) usually provides a nopage() function to handle page faults. The prototype for that function in 2.4.x and 2.6.0 is:
struct page *(*nopage)(struct vm_area_struct *area,
unsigned long address,
int unused);
As of 2.6.1, the unused argument is no longer unused, and the prototype has changed to:
struct page *(*nopage)(struct vm_area_struct *area,
unsigned long address,
int *type);
The type argument is now used to return the type of the page fault; VM_FAULT_MINOR would indicate a minor fault - one where the page was in memory, and all that was needed was a page table fixup. A return of VM_FAULT_MAJOR would, instead, indicate that the page had to be fetched from disk. Driver code using nopage() to implement a device mapping would probably return VM_FAULT_MINOR. In-tree code checks whether type is NULL before assigning the fault type; other users would be well advised to do the same. Making module code compile cleanly will require changing the prototype of the nopage() function, of course. As always, the Driver Porting Series has been updated to reflect these changes.
Kernel threads made easyIt is fairly common for kernel code to create lightweight processes - kernel threads - which perform a certain task asynchronously. To see these threads, run ps ax on a 2.6 kernel and note all of the processes in [square brackets] at the beginning of the listing. The code which sets up these threads has tended to be reimplemented every time a new thread is needed, however, and certain tasks (ensuring that the environment is clean, for example) are not always handled well. The current kernel also does not easily allow the creator of a kernel thread to control the behavior of that thread.Rusty Russell encountered even more trouble as he was doing his "hotplug CPU" work: when processors can come and go, their associated kernel threads must be started or stopped at arbitrary times. To make his life easier, he implemented a new set of kernel thread primitives which simplify the task greatly. Using the new mechanism, the first step in creating a kernel thread is to define a "thread function" which will contain the code to be executed; it has a prototype like:
int thread_function(void *data);
The function will be called repeatedly (if need be) by the kthread code; it can perform whatever task it is designated to do, sleeping when necessary. This function should, however, check its signal status and return if any signals are pending. A kernel thread is created with:
struct task_struct *kthread_create(int (*threadfn)(void *data),
void *data,
const char *namefmt, ...);
The data argument will simply be passed to the thread function. A standard printk()-style formatted string can be used to name the thread. The thread will not start running immediately; to get the thread to run, pass the task_struct pointer returned by kthread_create() to wake_up_process(). There is also a convenience function which creates and starts the thread:
struct task_struct *kthread_run(int (*threadfn)(void *data),
void *data,
const char *namefmt, ...);
Once started, the thread will run until it explicitly calls do_exit(), or until somebody calls kthread_stop():
int kthread_stop(struct task_struct *thread);
kthread_stop() works by sending a signal to the thread. As a result, the thread function will not be interrupted in the middle of some important task. But, if the thread function never returns and does not check for signals, it will never actually stop. Kernel threads are often created to run on a particular processor. To achieve this effect, call kthread_bind() after the thread is created:
void kthread_bind(struct task_struct *thread, int cpu);
Rusty's patch includes a set of changes converting a number of kernel thread users over to the new infrastructure. There has been a fair amount of discussion of the kthread patches, which has resulted in some significant changes. Whether this code will get into the 2.6 kernel remains to be seen, however.
The future of device numbersGreg Kroah-Hartman has, it seems, received a fair amount of email from devfs users, many of whom are not pleased with the fact that devfs has been marked "deprecated" in 2.6. Never mind that Greg didn't do that... But Greg is the primary author of udev, which is intended to replace devfs in the future. With the intent of cutting down on hate mail, Greg has posted a lengthy diatribe on why, he thinks, the udev approach is better. It's not at all clear that his posting will have succeeded in that goal, but it does make the current thinking (accepted by most kernel developers, it seems) clearer.The posting also inspired a lengthy thread on the meaning of Linux device numbers and how they will be handled in the future. For starters, we now have Linus's explanation of why he chose to expand the device number type to 32 bits, rather than the expected 64:
Note that one reason I didn't much like the 64-bit versions is that
not only are they bigger, they also encourage insanity. Ie you'd
find SCSI people who want to try to encode
device/controller/bus/target/lun info into the device number.
We should resist any effort that makes the numbers "mean" something. They are random cookies. Not "unique identifiers", and not "addresses". Linus's talk of "random cookies" set off some alarms from developers who foresee a world where devices could have different numbers every time the system boots. Linus's response was unrepentant; he claims that (1) that world already exists, and (2) attempts to create relatively stable device numbers just encourage applications to depend on those numbers not changing, and thus create bugs. Anybody who has plugged two similar USB devices into the same system has already experienced one kind of device number instability. The kernel will assign numbers based on the order in which it discovers the devices; that order depends on a number of things, including, simply, which device was plugged in first. There is no way in the general case to provide stable numbers for this sort of hot-pluggable device. Other devices, such as iSCSI disks, are even worse. Discovering all of the available devices can be a challenge by itself; there is no way that this discovery will happen in a predictable order. So, for many kinds of devices, variable device numbers is simply a fact of life. So, says Linus, it is better not to even try to keep numbers stable.
Basically, if you cannot 100% guarantee reproducibility (and nobody
can, not your hashes, not anything else), then the _appearance_ of
reproducibility is literally a mistake. Because it ends up being a
bug waiting to happen - and one that is very very hard to reproduce
on a developer machine.
To bring that point home, Linus has raised an idea that Greg has presented a few times in the past: making all device numbers random. This change would quickly flush out any code which made assumptions about device numbers, whether it be in the kernel or in user space. Of course, random device number assignment is a feature for a development kernel; Linus acknowledges that, "for simple politeness reasons," device numbers should be kept as stable as possible in stable kernel releases. In any case, the point of all this is not to confuse users about the organization of their system. But, in a world where device numbers can offer no real clues about the hardware on a computer, something else needs to create stable names by which devices can be identified. That, of course, is the purpose of tools like udev. As a way of showing how flexible udev can be, Greg posted a brief script which makes CD drives available by the name of the disk (as obtained from CDDB) currently inside. This scheme is unlikely to become part of any major distribution in the near future, but it does show how elaborate device naming can be. For some sorts of devices, a conversation with a remote server may well be part of the naming process. As naming gets more complex, it becomes increasingly clear that it simply cannot be done in the kernel. That, of course, is one of the main objections to devfs - the naming policy is implemented entirely in kernel space. The udev approach moves that policy back out to user space, where it can be easily changed and extended. The remaining devfs users will want to look at switching over, but there is no particular hurry; Andrew Morton has made it clear that devfs will continue to be supported through the lifetime of 2.6 and, possibly, beyond.
Laptop mode for 2.6Some months ago, Jens Axboe posted a "laptop mode" patch for the 2.4 kernel. That patch had never been ported forward to 2.6, until now. Bart Samwel has picked up the laptop mode baton and posted several versions of a 2.6 patch; the latest, as of this writing, is version 6.The purpose of the patch is to allow laptop users to get the greatest amount of time out of their batteries by minimizing the time the disk spends spinning. Any Linux conference attendee who has ever lost the race for the available power outlets can't help but appreciate this idea. To keep the disk idle, the patch (along with an associated script) changes system behavior in the following ways:
There is also a separate mode which can be enabled which creates a log message every time a process forces some disk activity. This feature is useful for solving those "why is the disk spinning up" mysteries. An older version of the laptop mode patch is currently in the 2.6.1-rc1-mm2 tree, which suggests that it may yet find its way into a 2.6 kernel. Thousands of power-starved laptop users will be grateful.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Security-related
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials A Quick Look at Mandrake 10.0 Pre-BetaWith the holidays behind us, all eyes are on the work leading towards the next round of distribution releases around April and May this year. And there is plenty look forward to. In fact, the next round is going to be one of the most exciting ones ever, at least from the desktop Linux point of view, with the new Linux kernel 2.6, XFree86 4.4, KDE 3.2, GNOME 2.6 and many other updates either just released or expected in the near future. As the competition among the major distribution vendors heats up, there is little doubt that their development work will soon translate into some of the most interesting and usable products we've seen to date.What can we expect? Those of you on distributions' development mailing lists have already had a chance to experience the taste of things to come. As an example, looking through the Fedora development branch, we can see that, at the time of writing, the RPM package of the 2.6.0 kernel has undergone 24 revisions. And although XFree86 is still at version 4.3.0, KDE has been upgraded to 3.2-beta and glibc to (as yet unreleased) 2.3.3. Some other distributions have similarly bleeding edge development trees. A few of them have even released experimental ISO images: Conectiva has put together a single-CD Conectiva 10 Technology Preview, while Mandrake has released a 2-CD Cooker Snapshot 20031231. I have taken the latter for a test drive to see what has been done so far, although the features mentioned below are general enough to apply to other upcoming distribution releases. Linux kernel 2.6. The changes in the kernel are probably the most far-reaching of them all, especially in terms of system responsiveness and interactivity. One of the interesting new features is the kernel's support for hyperthreading - an ability that allows a single physical processor to masquerade as two or more processors. Some other features that will result in noticeable speed improvements is preemption (the ability to interrupt a kernel process so that other processor intensive tasks can continue to execute), "futexes" (a way for multiple processes and threads to serialize and prioritize events), improvements to input/output subsystems and a number of other changes. On a hardware side of things, the new kernel comes with support for USB 2.0, much improved support for wireless devices and a new structure of the dedicated storage buses; as an example, it is no longer necessary to enable SCSI emulation for IDE CD/RW drives. Improvements in the new kernel are too numerous to mention them all, but the above few examples should give plenty of reasons for the majority of users to want to move to kernel 2.6 as soon as possible. XFree86 4.4. As always, the new version of the X Window system will have many new and updated video drivers, including new ones for the more recent NVIDIA and SiS video cards, as well as the usual bug fixes. Version 4.4 also supports the IPv6 protocol. On the Xterm side of things, much improvement has gone into international font handling and locale support. The complete changelog and feature list can be found in the latest XFree86 release notes. KDE 3.2. There is a host of new features and applications in the upcoming KDE 3.2 scheduled for final release on February 7. Some of the more interesting ones include CD burning from within Konqueror, "service menus", or custom context menus in Konqueror, updated khtml engine, a graphical dialog for connecting to Windows machines on a network and a new theme called "Plastic". Among the many new applications in KDE 3.2 one will find KPDF (a PDF viewer based on XPDF), Kontact (KDE's PIM and groupware suite), KSVG (a Scalable Vector Graphics plugins for Konqueror), KGamma (a KControl module for monitor gamma correction), JuK (a jukebox and music manager), Kopete (a multi-protocol instant messaging tool), KWiFiManager (an application for monitoring and configuring wireless LAN connections), Umbrello (a UML Modeller), Kgpg (a frontend for gpg), KMouth (a tool to create sentences for speech synthesizer) and many others. One of the more interesting summaries of the new features, as well as annoyances in KDE 3.2 was recently published by OSNews. How do all these new goodies feel when integrated together in the Mandrake's latest Cooker snapshot? To put it simply, I have never used a faster and more responsive KDE desktop. Whether it comes to application load times or the time it takes for menus to appear on the screen, everything feels considerably faster than in any distribution using kernel 2.4 and KDE 3.1 on the same hardware. I haven't done any benchmarking to provide some hard figures, but clicking on the taskbar's "K" to bring up the KDE menu takes good 1 - 2 seconds on my Debian Sid installation, while on this Mandrake Cooker snapshot, it appears almost instantly. Konqueror now starts in a flash. It is of course too easy to get used to these new levels of speed: after playing with the Cooker snapshot for a few hours, rebooting into Debian felt as if somebody had replaced my Pentium 4 processor with at least a Pentium II - that's how much slower the whole system felt. But feelings aside, the fact is that the combined speed enhancements by KDE 3.2 and kernel 2.6 make for a fine and fast KDE desktop. As for other new features in this Mandrake Cooker release, there aren't many at this time, unless one counts application updates as new features. This is not surprising, given that the main purpose of this pre-beta snapshot was to make sure that the main components function together and to test the hardware compatibility of the new kernel. The first beta of Mandrake Linux 10.0 is scheduled for January 15, although the date has now been postponed twice. Better hardware compatibility, improved scalability and security, substantial advances in system speed and responsiveness - there is a lot to look forward to in the coming months.
Distribution News Debian GNU/LinuxHere's the Debian Weekly News for December 30, 2003. This edition looks at some Debian laptops from LinuxCertified.com; the Debian timeline looking back at 2003; a comprehensive report on all the many ways to install Debian; and much more.The Debian Weekly News for January 6, 2004 is out. This week read about Coordination in Free Software Projects; History of the Social Contract; Planet Debian; Using Kernel Header Files; Debian-Installer Beta 2; and much more.
Fedora News Updates #1Fedora News Updates is a new online journal looking at what is happening with the Fedora Core distribution. The first issue is now available; it looks at kernel tips, the first Fedora derivative distributions, and several other topics.
Gentoo LinuxThe Gentoo Weekly Newsletter for the week of December 29, 2003 is out. This week marks the first anniversary of the GWN and this issue celebrates with some special content.The Gentoo Weekly Newsletter for the week of January 5, 2004 is also out; with a look at the December 15th Gentoo Managers' Meeting and more.
Mandrake LinuxMandrake has an updated drakxtools package that fixes drakbackup's daemon behavior.
Slackware LinuxSlackware has upgraded to the 2.4.24 kernel for both slackware-stable and slackware-current.
Xandros to Showcase New Series of Business SolutionsXandros will have several staff members available at the Xandros booth, #470, during LinuxWorld Expo in New York. Stop by and see the new enterprise products, to be announced during the show.
New Distributions Bluewall GNU/LinuxBluewall is a GNU/Linux distribution that allows you to install a system from a small set of preconfigured binary packages based on Debian Linux. Bluewall doesn't have any specific installation procedure so that you can install Linux in the way you want, using command line tools. Version 0.1 was released December 26, 2003.Bluewall followed that announcement with the release of v1.0 with major feature enhancements. "Changes: This release adds Linux kernel 2.6.0 with more networking and character device support compiled in and as modules. Modules for Linux kernel 2.4.23 are included. 98 new packages have been added for post-installation settings, including X server and window manager packages. The initial ramdisk is 5MB bigger for the live CD environment."
SLAXKDE.News introduces a new Slackware-based LiveCD called SLAX. The latest release features KDE 3.2 Beta 2 and KOffice 1.3 Beta 2. According to the changelog, the current version of SLAX is 3.0.25-2, released January 5, 2004.
Minor distribution updates Ankur Bangla Live CD 1.0 released (Footnotes)Footnotes reports that the Ankur Bangla Project has released version 1.0 final of the Ankur Bangla Live CD, running GNOME 2.4.
Astaro Security LinuxAstaro Security Linux has released v4.018 with major security fixes. "Changes: This Up2Date fixes the CAN-2003-0985 kernel bug."
Aurox LinuxAurox Linux has released v9.2 with major feature enhancements. "Changes: KDE was upgraded to 3.1.4, and GNOME was upgraded to 2.4.1. The installation process now presents a "Light Desktop" choice, comprising fluxbox, mozilla-firebird, rox-filer, and sylpheed. This is a set of applications and desktop software which runs with lower hardware requirements than GNOME or KDE. New versions of movie and music players were added: Xine libs 1.0.0 RC2 and MPlayer 1.0 pre2. The dvd+rw-tools package was added, which allows DVDs to be written with k3b 0.10.2. Other new applications were added, such as Sodipodi, Blender, Scribus, QtParted, and tools for mobile phones (gnokii and gscmxx)."
Buffalo LinuxBuffalo Linux has released v1.0.5 with major feature enhancements. "Changes: This version enhances the install with a hardware lockup patch. Overall, it is a faster, cleaner system. There is better integration with Codeweavers Crossover Office. There are cleanups, minor package updates, and numerous new help pages."Buffalo has also released v1.1.0rc3 with major feature enhancements. "Changes: The default kernel was updated to 2.4.23. Three other kernel versions are also available. Many packages were upgraded, including gcc 3.3.2 and glibc 2.3.2. Tighter integration with CodeWeavers Office is also included."
cAoscAos has released beta-1 with major feature enhancements. "Changes: This release adds a complete operating system rebuild, with Web interfaces for package maintainers into the cAos temple to manage their packages, and a preliminary QA engine."
CDLinuxCDLinux has released v0.5.1 (Alpha). "Changes: The development platform has been changed from Slackware 8.1 to Slackware 9.1. initrd has been changed from cramfs to squashfs. devfs has been adopted. NICs are auto-probed, including USB ones. There is a more flexible locale setting schema. Packages have been updated: Linux 2.6.0, module-init-tools 0.9.14, glibc 2.3.2, busybox 1.00-pre4, XFree86 4.3.99.901 (4.4.0 RC1), OpenSSH 3.7.1p2, rdesktop-1.3.0, file 4.07, and lftp 2.6.11."
Coyote LinuxCoyote Linux has released v2.05 with minor feature enhancements. "Changes: This version fixes the broken DHCP Web configuration script, adds new Web administrator control options, and has support for a DMZ interface."
Damn Small LinuxDamn Small Linux has released v0.5.2 with minor feature enhancements. "Changes: This release adds mkisofs, cdrecord, bashburn (an easy to use text mode CD burning utility), gTuxnes (an interactive GUI for tuxnes), smbclient, smbtree, a working /opt that is writable from the CD, and midnight commander (with many features stripped). skel now works for root when installed."
Devil-LinuxDevil-Linux has released version 1.0.4 which fixes the most recent kernel vulnerability. Click below to see the release notes.
Feather LinuxFeather Linux has released v0.3.0 with major feature enhancements. "Changes: Feather Linux is now 14 megabytes bigger. Mplayer, LinNeighborhood, aumix, ndiswrapper, and nmap were added. The HD install script was tweaked. Samba was updated. ALSA and aRts sound support were added. CUPS and Foomatic printing support were added."
Gibraltar FirewallGibraltar has released v1.1 with minor security fixes. "Changes: This release fixes the brk() local root vulnerability by updating to kernel 2.4.23, altough local users are not used by default on Gibraltar. Additionally, the PAX patch has been applied to the kernel, making it a lot less vulnerable to buffer overflow exploits in general."
LEAFLEAF has released Bering-uClibc 2.01 with minor security fixes. "Changes: Most notable in this release are a kernel do_brk security fix patch, a new dropbear version with SCP and port forwarding (partly), and an update to shorewall 1.4.8. There are also more cleanups and package updates for the base image."
MoviXMoviX has released v0.8.1rc2 with minor bugfixes. "Changes: MoviX once again works with as little as 64MB of RAM. Remote Samba and NFS volumes now are correctly mounted, even when no dhcpd server is found. TV-out with Dxr3/H+, Matrox, and Savage cards has been fixed. Two new menus have been introduced for easy tuning to Shoutcast and Icecast radio stations. Support for wireless NICs has been introduced."eMoviX v0.9.0pre1 is also out, with major feature enhancements. "Changes: The internals have been completely changed (it is now based on Debian), booting is now graphical, and automount has been introduced. Many patches were applied to MPlayer: you can access the MPlayer menu while playing music, use the MPlayer menu to play CDs/DVDs/VCDs/ACDs, switch audio/subs from within the interface, and you get the MPlayer menu after playback is over."
Openwall GNU/LinuxOpenwall GNU/Linux has released Linux 2.4.23-ow2 with fixes for two Linux kernel vulnerabilities. Owl 1.1 is available for download for download along with the 2.4.23-ow2 kernel.
Recovery Is Possible!RIP has released v6.8 with minor feature enhancements. "Changes: Some of the software has been updated. Support for a serial console and booting from a USB device have been added."Version 6.9 has also been released, with minor feature enhancements. "Changes: The kernel was updated to 2.6.0, and some of the software has been updated."
Distribution reviews Spawn of Debian faceoff: LindowsOS 4.5 (NewsForge)NewsForge looks at some Debian based distributions, starting with this review of LindowsOS 4.5. "As far as security issues go, the negative "buzz" is wrong. A firewall is installed by default. Users are not encouraged to run as root, but you can see how many will simply because they are not urged strongly enough not to do so. The use of a password is encouraged. LindowsOS does an OK job of keeping a system secure, but not a great one."
Desktop Distro Shootout Part 5 (final) - Xandros 2.0 Deluxe (OSNews)OSNews reviews Xandros 2.0 Deluxe. "Xandros takes the prize in [documentation] by the simple virtue of actually providing that old fashioned courtesy called a user manual. Astonishing really. Of course an ancient geezer like me can remember the good old days when user manuals were S.O.P. for software packages. No more. Now you generally have to embark on a research project, visit the public library, search the web, ask questions on the user forums, beg help from your local LUG, and go earn a degree in computer science before you are qualified to open a new file and actually do anything constructive. Anyone who is unable or unwilling to jump through these hoops is obviously a stupid newbie and inherently unfit to be trusted with a computer anyway."
Xandros 2.0 - King of the Linux Desktop (MadPenguin)MadPenguin reviews Xandros 2.0. "Xandros has a wonderful feature built into the distro that I think helps take it another notch higher on my list: CD burning embedded into the Xandros file manager. It's very K3b-like, and has the same functionality, look, and feel for the most part. Furthermore it works just as well, if not easier, for the rookie Linux user."
Page editor: Rebecca Sobol Development GNOME Platform Bindings 2.5.1 released (GnomeDesktop)Version 2.5.1 (the initial release) of the GNOME Platform Bindings has been announced.
This is the first release of the GNOME Platform Bindings release set,
which provides a GNOME development platform for programming languages
other than C, in the style of those languages. This release set gives
some bindings a schedule and rules to work within, so we can endorse
those bindings.
The Modules List indicates the current availability of bindings for C++, Java, and Perl, a beta version of the bindings are available for C#. Bindings for Python and other popular languages aren't on the list yet, although they do exist for GTK+. The bindings are to be released according to this release schedule. In order to be accepted, new bindings must adhere to these rules. The source code for the C++, Java, and Perl GNOME Platform Bindings is available by ftp.
System Applications Audio Projects ac3jack launchedThe initial release of ac3jack is out. "ac3jack is a tool for creating an AC3 (Dolby Digital) multichannel stream from its JACK input ports. Using this tool, an AC3 stream (up to 5.1 channels) is encoded in realtime and either written to a file or streamed to standard output."
Database Software Firebird 1.5 Release Candidate 8 availableVersion 1.5 RC 8 of the Firebird database is available. "The development of Firebird 1.5 release is in final development stage ! The Release Candidate means that we're "almost there", and we turned our focus to remaining known issues and rough edges, final testing and bug squashing. We made a lot of progress with it thanks to your feedback."
phpMyAdmin 2.5.5-pl1 is released (SourceForge)The patch level 1 release for phpMyAdmin 2.5.5, a web-based database administration tool, is available and features several bug fixes.
PostgreSQL Weekly NewsThe December 29, 2003 edition of the PostgreSQL Weekly News is out with the latest PostgreSQL database news.
PostgreSQL Weekly NewsThe January 5, 2004 edition of the PostgreSQL Weekly News has been published. Take a look for the latest PostgreSQL database information.
Embedded Systems BusyBox 1.0.0-pre5 releasedVersion 1.0.0-pre5 of BusyBox, a compressed collection of Unix command line tools for embedded systems, is available. "The most obvious thing in this release is a fix for a terribly stupid bug in mount that prevented it from working properly unless you specified the filesystem type. This release also fixes a few compile problems, updates udhcp, fixes a silly bug in fdisk, fixes ifup/ifdown to behave like the Debian version, updates devfsd, updates the 2.6.x modutils support, add a new 'rx' applet, removes the obsolete 'loadacm' applet, fixes a few tar bugs, fixes a sed bug, and a few other odd fixes."
LAMP Applications Animal Shelter Manager 1.30 released (SourceForge)Version 1.30 of Animal Shelter Manager, a LAMP application for running an animal shelter, has been announced. "This release massively improves performance and memory usage for Linux, Windows and MacOS X users. Animal Shelter Manager is a complete computer solution for animal sanctuaries and shelters. Features complete animal management, document generation, full reporting, charts, internet publishing, pet search engine integration, web interface and more."
Libraries First development version of libburn (GnomeDesktop)GnomeDesktop.org has the announcement for the first development version of libburn, a library for reading, writing, and mastering optical discs. "Remember this version is not intended for end users, but for frontend developers to start testing it. Many features are still missing, and it's far from reliable."
Mail Software GPGrelay 0.94 released (SourceForge)Version 0.94 of GPGrelay has been announced. "GPGrelay is a small email-relaying server that uses GnuPG (the GNU Privacy Guard) to sign/encrypt (SMTP-Relay) or verify/decrypt (POP3-Relay) emails. This enables many email-clients to send and receive emails that are PGP-MIME conform."
Mailman 2.1.4 released (SourceForge)Version 2.1.4 of GNU Mailman, a mailing list manager, has been announced. "A cross-site scripting vulnerability has been closed, and four new languages have been added: Catalan, Croatian, Romanian, and Slovenian. Header filtering has been expanded for use with upstream virus and spam filters (see Privacy -> Spam Filters). Many other bug fixes have been included as well."
Networking Tools Enabling IPv6 in Linux (O'ReillyNet)Ibrahim Haddad explains IPv6 on O'Reilly. "The design philosophy of IPv6 is a scalable protocol that provides a large address space with a simple structure, an original end-to-end environment, a NAT-free network, fast processing, and many features needed by current and future applications. Migrating from IPv4 to IPv6, and IPv6 deployment should not be expensive. IPv6 should inter-operate with IPv4 and provide tools and mechanisms needed by hosts running different IP versions to communicate with each other, and to enable applications to work with both IP versions."
Printing AFPL Ghostscript 8.13 releaseVersion 8.13 of AFPL Ghostscript has been released. "This is the third release in the stable 8.1x series and follows closely on last month's 8.12 release. It fixes some build issues and a crashing bug with the ps2epsi script but is otherwise identical to 8.12."
LPRng 3.8.24 availableVersion 3.8.24 of the LPRng printing system is available. Change information is in the source code.
Security adore-ng 0.31 announcedVersion 0.31 of the adore-ng root kit is out. Security administrators should take a look. New features include evil-log-tagging, LKM infection, and reboot residency.
Web Site Development gURLChecker-0.7.4 (unstable branch) released (GnomeDesktop)Version 0.7.4 of gURLChecker, a graphical web links checker, has been announced. Here are the changes: "Project management basics were added. Currently, one can create, modify, and delete a project. It is also possible to rescan a given page. Project management is currently for Web sites only. A "Lastmodified" column was added in the main tree view. The appearance of the settings dialog was updated to be more like GNOME. A toolbar was also added in the main window. A problem with the base href tag was corrected. An HTTP header parsing problem was corrected. UTF-8 enhancements and bugfixes were made."
Zope 3 NewsletterThe Zope 3 newsletter for December 23, 2003 has been published. Take a look to see the latest Zope 3 news.
Miscellaneous GNOME System Tools 0.31.0 has been released (GnomeDesktop)Version 0.31.0 of the GNOME System Tools configuration utility collection has been announced. "as promised in the last release, most of the work has been dedicated to porting the tools to other distros. The most exciting changes are the Fedora Core 1 support for all tools, the Slackware 9.1 support for all tools except network, and the yaboot support in the boot tool".
Desktop Applications Audio Applications Session Exchange 0.0.1 for ArdourVersion 0.0.1 of Session Exchange, an add-on to the Ardour multi-track recording utility, is out. The description says: "It lets people easily manage their ardour sessions, specifically, with sharing snapshots across the internet for collaboration."
Gnomoradio 0.8 Released (GnomeDesktop)Version 0.8 of Gnomoradio has been released. "Gnomoradio finds, fetches, shares, and plays music that is freely available under a Creative Commons license. This version has numerous bugfixes and enhancements".
CAD PythonCAD release elevenThe eleventh development release of PythonCAD has been announced. "The eleventh release adds a few more fixes for running PythonCAD under Python 2.3 that were missed in the tenth release. This release improves the transfer of entities with associated dimensions from one layer to another. Prior to this release the dimension would be deleted, but now the dimension is preserved. This release also contains a number of file saving and loading cleanups applied to the code. A small number of bug fixes have been applied as well, and the addition of Ellipse and Spline entities has begun, though neither is complete yet."
Desktop Environments XFree86 core team disbandsXFree86 core team leader David Dawes has sent out a message stating that the core team has voted to disband itself. "I believe that this is an acknowlegement that the core team was no longer representative of the active, experienced and skilled XFree86 developers, or a place where technical discussion happens." What comes next is not clear at this point; XFree86 development will probably continue as always, however. (As seen on Slashdot).
xrestop - go after your application's bloat... (GnomeDesktop)GnomeDesktop.org looks at the xrestop utility, which can show X window system resource usage. "Some commonly used applications are using (wasting) an amazing amount of resources, for no apparent benefit. Xmms is using > 400 windows and wasting 10 megabytes is surprising, just to name one "interesting" result."
GNOME Development Release 2.5.2 (GnomeDesktop)Version 2.5.2 of the GNOME Development Release has been announced. "This release is a snapshot of development code. Although it is buildable and usable, it is primarily intended for testing and hacking purposes."
End of December GNOME SummaryThe last GNOME Summary for 2003 is out; it looks at improvements in the wireless applet, some GNOME Foundation issues, and more.
Gnome SummaryThe December 28, 2003 - January 3, 2004 GNOME Summary has been published. This edition features an interview with kernel developer Rob Love, and more.
KDE TrafficIssue #72 of KDE Traffic has been published. The KDE.News summary says: "KDE Traffic #72 is out featuring an interview with Carlos Leonhard Woelz regarding his Quality Team proposal, integration of non-KDE applications in the KDE environment, last minute 3.2 tweaks and more."
KDE Traffic #73The December 31, 2003 edition of KDE Traffic has been published. The KDE.News summary says: "KDE Traffic #73 comes to you at the last day of the year, bringing you news ranging from the minimum necessary resolution to run KDE to displaying GNOME applications in the KMenu. Check it out!"
KDE-CVS-DigestThe December 26, 2003 edition of the KDE-CVS-Digest is available. Here's the content summary: "Java binding now generated by build process. You can now mount KIO slaves with the fuse_kio module. Karbon now has snap to grid and curve smoothing. Initial import of the new Theme Manager. You can now create application configuration files with KConfEdit."
KDE-CVS-DigestThe January 2, 2004 edition of the KDE-CVS-Digest is available for your reading enjoyment. Here's the summary: "In KMail, the beginnings of spam filtering. New version of the SSLIODevice and SSLServerSocket code. A alpha version of Debian KDE LiveCD was imported. Speedups in Khtml and KJS. And many bugfixes."
Electronics gEDA NewsThe latest releases from the gEDA project include new versions of the gwave waveform viewer, the Savant VHDL analyzer, the Gnucap circuit analyzer, and the Icarus verilog compiler.
Financial Applications GNUe TrafficIssue #101 of GNUe Traffic is out with several new GNU Enterprise articles. Topics include AppServer and Moving to svn.
SQL-Ledger 2.2.3 releasedVersion 2.2.3 of SQL-Ledger, a web-based accounting package, has been announced. This version features several new reports, more translations, and more.
Interoperability Wine TrafficIssue #202 of Wine Traffic has been published. Take a look to see the latest Wine development news.
Medical Applications SQLClinic Releases Version 2.1 (LinuxMedNews)LinuxMedNews reports on the latest release of SQL Clinic. "We are pleased to announce that SQL Clinic Version 2.1 - Stable is available for download. Unix and Win32 versions can be downloaded at www.sqlclinic.net/pub/."
TEMPO EEG visualization software (LinuxMedNews)LinuxMedNews has an announcement for TEMPO, an open-source package for 3D visualization of EEG activity. "TEMPO is able to read EEG recordings in standard EDF format and (if enough EEG channels available) to create animation of corresponding topographic maps over 3D human head model."
Multimedia GStreamer "Mobil Avenue" 0.7.3 releasedVersion 0.7.3 of GStreamer, a streaming multimedia framework, has been announced. "The GStreamer team is happy to announce our third release in the 0.7.x development series of the GStreamer streaming-media framework. The goal of this release series is to stabilize it towards a 0.8 release series which will be part of the GNOME 2.6 releases and hopefully eventually KDE 4.x."
Music Applications BEAST/BSE 0.5.6 is out (GnomeDesktop)Version 0.5.6 of BEAST/BSE, the Bedevilled Audio SysTem / the Bedevilled Sound Engine, has been announced. "This new development series of BEAST comes with a lot of the internals redone, many new GUI features and a sound generation back-end separated from all GUI activities. The most outstanding new features are the demo song, the effect and instrument management abilities, the track editor which allowes for easy selection of synthesizers or samples as track sources, loop support in songs and unlimited Undo/Redo capabilities."
gmorgan 0.21 ReleasedVersion 0.21 of gmorgan, a rhythm station, accompaniment tool, and pattern-based sequencer, has been released.
MusE version 0.6.3 releasedVersion 0.6.3 of MusE, the Linux Music Editor, is available. "Release 0.6.3 is mainly a bugfix release, some bugs more serious than others have been fixed, all users are encouraged to upgrade, especially if you had problems with the prior release."
OpenMusic 4.7.1 availableVersion 4.7.1 of OpenMusic, a visual programming language based on CommonLisp/CLOS for music composition, is out.
Office Applications Gnumeric 1.2.4 released (GnomeDesktop)Version 1.2.4 of the Gnumeric spreadsheet has been announced. "With a few more bugs fixed, and some final features enabled for the charting engine Gnumeric has now branched. Version 1.2.3 was not announced due to last minute fixes in xls export. The main extension in this release is the addition of value formats for the axis labels, user defined, auto generated from the source data, or from MS Excel."
Digital Photography flPhoto 1.2 releasedVersion 1.2 of flPhoto, an image management and display program, is out. The release notes mention several bug fixes related to the printing of images.
Video Applications dvbsnoop 1.2 released (SourceForge)Version 1.2 of dvbsnoop, a dvb/mpeg analyzer, is available. "This version comes with some new helpfull features like bandwidth-snoop for PIDs, pidscan on a transponder, and frequency signal status snooping. Also playback from saved streamfiles is possible."
Web Browsers Epiphany 1.1.2 availableDevelopment version 1.1.2 of Epiphany, a minimalist web browser for GNOME, has been announced. Many changes and bug fixes are included.
Mozilla Backup 1.2 Released (MozillaZine)Version 1.2 of Mozilla Backup is available. "Mozilla Backup is a tool for backing up and restoring Mozilla profiles. Version 1.2 adds better backup files, multilanguage support, support for Netscape and some new features. In addition several crash bugs have been fixed."
Independent Status Reports (MozillaZine)The January 4, 2004 Mozilla Independent Status Reports are available. The MozillaZine summary says: "The latest set of status reports include updates from Firebird Help, MacroTracker, SearchSidebar, xHermes, Forumzilla, wmlbrowser, MozManual and MozEdit."
mozilla.org Status Update (MozillaZine)The mozilla.org Status Update for January 5, 2003 is online. The MozillaZine summary says: "It includes news on Mozilla Firebird, ChatZilla, history searches, proxy configuration, internationalized domain names and more."
Mozilla Links NewsletterThe December 23, 2003 Edition of the Mozilla Links Newsletter has been published. Take a look for lots of Mozilla browser information.
Mozilla Links NewsletterThe Mozilla Links Newsletter for January 6, 2004 is out. "Do you like games? We do and for all of you who like them too, here is the first part of our take on Mozilla Games. Once again, the Mozilla platform excels in providing great all-purpose development tools. You are just clicks away to charge your Mozilla with some of the most beloved classic computer games. Enjoy!"
Word Processors AbiWord Weekly NewsIssue #175 of the AbiWord Weekly News is available with another weekly roundup of AbiWord word processor news. Here's the summary: "AbiWord's first Developers' release in a few months. QNX gets an installer while an update about BeOS comes in. Plus, more information on Revisions and AbiCommand Document Server. Also, users who need your help."
AbiWord Weekly NewsThe AbiWord Weekly News for December 29, 2003 is out with the following summary: "Follow up on last week, Star/Open Office import/export gets some improvements, Enchant gets an hspell upgrade, Windows gets some installer improvements and a reminder that we need more people helping out with translations. Oh, and some OZ rumour about 2.0.3 to come out possibly as soon as possible."
AbiWord Weekly NewsIssue #177 of the AbiWord Weekly News was published on January 4, 2004. "It's been a fairly generic week: a mention in the NYTimes, more NSIS2 development, a brand-spanking-new developer and some minor feature-enrichment for our features. It's the post-holiday hangover/soberfication."
Miscellaneous GnomeSword2 released - Bible study for GNOME2 (GnomeDesktop)A new version of GnomeSword2, a bible study application, has been announced. "This is the first stable release of the GNOME2 version, supporting SWORD 1.5.6 and 1.5.7. It represents a major rewrite and features a full port to GTK2, with a new GUI which aims towards HIG compliance. It uses more GNOME functionality (including gnome-print and gnome-spell), and has support for new SWORD features such as preverse headings. A manual is now included, in both the English and French languages."
JabRef 1.1 released (SourceForge)Version 1.1 of JabRef, a GUI for managing BibTeX databases, is out. "JabRef 1.1 improves customization possibilities a great deal compared to version 1.0. You now have full control over which fields are displayed in the editor for BibTeX entries, and you can easily define your own entry types. There are also numerous other new features, improvements and bug fixes."
Languages and Tools Caml Caml Weekly NewsThe Caml Weekly News for December 23-30, 2003 is available with the latest Caml language news.
Caml Weekly NewsThe December 30, 2003 - January 6, 2004 edition of the Caml Weekly News is available with another round of Caml language articles.
HTML HTML Parser Integration Release 1.4-20040104 (SourceForge)A new release of HTML Parser is available. "This can be considered an alpha candidate of the final 1.4 release, and has much improved stability, speed, and HTML page transformation capabilities. HTML Parser is a library, written in Java, which allows you to parse HTML (HTML 4.0 supported)."
Java ONJava: 2003 in Review (O'ReillyNet)Chris Adamson reviews the Java activity for year 2003 on O'Reilly.
JSP Developing Custom Tag Libraries as Tag Files (O'ReillyNet)O'Reilly has published an excerpt from Hans Bergsten's JSP book. "This excerpt from Hans Bergsten's JavaServer Pages, 3rd Edition describes implementing custom tag library actions as plain text files and packaging them as tag libraries that can be used in JSP pages."
Lisp GNU CLISP 2.32 releasedVersion 2.32 of GNU CLISP, a Common Lisp implementation, is available. "This version includes the new modules `berkeley-db' and `pcre', supports files larger than 2 or 4 GB on platforms with LFS, provides a fully customizable prompt and more."
SBCL 0.8.7 releasedVersion 0.8.7 of SBCL (Steel Bank Common Lisp) is available. "This version provides support in threaded builds for the fast userspace mutex facility in Linux kernel 2.6, performance optimizations, changes to the interface for thread arbitration, simple streams enhancements and the usual bug fixes."
Pascal Costanza's Highly Opinionated Guide to Lisp 1.3Pascal Costanza has released version 1.3 of his Highly Opinionated Guide to Lisp. "The document tells how the author got to use Lisp, and provides a short introduction to and some background information about the language. It also discusses some of the obstacles faced by novices."
Perl This Week on perl5-porters (use Perl)The December 22-28, 2003 edition of This Week on perl5-porters is out with another week's worth of Perl5 news.
This Week on perl5-porters (use Perl)The December 29, 2003 - January 4, 2004 edition of This Week on perl5-porters has been published. "At the turn of the year, and in accordance with the grand schedule of things, occurred a code freeze for perl 5.8.3. Read below for the rest of the discussion that took place on perl5-porters."
PHP PHP Weekly Summary for December 24, 2003The PHP Weekly Summary for December 24, 2003 is out. Topics include: PHP 5.0.0-beta3, Sandbox capabilities, New OCI8 maintainer, Even more win32 build system tweaks, error_reporting and user defined error handlers.
PHP Weekly Summary for January 5, 2004The PHP Weekly Summary for January 5, 2004 is out. Topics include: Feature freeze reminder, 2003 - looking back, VS.NET, include() / require() error format, Zend Language Parser source.
Python Introducing LythonThe Lython project has been created by Miles Egan. "Lython is a new lisp front-end for the Python programming language. It resembles common lisp and compiles directly to Python bytecodes and transparently integrates with existing Python code and libraries."
Python 2.3.3 releasedVersion 2.3.3 of Python has been announced. The release notes say: "This is a bug-fix release for Python 2.3 that fixes a number of bugs, including a couple of serious errors with weakrefs and the cyclic garbage collector. There are also a number of fixes to the standard library".
This week's Python-URLDr. Dobb's Python-URL for December 26 is out with the latest happenings in the Python development community.
Dr. Dobb's Python-URL!The Dr. Dobb's Python-URL for December 30, 2003 is out; with weekly new and links for the Python community.
Dr. Dobb's Python-URL!The January 5, 2004 edition of Dr. Dobb's Python-URL! is out with links to more Python language articles.
Scheme Scheme Weekly NewsThe January 5, 2004 edition of the Scheme Weekly News is available. Take a look to see the latest Scheme language developments.
Tcl/Tk Dr. Dobb's Tcl-URL!The December 23, 2003 edition of Dr. Dobb's Tcl-URL is out with another round of Tcl/Tk article links.
Dr. Dobb's Tcl-URL!The December 29, 2003 edition of Dr. Dobb's Tcl-URL has been published. Take a look for another collection of Tcl/Tk articles.
Dr. Dobb's Tcl-URL!The January 5, 2004 edition of Dr. Dobb's Tcl-URL! is available with even more Tcl/Tk articles.
XML Content feeds with RSS 2.0 (IBM developerWorks)James Lewin discusses RSS 2.0 on IBM's developerWorks. "A lot has happened in the RSS world since developerWorks last looked at RSS: Two new specifications have come out, RSS has become one of the most popular XML standards, and tools and feeds are popping up everywhere. RSS has contributed to the explosion of weblogs, and it is becoming a standard part of other Web sites, too. This article reviews RSS 2.0, looks at new RSS developments, and jump-starts your understanding of this important format."
Getting Started with XForms (O'Reilly)Bob DuCharme introduces XForms on O'Reilly. "The XForms standard, which became a W3C Recommendation last month, lets us define forms that are much more sophisticated than those of HTML. Perhaps more importantly, it makes it easier for applications that we write to grab and use the data entered into forms, because an XForms client can plug the data directly into any XML structure that you like."
Merge XML documents with StAX (IBM developerWorks)Berthold Daum explains the merging of XML files using StAX. " Deriving new XML documents from input documents is where the Streaming API for XML (StAX) shines. This tip explores how client applications can utilize the event-based API to efficiently merge two incoming XML documents into one."
Miscellaneous Six Signs That You Should Use Paper Prototyping (O'Reilly)Carolyn Snyder writes about paper prototyping on O'Reilly. "This time of year, there's plenty of leftover wrapping paper sitting around. Why not put it to good use? If you create interfaces, you may have heard of paper prototyping. It's a technique that lets you mock up, test, and refine a design -- totally on paper -- before you write a line of code."
Page editor: Forrest Cook Linux in the news Recommended Reading The IT industry is shifting away from Microsoft (Inquirer)The Inquirer has posted a lengthy article claiming that Linux is truly beginning to push Microsoft aside. "High profile defections like cities, governments, and, gasp, IBM, are just the tip of the iceberg, and almost everyone is looking at the pioneers to see if the trail they are blazing is worth following. If it turns out that these first few companies can make it, expect the floodgates to open, and everyone to follow."
The Free Software Community After 20 Years: With great but incomplete success, what now? (NewsForge)NewsForge looks at the 20th anniversary of GNU in an article written by Richard Stallman. "It was twenty years ago today that I quit my job at MIT to begin developing a free software operating system, GNU. While we have never released a complete GNU system suitable for production use, a variant of the GNU system is now used by tens of millions of people who mostly are not aware it is such. Free software does not mean "gratis"; it means that users are free to run the program, study the source code, change it, and redistribute it either with or without changes, either gratis or for a fee."
Clark Campaign Going Open Source (Wired)Wired reports that Wesley Clark's U.S. presidential campaign is trying to bring in free software developers to write (and release) code. "Among the projects slated for development are a Friendster-style social-networking application and a tool for campaign field workers to track mailings, donations and door-to-door visits. The Clark technology staff also expects to release the code for several of its internal applications, including a set of tools for managing campaign data and the software used to run Clark's community website. Developers initially will distribute software under the BSD license, which would allow other campaigns to use the code freely."
Trade Shows and Conferences Australia government open source conference attracts politicos (AustralianIT)AustralianIT reports on the first Linux and Open Source in Government conference to be held as part of this year's Linux.conf.au conference. "The government conference is being organised by AUUG in association which Linux Australia, which runs the main conference. AUUG treasurer Gordon Hubbard said the level of political interest in open source issues had risen considerably since AUUG's last conference in September." (Found on Open Sector)
XML 2003 Conference Diary (O'Reilly)Eric van der Vlist covers the XML 2003 conference on O'Reilly. "I am on my way back from XML 2003 and it's time for me to draw the conclusions from this event which, year after year, remains the major conference of the markup community. For this year's conference has been dominated by schema languages, but I am so biased that this probably doesn't prove anything. Schema languages have become my main focus and I see them everywhere!"
The SCO Problem IBM's Unpublished Cases (Groklaw)Groklaw continues to follow the back-and-forth filings in the SCO v. IBM case. In this article, the focus is on IBM's attempts to get some of SCO's affirmative defenses thrown out. "If SCO wishes to admit that it has no specifics to prove fraud and inequitable conduct and wishes to drop those affirmative defenses to that extent, that is fine with IBM. That's what their motion is asking for in the first place. I am guessing they were laughing out loud when they typed that part up."
Companies Red Hat bond sales reach $500 million (News-Observer)Red Hat's home town newspaper has an article on the company's bond sale. "'We believe the time for us as a company to take control of the market is now,' said chief financial officer Kevin Thompson. 'What we've done is capitalize ourselves so that we can react very quickly to opportunities that come up in the marketplace.' Customers are demanding products that Red Hat can't offer, Thompson said. It likely will have to buy other companies to add new products and services."
Sun hands Cobalt an open-source lifeline (ZDNet)ZDNet reports that Sun, as it shuts down the Cobalt server line, is doing the right thing with the code. "The release means that all the custom user interface and back-end code for the Qube 3 and RaQ 550 server appliances is now available under a BSD-style licence. Also, the custom BIOS for all x86-based RaQ/Qube products -- which, among other things, let an administrator tap in the device's network settings without having to plug in a keyboard and monitor -- have been released under the GNU Public License." (Thanks to Alastair Stevens)
Business Investing in open source companies: Nobody's getting rich -- yet (IT Manager's Journal)IT Manager's Journal reports on a panel discussion at the SD Forum Open Source Summit. "A panel of people who know about such things agree that if commercial open source software and services companies are to remain profitable, some current business models are going to have to be revisited and/or fine-tuned. Experts at the recent SD Forum Open Source Summit took on this very topic and came up with some cogent advice for would-be investors."
Linux Adoption Courts office leaps onto Linux (FCW)Here's a brief Federal Computer Week article on the adoption of Linux within the U.S. Federal court system. "According to officials, the Linux systems will back several critical applications supported at court locations throughout the United States, including court and probation/pretrial services case management, finance and accounting."
Israel Suspends Acquisitions Of Microsoft Software (TechWeb)TechWeb reports on Israel's decision to not upgrade to the latest versions of Microsoft Office. "The Israeli government also will encourage the development of lower-priced alternatives to Microsoft software in an effort to help expand computer use by the public. To that end, the Finance Ministry has cooperated with Sun Microsystems and IBM in designing the Hebrew language version of OpenOffice software, a freely distributed open-source alternative to Microsoft Office."
Asia Loves Linux -- And Microsoft Scrambles (Business Week)Business Week looks at increasing Linux use in Asia. "Discontent with Windows -- and enthusiasm for Linux -- are increasingly common in Asia these days. Although Microsoft still rules the desktop and racks up healthy server operating-system sales, open-source software is winning fans across the region. Government officials see Linux as a means of cutting costs -- systems using it run as much as 70% cheaper than Windows -- and priming their local software industries."
London council ditches Linux plans (ZDNet)ZDNet UK covers the London Newham Borough Council's decision not to use Linux. "The council had been involved in its own Linux trials last year with the Net Project group but council officers decided such a major migration would pose "unacceptable levels of risk" to council services."
Open Source Database Development Closes In On Microsoft (EDC)Evans Data Corporation has announced the results of a survey on database usage. "The latest Database Development Survey from Evans Data Corporation has found that Microsoft SQL Server and Access continue to dominate database development but open source databases are gaining strength. Microsoft SQL Server and Access usage has grown by six percent while MySQL usage has increased by more than 30% in the last year."
Legal Prosecutors let DVD-Jon's victory stand (Aftenposten)Aftenposten reports that Jon Lech Johansen has finally been acquitted of all charges. "It was widely expected that Norway's white-collar crime unit would appeal the case to the country's supreme court (Hoeyesterett), but prosecutors clearly changed their minds. There was no immediate reason given as to why they dropped the case." (Thanks to haraldt)
Interviews Interview: KDE meets Lindows CEO Michael Robertson (KDE.News)KDE.News interviews Lindows.com CEO Michael Robertson. "How are we going to help KDE? We will look at sponsoring projects on a case by case basis. We bring marketing to the KDE community, often overlooked by technical people. By building marketing channels, building resellers, this will make KDE stronger."
Two new FOSDEM interviewsThe continuing series of interviews with FOSDEM speakers adds two more interviews to the list. Today's interviews are with LWN executive editor Jonathan Corbet who will give a talk on the new features in the 2.6 kernel, and Denis Oliver Kropp, one of the main developers for the DirectFB project, who will speak about DirectFB.
FOSDEM interviews: Henning Brauer and Keith PackardFOSDEM has published two more interviews with upcoming speakers: Henning Brauer and Keith Packard.
Interview with Nat, Miguel and Chris Stone of Novell/Ximian (Always-on)Always-on has an interview with Nat Friedman, Miguel de Icaza and Novell VP Chris Stone. "Friedman: Over time, I think more and more parts of Novell will understand how to interact with Linux and open source. It is already happening. There's incredible interest in establishing this as an overall technology direction and strategy for Novell--moving into the open-source world and becoming the number-one Linux player. We've definitely seen over the last two months both changes and a lot of enthusiasm." (Found on Footnotes)
Interview with the MAASK Team (Linux Journal)Linux Journal intervies the five college students who wrote the MigShm patch for openMosix. "Several barriers exist in the world of clustering, and they need clever solutions. One of them concerns expanding memory allocation throughout the nodes of a cluster, also called distributed shared memory (DSM). Using this method, any process that uses memory sharing for interprocess communications (IPC) no longer is limited and is free to roam (read: migrate). Such a solution, MigShm, now exists in openMosix."
Resources Putting Linux reliability to the test (IBM developerWorks)IBM developerWorks covers a study of Linux reliability done by the IBM Linux Technology Center. "The Linux kernel and other core OS components -- including libraries, device drivers, file systems, networking, IPC, and memory management -- operated consistently and completed all the expected durations of runs with zero critical system failures."
Visiting the New World of Linux Sound and Music Software (Linux Journal)Dave Phillips offers a couple of suggestions in the Linux Journal for people wanting to get started with Linux audio. "Although certain folks might grumble about how much better things were in the Old Days, I must admit that I've become quite happy about easier installation routines, the apt system and colorful work environments. Performance is what really counts, and tuning a system for peak audio performance is a non-trivial task. Planet CCRMA and AGNULA do indeed remove most of the aches and pain suffered while trying to untangle the complexities of kernel latency, JACK, ALSA, the LADSPA plugins and so forth."
Secure programmer: Keep an eye on inputs (IBM developerWorks)David A. Wheeler continues his series on secure programming with a look at inputs. "This article discusses various ways data gets into your program, emphasizing how to deal appropriately with them; you might not even know about them all! It first discusses how to design your program to limit the ways data can get into your program, and how your design influences what is an input. It then discusses various input channels and what to do about them, including environment variables, files, file descriptors, the command line, the graphical user interface (GUI), network data, and miscellaneous inputs."
Reviews Professional Video Editing on Linux with Cinelerra (O'ReillyNet)Howard Wen reviews Cinelerra, a video editing application. "Cinelerra includes many of the features of the pricey professional editors and some extras: real-time visual effects, FireWire input/output, render-farm capability, and even support for HDTV formats and Ogg Vorbis. The downside is that its hardware demands are quite unforgiving; the recommended configuration has a dual 2GHz Athlon system, with 1GB RAM and a 200GB hard drive."
'Robot Tarzan' helps forest work (BBC News)The BBC News looks at a Linux-powered 'Treebot'. "The Treebot, which in scientific terms is a node in a Networked Infomechanical System (Nims), helps [to study interaction between the environment and atmospheric conditions] by being stealthy enough to travel through the forest canopy along specially-constructed cabling, night and day." (Thanks to Paul Sladen)
Open source under the microscope (News.com)News.com covers an academic study of the open source model. "Scacchi and fellow researchers have found a significant failure rate among open-source projects. But among those that get off the ground, research has shown not only that the open-source approach can yield better software more quickly and for less money than traditional methods but also that volunteering for an open-source project can be an effective way to get a job."
Miscellaneous 2004 Predictions (San Jose Mercury News)Dan Gillmor mentions Linux and open-source software in his predictions for 2004 article in the San Jose Mercury News. "Ardent proponents of Linux and other open-source software will (a) stave off insidious legal and political moves designed to kill the genre; (b) make dramatic inroads on desktop computers, not just servers and embedded devices; (c) inspire people in other kinds of endeavors to use community-building projects to advance larger goals; (d) proclaim that their way is the only way."
Predictions for 2004 (IT-Director)IT-Director looks forward to 2004. The first prediction is that desktop Linux will succeed, but that's not all. "Finally, I believe that 2004 will be the year of the MySQL database. Unlike Linux and Apache, MySQL has not been a publicity magnet, but its use is growing and it stands on the verge of being taken seriously as a database to compete with Oracle, DB2 and SQLServer. It is already eating into their market share through the word-of-mouth marketing that turned Linux and Apache into formidable forces in their own right."
The Best of ONLamp 2003 (O'Reilly)O'Reilly has published the Best of ONLamp 2003, which lists the most popular articles in the LAMP (Linux, Apache, MySQL, [Perl, Python, PHP]) category. "Without further ado, here are the 25 most popular articles we published in the past year, in approximate order of popularity. I'm ranking them based on our internal statistics of page views, not any inherent goodness, controversy, or number of people who agreed with the views in the articles."
Protecting Against Open Source Legal Risks (TechWeb)TechWeb is running a lengthy piece on how companies should manage the risks said to come with free software. The idea seems to be to make free software as obnoxious and difficult to deal with as the proprietary alternatives. "Even after you've instituted rigorous controls and policies to limit and manage the risks of open-source software, you're not out of the woods. You face a second thorny problem: how to identify and deal with open-source software embedded in commercial software."
Page editor: Forrest Cook Announcements Non-Commercial announcements FreeB Bounty Program Announced (LinuxMedNews)A cash bounty has been announced for developers who contribute to the Free Medical Billing Project (FreeB). "In order to encourage developers to ta[c]kle this challenge I am allowing users to donate to a bounty fund for various practice management systems. The first developer to submit working implementation of FreeB for a particular Practice Management System gets all the money."
FSF India on electronic governmentThe Free Software Foundation of India has submitted a lengthy opinion to India's Department of Information Technology on a proposed electronic government initiative. In particular, the group argues against the use of PDF files. "Please note that our objections are not to use of the PDF format; we accept and recognise PDF as a free format -- 'free as in freedom'. Our objections are based on the control over the format; and the inappropriateness in a democratic and sovereign government legislating mandated use of a format controlled by a corporate body, thus giving virtual legislative powers to that corporation."
Irish Free Software Organization goes liveThe Irish Free Software Organization (IFSO) has been launched on the 20th anniversary of the beginning of the GNU project.
COE Linux Platform Review Comments AvailableThe Open Group has announced the availability of comments and proposed resolutions for its COE Linux Platform Review.
Wikimedia.org receives some fundingThe Wikimedia Foundation sent out an open letter to request funds for much needed hardware and bandwidth. Twenty-four hours later the Foundation had raised over $20,000.
Commercial announcements Novell's Updated Ximian Desktop 2 Supports Latest SUSE LINUXNovell has announced that Ximian Desktop 2 now supports SUSE LINUX Desktop and SUSE LINUX 9.0. The update also includes the Ximian Edition of OpenOffice.org 1.1, GAIM instant messenger client and updated Ximian Red Carpet 2.0 configuration management client software.
Astaro to Bundle its Security Software with Toshiba ServersAstaro has announced extended support for Toshiba's server platforms. Astaro Security Linux will be available loaded and sold on the Toshiba Digital Solutions Division's compact Magnia SG25 server, the Magnia SG30 server and the Magnia Z310 microtower or rack server.
New Books Building Software with Apache Jakarta CommonsCharles River Media has announced the release of Applied Software Engineering Using Apache Jakarta Commons, a software engineering-based guide to the Apache Jakarta Commons components and other Apache projects. The book includes a companion CD-ROM with samples and source code.
Exploiting Software: How to Break CodeAddison-Wesley has published the book Exploiting Software: How to Break Code by Greg Hoglund and Gary McGraw.
Resources AGNULA launches Libre Music projectThe Libre Music project has been announced. "The AGNULA IST-Project is proud to announce its new "Libre Music" (aka the "muzik" project) project, whose goal is to create a publicly accessible database of Libre Music, i.e. music licensed under either the Creative Commons licenses or the EFF Open Audio License. One of the objectives of the AGNULA-IST project is help spreading sensibility on the topics of Libre Software, with specific attention paid to audio/video applications and content distribution."
LDP Weekly News for December 30, 2003The December 30, 2003 edition of the LDP Weekly News is out with another collection of new and changed documentation.
Decatur Jones' SCO Analysis (Groklaw)Groklaw has come up with a copy of a research report on SCO prepared by Dion Cornett at Decatur Jones. It's available in PDF format. This report is very much worth a read; this analyst has at least one eye open. "Furthermore, other courts have ruled that software interfaces are not protected in that their 'fair use' allows for interoperability. Finally, the fact that these header files contain definitions but not functional code sheds more doubt on SCO claims, in our view."
Contests and Awards Nominees selected for the 2004 Benjamin Franklin AwardBioinformatics.Org has announced the nominees for their 2004 Benjamin Franklin Award. "The Benjamin Franklin Award is presented annually by Bioinformatics.Org to an individual who has, in his or her practice, promoted free and open access to the materials and methods used in the scientific field of bioinformatics."
Event Reports Linux Bangalore 2003 presentation slides availableThe slides from talks given at Linux Bangalore 2003 are now available on the net; click below for the full details.
Upcoming Events UKUUG LISA Winter Conference and TutorialThe UK Unix User Group has announced its LISA/Winter Conference and Tutorial. The event will be held in Bournemouth, UK on February 25 and 26, 2004.
GSA and GWU Co-Sponsor Open Source in Government ConferenceThe Center of Open Source & Government and the General Services Administration are co-sponsoring a conference in Washington, DC, March 15 - 17, 2004 at George Washington University. The conference will focus on the question, "How does Open Source provide an Innovative Solution for E-Government?"
Call For Submissions: Digital Media Project (Linux Journal)Linux Journal has a call for submissions for a workshop covering the Traditional Rights and Usages (TRU) of media users. The workshop is presently being planned by the Digital Media Project and is to be held in Los Angeles April 26 - 27, 2004.
PaWS PHP and Web Standards UK 2004The PaWS PHP and Web Standards UK 2004 conference will be held on February 20-24, 2004 in Manchester, UK.
Vancouver PHP ConferenceThe Vancouver PHP Conference will be held in Vancouver, BC, Canada on January 22 and 23, 2004.
FSF to host Free Software Licensing SeminarsThe Free Software Foundation has announced two seminars in New York. "The Free Software Foundation (FSF) will host two seminars on Free Software Licensing and the GNU GPL and a series of conversations with Professor Eben Moglen on the SCO v. IBM lawsuit. These events will take place at Columbia Law School in New York City on January 20 and 21, 2004."
Events: January 8 - March 4, 2004
Web sites InstallSlash.org LaunchedFor people using the slashcode content management software, the new installslash.org site is online. "This is a new community site whose goal is make it as easy as possible to install slash, while at the same time provide support and valuable information on modifying slash to your liking, no matter what skill level you may reside."
New KDE Application Database OnlineKDE-Apps.org, a new online database for KDE applications, has been announced. "KDE-apps.org is the new database for KDE applications. Since the site is still very fresh Frank would like to hear your suggestions for improvements. The database is also still a bit empty but YOU can change that by submitting the KDE applications that you have written to the site."
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Page editor: Forrest Cook Letters to the editor Patents outside of the US
I am curious about the attention that the Free software community gives to patents. It seems that the US has the luxury of a patent office that can referee patents PRIOR to them being filed. Here in South Africa (as I am sure is similar in other countries) one is free to submit ANY patent, even a completely bogus one. The onus is on oneself to defend that patent IF a challenge arises from a third party. The Free software community is effectively claiming that the patent office has the job description of ensuring that patents are unchallengable. But is this really their job? Considering that some countries do NO refereeing of patents prior to their filing, it would seem that the US patent office is merely there to do some cosmetic work in the face of an over-subscribed patent system. My question is: since when is the patent office SUPPOSED to be screening patents as thoroughly as you desire? If they really did have the capability to do this, wouldn't the cost of filing a patent become prohibitive? (I.e. they would have to hire so many experts as to make patents prohibitively expensive to offset the this cost.) Best wishes -paul Paul Sheer . . . . . . . . . . . . . . . . . Tel . . +27 (0)21 6869634 Email . . . http://2038bug.com/email.gif . . Work . . +27 (0)21 6503467 http://www.icon.co.za/~psheer . . . . . . . . . http://rute.2038bug.com L I N U X . . . . . . . . . . . . . . . . The Choice of a GNU Generation
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
