LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for April 15, 2004The Grumpy Editor goes 64-bitYour editor did much of his early programming on a large, 60-bit computer. "Large" as in "you could walk around inside it." Its six-bit character set was challenged by exotic characters - like lower case. But it sure had a fast card reader. Your editor has started a few articles by saying that recent "progress" has made things worse, rather than better, but he won't be saying that this time.By the early 1980's, 32-bit systems had taken over much of the computing world. And, with certain exceptions, 32 bits has been the way of things for a good two decades. Processor speeds have gone up by three orders of magnitude, as have disk sizes; main memory has grown by even a bit more. But most systems sold today still use 32-bit words and addresses. The fact is, 32 bits suffice for almost every quantity we need to manipulate with computers. The exception, increasingly, is memory. We have hit the point where we are running out of address space. The need to work with ever more memory to run our increasingly bloated applications will eventually push much of the industry over to 64-bit processors. Your editor decided to be ahead of the curve, for once. So he ordered up a new motherboard and Athlon64 processor. Before the process was done, he also ended up buying a new video card, power supply, and disk drive. In fact, the only original component left in the case (a holdover from when LWN thought it might be a training company) is the diskette drive. But, the new system is now up and running, and your editor has had a chance to get a feel for what the 64-bit world has to offer. The hardest question, perhaps, was the choice of distribution to run. The new system replaces a Debian unstable box, so Debian was the obvious first choice. The state of the Debian x86_64 port is a little discouraging, however. Installation requires starting with the basic x86 distribution, coming up with 64-bit versions of gcc and glibc, building a new 64-bit kernel, booting that, and piecing together the rest of the system with the other x86_64 packages that have become available. More than ten years ago, your editor converted, by hand, his first Linux box from a.out to ELF binaries; installing Debian x86_64 looks like a similar process. Somehow, what looked like an interesting and instructive adventure in the early 1990's is distinctly less appealing now. MandrakeSoft and SUSE both offer x86_64 versions of their distributions. The Gentoo port seems to be coming along reasonably well, but some time spent digging through the Gentoo package database shows that much of the software base still lacks x86_64 support. Your editor, in the end, went with the Fedora Core 2 test 2 release, at least for now. FC2t2 gives good visibility into the development process (as do Mandrake and Gentoo), a familiar, Red Hat core, and the ability to play around with some bleeding-edge features like SELinux. It also is designed around the 2.6 kernel, which is an important feature. When one leaves the x86 mainstream, it does not take long to realize that the well-trodden pathways have been left behind. Mirrors for the x86_64 architecture are relatively scarce and often behind the times. Most applications do not, yet, come prebuilt for this architecture. Documentation on how to get x86_64 systems up and running is minimal. It is all a bit of an adventure. That said, the FC2t2 distribution works well - as well as could be expected on any architecture for a development release. And the really nice thing about the x86_64 architecture is that most 32-bit x86 binaries work just fine, as long as you have 32-bit versions of the relevant libraries around. That fact alone makes the transition to this architecture relatively easy. The need for 32-bit libraries complicates system administration, however. An x86_64 Fedora system has many duplicated packages installed, and working with rpm can, occasionally, be a bit confusing. The rpm interface was not, perhaps, designed for dealing with a world where two packages have the same name and version number, but are still distinct. Unless you plan to leave the 32-bit world behind entirely, however, you will need two versions of the libraries. Chances are that most x86_64 systems will want to run 32-bit binaries for some time - in some cases, they perform better, and, in any case, some programs in FC2t2 (e.g. OpenOffice.org) are still built that way. Building applications can also be a bit of a challenge, at least a first. Quite a few makefiles and configure scripts assume that libraries live in /usr/lib. On a Fedora system, /usr/lib has the 32-bit versions of the libraries; the native versions live in /usr/lib64. A makefile which uses the default gcc (which compiles in 64-bit mode) and tries to explicitly link against things in /usr/lib will fail. Once you learn to recognize this problem, it gets easy to fix. Your editor was naturally interested in performance issues. To that end, he built a version of bzip2 in both 64-bit and 32-bit mode and compared the results. Both compression and decompression ran about 10% faster in the 64-bit mode. With the x86_64 processor, better performance is generally expected in the native mode, mainly due to the additional registers which are available. The executable size and memory usage in 64-bit mode were larger, but not by much. A second test, using the SoundTouch library yielded a surprise, however: changing the tempo of a large sound file ran in less than 1/5 the time in 32-bit mode. The Athlon64 processor, it would seem, runs certain operations far more slowly in 64-bit mode; your editor has not, yet, had the time to track this one down. Despite the paucity of mirrors, the glitches, and the surprises, the x86_64 platform makes for a very nice Linux system. The kernel support for this architecture is outstanding, the performance is good, and the expanded address space renders concepts like "high memory" obsolete. After all, we'll never need more memory than can be addressed with 64 bits... Seriously, however, this architecture has helped to realize one of the great promises of Linux: a freedom of choice in hardware as well as software. 64-bit systems are now available at a price even an LWN editor can afford. This editor, who just shifted his old Pentium 450 box over to sacrificial kernel testing duty, is distinctly less grumpy.
HTML editors: Nvu and BluefishA new version of the much-hyped Nvu "Web Authoring System" is out, as well as an updated version of the popular Bluefish editor. Since Web development is an essential component to the success of Linux on the desktop, we thought we'd take a look at these two releases as a gauge of Web development tools available for Linux users.The Nvu web site promises "A complete Web Authoring System for Linux Desktop users to rival programs like FrontPage and Dreamweaver." How close does Nvu come to delivering on that promise?
To evaluate Nvu, one must first install the software. At the time of this
writing, the Nvu website offers packages for Lindows, Fedora Core 2 test 1
and Windows. Other interested parties must compile the application from
source. While this does not usually present a major hurdle for Linux users,
Nvu is not available in anything so straightforward as a source
tarball. The instructions, such as they are, instruct the user to pull
Mozilla from CVS, save a modified .mozconfig into the Mozilla source
directory, download a separate patch from Nvu and finally compile the
After jumping through the numerous hoops required to compile Nvu, we set about evaluating the software. Since Nvu is derived from Mozilla's Composer, we decided to open both applications up side-by-side to see what improvements had been made to Composer. Nvu is not drastically different from Composer, but there are a few new features worth noting. Nvu has some obvious cosmetic differences, and offers an improved tabbed interface for multiple document editing. It also includes a "Site Manager" Sidebar, which is not available in Composer. Another feature touted for Nvu is the ability to create templates that have read-only sections and editable sections. Unfortunately, our attempts to work with templates were less than successful. After creating and saving a template, an attempt to create a new document based on a simple template caused Nvu to promptly crash. Nvu also includes "CaScadeS," a CSS editor that allows fine-grained control over the styles applied to elements in your documents. The feature is interesting, but slightly counter-intuitive. To invoke the editing menu for a specific element, the user must right-click on an element displayed in a menu displayed at the bottom of the editor. If the user is unaware of the feature, it's quite likely that it will go completely unnoticed. Once one is aware of the feature, it is easy to use. However, it would be much more intuitive if the user was able to right-click on the element itself in the editing pane to bring up the CaScadeS menu. Nvu shows a great deal of promise, but it's not quite ready for a showdown with Macromedia's Dreamweaver.
It takes some time to fully explore Bluefish and all its features. Bluefish provides a number of wizards and dialogs that make it much easier to add forms, tables and so forth to a document. This writer particularly likes Bluefish's custom menu, which allows the user to create their own dialogs to generate snippets of code. The "Quickbar," which allows users to add frequently-used buttons from other toolbars, is also a favorite. Bluefish offers Web developers as much, or as little, assistance as they need. A user can opt to use Bluefish as a souped-up text editor with excellent syntax highlighting, or rely on Bluefish to generate much of their code through wizards and dialogs. Another nice thing about Bluefish is that it integrates well with other tools that Web developers often use. Users can pipe their files in Bluefish through HTML Tidy, Weblint and other programs to validate their HTML, or easily configure Bluefish to open their work in their browser(s) of choice. Despite the low version number, Bluefish is fairly mature and very stable. It's well worth a look for users who want a flexible Web development environment. There are, of course, a number of other open source Web development tools for Linux. The Screem website development package is fairly popular, as is Quanta Plus, which we touched on when KDE 3.2 was released. For many, no IDE or GUI-based tool can replace Emacs or Vim for churning out websites. None of the tools available for Linux are quite slick and polished as Dreamweaver, but there are certainly plenty of options for users who are looking for a suitable open source Web development tool.
Free software and malevolent codeThe CEO of Green Hills Software, a proprietary embedded software company, has sent out an amazing press release on how the use of free software in defense systems "violates every principle of security." The PR tells us about how "developers in Russia and China" are contributing to Linux, and the horrible fate that awaits us:
Linux in the defense environment is the classic Trojan horse
scenario -- a gift of 'free' software is being brought inside our
critical defenses. If we proceed with plans to allow Linux to run
these defense systems without demanding proof that it contains no
subversive or dangerous code waiting to emerge after we bring it
inside, then we invite the fate of Troy.
The strident tone of the release, combined with the focus on threats from Russia and China, makes it look like something from the Reagan administration. It's hard to take this thing seriously. The press release has been quickly written off as a desperate outburst from a proprietary company that is losing business to Linux. And that is probably exactly what it is. It would be interesting to hear how Green Hills would explain this Cisco security alert which came out on the same day as the anti-Linux press release. Some of Cisco's products, it would seem, were shipped with a back door which gives attackers full access; "there is no workaround." It is also worth noting that the InterBase backdoor existed in the proprietary product for years, but was discovered when the product went open source. The remote shutdown "feature" found in a number of software products is also relevant here. Proprietary software is not immune to backdoors and Trojan horses; indeed, the opaque nature of closed-source programs would seem to encourage that sort of misfeature. Another point worthy of note: attempts to place back doors in free software have mostly been carried out via the distribution network. Last year's kernel backdoor attempt tried to slip the code in after compromising a CVS server. Trojan horse attacks on tcpdump, sendmail, OpenSSH, and others have worked by corrupting distribution files, again via a compromised server. On the other hand, it is very hard to find any record of an attempt to insert any sort of back door via the free software development process. Such an attack, it would seem, is not that easy to carry out; if it were, why would attackers prefer direct assaults on infrastructure and distribution files - an approach which is certain to lead to quick detection? The free software development process is, perhaps, more robust than its detractors would have people believe. But, once we're done patting ourselves on the back (and let's not be too long about it) we have to face a fundamental fact: code containing security vulnerabilities is committed to project repositories every day. These vulnerabilities do not result from deliberate attacks; they are, instead, simple bugs. But they get into the code base, despite our heavily promoted review process. It is also true that, sooner or later, somebody will certainly attempt to get bad code accepted by a free software project. That code may contain a back door, or it may be one of those "intellectual property" violations that some people would so dearly love to find in Linux. Given that we prove on a daily basis that insecure code is able to survive our development process, how confident are we, really, that we'll trap a deliberate, well-hidden hole? There are reasons to believe that our processes are better than the proprietary variety; at least some outsiders are looking at the code, and the chances that a backdoor will lurk for years are small. But we cannot simply write off this threat; sooner or later, it is going to come back to us.
Security Brief items Rapid security patches considered harmful?When a security vulnerability is found, the right thing to do is to prepare a patch and circulate it as quickly as possible. At least, that would appear to be the prevailing wisdom. This ComputerWorld article, however, takes a different approach: in many cases, patch circulation should be slowed down, not sped up.The author is talking, in particular, about vulnerabilities which are found by "white hat" hackers, as opposed to those which are already being actively exploited. These vulnerabilities are, presumably, unknown to the cracker community at the time the patch is prepared. But a security patch provides an instant road map for anybody looking for vulnerabilities. Rather than put in some honest work digging through and understanding a large program, a cracker need only look at the piece of code which is fixed. The release of a security patch allows administrators to close a hole, but it also tells the world about the existence and location of that hole. At that point, the race begins: administrators try to get the patch deployed before the crackers get their exploits working. What's needed is a way to give the defenders a larger window of time to obtain patches before information about the vulnerability they fix is distributed. Various approaches have been tried to accomplish that goal. The "vendor-sec" mailing list, for example, helps Linux distributors and other operating system vendors to all have their updates ready by the time a vulnerability is announced. Vendor-sec helps, but it does not solve the problem of actually distributing an update to millions of users. The OpenSSH project once took a different approach and pushed a major update on users in an attempt to deploy a security fix without saying what it was; this move was received poorly, however. What the ComputerWorld article suggests is that patches should be distributed in encrypted form. For some period of time, the encrypted patch is just a useless pile of bits sitting on the disk. This time would be the window which allows the patch to be distributed without disclosing the problem which is being fixed. After a given period of time, a key is distributed which enables the decryption of the patch; at that time, clear versions of the patch could also be made available. In theory, this approach would enable the security-conscious users on the net to update their systems nearly simultaneously as soon as the nature of the problem is disclosed. This is a solution which could perhaps work, though steps would have to be taken to fend off denial-of-service attacks aimed at preventing the distribution of the decryption key. The provision of encrypted patches does go somewhat against the spirit of the free software community, and it could, by some readings, be taken as a violation of the GPL. For almost all of the security vulnerabilities which are reported, the encrypted patch mechanism would be far more trouble than it would be worth. The next time an easily-exploitable vulnerability turns up in a utility like bind or ssh, however, it might be a nice option to have.
New vulnerabilities apache - denial of service in mod_ssl
automake: symbolic link attack
cvs: client-side file overwrite vulnerability
kernel: symlink overflow in the iso9660 filessytem
MySQL: temporary file vulnerabilities
neon: format string vulnerabilities
Scorched3D: format string vulnerability
Updated vulnerabilities clamav: denial of service
ethereal - multiple vulnerabilities
Filename disclosure vulnerability in fam
fetchmail may crash on specially crafted message
fte buffer overflows
gtkhtml: malformed messages cause crash
heimdal cross-realm vulnerability
interchange missing input sanitizing
iproute: local denial of service
racoon: failure to verify signatures
kdelibs: cookie disclosure
kdepim: VCF file information reader vulnerability
Linux kernel 2.2.10 failing function and TLB flush vulnerability
kernel-utils: setuid vulnerability
libpng, libpng3: buffer overflow
libxml2 - arbitrary code execution
mailman denial of service
metamail: integer and buffer overflows
mikmod: buffer overflow
mod_python: denial of service vulnerability
monit: buffer overflow and DOS
mozilla: multiple vulnerabilties
mpg321: format string vulnerability
Nessus NASL scripting engine security issues
netpbm: insecure temporary files
openssh: timing attack leads to information disclosure
OpenSSL: denial of service vulnerabilities
perl information leak
postfix: denial of service vulnerabilities
PWLib: possible Denial of Service
python: buffer overflow
samba privilege escalation
shar: buffer overflow
squid - vulnerability in URL decoding
sysstat: temporary file vulnerability
File overwrite vulnerability in tar and unzip
tcpdump: flaws in the ISAKMP decoding routines
tcpdump: ISAKMP payload handling denial-of-service vulnerabilities
Multiple vendor telnetd vulnerability
util-linux: information leak in the login program
xine-ui - insecure temporary file creation
Resources 'Digital Cops in a Virtual Environment' Conference ReportJames Grimmelmann reports from the Digital Cops in a Virtual Environment conference held last month. "One estimate of MyDoom's effects puts its total damage at $38 billion. Oh, really? Well, Hurricane Isabel did 'only' $4 billion. These oft-quoted estimates of virus damage are, shall we say, perhaps overstated?"
Phrack #62 Call for PapersThe Call for Papers has gone out for Phrack #62; submissions are due by the beginning of July.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 kernel is 2.6.5; there have been no 2.6.6 prepatches yet. Linus's BitKeeper repository is overflowing with patches for 2.6.6, however, including much of the material from 2.6.5-mc4, the last "merge candidate" tree from Andrew Morton. A great deal of new stuff is going into 2.6.6; see the separate article below for more information.The current -mm tree is 2.6.5-mm5; recent additions to -mm include more CPU scheduler work, some of Hugh Dickins's "prepare for object-based reverse mapping" patches (see below), a new memory binding API for NUMA systems, and lots of fixes. The current 2.4 kernel is 2.4.26, which was released on April 14. Among other things, this release includes the fix for the iso9660 filesystem buffer overflow vulnerability. Overall, changes in 2.4.26 include the "forcedeth" nVidia Ethernet driver, a big bonding network driver rework, a lot of XFS work, various architecture updates (including Intel "IA32e" support), TCP Westwood support, an ACPI update, and lots of fixes. Users of x86_64 systems may want to note that, as of 2.4.26, no more development will be done for that architecture in 2.4.
Kernel development news Linus merges up a stormWhile Linus took a week off, Andrew Morton maintained a "merge candidate" tree full of patches which were to be added to the mainline on Linus's return. Linus is back; he has been quiet on linux-kernel, but his BitKeeper repository shows that he has been busy: over 700 patches have been merged in the first half of this week. Quite a few of these are significant; there will be a lot of changes in the 2.6.6 kernel. Here's a quick list of some of the more important additions.
Overall, one might be forgiven for thinking that 2.6.6 looks much like a development kernel release. In fact, most of more intrusive patches listed above have been around and tested for some time now; they have just finally made their escape from the -mm tree. With the exception of the CPU scheduler patches (which we hope to cover here next week) and, perhaps, the reverse mapping VM changes, 2.6.6 looks likely to contain the bulk of the work that most developers are still hoping to see added to 2.6. 2.6.6 contains enough big changes that its chances of containing an unpleasant surprise or two are fairly high. Within a few more releases, however, 2.6 may well have stabilized to the point that it can be more widely deployed and the bulk of developer attention can move on to 2.7.
VM changes in 2.6.6Among the patches merged into the upcoming 2.6.6 release is a set of virtual memory changes. Changes to such a fundamental subsystem are always of interest, especially in the middle of a "stable" kernel series. Here, then, is a quick discussion of what has transpired.In response to the reverse mapping VM discussions over the last month or so, Hugh Dickins has posted a series of patches which prepare the kernel for a full object-based reverse-mapping scheme and the removal of the per-page PTE chains. Hugh's patches carefully leave room for the inclusion of either his anonmm patches or Andrea Arcangeli's anon_vma work, though he seems to expect that anon_vma will win out. The full set of patches posted so far can be found in the "memory management" part of the "patches and updates" section, below. Of those patches, the first three have been merged as of this writing. rmap 1 simply creates a new include file (linux/rmap.h) and moves much of the reverse-mapping declarations there. The second patch (rmap 2) changes the way the swap subsystem keeps track of swap cache pages; this change is needed to free up a couple of struct page fields for reverse mapping tasks. Finally, rmap 3 finishes out the struct page work for various architectures. Later patches in Hugh's series get more ambitious; rmap 7 adds object-based reverse mapping for file-backed memory. Those patches have not been merged as of this writing, however. A completely different set of patches which changes how the page cache works has been merged. The description of this work, as written by Andrew Morton, reads:
The basic problem which we (mainly Daniel McNeil) have been
struggling with is in getting a really reliable fsync() across the
page lists while other processes are performing writeback against
the same file. It's like juggling four bars of wet soap with your
eyes shut while someone is whacking you with a baseball bat.
This work made some fundamental changes in how page cache pages are tracked. The struct page structure has long included a field called "list", being a list_head structure used to track the state of the page. When the page is marked dirty, or placed under I/O, it is put on a list with other such pages. Unfortunately, managing those lists as the state of the page changes proves to be difficult; hence the juggling analogy. In response, the page lists have been removed altogether; as a side-benefit, this change shrinks struct page by eight bytes - a significant savings, considering that there is one such structure for every physical page in the system. The lists have been replaced with an enhanced radix tree which supports "tagging" of pages. When a page is dirtied, it is simply marked dirty in the radix tree, rather than being added to a list. Similarly, pages which are currently being written back to disk are marked. A new set of radix tree operations allows the kernel to find these pages when the need arises. Searching the tree is not as fast as following a dedicated list, but the radix tree implementation appears to be fast enough that few people will notice the difference. These changes required touching a lot of VM and page cache code; every user of the page->list field had to be fixed. As a result of the changes, the order in which dirty pages are written to disk has changed; writing always happens in file-offset order now. This change appears to be an improvement for many applications; Andrew reports as much as 30% faster benchmark results. I/O can slow down for some situations involving parallel writes on SMP systems, however.
Building external modulesChanges in the kernel build process have yielded a number of benefits in 2.6. They have, however, exposed a few rough edges for people building external modules. The required procedure is a bit inelegant, forces the user to ignore warnings from the build code ("you messed with SUBDIRS, do not complain if something goes wrong"), and does not support modversions. It also requires the presence of a configured and built kernel source tree, something which was not necessary with previous kernels, and a build of an external module will often try to rebuild things in the main tree as well. Fixing up the external module build process has been on the "to do" list for some time.Finally, somebody has done it. Sam Ravnborg has posted a patch which improves the external module build process in a number of ways. The basic form of a makefile for an external module will not change much. It should still look something like:
ifneq ($(KERNELRELEASE),)
obj-m := module.o
else
KDIR := /lib/modules/$(shell uname -r)/build
PWD := $(shell pwd)
default:
$(MAKE) -C $(KDIR) M=$(PWD)
endif
The change has been underlined above; the parameter that once read SUBDIRS=$(PWD) has changed to M=$(PWD). The older SUBDIRS= format will still work, however. It is also no longer necessary to specify the modules target when invoking the kernel build system. When the kernel build system is invoked with the M= parameter, it does a number of things differently. It will make no effort to ensure that the built files in the kernel source tree are current; if a developer makes a change to the main tree, it is his or her responsibility to rebuild it before trying to make any external modules. Only a few targets (modules, clean, modules_install) are supported when building external modules. And the modpost program now maintains a file (Module.symvers) containing the symbol version information if modversions is in use; this file is used when postprocessing an external module to note the symbol versions expected by that module. Among other things, the new scheme will allow distributors to package sufficient information for the building of external modules without the user having to actually configure and build the full kernel source tree. That information can be stored under /lib/modules by replacing the build symbolic link (which currently points back to the source tree) with a directory containing just the required information. That should make life simpler for everybody involved.
What's in the Fedora Core 2 kernelFedora Core 2 is scheduled to ship in just over one month. This distribution will be a high-profile deployment of the 2.6 kernel. Red Hat has often shipped highly-patched kernels, and there have been occasional criticisms that the company's kernels are so divergent from the mainline that they are incompatible with other Linux systems. Since we have been messing with the second Fedora Core 2 test release anyway, it seemed like a good time to look and see what sort of kernel it includes. To that end, we pulled down a copy of 2.6.5-1-321 from Arjan van de Ven's directory.As it turns out, the number of patches contained in this kernel is relatively small. That is not entirely surprising; vendor kernel patch lists tend to get longer as the current development kernel progresses; some vendors, at least, have a tendency to backport features from the development tree. There is no development tree currently, so there is nothing to backport. That said, the first patch is a big one: it's the full 2.6.5-mc1 tree from Andrew Morton. Now that the merge candidate patches are finding their way into 2.6.6-pre, Red Hat will not need to apply that particular patch itself. The 2.6.6 kernel will feature an option (on by default) to use 4KB kernel stacks on the i386 architecture. The Fedora kernel has that patch, of course; it also includes a separate patch which takes away the option of using the traditional 8KB stacks. This change has upset some Fedora test users; the 4KB stacks break certain proprietary device drivers (e.g. nVidia) and some users of those drivers would prefer to have the ability to build a kernel that supports them. Red Hat seems determined to follow this path, however, on the assumption that nVidia will fix its drivers (and the general attitude that breaking binary modules is a low-priority problem at best). Then, there are patches which are true Red Hat stuff. These include "exec shield," which makes buffer overflow attacks harder by enforcing no-execute permissions; the 4G/4G patch which provides expanded 32-bit virtual address spaces to both user space and the kernel; and TUX, the kernel-based high-performance web server. There is also an SELinux/security module patch which allows the kernel to bypass permission checks when creating sockets internally; this one changes the security module interface. Then, there are various cleanup and safety patches. For example, gcc 3.4 supports a "warn_unused_result" attribute on functions; the compiler will complain when code calls a function marked with this attribute and fails to check the return value. The Red Hat kernel applies that attribute to a few functions (copy_from_user(), pci_enable_device(), etc.) to trap places where the proper checks are not made. Various functions which use too much kernel stack space have been fixed up. There is a patch which fixes some remaining sleep_on() calls and warns about others. The driver for /dev/mem has been fixed to disallow access to most of main memory. And there is a driver for a "crash" device which provides direct read access to main memory, seemingly for use by a crash dump utility. Finally, there is a small set of bug fixes and patches to ease the build process on various architectures. Overall, the Fedora kernel suggests that, in Red Hat's view, not a whole lot needs to be added to the 2.6 kernel (the upcoming 2.6.6 version, at least) for it to be ready for wide use.
Patches and updates Kernel trees
Build system
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Page editor: Jonathan Corbet Distributions News and Editorials An Early Look at Progeny Debian 2.0Remember Progeny Debian? It was a Linux distribution that set out to cure the ails of Debian proper, such as its unattractive installation program, many tedious steps requiring detailed knowledge of one's hardware, the unintuitive interface of dselect, and other annoyances that were seen as major obstacles in the way of wider adoption of Debian (and Linux) among the computing public. When Progeny released version 1.0 in April 2001, many users were impressed: "I really want to point out that this distribution was very, very easy to install. My first installation just awed me..." wrote one reviewer.The project was buried some 6 months later. Ian Murdock, the founder of Progeny (and Debian) explained:
From a business perspective, our customers consistently ask for
Debian, not Progeny Debian, and while Progeny Debian is technically just a
'release' of Debian (akin to 'potato' or 'woody' from the Debian project),
the appearance of maintaining a separate or 'forked' version is a
liability.
The company itself survived by switching its focus to providing services and commercial support for the Debian distribution. Then this week, all of a sudden, Progeny announced the release of Progeny Debian 2.0! Why the sudden revival of the Progeny distribution, rejected 3 years ago as a liability? Of course, Linux has come a long way since 2001 when it was a lot harder to sell. More importantly though, Ian Murdock has been promoting a radical new idea, a so-called "Componentized Linux", as a novel way of developing a Linux distribution as a collection of components, rather than as a monolithic whole. Progeny Debian 2.0 is the first released based on the concepts of Componentized Linux. Before we go any further, let's try to explain these concepts: what exactly is Componentized Linux and why is it better than the traditional development model? In doing so, we'll skip the definition on the Componentized Linux home page, which is too abstract to make an impact, and go straight to the directory listing the currently available components:
The components can be added to /etc/apt/sources.list like this:
deb[-src] http://archive.progeny.com/progeny/linux cl [components]
Each component represents a collection of packages. We can see a number of base components, such a linux-2.6 or lsb-2.0, essential for a core Linux system, and also a number of specialized components, e.g. audio or graphics. The important point of this "componentization" is that all components are self-dependent, in other words, all dependencies must be satisfied within the component itself, or a component has to explicitly specify another component that it depends on (e.g. one cannot install the gnome-2.4 component without one of the xfree86-* components). It should be noted that this componentized structure is completely transparent to the end user. Taking Progeny Debian 2.0 as an example, the user can simply apt-get install or apt-get remove any package without having to think about the components; in fact, there is no way to install or remove an entire component with one command. The "componentization" only affects developers, it affects the way package maintainers create binary packages. For example, let's take a complex package with many dependencies, such as GnuCash. In standard Debian, the GnuCash package merely specifies which other packages must be installed on a system prior to installing GnuCash. However, in Componentized Linux, the developer will have to create a "gnucash" component, with all the dependent packages either inside the component itself, or specified in another component (such as the gnome-2.4 component). How will this makes things easier and better? The way Ian Murdock envisages the role of components is that package maintainers will be able to create logical entities for specific uses. As an example, if a group of developers in Japan decides to add Japanese language support to a distribution, all they need to do is to create a complete self-contained component providing all packages needed for the language support. The component would include an input server, fonts, dictionaries, spellchecking applications and other relevant packages. Although it is hard to quantify the benefits of such approach until we have more exposure to the technology, there is no denying that a componentized structure does sound more logical, not to mention portable, than the present system of thousands of individual interdependent packages found in Linux distributions. If you are interested in trying out this approach, Progeny Debian 2.0 provides an early taste of things to come. It is an alpha release, so expect a few problems here and there, but the cl-workers mailing list is a good platform for discussions, both technical and philosophical. Besides seeing the "componentization" effort in practice, the release is an evidence that the developers have put a lot of effort into the Anaconda for Debian port - unlike Progeny's early ISO image from 2 months ago, it is now possible to install the distribution in text mode. Also of interest to some should be the Progeny-enhanced version of apt, with support for SSL/HTTPS, HTTP cookies, interactive authentication, and redirects. Although at present only Debian-based components have been created, the developers are planning to build components based on Fedora Core in the near future.
Plan-B: An Interview with project creator J. McDanielThe number of "Live" Linux distributions have been growing like weeds over the last two years. It's not surprising when you think about it. Live CD's give you the flexibility of running Linux on any system without the need to actually "install" it.There's also another advantage to Live CD's, you can have custom functionality configurations designed for specific purposes. There are Live CD's for Desktops, Servers, Clusters, Gaming, Multi-Media, and, of course, Security. In fact the Live CD format lends itself to Security tasks extremely well. One of these Security focused distributions is Plan-B. Here is an interview with the projects creator, J. McDaniel, on his background, the history & future of Plan-B. Joe Klemmer: Who is J. McDaniel? (What does the "J" stand for?) J. McDaniel: The J stands for Jeremy. It never occurred to me, during the entire course of creating the CD and the website, that I hadn't used my first name. I have no reason why, I just didn't. # whoami jmcdaniel # _Sorry couldn't resist=) JK: What's your background? JM: I'm from a small town in West Virginia. My freshman year in high school, I took what I thought was a keyboarding class. As it turned out, it was actually a programming class for an IBM with BASIC. (Or was it BASICA? I can't remember for sure.) It wasn't long before I had a Commodore 64 at home with a 13" TV and a tape drive (audio tape that is). A couple of years later, I got a PC with DOS 3.0. I still have the 386DX and BIOS chip as a souvenir. I joined the Army after high school and started out in Signal Corp. I was a Radio and Teletype (RATT) Operator, and then I luckily got switched to a computer tech. They were running SunOS then, now called Solaris. After my eight years were up, I jumped ship and it was almost the end of the computer scene. JK: When/How did you get involved in Linux and Open Source? JM: Still interested in computers outside the service, around late `96, I was informed of an OS Project that allowed you to connect a PC to an amateur ham radio rig - best of all, it was free. I immediately grabbed the first copy I could find, and Debian v1.0 became my best friend and enemy as we developed a love/hate relationship. Although I never did get the radio to work right with it, I did realize I had to get back into the IT field. In `98, when I got discharged, I was working any job I could get. None of my jobs were in IT, though. I quickly learned I needed a degree, and fast. I finally managed, in 1999, to start a program at a local school in Fairmont, WV called Computer Tech., working toward an Associates Degree. By the time I graduated, three years later, they had changed their name to IADT. I also quickly learned college costs money. Now things are better though. I'm working there as an Adjunct Instructor teaching Introduction to Unix and Unix Administration, and I'm working part time on the side for an accounting firm (T and T Inc.) as their Network Admin. Meanwhile, I'm attempting to complete a Bachelors then Masters in IT at AIU. JK: What is Plan-B Linux? JM: Finding it harder to locate a machine away from home with Linux installed, I resorted to a few "floppy based" distributions. I outgrew them in record time, though. Looking for a bit more, I started toying with several Live CDs. A Live CD is an OS that allows you to run it from the CD without having to install it first. After having to change all of them to suit me in one-way or another, I decided to create one made just for me. I know there are close to 150 or more of them now, yet they didn't address my personal needs (OK, wants.) I also decided I had to learn something from the experience. I found that most were based on Knoppix at their root, which is Debian Linux underneath. Knoppix is definitely the most popular and easy to use. At the same time I found it included tons of software I would never use, and very little of what I wanted. However, what I was trying to find was a CD using a modified Red Hat Install. It had to have as many, if not all, of the typical server daemons included in an installable distribution, root user authority by default, a small and easy to configure X Windows interface, hardware recognition and configuration, utilities for security scanning, auditing, and system recovery. It should also have, if necessary, forensic analysis and read/write access to as many file systems as possible, along with the ability to do everyday tasks i.e. email, browse the web, chat, write a report, shutdown and go home. I found a page that listed a CD created by H. Peter Anvin, the "SuperRescueCD". This was it, the perfect groundwork for I what I wanted. It was based in Red Hat 6/7 and was primarily built for recovery. I used a stripped installation of Red Hat 9 and reorganized the build structure Anvin used. After months of trial and error caused by the read/write permissions required on a lot of the software, along with countless coasters burned, I had a working model. JK: What makes Plan-B unique? JM: Tough question. It's unique to me, I suppose, because I've gotten to know it intimately over the last couple years while I molded it into something usable. I believe, out of the swarm of Live CDs available, there isn't too much unique about it on the surface. I would have to say it would be the closest to running an installed version of Red Hat. That is to say if you're currently a Technician or Administrator of Red Hat systems, you should feel right at home in Plan-B. It might disappoint you, though, if you are expecting to see KDE or GNOME. I chose a lightweight desktop (BlackBox) instead for the Window Manager. I didn't see an advantage of using anything more elaborate. It also uses a file compression I rarely see used on other CDs of its kind (not that I've researched the matter). I used zisofs, another project by Anvin, which lets me fill ~1.4GB of data on the CD. JK: How did you go about deciding what to include or not include in Plan-B? JM: I started with the basic necessities and a server class installation of Red Hat 9. After thinning the install of rarely used files, I started a log of the software I used most often. Then I began to stage a step-by-step scenario of routines I would use as a starting point for auditing systems and networks. Versions 0.1.0 through 0.8.0 were built and rebuilt again based on the ability to reenact each scenario. All software needed to work without failure and using the least amount of resources possible. The most precious resource on a project such as this, of course, is "Space". I scoured the Internet & reviewed hundreds of software projects looking for applications that provided the same capability of large "Feature Rich Applications," yet with smaller file sizes. Practically, as long as it works, it's great. Once I had reached what I felt was the space limit, I rebuilt the CD and used it as a desktop for a week or so to evaluate what I actually use and what was just wasting space. As for the Field Study Applications (Forensics, Security, and Auditing) I had a few that I use most often. However, knowing not everyone works under the same conditions or uses the same approach that I do, I requested information for resources from several authorities in each profession. After getting a list compiled of all the recommendations, I proceeded to add them a few at a time, rebuild the CD, test, and iterate ad nausea. JK: What are your plans for the future Plan-B? JM: Currently the Plan-B Project as a whole is being moved to the school here at the International Academy of Design and Technology (IADT) and will become a Student Project. Students will be offered the chance to become part of the development team. This would give them an opportunity to work in an Open Source Environment. They will be working at each phase of the development process for both the CD and the website. IADT has courses involving Network/System Administration, Programming, and Website Design, all of which fit in with the nature of the project perfectly. Research and Development, Software/Hardware Testing, Programming, System and Network Analysis, Project Management, etc. are only a few possibilities. Now, at a technical level, I will be compiling a list of known issues with version one and assessing all of the field requests for software additions. Those will be the primary changes to begin with. It is also time to make the switch to Fedora. You can also expect to see PB2 sporting a new kernel, actually one of each version - 2.4 and 2.6. I'd like to begin work on special software made specifically for Plan-B such as the ability to save a users or system configuration with ability to automatically load that configuration during the boot process. We will be researching the individual applications to see if it's possible to make them more intuitive. The less you have to setup, the faster you can get to work. The biggest news at the moment, though, is that recently I exchanged a few emails with H. Peter Anvin, the creator of the SuperRescueCD and several well know Linux Utilities, about his plans for continuing with his project. After finding that he wished to continue and create a version 3 of SuperRescue, but doesn't have the time, I offered our project to jump in and begin work on it. He agreed happily. As a result, we now will also be building and maintaining the next SuperRescueCD. I'll be the first to admit I am very honored to do so. If it hadn't been for Anvin's project, ours may not exist. We only covered briefly changes in the current process used to create a custom version of either CD. We agree the current method is very difficult to manage or add personal files with and it is even harder to remove them. This is another area high on the to do list. We might, possibly, build from an rpm repository instead. The differences between the two will mostly deal with your need for use. While PB2 will continue to move forward in Security, Forensics, and Auditing, SR3 will add a greater base of supported hardware and utilities for system diagnosis at a hardware and software level. JK: Is there anything you'd like to see happen with Plan-B? JM: For now, the projects will be worked on internally. However, I would like to see them grow out to the community here as well. I can see a benefit of having a LUG or Open Software Group locally to promote and aid in the use of Linux for home and small business use. I believe if we're going to see Linux in those areas it will be due to organizations such as those who apply the effort to make its existence known. I recall a conversation in which I was discussing some of the technology and offered, "Personally I run Linux." In reply, the gentleman said, "I've heard of that, Toyota or Honda make it, right?" It appears, then, that in the small business world one of the obstacles we face is just the awareness that there are alternatives in the market for Operating Systems and Software. Despite this, I still have high hopes for us yet.
Distribution News MandrakelinuxMandrakesoft has announced the availability of Mandrakelinux 10.0 Official. "10.0 Official provides increased performance with Linux kernel 2.6, an enhanced desktop experience with KDE 3.2, GNOME 2.4 and Mandrakegalaxy II, unbeatable hardware recognition, and support for Serial ATA, USB2 and IEEE 1394."Mandrakelinux 10.0 updates:
Debian GNU/LinuxHere's the Debian Weekly News for April 13, 2004, with a look at non-free components in the Linux kernel; an experimental request tracker; Martin Michlmayr re-elected DPL; Debian powered satellite routers; and much more.The results are in: Martin Michlmayr has been re-elected as the leader of the Debian Project. Join the bug squashing party, April 16 - 18, and help stomp out those release critical bugs in sarge. Preparation of the next stable update of Debian 3.0 (woody) continues.
Gentoo Weekly Newsletter - Volume 3, Issue 15The Gentoo Weekly Newsletter for the week of April 12, 2004 is out. This week's issue looks at the newsletter reorganization, and its search for new team members; the Gentoo Linux Project is looking for developers with Samba experience; and more.
Lindows Spanish-Language LaptopsLindows, Inc. has announced that a Spanish version of LindowsOS, customized for laptops, is now available pre-loaded onto two laptop models through PC Club.
Slackware LinuxSlackware current has plenty of fixed and upgraded packages this week; including e2fsprogs-1.35, hdparm-5.5, pcmcia-cs-3.2.7, dvd+rw-tools-5.19.4.9.7, audiofile-0.2.5, esound-0.2.34, ImageMagick-5.5.7-17, xchat-2.0.8, and more. There are X.Org x11R6.7.0 packages in testing. As usual see the slackware-current changelog for complete details.
DistroWatch WeeklyHere's the DistroWatch Weekly for April 12, 2004.
New Distributions eLearniXeLearnix is a free, self contained, Linux operating system that runs from CDROM or Compact Flash card. It creates a desktop environment that will help people learn Linux. The newest version is also Wireless enabled, with a 2.6 Linux kernel, GNOME 2.4, lots of applications, and an install script to install to a dedicated hard drive or a 256MB+ Compact Flash card. Once upon a time a distribution called Embedded Freedom Linux was in the embedded section of our list; version 1 of EFL was released December 15, 2002. EFL turned into FreeLoader Linux before morphing into eLearnix, now found in the Education section of the list.. eLearnix 2.6.5 was released April 13, 2004.
Minor distribution updates Ark LinuxArk Linux has issued a press release for the release of Ark Linux version 1.0 alpha 11.
Astaro Security LinuxAstaro Security Linux has released v5.001 with major bugfixes. "Changes: This version includes virus protection for HTTP, intrusion protection, L2PT VPN-support, ISP-uplink failover, spam protection for SMTP and POP3, SMP support, and stateful failover functionality in high availability installations. Many small improvements were also made."
Buffalo LinuxBuffalo Linux has released v1.2.0 with major feature enhancements. "Changes: This release of Buffalo uses the new 2.6.5 kernel exclusively. Six kernels are provided for i586, ipent2, ipent3, ipent4, K6, and K7 (Duron/Athlon). There were major package upgrades (74) including OpenOffice-1.1.1. There is also a GNOME package that contains another 73 packages. 44 little used packages were deleted."
Local Area Security LinuxLocal Area Security Linux has released v0.5 with major feature enhancements. "Changes: All packages have been upgraded to current in the 210MB version. The theme and background have changed to the new standard. There are usability fixes amd fixes for broken menu links."
NSA Security Enhanced LinuxNSA Security Enhanced Linux has released v2004040714 with minor feature enhancements. "Changes: The current prototype and the experimental NFS code are now based on Linux kernel 2.6.5. IPv6 support has been added. A new sestatus utility is available. A number of bugs have been fixed, and many updates have been made to the example policy."
WarewulfWarewulf has released v2.1 with major feature enhancements. "Changes: Version 2.1 is the first official release of W\2, and it includes a major rewrite of almost all of the tools, as well as architecture changes to make it much more flexible and easier to maintain."
Distribution reviews A first look at Vector Linux 4.0, SOHO edition (linux.com)Linux.com reviews Vector Linux 4.0 SOHO edition. "One thing that kept the installation so short was a lack of any questions about the packages that were installed. Vector decided for me what needed to be installed and didn't trouble me with the task of choosing."
First Look at SUSE LINUX Professional 9.1 (MadPenguin)MadPenguin reviews the soon to be released SUSE LINUX Professional 9.1. "SUSE LINUX 9.1 is an excellent Linux distribution for the price. At $89.95 USD, you would be hard pressed to find a better package. Sure, you can download Linux all day long from the Internet for free, but in no way does that give anything back to the developers who innovate. You are showing support for them by running and promoting their software to others, but nothing helps keep development flowing like cold hard cash. SUSE is worth the price. For the 90 days of installation support, online and email support, as well as the plethora of packages that are included, you simply can't go wrong. One thing people frequently miss when comparing Linux distributions and pricing is the included applications. I'm not just talking about the quantity, but the quality. So many distros these days have apps that are just 'broken', not working, and trouble to work with. I visited as many apps as possible during my review and everything worked. This to me is a huge selling point."
Lycoris Desktop/LX Amethyst Update 3 The COMPLETE Review (DesktopOS)DesktopOS reviews the latest version of Lycoris Desktop/LX. "If we had to sum up Lycoris Desktop/LX Update 3 in a single word it would be mighty difficult -- yet words such as perfect, impressive, and wonderful, do come to mind. We would without a doubt struggle to find people to agree with such a conclusion however, as a result of the experiences encountered here; so we will not settle on any of those words. On the other hand, if we had to sum up this operating system in a few words, we would have to say " a work in progress.""
Page editor: Rebecca Sobol Development PyX: the Python Graphics PackageA new release (version 0.6.2) of PyX, the Python Graphics Package was released this week.
PyX is a Python package for the creation of encapsulated PostScript figures. It provides both an abstraction of PostScript and a TeX/LaTeX interface. Complex tasks like 2d and 3d plots in publication-ready quality are built out of these primitives.
Some of the primary PyX capabilities include:
With the ability to combine many types of data plotting with the scientific typesetting capabilities of TeX/LaTeX, PyX looks like an excellent tool for the creation of mathematical texts, both online/interactive and printed. See the PyX documentation page for more information. The PyX source code is available here.
System Applications Audio Projects Planet CCRMA ChangesThe latest changes from the Planet CCRMA audio utility packaging project include new versions of Noteedit, Lilypond, and SND, and the addition of Qdu, a graphical disk space management tool.
Database Software Berkeley Database 4.2.52 (stable) releasedVersion 4.2.52 (stable) of the embedded Berkeley Database is out.
CLSQL 2.6.4 releasedVersion 2.6.4 of CLSQL, a Common Lisp interface to SQL databases, is available. "This version adds a CommonSQL compatibility layer, which becomes the default API, and a metaobject protocol compatibility layer."
PEAR DB 1.6.2 releasedVersion 1.6.2 of PEAR DB has been announced. "PEAR DB is a database abstraction layer for 13 of PHP's database drivers. The latest version has some fixes in the PostgreSQL driver."
PostgreSQL Weekly NewsThe PostgreSQL Weekly News for April 12, 2004 has been published, here's the content summary: "A quiet week of development on the main project, but several interesting developments took place in the world at large. Probably one of the more meaningful items was the release of the SQL:2003 spec. Anyone interested in database design should probably keep an eye out as more articles appear discussing some of the changes involved; I've included a link to a synopsis below."
Embedded Systems BusyBox 1.0.0-pre10 releasedVersion 1.0.0-pre9 of BusyBox, a condensed collection of command line utilities for embedded systems, is out. "Here goes the final BusyBox pre-release... This is your last chance for bug fixes. With luck this will be released as BusyBox 1.0.0 later this week. Please do not bother to send in patches adding cool new features at this time. Only bug-fix patches will be accepted. It would also be very helpful if people could help review the BusyBox documentation and submit improvements."Version 1.1.0-pre10 was released a few days later. "Ok, I lied. It turns out that -pre9 will not be the final BusyBox pre-release. With any luck however -pre10 will be, since I really want to get BusyBox 1.0.0 released this week."
Mail Software Data Mining Email (O'ReillyNet)Robert Bernier performs data mining on an email archive using Perl. "Thousands of useful facts lie inaccessible on your hard drive, hidden within email messages and attachments. How much more productive would you be if you could extract, index, and search that information? Robert Bernier demonstrates how to store data from emails into a database, where you can use data-mining techniques to analyze it."
HamCannon 0.1 beta releasedVersion 0.1 beta of HamCannon is available. "HamCannon is a Zope/Plone Product for managing outbound email marketing. HamCannon is for sending ham, not spam - it has much support for helping users unsubscribe and none for hiding from them. Please don't use HamCannon to send spam."
New milter softwareThis week's new mail filtering software on the milter.org site include announcement for the new SPF Milter a call for discussion on Java-based milters, and version 0.17 of milter-spamc.
Printing CUPS Driver Development Kit 1.0rc2Version 1.0 rc 2 of the CUPS Driver Development Kit has been announced. "The CUPS Driver Development Kit (DDK) provides a suite of standard drivers, a PPD file compiler, and other utilities that can be used to develop printer drivers for CUPS and other printing environments. CUPS provides a portable printing layer for UNIX-based operating systems. The CUPS DDK provides the means for mass-producing PPD files and drivers/filters for CUPS-based printer drivers."
Web Site Development Aiakos 0.2 beta releasedThe 0.2 beta release of Aiakos is available. "Aiakos is an innovative distributed authentication system, based on Zope and Plone. Much of the heavy lifting is done using the LDAPUserFolder product by Jens Vagelpohl. Aiakos allows you to provide a central sign-on system for a network of websites. All login and registration activity takes place on the central Aiakos server."
mnoGoSearch 3.2.16 search engine releasedVersion 3.2.16 of the mnoGoSearch web site search engine has been released. The changes include improved operation on non-English language sites, bug fixes, and performance improvements.
Quixote 1.0b1 is availableVersion 1.0 beta 1 of the Quixote web development platform has been announced. See the changes file for details.
Wiring Your Web Application with Open Source Java (O'ReillyNet)Mark Eagle writes about Java-based web applications on O'Reilly. "This article will discuss how to combine several well-known frameworks to achieve loose coupling, how to structure your architecture, and how to enforce a consistent design across all application layers."
Introduction to JavaServer Faces (O'ReillyNet)Alexander Prohorenko and Olexiy Prohorenko introduce JavaServer Faces on O'Reilly. "Swing developers enjoy a well-defined set of high-level components for building GUI applications, but what about web applications? JavaServer Faces attempts to bring the same kind of toolkit to the web-app space."
Planning for Disaster Recovery on LAMP Systems (O'ReillyNet)Robert Jones writes about disaster recovery issues and LAMP systems on O'Reilly. "The beauty of LAMP systems is that you can develop them as formally or informally as you like. Unfortunately, when it comes time to plan for disaster recovery, that informality can work against you. Robert Jones presents several guidelines for development and configuration that can make recovery easier."
Miscellaneous RTAI 3.1-test1Version 3.1-test1 of the Real Time Application Interface (RTAI) is available; this is the first version which supports the 2.6 kernel.
Desktop Applications Audio Applications JACK Bitscope 1.1 and the GL MixerA new version of the JACK bitscope diagnosis tool has been released. "As its name might suggest, the bitscope operates at the bare metal of JACK's I/O layer, looking at the 32 binary digits in each individual sample. It's basically functional, and its release and subsequent announcement were delayed most by the need to provide some adequate examples in the documentation."Also, the GL Mixer, a 3D sound mixing widget for JACK, is out.
New Linux Sound ApplicationsDave Phillips has updated his list of new Linux audio software releases.
Data Visualization Aqsis Renderer release 0.9.1 (SourceForge)Version 0.9.1 of the Aqsis Renderer toolkit is available. "Aqsis is a Renderman(tm) compliant 3D rendering toolkit. Aqsis is based on the Reyes rendering architecture. Features include : Programmable Shading True Displacements NURBS CSG Motion Blur Subdivision Surfaces."
Generating Perl graphs with GD::Graph (OSDN)Derek Fountain explains how to generate data graphs in Perl with GD::Graph. "Perl's GD::Graph module is a tool that allows a software developer to quickly and easily generate graphical representations of data. Originally written by Martien Verbruggen in 1995, the package has matured into a very flexible and popular tool. It is ideally suited to any situation where a dynamic data set, from a database or elsewhere, needs to be fetched and represented on the fly. It is widely used in corporate intranets, where many a webmaster has used it to generate graphs that show data in exactly the format management likes."
Desktop Environments Dropline GNOME 2.6 Available (GnomeDesktop)GnomeDesktop.org has announced dropline GNOME 2.6. "As stated on gnome.org, GNOME 2.6 has arrived! Now Slackware users can enjoy crisp, GNOME 2.6 goodness, including the overhauled GTK+ File Chooser and the new Spatial Nautilus file management system. Other changes include new software such as the Beep Media Player and Screem Website Editor, new artwork, and a new windowing system. With the license change to XFree86 4.4, Dropline GNOME has also joined the revolution and moved to X.Org's X11 server (don't worry, the nVidia and ATI binary drivers still work). Finally, the Dropline Build System has also been revamped, making it easier than ever to build the desktop from source, or contribute enhancements back to the community."
Gaphor 0.3.0 is outVersion 0.3.0 of Gaphor, a UML modeling tool for GNOME, is available with class diagrams, a new GUI, a UML 2.0 compliant data model, and more.
GNotify 0.3 released!Version 0.3 of GNotify, a GTK+ notification service daemon, is available.
libxklavier 1.01 releasedVersion 1.01 of libxklavier, a GNOME keyboard application, is out. "The version 1.01 provides build-time compatibility with the latest X.Org X server (which renamed the default xkb rules set from xfree86 to xorg)."
Send your GNOME Hacks to O'Reilly (GnomeDesktop)O'Reilly is looking for GNOME hacks for an upcoming book, "Linux Desktop Hacks".
KDE-CVS-Digest (KDE.News)The April 9, 2004 KDE-CVS-Digest is available. Here's the content summary: "KJSEmbed adds support for KParts and QComboBox. Beginnings of next generation user guide. More IMAP and icon view optimizations. Kexi now supports forms. KIMProxy, a library to enable IM from any application. CSS emca bindings added in KDOM."
KDE Quality Team Revisited (KDE.News)KDE.News reports on the progress of the KDE Quality Teams Project. "Remember, in Quality Teams you can do as little or as much as you want. No experience is required, and you can contribute code, documentation, artwork, discuss user interfaces and usability, manage bugs and bug reports, manage the wiki pages, communicate between developers and the wider community, and promote KDE through the media. There's something for everybody :-)"
XFree86 experimental snapshot: 4.4.99.3The XFree86 project has announced a new experimental snapshot, version 4.4.99.3. "With the 4.4.0 release done, we are now in the experimental (development) phase for the 4.5.0 release."
Electronics gerber2pdf 1.3 releasedVersion 1.3 of gerber2pdf is available. The program is a Python script that converts Gerber CAD files into PDF format. This is a bug fix release: "Fixed a problem with Python 2.3 by removing line termination characters from strings supplied to the eval function."
Financial Applications Release of GnuCash 1.8.9 (GnomeDesktop)Stable version 1.8.9 of GnuCash, a financial application, has been announced. This version includes a long list of new features and bug fixes.
Games Funki 1.0 releasedThe PyGame site lists the release of version 1.0 of Funki. "Funki is a hot new Pygame Action Puzzle. It is Lemmings meets your standard block pushing game. High quality entertainment."
WorldForge Weekly NewsThe April 9, 2004 edition of the WorldForge Weekly News is available with the latest development news from the WorldForge game project.
Graphics Inkscape 0.38(.1) ReleasedVersion 0.38 of Inkscape, a cross-platform SVG-based graphics editor, has been released. "In addition to a slew of new features, we've analyzed and closed over 130 bug reports for this release. Improvements have been made to text, fonts, paths, gradients, usability, and much more." Version 0.38.1 was also announced and features bug fixes and a few new features.
GUI Packages gtkmm and glibmm 2.4.0 releasedVersion 2.4.0 of gtkmm 2.4.0, the C++ interface to GTK+, and a new version of the associated glibmm have been released. Changes include several new widgets and an improved API.
FLTK 1.1.5rc1 releasedVersion 1.1.5 rc 1 of FLTK, the Fast, Light ToolKit, has been announced. "The FLTK 1.1.5 release is primarily a bug-fix release including documentation updates, fixes for 64-bit platforms, FLUID, several widgets, and GLUT emulation, and fixes for several platform-specific issues. The new release also adds project files for Visual C++.NET and supports KDE 3.x icons."Other News from the FLTK project includes an Updated Configuration Management Plan, and the release of the Geert extensions to FLTK.
Custom widgets using PyQtRoberto Alsina explains PyQt with a tutorial. "Everyone who has programmed applications knows that sometimes you create a gadget that can be reused in other situations, and that code reuse is good. In the specific case of GUI applications, often what you would want to reuse is a widget. For example, you took one of the toolkit's widgets and extended its functionality in a way you think has wide application, and you intend to reuse it on future work. So, what we will try to do is figure out how we can create easy-to-reuse custom widgets using PyQt."
PythonCard 0.7.3.1 is availableVersion 0.7.3.1 of PythonCard, a cross-platform GUI construction kit that uses wxPython, has been released.
Imaging Applications CamlImages 2.12 is outVersion 2.12 of CamlImages, an image processing library for the Objective Caml language, has been released. The Caml Hump listing describes it as: "An image processing library, which provides loading and saving various image formats with an interface for the Caml graphics library. It has also an interface with the freetype library to draw texts using truetype fonts."
Interoperability Wine 20040408 is outDevelopment release 20040408 of Wine has been announced. New features include the ability to configure DOS devices through symbolic links, improvements to shell32, a new task manager, the new wineprefixcreate tool, and bug fixes.
Wine TrafficThe April 9, 2004 edition of Wine Traffic has been published.
Multimedia GIMP Animation Package version 2.0.0 ReleasedVersion 2.0.0 of the GIMP Animation Package, a set of plugins for the purpose of creating animations, has been released. "There are a couple of new features including a new bluebox plug-in, onion skinning and a video preview."
totem 0.99.10 releasedVersion 0.99.10 of Totem is available. "Totem is movie player for the Gnome desktop based on xine. It features a playlist, a full-screen mode, seek and volume controls, as well as a pretty complete keyboard navigation."
XMMS LADSPA 1.0 announcedVersion 1.0 of XMMS LADSPA, an XMMS effect plugin, has been announced. "This version adds save & restore functionality so that if you use XMMS LADSPA with the same plugins all the time you don't need to laboriously re-start those settings when you restart XMMS, they will be remembered as will all their parameters."
Music Applications Announcing ClearScaleA new open-source audio project has been announced. "ClearScale is an open source GPL-based project to bring high quality time stretching and pitch shifting to the Linux platform. The goal is to create an open standard for a commercial grade algorithm that allows changing the pitch and speed of music and sound independently of each other. It should achieve this in an artifact-free, sonically pleasing manner, comparable to commercial algorithms on the MacOS and Windows platform available today."
sfc 0.016 ReleasedVersion 0.016 of sfc, a MIDI router that emulates a synthesizer, is out with new MIDI capabilities, bug fixes, and efficiency improvements.
wcnt 1.1z is releasedVersion 1.1z of wcnt (Wave Composer Not Toilet) is available. Wcnt is a modular synthesizer, sequencer, sampler, and wav file generator. This version features a long list of changes.
PDA Software Palm4Python 0.5 is outVersion 0.5 of the Palm4Python project has been released. "The goal of this project is to have a suite of open source python modules to access Palm OS databases. It is intended to provide a full set of robust functionality to manage all aspects of interfacing with Palm OS hardware and software"...
Peer to Peer BTQueue 0.0.3 has been released (SourceForge)Version 0.0.3 of BTQueue is out. "According to major problem in BitTornado 0.1.3, BTQueue 0.0.3 is the fixed bug release. The core engine has been upgraded to BitTornado 0.1.4. Some minor bugs are also fixed. BTQueue is a console-based BitTorrent Client with built-in scheduler for handling multiple sessions."
Gnomoradio 0.11 is outVersion 0.11 of Gnomoradio, a peer-to-peer music playing system, has been released. "Version 0.11 improves stability, fixes several minor bugs, and improves the UI. It is recommended that all users upgrade."Since this announcement came out, Gnomoradio releases 0.11.1 and 0.11.2 have come out to address several bugs.
Video Applications Kino 0.7.1 non-linear DV editor released (GnomeDesktop)Version 0.7.1 of the Kino Digital Video editor has been announced. "Major new features of this updated GNOME2 application include metadata editing, 3 point insert editing, some dvdauthor integration, mouse wheel support, and numerous user interface enhancements."
Web Browsers Mozilla Looking to Forge Alliances (MozillaZine)MozillaZine covers a mailing list thread calling for alliances between Mozilla and other open source technologies. "Brendan [Eich] sees Mozilla developing into an open cross-platform alternative to forthcoming Microsoft technologies such as XAML and is looking to collaborate with other open-source projects to make this happen." The GNOME project is mentioned explicity."
Mozilla Links NewsletterThe Mozilla Links Newsletter for April 8, 2004 is available. "In this special international edition, we pay tribute to our international contributors and developers who make Mozilla one of the most popular software worldwide."
mozilla.org Status Update #227 (MozillaZine)The April 14, 2004 Mozilla.org Status Update has been published. "It includes news on the new stable branch, Quality Feedback Agent (Talkback) reports, junk mail controls, the spellchecker, bookmark keywords, Mozilla Thunderbird and more."
Independent Status Reports (MozillaZine)The April 13, 2004 edition of the Mozilla Independent Status Reports are available. "As part of international month, a special set of international status reports focussing on internationalisation and localisation projects has been published. Updates from L10Nzilla, Mycroft, kairo, l10ntools and Gaeilge are included."
Miscellaneous Alexandria 0.1.0 releasedVersion 0.1.0 of Alexandria, a GNOME application for managing book collections, is out. This is the first public release.Version 0.1.1 of Alexandria was released later in the week, it fixes a bug that is caused by a missing directory.
Languages and Tools Caml Caml Weekly NewsThe April 6-13, 2004 edition of the Caml Weekly News is online. Take a look for four new Caml language articles.
Java gnome-gcj 0.17.0 releasedVersion 0.17.0 of gnome-gcj, the GCJ bindings to GNOME, is out. "Gnome-GCJ 0.17.0 is the first release that supports Glib/Gdk/GTK+ 2.x. It currenly doesn't deliver lots of wrapped libraries as the main goal for this release was to compile and install cleanly using the GTK libraries 2.2."
Java and Sound, Part 2 (O'ReillyNet)O'Reilly has published part two of an excerpt from Java Examples in a Nutshell. "This second installment in a two-part series of excerpts from Java Examples in a Nutshell, 3rd Edition follows last week's (on playing streaming sounds in both sampled audio and MIDI formats) with examples of how to read a simple musical score and convert it into a MIDI sequence. Author David Flanagan also shows you how to make music by directly controlling a MidiChannel of a Synthesizer."
Object-relation mapping without the container (IBM developerWorks)Richard Hightower introduces Hibernate and Spring on IBM's developerWorks. "Just when you think you've got your developer tools all sorted out, a fresh crop is sure to emerge. In this article, regular developerWorks contributor Rick Hightower uses a real-world example to introduce you to two of the most exciting new technologies for the enterprise. Hibernate is an object-relation mapping tool and Spring is an AOP framework and IOC container. Follow along as Rick shows you how to combine the two to build a transactional persistence tier for your enterprise applications."
Perl This Week on perl5-porters (use Perl)The April 5-11, 2004 edition of This Week on perl5-porters is online. "Spring is here, at least in the northern hemisphere, and perl 5.8.4 is approaching. This doesn't stop the Perl 5 porters from pursuing their usual job: proposing exciting new ideas, and fixing bugs. Read on for the details."
This week on Perl 6 (O'Reilly)The April 4, 2004 edition of This week on Perl 6 is available with the latest Perl 6 development news.
Using Bloom Filters (O'Reilly)Maciej Ceglowski compares Perl's lookup hash to Bloom filters on O'Reilly. " Many people don't realize that there is an elegant alternative to the lookup hash, in the form of a venerable algorithm called a Bloom filter. Bloom filters allow you to perform membership tests in just a fraction of the memory you'd need to store a full list of keys, so you can avoid the performance hit of having to use a disk or database to do your lookups. As you might suspect, the savings in space comes at a price: you run an adjustable risk of false positives, and you can't remove a key from a filter once you've added it in. But in the many cases where those constraints are acceptable, a Bloom filter can make a useful tool."
PHP PHP 4.3.6RC3 releasedRelease Candidate 3 of PHP 4.3.6 has been announced. "This release addresses 2 major bugs introduced in the 4.3.5 release. One of these bugs caused problems when loading dynamic extensions on Windows and thread-safe (ZTS) builds and the other involves incorrect handling of daylight savings time. A few other minor bugs were fixed as well."
Python Testing frameworks in Python (IBM developerWorks)David Mertz writes about unit testing in Python on IBM's developerWorks. "In this installment, David looks at Python's two standard modules for unit testing: unittest and doctest. These modules expand on the capability of the built-in assert statement, which is used for validation of pre-conditions and post-conditions within functions. David discusses the best ways to incorporate testing into Python development, weighing the advantages of different styles for different types of projects."
Scheme Scheme Weekly NewsThe April 8, 2004 edition of the Scheme Weekly News is online with a new set of Scheme language articles.
XML libxml++ 2.6.0 (stable) releasedVersion 2.6.0 of libxml++ is out. "libxml++ is a C++ wrapper for the libxml XML parser library."
SVG and TypographyFabio Arciniegas A. writes about typography under Scalable Vector Graphics (SVG) on O'Reilly. "Mixing the worlds of documents, programming, and visual design is a familiar experience for XML developers, especially when dealing with presentation technologies like SVG. Such mixtures can produce exciting new representations of information. They can also become ugly messes if one fails to learn the relevant aesthetic and design principles."
Editors Bluefish 0.13 editor released (GnomeDesktop)Version 0.13 of the Bluefish html editor has been announced. "Bluefish 0.13 features a new bookmarks functionality, much improved project management, auto tag closing, better navigation trough opened documents, a much more responsive user interface, again many user interface improvements, many bug fixes and much, much more!"
DrPython 2.4.2 is outVersion 2.4.2 of DrPython is out. "DrPython is a clean and simple yet powerful and highly customizable editor/environment for developing programs written in the Python programming Language. It is written in Python, and uses the wxWidgets GUI Library." The ChangeLog file lists a number of bug features.
IDEs New stable Anjuta release (GnomeDesktop)Version 1.2.2 of Anjuta, a C and C++ Integrated Development Environment, has been announced. "Release note: Major bug fixes. Resolved many debugger, build, project, fonts, print and wizard related critical bugs. Also added a new Anjuta advanced tutorial in documentation."
Miscellaneous regexxer 0.6 releasedVersion 0.6 of regexxer is out with support for gtkmm 2.4. "Regexxer is a nifty GUI search/replace tool featuring Perl-style regular expressions. If you need project-wide substitution and you're tired of hacking sed command lines together, then you should definitely give it a try."
Page editor: Forrest Cook Linux in the news Recommended Reading Doubts cast on Yankee Linux-Windows TCO survey (SMH)This Sydney Morning Herald story is one of many taking issue with just how the Yankee Group performed its survey "proving" that Linux is more expensive than Windows. "At the time the Yankee Group made its findings publicly known, it made no mention of the fact that the survey had been done in association with Sunbelt Software, a Windows NT/2K/XP Tools Provider.... The survey was done through an online form, which is not a medium known to generate reliable data unless some controls are implemented."
How useful are 'proprietary vs. open source' TCO studies? (NewsForge)NewsForge talks with David A. Wheeler about the usefulness of TCO (Total Cost of Ownership) studies. "NewsForge: Who can we trust to do independent studies? Is anyone truly independent and unbiased? Wheeler: In the end, the only way to be really sure that you have unbiased results is to do the comparison yourself -- which you have to do anyway, because some measures like total cost of ownership (TCO) and performance are incredibly sensitive to specific environments."
CEO's of LynuxWorks and FSMLabs Reply to Green Hills' FUD (Groklaw)Last Thursday Green Hills Software sent out a FUD missile (covered here). Now Groklaw has statements from Dr. Inder Singh, CEO of Lynuxworks, and Victor Yodaiken, CEO of FSMLabs in response. "You may remember that in November of 2003, someone tried to do what O'Dowd posits, attempt to bypass the normal submission procedures for Linux code in an attempt to get a back door incorporated into the kernel. Alert Linux coders quickly spotted the alterations in a routine file integrity check and picked up on their hidden intent, despite the clever way they were coded to obfuscate their purpose, before the code got anywhere near the kernel, and the attempt failed."
Trade Shows and Conferences At the Sounding Edge: Sounding Better All The Time (Linux Journal)Dave Phillips gives a preview of the upcoming Linux Audio Developers conference in Karlsruhe, Germany, and also covers the progress of several important Linux audio software projects. "Without a doubt, the two most important development tracks are the ALSA and JACK projects. Both supply the foundation for much of the most interesting application development happening today, and support for ALSA/JACK rapidly is becoming de rigeur in new sound software for Linux."
The SCO Problem The Red Hat Order (Groklaw)Groklaw has published the latest order for Red Hat in the ongoing SCO litigation. "As you will see, Darl's mouth is why she dismissed SCO's Motion to Dismiss. I get a lot of satisfaction from that. However, she doesn't seem to understand that there are issues outside of the IBM lawsuit that are particular to Red Hat. Rather, she concludes that the IBM contract issues are the core of the dispute and that the copyright claims are dependent on how that plays out. I disagree."
Requirements for a Declaratory Judgment (Groklaw)Here is a detailed article on Groklaw about Red Hat's case and what, exactly, is required to obtain a declaratory judgment. "The judge was just saying that isn't the case here, that there is a real controversy, that SCO's words and behavior qualify as sufficiently menacing that Red Hat has a reasonable anticipation of being sued, something SCO in its attempt to have the matter dismissed fervently denied was the case. The judge found that Red Hat was right and SCO was ... well, you know."
Why SCOX price has been so up and down (IT Manager's Journal)Melanie Hollands explores the ups and downs of SCO's stock price. "Well, stocks don't always trade rationally and in a straight line with what the underlying fundamentals would suggest. Over the long term, I believe stocks move rationally, but there are short-term moves that do not seem rational. In the case of SCOX (and Enron, WorldCom, and many others), I believe the primary long-term direction continues to be down. But on the way down, there are short-term "secondary" moves that are often counter-intuitive to the primary trend." Thanks to Leon Brooks.
Companies Desperate embrace (Economist)The Economist has an article about the Sun/Microsoft deal, complete with a scary picture of Scott McNealy and Steve Ballmer. "When Mr Ballmer gives Mr McNealy a hug and says that 'we do both believe in intellectual property', this is a not-so-veiled jab at the open-source Linux, which both men consider, in essence, communistic. Microsoft and Sun happen to be the only major backers (in the form of licence payments) of Linux's gadfly, a firm called SCO, which is trying to obtain money from Linux users with threats of litigation."
MS Open-Source Move Is Straight from Playbook (eWeek)Microsoft is using it's time-proven embrace and extend strategy on open-source licenses, according to this article on eWeek. "So, what's going on here? Is Microsoft converting to the open-source religion? Hardly. I think they're continuing to implement plans for battling open source that Microsoft staffers first outlined back in 1998's Halloween memo. In that strategy memo, Microsoft staffers suggested that by embracing and extending open protocols, Microsoft could freeze open source out of the marketplace." Thanks to Jay R. Ashworth.
MySQL takes cue from the master (News.com)News.com is running a lengthy look at MySQL - both the software and the company. "Travel reservations provider Sabre Holdings has replaced the mainframe computer and high-end Unix servers that underpinned its customer-facing Web site with about 45 Intel servers running a variety of open-source software, including Linux and MySQL. Going to a 'farm' of multiple relatively cheap servers has saved the company millions of dollars in database licenses alone, according to company executives."
Linux Adoption How open source is getting nonprofits out of a squeeze (NewsForge)NewsForge takes a look at efforts across the US to recycle old computers and supply families, schools, and nonprofits with IT connectivity. "[Collaborative Technologies coordinator Ron] Braithwaite said the open source model is proving its worth as his group looks to tailor the solution to the different community resource organizations. "Open source isn't just about software, it's about a way of working together collaboratively," Braithwaite said. "All of a sudden, we can leverage the work we've done. Because we've templated the hell out of it, we can tune it and enable and disable [portions] to specifically serve community mental health programs quickly and easily.""
Commentary: An open-source plan (News.com)Should you know any CIO types looking for guidance on how to use free software, News.com has run a column from Forrester Research to help them out. "Arm your open-source advisory group with the funnel and decision tools. Fund a multidisciplinary team comprised of developers, managers, lawyers and procurement specialists to evaluate the risks of an open-source component and community. Quantitative assessment tools can help companies make informed decisions about the health of the community and the quality of the commercial support."
Interviews Friedman: Expectations rising over Linux desktop (SearchEnterpriseLinux)SearchEnterpriseLinux interviews Ximian's Nat Friedman. "What misconceptions exist concerning Linux desktops that may be holding back enterprise adoption?Friedman: The No. 1 misconception is that usability is a major barrier to adoption and that's not true. It used to be. There was a study done recently with a group of 20 users who had never used a computer before. Ten were put at a Windows PC, 10 at a Linux PC and they were given a list of simple tasks like sending an e-mail, surfing to a Web page and the usability results were pretty much the same. The real problem is getting your work done if the applications don't exist." (Found on Footnotes)
KDE InterviewsThis week in the People Behind KDE series, Tink talks with Adriaan de Groot.KDE enthusiast Philippe Fremy interviews Eirik Eng, CEO of Trolltech, and Matthias Ettrich, founder of the KDE project and CTO of Trolltech, on KDE.News..
Cray CTO: Linux clusters don't play in HPC (Search Enterprise Linux)Search Enterprise Linux talks with a Cray CTO at ClusterWorld. "Despite assertions made by Linux vendors, a Linux cluster is not a high performance computer, said Dr. Paul Terry, CTO of Cray Canada. "At best, clusters are a loose collection of unmanaged, individual, microprocessor-based computers." Businesses shouldn't expect supercomputer performance from Linux clusters, Terry warned."
Interview with Element Computer Regarding ION Linux (OS News)OS News talks with Mike Hjorleifsson, one of the founders of Element Computer. Element is bundling its hardware with its own ION Linux distribution. "Is your distro going to be sold seperately, or only part of your hardware? Is your hardware going to be sold on other retail outlets except your own store as well?Element Computer: ION is sold only with the hardware, our strategy is to provide a truly turnkey point-click-work experience. We welcome retail outlet partners to join our efforts, though initially we are launching via our own facilities and the Internet."
Reviews Linux breathes new life into old hardware (Linux.com)Brice Burgess tests and compares several Linux distributions on an older IBM laptop. "Linux may be cutting-edge software, but it runs just fine on hardware that would make Microsoft's current operating systems beg for relief. I took four different distros and installed them on a five-year-old rebuilt IBM ThinkPad 600E supplied by LinuxCertifed. They proved that Linux on older hardware can be a cost-effective combination."
Introducing "Cooperative Linux" - Linux for Windows, No Less (LinuxWorld)LinuxWorld introduces CoLinux. "21 year-old Dan Aloni, a graduate of an IDF [Israel Defence Force] computer unit, has developed a Linux application - called Cooperative Linux ("CoLinux" for short) - that is a port of the Linux kernel that allows it to run cooperatively alongside another operating system on a single machine. For instance, it allows one to freely run Linux on Windows without using a commercial PC virtualization software such as VMware, in a way which is much more optimal than using any general purpose PC virtualization software."
Looking at the New Gnome 2.6 (OSNews)OSNews reviews GNOME 2.6 on Fedora. "Epiphany became the default web browser for GNOME in the last release. Before that, people generally gravitated towards Galeon, as it was the only worthwhile GNOME browser for a while. However, recently, when the time came for people to actually choose a browser that should be part of the GNOME Desktop and Developer Platform, Epiphany was chosen because of its commitment to the HIG. Here is a lesson to be learnt, it you want your app to be part of GNOME, learn to love the HIG. It is one of the points of pride for the project."
OSDL's Carrier-Grade Linux (O'ReillyNet)O'Reilly's Linux DevCenter examines OSDL's Carrier Grade Linux specifications. "The CGL working group includes network equipment providers, system integrators, platform providers, and Linux distributors. All members contribute to the requirement definition and current requirement projects or work on new open source projects to meet the requirements. Many of these members have contributed technology previously missing from the Linux Kernel to make it a more viable option for telecom platforms. Two distributors already provide distributions based on CGL requirement definitions. Several telecom-related companies are deploying CGL or at least evaluating or experimenting with it."
Book Review: Perl Medic (use Perl)Use Perl has a review of the book Perl Medic by Peter Scott. "Peter Scott's Perl Medic is presented as a book for "Transforming Legacy Code", but it could also be called "Perl Best Practices" or "The Things Every Perl Programmer Should Know.""
Miscellaneous Gopher: Underground Technology (Wired)Wired digs up the dirt on Gopher. "According to a list on Floodgap.com, over 250 active gopher servers are currently online, serving documents ranging from lawyer jokes to the text of the Shays-Meehan campaign finance reform bill. Almost half these servers are affiliated with American colleges and universities, but servers are also located on every continent but Africa and Antarctica."
Page editor: Forrest Cook Announcements Non-Commercial announcements Executives from Government, Industry and Consortia Call for StandardsThe Open Group has sent out a press release on The Open Group Conference. "At The Open Group's recent conference, key executives from the federal government, industry and technology consortia discussed their vision of the IT of the future, and emphasized the importance of standards and certified conformance for achieving global interoperability."
The Open Group Launches Linux COE Platform CertificationThe Open Group has launched its COE Linux Platform certification program. "Based on the DISA Cross Platform Compliance criteria for Linux systems, the program provides assurance that conforming systems provide services to COE applications software through conforming APIs. The program also assures that the systems present a specific appearance and behavior at the Human-Computer Interface level, have demonstrated interoperability and data interchange requirement, and meet a set of security requirements."
Phrack #62 Call for PapersA Call for Papers has gone out for the online magazine Phrack #62. "As in previous issues, we will showcase selected tools from the hacking community. Send us your toolz, links and logs for warez that are worthy of being mentioned in our holy magazine."
Optical Data Linking with RonjaThe OpenCollector site lists a new release of the Ronja Twister interface design from the Ronja Project. "Ronja connects two PC's point-to-point, using a common red-orange visible light from a car brake light LED. The design is simple, building is easy and complete from-scratch building guide is online. Suitable for anybody who wants to communicate entirely freely in a direct line of sight. Building is cheap and requires only common tools available in home workshop. Communicates 10Mbit/sec. full duplex over 1.4km."
VUGames e-peitionA group of gaming enthusiasts are making an attempt to get a game company to port one of their products to Linux. "An e-petition is being started invoking all Linux users to request VUGames and Blizzard Entertainment so they port World of Warcraft to Linux. Blizzard has been known in the past for their support to PC and Mac users with hybrid games. The aim of the petition is to have a PC/Mac OS X/Linux hybrid."
Commercial announcements Automatic Testing tool released for KDE usage (KDE.News)KDE.News covers the release of KD Executor 2.0. "KD Executor is a record and playback tool for Qt and KDE applications. In addition, it contains a test environment which uses this record and playback tool for testing Qt and KDE applications. We are proud to release a free version (free as in beer, not as in speech) of this tool to the KDE community."
Lindows becomes LinspireLindows has announced that its distribution (formerly known as "LindowsOS") is now called "Linspire." Perhaps this means we are done with tiresome "Lindows v. Microsoft" press releases now.
LynuxWorks strikes back - sort ofLynuxWorks has sent out a press release responding to the Green Hills attack on the use of Linux in the military. "The rapid proliferation of open standards software continues to illicit responses from software vendors attempting to spread fear, uncertainty and doubt (FUD) as they find their business models threatened by the global open standards movement. Vendors have attempted to thwart Linux through lawsuits and legal actions and, most recently, are fueling the FUD surrounding Linux and the security threat it poses to our nation's defense systems." Do note the careful wording: this PR is all about "open standards" and says nothing about free (or open source) software; these people could just as well be pushing UnixWare.
Over 750 Applications Now Certified on Red Hat Enterprise LinuxRed Hat has issued a press release about the many applications that work with RHEL, and a new online, searchable catalog to showcase compatible applications.
Secluda Technologies seeks beta testers for new spam blockerSecluda Technologies has announced the final beta of BlockMaster, its new spam blocking product. They are also looking for Mandrake, SUSE, or Red Hat test sites to help test the Linux version of the product.
New Books "Network Security Assessment" Released by O'ReillyO'Reilly has published the book Network Security Assessment by Chris McNab.
No Starch Press to release "The Spam Letters"No Starch Press has published the book The Spam Letters by Jonathan Land. "Besides poking fun at spammers, Jonathan Land is also an accomplished stick figure artist and a participant in the experimental musical group Negativland."
Complete Text 'Rapid Application Development with Mozilla' Available (MozillaZine)A free, downloadable PDF version of the book Rapid Application Development with Mozilla has been announced. "Wily Yuen writes: "Nigel McFarlane's Rapid Application Development with Mozilla is now available as a PDF download from Bruce Perens' Open Source series at InformIT. Please support the author and buy the book if you find it to be useful." Displaying a keen sense of irony, InformIT have ensured that their download page does not work in Mozilla."
The Samba Team announces the Samba-3 by Example BookThe Samba site mentions the release of a new book by John H. Terpstra, Samba-3 By Example: Practical Exercises to Successful Deployment.Also: "Prentice Hall PTR is pleased to announce that the full source of both books, The Official Samba-3 HOWTO and Reference Guide and the new publication Samba-3 by Example have been posted to Samba.Org samba-docs public code tree. All books in the Bruce Perens' Open Source Series are published under the OPL."
Resources New AGNULA TutorialsLinux Audio luminary Dave Phillips has put together three tutorials for the AGNULA (A GNU Linux Audio distribution) documentation project. The new documents include: an Open Music tutorial, a SuperCollider 3 tutorial, and a "making music without X" tutorial.
KDE 3.2: A User's Perspective (KDE.News)William Kendrick has announced the online availability of his LUG presentation KDE 3.2: A User's Perspective. "The talk was well received, and left some people (even KDE users) overwhelmed with new information. It just goes to show that I wasn't the only one who knew KDE was a great environment, but hadn't even scratched the surface yet!"
The LDP Weekly NewsThe April 7, 2004 edition of the Linux Documentation Project Weekly News documents the latest new documentation releases.
The LDP Weekly NewsThe LDP Weekly News for April 14, 2004 is available with more new documentation.
Minutes of the Austin Group TeleconferenceThe minutes are available from the Austin Group's April 8, 2004 teleconference.
Event Reports Cluster World announcements for FridayThe following announcements came out of the ClusterWorld Expo 2004 on Friday:The winners of the Excellence in Cluster Technology Awards were announced. PathScale, Inc. announced what it claims to be the World's Fastest Linux Compiler Suite for AMD64 Systems.
Upcoming Events ACCU conference panel on software patentsThe ACCU conference panel on software patents will convene on Thursday April 15, 2004 in Oxford, England.
A Linux standards conference in ChinaThe "International Linux Standards and Application Symposium and the first National Linux Standards Feedback Session" is being held in Beijing on April 14 and 15. This event, which will be attended by representatives of various Chinese companies and agencies, along with some folks from the Linux Professional Institute and the Free Standards Group, will look at ways of standardizing and promoting Linux for the Chinese and international markets. Click below for the details.
EuroPython Registration is openRegistration is open for the EuroPython conference. Submissions for talks are due by April 15.
EuroPython News UpdateA news update is available for the EuroPython 2004 conference. The event will be held in Göteborg, Sweden from June 7-9, 2004
OMG Days in AprilThe Object Management Group will be holding a series of OMG Information Days across Europe in the latter part of April, 2004.
Ottawa Linux Symposium registration openRegistration has begun for the 2004 Ottawa Linux Symposium (July 21 to 24, Ottawa, Canada). This event often sells out, so, if you're thinking you want to be there, registering sooner rather than later might be a good idea. The price also goes up after May.
GCC Summit Registration is OpenRegistration for the 2004 GCC Summit is open. The event will be held in Ottawa, Canada on June 2-4, 2004.
Workshop Pure Data, AmsterdamWorkshop Pure Data will be held in Amsterdam, the Netherlands on May 26-29, 2004. "This workshop is meant for beginners and will focus on Open Source software for the real-time manipulation of audio and video. The dual package of Pure Data and GEM, offer a complete set of tools for sound, multimedia and VJ purposes. Topics will include: real-time audio and video processing with PD and GEM, RRADical PD, PDP and an overview of other free and open source audio and video tools for Linux."
AGNULA at Week of FreedomMembers of the AGNULA project will be present at the Week of Freedom in Siena and Turin, Italy. The event will take place on April 17-22, 2004. "The Week of Freedom is an event promoted and organized by Hipatia and Free Software Foundation Europe with a plethora of local associations and organizations - a 6-days long tour around Siena, Florence, Milan, Turin and Rome with conferences, workshops, speeches on free (as in free speech) knowledge."
AGNULA at Webb.It 2004Representatives of the AGNULA Linux Audio distribution will be present in Padua, Italy on May 6-8, 2004 at the Webb.It 2004 conference.
AGNULA at 2nd Linux Audio ConferenceThe AGNULA team will be present at the 2nd Linux Audio Conference in Karlruhe, Germany on April 29 - May 2, 2004.
Open source at medinfo2004 (LinuxMedNews)LinuxMedNews has announced the open-source presence at the medinfo2004 conference. The event will take place in San Francisco, CA in September, 2004.
Events: April 15 - June 10, 2004
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Nvu screenshot]](/images/ns/Nvu-sm.jpg)
![[Bluefish]](/images/ns/bluefish-sm.jpg)
![[PyX]](/images/ns/pyx.jpg)
PyX version 0.6.2 features several bug fixes in the graphing module,
the details are available in the