LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for May 20, 2004News from the SCO frontThe SCO Group, a little while back, filed a motion asking for a delay in the trial of its suit against IBM. According to SCO, IBM's foot-dragging had slowed things to the point that SCO could not get its act together in time. IBM has now responded; the full filing can be read in PDF format. It is not particularly surprising that IBM opposes this delay.In fact, IBM has taken this filing as an opportunity to stiffen its language against SCO in general:
Since this suit began in March, 2003, SCO has publicly touted its
evidence of IBM's alleged misconduct, but has resisted disclosing
the supposed evidence to IBM. In fact, SCO's Chief Executive Darl
McBride commented in an interview that SCO was 'fine to go to court
just on what we have before discovery.' ... In contrast to its
public assertions, SCO's conduct during discovery reflects a
remarkable pattern of delay and obfuscation.
It's not clear when the judge will rule on this motion. A hearing will be held on June 9 on SCO's suit against DaimlerChrysler, with a focus on Daimler's motion for a summary dismissal of the case. As reported in Groklaw, this case appears to have drawn a no-nonsense judge who will try to see things through to a resolution in relatively short order. The Free Software Foundation received a subpoena from SCO last year; they have now posted the subpoena on their site with some related discussion. It will surprise few to see that the subpoena is impossibly broad; the FSF has no intention of fulfilling it in its entirety. Being the FSF, they cannot stop with just the subpoena, however:
In addition to answering and/or disputing the subpoena, we must
also educate the community about why it is that Linux was attacked
and GNU was not. For more than a decade, FSF has urged projects to
build a process whereby the legal assembly of the software is as
sound as the software development itself. Many Free Software
developers saw the copyright assignment process used for most GNU
components as a nuisance, but we arduously designed and redesigned
the process to remove the onerousness. Now the SCO fiasco has shown
the community the resilience and complete certainty that a good
legal assembly process can create.
The FSF is right to emphasize the importance of ensuring that stolen code is not merged into free software projects; there is no doubt that more care is called for in that regard. Claiming that the FSF's copyright assignment policies headed off a legal attack from the SCO Group seems a little strong, however. It seems just as likely that SCO was repelled by the FSF's small bank balance. IBM, too, has strong rules covering its code contributions; armies of lawyers are involved. Those rules did not keep SCO from suing IBM, however. Expect some fun around June 2, when SCO will announce its second quarter results. One can only assume that said results will not be of a kind that will revive the company's stock price, which fell below its one-year low this last week. It will be interesting to see what the company comes up with as a way of distracting attention from these matters.
Australia considers a free trade agreementThe United States and Australia recently negotiated a trade agreement which, like many US-driven agreements these days, requires Australia to follow America's lead on numerous intellectual property issues. In particular, the agreement forces the adoption of software patents and DMCA-like copyright laws. Needless to say, free software advocates have been concerned about this agreement; they have also been doing something about it.On May 17, The Australian Senate Select Committee on the Free Trade Agreement between Australia and the US heard testimony on the effects that the agreement would have. The transcript is available as a 700KB PDF file. Included therein are several pages of testimony from kernel hacker Rusty Russell, representing Linux Australia.
Open source is particularly important to Australia because we are
good at it. We develop it, we distribute it, and our expertise
gives Australian business a competitive advantage over
international competitors--not just IT business but all businesses
that use IT. The Boston Consulting Group in a survey a few years
ago found that eight per cent of open source developers are in
Australia--hugely disproportionate to our population. We are in a
prime position to take advantage of the growth opportunities
provided by these projects especially the benefits of better, more
open infrastructure that open source provides. On the other hand,
the cost of chilling competition in this area will affect us
greatly now and we will lament the loss of our lead in years to
come.
Unfortunately, there is no picture of Rusty in his suit and tie. Many other witnesses appeared, including representatives of Electronic Frontiers Australia, and the Australian Digital Alliance. Whether this testimony will have an effect on the eventual ratification of this treaty is to be seen; the fact that these issues were heard in this forum is a good start, however. (Thanks to Michael Neuling for the transcript pointer).
European software patents get closerToward the end, it appeared that the European Council might not approve software patents after all. Representatives of the German and Italian governments had expressed reservations, and an objection from Luxembourg forced a discussion on what was supposed to be a fast-track vote. But, on May 18, the Council voted in favor of a patent directive which strips out the European Parliament's changes, and which thus legitimizes software patents in Europe.Believe it or not, this lengthy process is still not complete, however. The directive must return to the Parliament one last time for final approval; this vote is likely to happen sometime in the (northern hemisphere) autumn. If the Parliament rejects the Council's draft, then some sort of compromise will be hammered out. Thus, it is not time for anti-patent activists to rest, even though they are likely to be tired and discouraged. Software patents in Europe are not yet a done deal, but heading them off will require efforts to educate members of Parliament in all EU member countries. It is also worth remembering that elections to the Parliament are happening in June. Voter turnout in European Parliament elections tends to be low, so those who do vote have a relatively strong voice. If you are able to vote in these elections, you may want to consider learning the candidates' positions on software patents and voting accordingly. There is yet time to make a difference on this issue.
Stupid patent tricksIf you read about Microsoft's patent number 6,727,830, "Time based hardware button for application launch," issued on April 27, 2004, you're probably thinking that now you've heard everything. A patent on double-clicking and on holding down an application button? How can the Patent Office issue such a patent, since you can probably think of several instances of prior art off the top of your head?Here is the abstract, explaining the patent:
A method and system are provided for extending the functionality of
application buttons on a limited resource computing device. Alternative
application functions are launched based on the length of time an
application button is pressed. A default function for an application is
launched if the button is pressed for a short, i.e., normal, period of
time. An alternative function of the application is launched if the
button is pressed for a long, (e.g., at least one second), period of
time. Still another function can be launched if the application button
is pressed multiple times within a short period of time, e.g., double
click.
It drones on a while longer, but although they expend a great many words, what they have patented is simply this:
Linux systems are full of software which implements the claimed behavior. Double-clicking is found everywhere. The "hold the button for different behavior" can be found in places like the CD player. The patent specifies a "limited resource" computing device, so they are talking about PDA-type systems. The simple fact is that all computing devices are "limited resource," however. I asked my right-hand man on Groklaw, Dr Stupid, if he could think of any prior art and he had no trouble in about 10 minutes coming up with these possibilities:
The general concept of short press and long press doing different
things is not new at all - many embedded devices use it. What the
patent is about is a particular use of this concept for launching
programs on a device. That is, clicking once on the icon launches the
program with one command line parameter, and a double-click a different
command line parameter. Or a hold down is yet another. The very old FVWM window manager for Linux has a 'maximize' button which works like this:
So you have normal action, hold-it-down action, and double-click action. It's still shipped with SuSE and most distributions to this day, I believe... To me, it fails the 'not obvious' test. Another one that I wonder if it might be relevant is here: 'If you wish, you can distinguish single, double, and triple clicks. A double click means clicking a mouse button twice in approximately the same place. The first click generates an ordinary click event. The second click, if it comes soon enough, generates a double-click event instead....' Microsoft listed 8 prior art documents, each slightly different from theirs. But then you find a long list of what they asserted was unique to this patent. But, without analyzing this one in great depth, certainly we can agree there are patents issued that should not be issued, and the real question is: why does the Patent Office issue them? And why do companies want them? The answer to the first question is simple: they are understaffed and there is a general policy that you do your best and later the courts can determine if the patent was valid or not. Why do companies want them? I asked that question of patent attorney Dan Ravicher, head of PubPat, the organization that is dedicated to going after patents that were wrongly issued, and also asked about this specific patent, and here is what he told me:
When I read those claims, I was like, sure, nice try. I
doubt
Microsoft would ever assert this patent. But, there is still value in
building up a portfolio because many valuations are based purely on the
objective factor of how many patents or how many claims one has, despite
the fact that a wide swath of them are useless. The valuation experts
aren't that sophisticated, yet.
A patent, in other words, is an intangible, and you look good to valuation experts if you have a big pile of them. Does that mean there is no danger? Should something be done? He told me that until Microsoft begins to assert the patent, which so far it seems not to have done, the best thing is just to monitor it. "If Microsoft begins to assert this patent specifically, then we'll review the situation and make a decision about how best to protect the public," he says.
Security Hardened PHPThe Hardened PHP project has recently announced its existence; naturally, a Gentoo package is already available. The PHP language is highly popular for the creation of web applications, but it has long suffered from a reputation for poor security. This reputation is perhaps not entirely fair; the number of sites which have actually been compromised as a result of PHP vulnerabilities is small. Nonetheless, PHP has tended to have more holes than it really should, given its wide deployment. Hardened PHP is attempting to address that problem by adding patches to the language implementation which close off a number of potential security problems.Those interested in the actual changes being made can learn more on this page. These changes include:
This effort is worthy and worthwhile, but it is also inadequate for a couple of reasons. Exploitable buffer overflows in PHP are relatively rare; instead, PHP programs tend to suffer from different classes of vulnerabilities, such as cross-site scripting, SQL injection, and command injection. A truly hardened PHP would attempt to address these problems through tighter restrictions on what scripts can do and enforced checking of input strings. The fact that there needs to be a "hardened PHP" project in the first place is also a bad sign, unless this project is simply a staging area for patches on their way into the mainline. PHP is used to implement an unbelievable number of web sites; any vulnerabilities in PHP put vast numbers of systems at risk. Security should be at the top of the PHP project's goals; every PHP installation should be hardened. The Hardened PHP project is a good thing; lets hope its work is quickly picked up by the main PHP distribution.
New vulnerabilities cvs: heap overflow
heimdal: missing input sanitizing
icecast: denial of service
kde: URI Handler Vulnerabilities
kernel: integer overflow in the SCTP code
libuser: problems in libuser library
mah-jong: missing argument check
neon: buffer overflow
Pound format string vulnerability
subversion: buffer overflow
Updated vulnerabilities apache - denial of service in mod_ssl
apache: multiple vulnerabilities
clamav: improper string checking
cvs: client-side file overwrite vulnerability
ethereal - multiple vulnerabilities
exim: stack-based buffer overflows
Filename disclosure vulnerability in fam
flim: insecure file creation
gtkhtml: malformed messages cause crash
iproute: local denial of service
racoon: failure to verify signatures
racoon: denial of service vulnerability
kdelibs: cookie disclosure
kdepim: VCF file information reader vulnerability
kernel: symlink overflow in the iso9660 filessytem
kernel - root exploit in MCAST_MSFILTER
Linux kernel 2.2.10 failing function and TLB flush vulnerability
kernel-utils: setuid vulnerability
kolab: password disclosure
LHA: stack buffer overflows and directory traversal flaws
libpng: denial of service vulnerability.
libpng, libpng3: buffer overflow
libxml2 - arbitrary code execution
logcheck: symlink vulnerability
mailman denial of service
mc: multiple vulnerabilities
metamail: integer and buffer overflows
mikmod: buffer overflow
mod_python: denial of service vulnerability
mozilla: multiple vulnerabilties
mpg321: format string vulnerability
MySQL: temporary file vulnerabilities
neon: format string vulnerabilities
Nessus NASL scripting engine security issues
netpbm: insecure temporary files
openssh: timing attack leads to information disclosure
OpenSSL: denial of service vulnerabilities
passwd: various problems
postfix: denial of service vulnerabilities
proftpd privilege escalation
python: buffer overflow
rsync remote file write attack
SUSE Live CD: no-password root access
sysstat: temporary file vulnerability
File overwrite vulnerability in tar and unzip
tcpdump: ISAKMP payload handling denial-of-service vulnerabilities
Multiple vendor telnetd vulnerability
utempter problems with symlink and strncpy
XChat 2.0.x SOCKS5 Vulnerability
xine-lib: malicious code execution
xine-ui - insecure temporary file creation
Resources May CRYPTO-GRAM newsletterBruce Schneier's CRYPTO-GRAM newsletter for May is out. Topics this month include warrants as a security measure, airport security, security consumers, and more. "Being a smart security consumer is hard, just as being a good citizen is hard.... We need to become informed. Otherwise it's no different than walking into a car dealership without knowing anything about the different models and prices -- we're going to get ripped off."
Events Call for Participation Workshop DIMVA 2004The Detection of Intrusions and Malware & Vulnerability Assessment conference is happening July 6 and 7 in Dortmund, Germany. Registration is now open; click below for the details.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 release remains 2.6.6; no 2.6.7 prepatches have been released as of this writing.Linus's BitKeeper repository contains over 650 changesets, however, indicating that work is proceeding even in the absence of formal releases. These patches include a generic msleep() function for millisecond-scale waits, a CPU frequency control update, a set of autofs4 patches, del_singleshot_timer() (covered here last week), a set of patches to shrink the heavily-used dentry structure, the "filtered wakeup" mechanism (see the May 5 Kernel Page), a libata update, some architecture updates, the scheduling domains patch set (covered here last month), the removal of the Intermezzo filesystem due to lack of use and support (see below), a sysctl variable giving "huge page" access to a administrator-specified group), the ability to re-enable interrupts while waiting in spin_lock_irqsave() (for all architectures now), support in reiserfs for quotas and external attributes (added over Hans Reiser's objections), and lots of fixes. The current kernel prepatch from Andrew Morton is 2.6.6-mm4. Recent additions to -mm include the anon-vma reverse mapping code (see below), a fix for the "phenomenally broken" ramdisk driver, the reservation of a system call number for the "kexec" functionality, and lots of fixes. The current 2.4 prepatch is 2.4.27-pre3, which was released by Marcelo on May 18. Changes this time around include a JFS update, some driver updates, a big serial ATA update, and a number of fixes.
Kernel development news The status of object-based reverse mappingThe discussion has been quiet in recent times, but work on replacing the low-level reverse-mapping virtual memory code in the 2.6 kernel continues. When we last looked at the new, object-based reverse mapping ("objrmap") approach, there were two competing implementations:
The two approaches are conceptually similar, but each has its strong and weak points. Their performance is essentially equivalent. Thus far, there has not been any sort of spirited debate over which should be included; most kernel developers, if they have a preference, have kept it to themselves. Hugh has been busy over the last few weeks, however, creating a series of 40 patches aimed at slowly moving the reverse mapping code over to the object-based approach. The first five of those patches, which are restricted to cleanup and preparatory work, have been merged into the 2.6 mainline. "rmap-10" added anonmm; it was promptly merged into the -mm tree. This action did not imply that anonmm had been chosen over anon-vma, however; it was simply the first step in the testing process which would lead to a final decision. Hugh's final series of patches (rmap-34 to rmap-40) completes the process by replacing anonmm with anon-vma; these patches are present in 2.6.6-mm4. Hugh introduces the patch set by saying:
Judge for yourselves which you prefer. I do think I was wrong to
call anon_vma more complex than anonmm (its lists are easier to
understand than my refcounting), and I'm happy with its vma merging
after the last patch. It just comes down to whether we can spare
the extra 24 bytes (maximum, on 32-bit) per vma for its advantages
in swapout and mremap.
As Hugh notes, anon-vma should have better swapping performance, since its structures make it easier to find the VMA for a given page. Additionally, the anonmm code works best when shared anonymous pages have the same virtual address in each address space that uses them; if a process moves pages with mremap(), some relatively complicated work must be performed to make things work. The anon-vma solution does not have that particular problem. On the other hand, expanding the VMA structure is not something which should be done lightly; some loads can use huge numbers of VMAs, and they must all be located in low memory. That said, either reverse mapping scheme should free far more low memory than it consumes; that is, after all, one of the main points behind this entire exercise. There still has been no public word on which scheme will be chosen, or when it might be merged. The current state of affairs suggests, however, that anon-vma will be the one that goes in unless some sort of major problem turns up. As for timing: enough major work has already gone into 2.6.7 that it's hard to imagine throwing major VM surgery into the mix. So 2.6.8 is the earliest such a merge could possibly happen. A couple of 2.6 releases after that, the forking of the 2.7 tree might just become a possibility.
4K stacks: some issues remainLast week's Kernel Page talked about the push toward 4K stacks on the i386 architecture. While most of the problems with the smaller stack size have been worked out, a few remain. Witness, for example, this problem report; it would appear that the 2.6.6 Radeon framebuffer driver is overflowing the 4K stack.The problem was quickly narrowed down to a couple of new fields added to the radeon_regs structure:
struct radeon_regs {
....
u32 palette[256];
u32 palette2[256];
};
If one of these structures is placed on the kernel stack (as happens in the radeonfb driver), those two arrays, by themselves, take half of the available space. If that weren't sufficiently annoying, there is the little fact that those arrays are part of an ongoing development and are not actually used for anything in 2.6.6. Fixing this particular problem is relatively easy, but this episode has reawakened interest in finding large stack users automatically. One never knows when a developer will expand a data structure without realizing that it is used on the stack in some other place; rather than letting users find this sort of mistake the hard way, it would be better to look for them explicitly earlier in the development process. To that end, several scripts have been posted which seek out large stack users in a compiled Linux kernel. A quick look at these scripts makes it clear that kernel code is, by no means, the scariest code out there:
objdump --disassemble "$@" | \
sed -ne '/>:/{s/[<>:]*//g; h; }
/subl\?.*\$0x[^,][^,][^,].*,%esp/{
s/.*\$0x\([^,]*\).*/\1/; /^[89a-f].......$/d; G; s/\(.*\)\n.* \(.*\)/\1 \2/; p; };
/subl\?.*%.*,%esp/{ G; s/\(.*\)\n\(.*\)/Dynamic \2 \1/; p; }; ' | \
sort | \
perl -e 'while (<>) { if (/^([0-9a-f]+)(.*)/) { $decn = hex("0x" . $1);\
if ($decn > 400) { print "$decn $2\n";} } }'
(from a script by Keith Owens and Arjan van de Ven). Several variants have been posted, most of which are trying to support multiple architectures. None yet have solved the full problem, however: finding full call chains whose cumulative stack usage exceeds the space available. With or without that feature, some sort of stack usage checker is likely to be merged into the kernel build system before too long. That should help the developers to trap the most obvious problems before they find their way into a released kernel.
Module parameters in sysfsIn the 2.6 kernel, parameters to loadable modules are set up with the module_param() macro:
module_param(name, type, perm);
The perm parameter was set aside for the sysfs representation of this parameter but has, until now, been unused; almost every declared parameter simply sets it to zero in the 2.6.6 kernel. A new patch has been posted, however, which makes module parameters in sysfs a reality. This patch creates a new /sys/module directory; a subdirectory will be created for each module loaded into the system. For unloadable modules, a read-only parameter (called refcnt) will be set up which contains the module's current reference count. There will also be attributes for every module parameter whose perm value is not zero; that value will, as expected, set the permissions mask for that parameter. If the permissions mask allows, module parameters will be writable. In theory, this will give module authors an easy way to export administrator-tweakable knobs to user space. It is worth noting, however, that there is no mechanism for notifying a module that one of its parameters has been changed. Module authors, thus, will have to be careful to ensure that their modules will properly detect and respond to changes to parameters at any time before exporting those parameters in a writable mode. Even so, this patch represents the tying-up of yet another 2.6 loose end.
Goodbye to old codeOne of the most important tasks in kernel maintenance is not the addition of new code, but removal of old code that is no longer useful. Unused code bloats the kernel and, potentially, becomes a breeding ground for bugs and security problems. Getting that code out of the way helps keep the kernel cruft level down.In recent times, the ax has fallen on two subsystems. The first is the InterMezzo filesystem, which has been removed for 2.6.7. InterMezzo is a distributed filesystem from Peter Braam and company with a number of interesting ideas, but, apparently, few users. Maintenance has been lacking, and Mr. Braam finally agreed that it should be removed, noting "In the past 4 years nobody has supported InterMezzo sufficiently for it to become successful." The Lustre filesystem, which is Mr. Braam's current project, appears to be headed for greater success. A patch has been posted which removes support for the PC9800 architecture. There have been a few small objections to this removal, drawing this response from Alexander Viro:
So are you volunteering to maintain the port? Maintainers are MIA;
the damn thing doesn't compile; all patches it gets are basically
blind ones ("we have that API change, this ought to take care of
those drivers and let's hope that possible mistakes will be caught
by testers"). Considering the lack of testers (kinda hard to test
something that refuses to build), the above actually spells in one
word: "bitrot".
There has been a rather conspicuous shortage of people stepping up to maintain the PC9800 port, so chances are that it will be going away soon.
Patches and updates Kernel trees
Development tools
Device drivers
Filesystems and block I/O
Janitorial
Memory management
Architecture-specific
Security-related
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Learning with Linux From ScratchIn the midst of all the excitement surrounding the release of Fedora Core 2 this week, some of the smaller projects that announced new versions at about the same time might have escaped attention. One of them was Linux From Scratch 5.1.As the popularity of Linux increases, many people ask: "Is there a fast and fun way to learn the ins and outs of the Linux operating system? Are there any entertaining alternatives to conventional training courses and books?" For many, the answer might very well be Linux From Scratch (LFS), a book that provides step-by-step instructions to build a complete Linux operating system from source code available for download on the Internet. Linux From Scratch is a mature project. Its beginnings date back to December 1999 when version 1.0 was released. In it, the book's author Gerard Beekmans explains the purpose of the new "distribution":
I started this document about 6 months ago. I
tried a few Linux distributions and came to the conclusion that there
wasn't a distribution I totally liked. Every distribution has its own
advantages and disadvantages, but I was never satisfied with what I had
(although Debian comes very close to what I want), so I decided to
explore the possibility of building my own Linux distribution using
nothing but source code of programs. As I found out there's quite a bit
of work involved, but it's also a lot of fun and you really learn a lot
by doing it, since you need to configure every single aspect of the
system. This forces you to read a lot of manuals on how to configure
various software. It also gives you total control over your system
(well, that's the idea). You know exactly what software is installed,
how it is configured and where all the configuration files
reside.
Yes, Linux From Scratch is primarily about learning. Although the final product can indeed be used as a distribution in its own right, the road that one has to walk in order to get to the destination is too tedious to turn it a regular routine. Installing Linux From Scratch is even harder than installing Gentoo: there is no Portage to do the hard work and all compiling has to be done with the classic UNIX tools of configure, make and make install. But this is where the educational value of Linux From Scratch manifests itself. The process is possibly the most practical way to learn about every detail regarding file structures, processor optimizations, configuration files, security matters and thousands of other issues. How much would you pay for a commercial Linux training course? Linux From Scratch is a great resource which will not only teach you the very basics of Linux, it will do so in a most entertaining way, all for free. If you decide to embark on this experience, consider these prerequisites:
Although trying to absorb 200 highly technical pages split into 9 chapters might sound like a lot of hard work, the truth is that a great deal of the book consists of reference information, such as package descriptions and listings of program files and their dependencies. The preface and the first chapter can be skimmed over - they contain little beside a foreword, acknowledgment, conventions, changelog and other general information. Chapter 2 explains how to create a new partition, format it with an ext2 file system and mount it. Chapter 3 lists packages needed to build LFS, while chapter 4 details the final preparations before the actual build, inclusive of setting up the build environment. The real meat of the book starts in Chapter 5, which contains instructions about compiling and installing a minimal Linux system. At this stage, all compilation is done with tools "borrowed" from the host environment, but with static linking to system libraries to gain "independence" from the host system. This will ensure that the newly compiled tools still work in a subsequent, "chroot-ed" stage. The compile process starts with GNU Binutils and continues with GCC, Linux header files, Glibc, Tcl, several essential GNU utilities, and Perl. After installing Glibc, both Binutils and GCC have to be recompiled for the second time to link them against the new Glibc. The compiling of most packages will only take a minute or two, with the exception of Glibc and GCC, which will take a lot longer. However, the time it takes to compile the packages can be utilized for reading the relevant sections in the book, which provide detailed information about such interesting matters as the purpose of the many available GCC compiler flags and other related topics. Chapter 6 starts with mounting the proc and devpts file systems, followed by a chroot into the newly compiled base LFS partition. The next step is to create a standard UNIX directory structure. If you are fairly new to the world of Linux, this is a great chapter to learn about file permissions, passwords, users and groups, log files, and also about creating devices in the /dev directory. Next comes a detailed explanation on compiling Glibc, including notes on locales, how to configure the dynamic loader, and a list of commands provided by Glibc. A very useful chapter indeed! In order to enable dynamic linking to system libraries, all applications compiled in the previous chapter need to be recompiled here for the second time (or, in the case of Binutils and GCC, for the third time). The remaining system packages will also be compiled in this chapter. Interestingly, beside GCC 3.3.3, the book also recommends installing GCC 2.95.3, which will be used exclusively for compiling the Linux kernel; the well-tested older compiler is said to be more suitable for building a rock-solid kernel than any of the new GCC 3.x series. The full Linux kernel is finally compiled in chapter 8. However, to get there, one still needs to go through the short, but important chapter 7 - another invaluable section of the book providing all the necessary bootscripts and filled with information about setting up the system clock, the syslog daemon, and networking. The kernel compilation chapter does not deal with kernel configuration issues; it merely provides instructions to compile a default kernel, with a suggested alternative of copying an existing kernel configuration file from a known working system. The very final step of the book is to configure the Grub boot loader (previous versions of LFS used lilo, but version 5.1 switched to Grub) to make the newly compiled Linux system bootable. Completing all the steps in the book will probably kill a whole weekend, but besides the freshly acquired knowledge and experience, the brand new Linux system on your hard disk is very bare-bones and not particularly useful. So how can you make it useful? By moving on to the next book - the 413-page Beyond Linux From Scratch (BLFS). This is a priceless resource with detailed instruction on how to compile many common applications, including essential utilities, server packages (Apache, MySQL, Samba...), desktop environments (XFree86 + KDE, GNOME, XFce...), OpenOffice.org, multimedia and printing packages, and many other open source applications. At this stage, you'll probably start craving a binary Linux distribution, one that can be installed and is ready to use in 20 minutes. But even if you don't plan on further package compiling, the BLFS book is a great reference for those moments when you do need to compile applications, with many tricks, workarounds and guidelines. Linux From Scratch is a wonderful project. It should become a compulsory reading material for all Linux training courses, and something that every Linux enthusiast should complete at least once. This would also create another interesting side effect: people who tend to be quick in expressing dissatisfaction on the distributions' mailing lists and forums would probably show a lot more respect for the developers. Installing a ready-made distribution is a trivial task. Building up a set of 4 CDs containing a stable, secure and reliable operating system, plus thousands of applications, is most definitely not.
Distribution News Presenting FEDORA CORE 2It's official: Fedora Core 2 is out. "Including musical numbers such as 'Who Let Fedora Out?' by the Slashdot Men, 'The Download Goes On' by Celeron Dion, and 'The Hacker in Me' by Shania Sane. 'It's a singing, dancing extravaganza!' says the Rawhide Daily News." As of this writing, not all of the mirror sites had opened up yet, but that should change quickly. Click below for the full announcement.
Debian GNU/LinuxHere's the Debian Weekly News for May 18, 2004. In this issue: an interview with Miguel de Icaza, new K6 mini iso images, the status of the Java to main effort, Debian powered binoculars, the status of GNOME 2.6 for unstable, and several other topics.The Debian Project has sent out a release mourning the death of two of its developers, Manuel Estrada Sainz and Andrés García, who were killed in an automobile accident on return from the Free Software conference in Valencia.
LBA Unveils Latest Linux, Calls for Beta TestersThe Linux Business Alliance has unveiled a preview of the next generation LBA-Linux. "LBA-Linux R2 Beta, a test version of the as-yet-unreleased LBA-Linux R2, reveals a slew of new features and sports an enhanced, stylish design."
Mandrake LinuxHere are a couple of Mandrakelinux 10.0 updates:
Slackware LinuxThis week the slackware current branch received various upgrades including perl 5.8.4, pine 4.60, xscreensaver 4.16, more gnome packages, getmail 3.2.4, BitTorrent 3.4.2, plus a number of packages were recompiled to use the upgraded versions. There were several security fixes to both slackware-current and slackware-stable, check here for security updates.
Trustix Secure LinuxTrustix Secure Linux fixes several Samba bugs in TSL 1.5, 2.0, 2.1 and TSEL 2..
Minor distribution updates Astaro Security LinuxAstaro Security Linux has released v5.008 with minor bugfixes. "Changes: This Up2Date fixes some minor bugs in the user interface called WebAdmin."
BasicLinuxBasicLinux has released v3.21fd with major feature enhancements. "Changes: The new FD version boots from two floppy disks. It includes all the features of the HD version, including the X11 applications. The FD version runs in a ramdisk and can (optionally) be installed to the hard drive with LILO."
Buffalo LinuxBuffalo Linux has released v1.2.2 with major feature enhancements. "Changes: Version 1.2.2 has been released on the main site. The ISO includes kernel 2.6.6 and an improved Buffalo Desktop with Opera 7.50 and links to CrossoverOffice 3.0. Also included is GNOME-2.6 as a bundle package. All packages are in sync with Slackware-current as of 14 May. It includes many bug fixes (and probably some new ones to keep you entertained). An update-only download is available."
ClusterKnoppix V3.4-2004-05-10-EN-cl1 releasedClusterKnoppix V3.4-2004-05-10-EN-cl1 has been released. ClusterKnoppix uses Knoppix and OpenMosix to create a live CD that can create and manage clusters. Click below for features and change log.
Coyote LinuxCoyote Linux has released v2.10 with minor bugfixes. "Changes: This release fixes a bug that can cause the firewall to stop forwarding traffic if the configuration is reloaded from the Web administrator."
Damn Small LinuxDamn Small Linux has released v0.7 with major feature enhancements. "Changes: This release added myDSL, an easy way to extend DamnSmall, a Synpatic download script, gRun (replacing fbrun), and enhnacements to emelfm. A bug with passing the current video mode for hard drive installation was fixed. OpenOffice, AbiWord, GCombust, Samba, Ace of Penguins, GNU utils, and Firefox extensions were created."
Feather LinuxFeather Linux has released v0.4.2 with major feature enhancements. "Changes: This release allows customization. It includes PSS, a self-written music server to stream music over your network, XMMS 1.2.10, a gaim script, alsaconf and usbview. tcc now works. Several other minor changes are incorporated."
FreeBSDFreeBSD 4.10-RC3 is available. "Changes from RC2 include a full package set for Alpha, fixes for the twe(4) driver under load, fixes for the twa drives not being seen by sysintall, along with various other bug fixes. i386 ISO images are available now, alpha ISO images are uploading to ftp-master now and will be available shortly. We expected this to be the final RC before the full release at the end of this week. So please test this as much as possible and report any problems."
GeeXboXGeeXboX has released v0.97 with major feature enhancements. "Changes: This release uses MPlayer 1.0pre4. It has support for DXR3cards, PCI and USB WiFi network adapters, Serial ATA disks, Gigabit ethernet cards, and BT8x8 and Saa73134 cards (Composite and S-VHS inputs and TV tuners). It has support for audio/video streaming. There is a telnet server for remote access. It supports VidiX for EPIA-M, ATI Radeon 9xxx, and nVidia cards. An image viewer (FBI) has been added with support for BMP, GIF, JPEG, PCD, PNG, PNM, and PPM formats."
Linux Embedded Appliance FirewallLEAF has released Bering-uClibc 2.2-beta2 with major feature enhancements. "Changes: This release includes a new linuxrc and leaf.cfg. Other changes are a modularized ip_conntrack, replacement of arp with the busybox arp applet, and a small patch for uClibc for keepalived."
NSA Security Enhanced LinuxNSA Security Enhanced Linux has released v2004051217 with minor feature enhancements. "Changes: The current prototype and the experimental NFS code are now based on Linux kernel 2.6.6. Several races and kernel socket creation problems were fixed and a runtime disable was added. The old 2.4-based kernel patch was ported to 2.4.26. The userland patches were updated from Fedora Core 2 development. There are now man pages for libselinux. X server security classes and access vector definitions were added and many policy updates were made."
Recovery Is Possible!RIP has released v8.5 with minor feature enhancements. "Changes: Some of the software was updated on the CD and Floppy versions. There's also a new way to install and run the Linux system: on a Windows NTFS partition, without repartitioning."
SLAX-Live CDSLAX has released v4.1.2-pre1 with major bugfixes. "Changes: X11 locales are no longer removed. DOC_MULTILANG documentation that describes how to create a module with your language was included. KDE 3.2.2 with QT 3.3.2 and KOffice 1.3.1 were added, and .inputrc was modified to enable Czech, Russian, and all other keymaps in bash. The Russian (and probably some other) fonts were fixed in KDE, and the create_bootdisk.sh script for making bootable USB flash disks was fixed. The mouseproto, mousedev, and wheelmouse boot options were also fixed."
Zool LinuxZool Linux has released v5 with major feature enhancements. "Changes: BusyBox is now used instead of Crunchbox. The FS checking utilities were removed, and the built-in shell was changed to ash. The default editor is now vi. DevFS was added along with a DHCP server/client daemon, wget, route, ping, nslookup, ftp, httpd, and pgen. The init system was changed and the sysv scripts were rewritten. Some cleanups were made along with some hacks to kernel 2.4.26 to make it smaller. linux_logo.h was changed, and BusyBox was hacked to make it faster and smarter."
Page editor: Rebecca Sobol Development The Ethereal Network Protocol AnalyzerEthereal is an open-source and cross-platform network protocol analyzer that offers a wide range of useful features for the network administrator.![[Ethereal]](/images/ns/ethereal.jpg)
Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows.
Ethereal features include:
Ethereal source code and pre-compiled packages are available. The long list of authors is a great example of open-source cooperation. Ethereal has been released under the GNU General Public License. Version 0.10.4 of Ethereal was released this week. Changes include new GUI features under GTK+ 2.4, better PostScript output, the ability to set preferences on the main display window, support for a number of new network protocols, improvements to the existing network protocol support, and more.
System Applications Audio Projects New MidiShare/ALSA driver for LinuxThe msAlsaSeq ALSA driver is out. "The driver lets you connect to ALSA devices and other ALSA sequencer clients from MidiShare applications. It can be used instead of the msRawMidi, msRawSerial and msInetDriver clients if you're running ALSA instead of plain ol' OSS (which you should ;-). It also allows you to map ALSA client ports to corresponding MidiShare ports."
Planet CCRMA ChangesThe latest changes from the Planet CCRMA audio utility packaging project include new versions of VASP, Audacity, and FIL-plugins.
Database Software knoda 0.7 test1 releasedVersion 0.7 test1 of knoda, a database front-end, is out. "The main feature is a database designer dialog".
PostgreSQL Weekly NewsThe May 17, 2004 edition of the PostgreSQL Weekly News is available with the latest PostgreSQL database information.
Mail Software Mailman 2.1.5 releasedVersion 2.1.5 of Mailman, a mailing list manager, has been released. "Mailman 2.1.5 is a significant upgrade which should improve disk i/o performance, administrative overhead for discarding held spams, and the behavior of bouncing member disables. This version also contains a fix for an exploit that could allow 3rd parties to retrieve member passwords. It is thus highly recommended that all existing sites upgrade to the latest version."
Networking Tools Distributed CfengineLuke A. Kanies continues his O'Reilly series on cfengine. "In this article we are going to take the script we wrote in Introducing Cfengine and distribute it to all of our servers using cfengine. As an added bonus, we're going to pull both our cfengine configuration and the sudoers file directly out of a versioning system. It's a simple additional step something you should do with all centralized configuration files and provides a convenient control point for modifying and auditing your configurations."
Twisted 1.3.0 releasedVersion 1.3.0 of the Twisted networking framework has been released. See the Release Notes for details. "This is the last release before Twisted begins splitting up."
Security realtime 0.1.1 with 2.6.6 kernel supportVersion 0.1.1 of the realtime Linux Security Module has been released. "This release handles changes to the capabilities structure introduced in Linux 2.6.6, but still works with earlier 2.6 kernels. There are no functional changes. Unless you are running 2.6.6, there is no need to upgrade."
Web Site Development Zope X3 3.0.0 alpha 1 releasedThe first alpha release of the long-awaited Zope 3.0 project is out. "Zope X3 is the next major Zope release and has been written from scratch based on the latest software design patterns and the experiences of Zope 2." Click below for the details.
Web Services Web services for bioinformatics, Part 1 (IBM developerWorks)Chetna Warade, Virinder Batra, and Rick Runyan work with web services and bioinformatics in part one of a series on IBM's developerWorks. "This series describes the process of building, deploying, and using high-throughput Web services for bioinformatics applications. This is meant to serve as a guide for development of software based on the Open-Bioinformatics Foundations software toolkits with packages such as BioPerl, BioJava, and BioPython. This article provides directions for how to deploy a service and present a new implementation of document-style Web services extensions to the BioPerl module that will allow a wide range of existing applications to consume such services."
Miscellaneous GNOME System Tools 0.33 is out! (GnomeDesktop)Version 0.33 of the GNOME System Tools, a set of cross-platform configuration utilities, has been announced. "A new release of the GST is out! this time with a whole bunch of improvements, such as adding full PPP support for Slackware, network tool support for Conectiva and adding full support for all tools for Gentoo and FreeBSD".
Desktop Applications Accessibility gnopernicus 0.9.2 releasedVersion 0.9.2 of gnopernicus, a screen reader for the GNOME desktop, is out. This version adds a configurable magnifier option and more.
Audio Applications Helix Player 1.0 (alpha) availableThe alpha release of Helix Player 1.0 is available. See the release notes for information on what's in this release and the known problems (e.g. no ALSA support). Of course, if you want to play certain proprietary media formats, Helix Player won't do it for you, but the alpha version of Real Player 10 is available from the same place.
Rhythmbox 0.8.4 is outVersion 0.4 of Rhythmbox, a music player, has been announced. "Among other things, I spent a day squashing memory leaks in Rhythmbox and GStreamer. Upgrading to this release is suggested for long-running playback, and you'll also want to upgrade to the hopefully-soon-to-be-released gstreamer-plugins 0.8.2 (which will also fix stuff like infinite loops on .wma files)."
Desktop Environments GNOME 2.6.1 released - Gnome Installation Guide updated (GnomeDesktop)GnomeDesktop reports on the release of GNOME 2.6.1 with lots of bug fixes and improvements.Also an updated GNOME Installation Guide has been released.
GARNOME 2.6.1 releasedGARNOME version 2.6.1 is available. "The latest 'somewhat toned down' version of GARNOME distribution for those who want a new version of GNOME for regular day-to-day use, but don't want to wait until your distribution catches up, is now out and about."
GSwitchIt Plugins 0.3 are availableVersion 0.3 of the GSwitchIt Plugins are available for the GNOME 2.6.x series. "GSwitchIt Plugins is a set of plugins which include functionality not available (or hidden) in the core GNOME Keyboard Indicator (because of usability, political correctness, code quality, HIG compatibility, external dependencies etc etc etc)."
KDE-CVS-Digest (KDE.News)The May 14, 2004 KDE-CVS-Digest is available. Here's the content summary: "More work on KDevelop documentation tools, adding a TOC plugin. Khtml text-decoration mostly brought up to CSS1 standards. KBlueTooth adds utilities to search for services and send faxes. Kopete adds rich text editor capabilities."
Quickies: KolourPaint, KWin Deco Howto, Desktop Theming, Boson, Opie (KDE.News)KDE.News has a Quickies announcement that lists a bunch of new versions of various applications.
Games gnome-games 2.7.1 releasedVersion 2.7.1 of gnome-games, a collection of games, is out.
Interoperability Wine TrafficThe May 14, 2004 edition of Wine Traffic has been published. Take a look for the latest WINdows Emulation (WINE) news.
Web Browsers Mozilla 1.7 Release Candidate 2 Available (MozillaZine)Release Candidate 2 of the Mozilla 1.7 browser has been announced. "Like the first release candidate, which came out last month, this build is designed to ensure that there are no major bugs remaining before the final release of Mozilla 1.7."
Word Processors AbiWord Weekly NewsThe May 15, 2004 edition of the AbiWord Weekly News is out with news and information about the AbiWord word processor.
Miscellaneous The Spatial WayColin Charles has put up an article explaining and defending the GNOME 2.6 "spatial Nautilus" file manager. "It sticks to the fact that people associate better with the computer's interface when they know that files and folders seem real, just like their physical equivalents, where you 'could manipulate in familiar, direct and predictable ways.' So, the spatial interface is supposed to be better, because it helps mimic real life - this makes associations easier and better for the user. GNOME has done something ground-breaking by doing away with the browser-styled, Navigation metaphor. Everytime the contents changes within a window, people get lost, and file navigation becomes harder. So 'folders' are 'windows', now..."
Languages and Tools C GCC tree-ssa branch merged into mainlineThe GCC Tree SSA branch has been merged into the GCC mainline code. "I am glad to announce that Tree SSA has been merged into mainline. The branch is now closed and mainline is, once again, open for business."See last week's LWN development page for more information on this project.
Caml Caml Weekly NewsThe Caml Weekly News for May 11-18, 2004 has been published.
Java Cellular automata and music (IBM developerWorks)Paul Reiners makes music with Java on IBM's developerWorks. "Take computers, mathematics, and the Java Sound API, add in some Java code, and you've got a recipe for creating some uniquely fascinating music. IBM Staff Software Engineer Paul Reiners demonstrates how to implement some basic concepts of algorithmic music composition in the Java language. He presents code examples and resulting MIDI files generated by the Automatous Monk program, which uses the open source jMusic framework to compose music based on mathematical structures called cellular automata."
Nested Classes, Part 1 (O'ReillyNet)Robert Simmons, Jr. explores nested classes in Java. "One aspect of the Java language that is not widely understood is the concept of nested classes. But because you're bound to encounter one or more of them in other people's code, it's important to understand how they work. Chapter six of Hardcore Java covers the various nested classes. In this first excerpt in a three-part series of excerpts from the chapter, author Robert Simmons covers the first of the three basic categories of nested classes: inner classes."
JSP JSP 2.0: The New Deal, Part 4 (O'ReillyNet)Hans Bergsten completes his series on JSP 2.0 with part four. "The wait is almost over: the latest version of the JavaServer Pages (JSP) specification, JSP 2.0, is about to be released. Hans Bergsten shows how the new changes make using JSP and its expression language cleaner and more powerful."
Lisp Loom released under open-source licenseLoom is now available under an open-source license. "The Loom group at the University of Southern California has released the Loom(tm) knowledge representation language under an open-source license. Loom is a "language and environment for constructing intelligent applications" written in Common Lisp."
Perl This Week on perl5-porters (use Perl)The May 10-16, 2004 edition of This Week on perl5-porters is online. "Welcome to our latest edition of the P5P summary, for which I'm sure you have been waiting. This week, you'll read about considerations on Storable, nice improvements to the debugger, bugs, and other interesting subjects."
This Week on Perl 6The May 14, 2004 edition of This Week on Perl 6 is online. "Ooh look. Stuff's been happening in perl6-internals again. Will wonders never cease?"
PHP Using Shared Memory from PHP (O'Reilly)Alexander Prohorenko writes about the use of shared memory from PHP on O'Reilly. "IPC is one of the most important features of the UNIX systems. It allows two processes to communicate with each other. In this article we'll work with two System V IPC functions, semaphores and shared memory. System V IPC originated in SVR2, but has implementations by numerous vendors. It's also available in SVR4."
Python Python 2.3.4, release candidate 1Version 2.3.4 RC 1 of Python is out with bug fixes. If no major problems are found, the final Python 2.3.4 release will be out shortly.
python-ldap 2.0.0 releasedVersion 2.0.0 of python-ldap is out. "python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. It mainly wraps the OpenLDAP 2.x libs for that purpose."
python-dev SummaryThe May 14, 2004 python-dev Summary is out with a summary of the python-dev mailing list traffic from April 1-30, 2004.
Ruby Ruby/GtkSourceView 0.2.0Version 0.2.0 of Ruby/GtkSourceView, a Ruby binding for the GtkSourceView C library, is out. "This release fixes several bugs (memory-related for some), brings more compliance to the Ruby-GNOME2 design guidelines, wraps more classes/methods and provides API reference documentation."
Tcl/Tk Dr. Dobb's Tcl-URL!The May 17, 2004 edition of Dr. Dobb's Tcl-URL! is out with the week's Tcl/Tk article links.
XML XML 1.1 and Namespaces 1.1 revealed (IBM developerWorks)Arnaud Le Hors covers XML 1.1 and Namespaces 1.1 on IBM's developerWorks. "In this article, software engineer Arnaud Le Hors explains what XML 1.1 and Namespaces 1.1 are about, what changes they bring, and how they affect other specs and users."
XML Namespaces Support in Python Tools, Part Two (O'Reilly)Uche Ogbuji has written part two in his O'Reilly series on XML Namespaces. "In this article I shall focus on the various libraries packaged in 4Suite. If you need background on 4Suite, see my earlier article "A Tour of 4Suite ". I did briefly cover how to express namespaces for use in 4XPath in that article, but in this one I will explore different angles on the topic."
SVG and Typography: Characters (O'Reilly)Fabio Arciniegas A. explores SVG and typography on O'Reilly. "In the second part of our discussion of SVG and typography we explore some time-honored practices of typographic excellence; as we go along, each type issue will lead to the discussion of relevant technical aspects of SVG."
Page editor: Forrest Cook Linux in the news Recommended Reading EU votes through software patent changes (ZDNet)ZDNet UK reports that the European Council has approved the software patent directive. "The Directive will now be sent back to the European Parliament for another vote there in the autumn as the different bodies of the EU engage in a game of legislative ping-pong. While observers expect vociferous lobbying from open-source and developer groups, reversing the Council's vote will be difficult, according to James Heald of the Foundation for a Free Information Infrastructure..."
GNOME and Enterprise Desktop Usability (Serverwatch)Serverwatch looks at desktop usability. "We've spent a lot of time experimenting with GNOME 2.6 during the past few weeks, and we're inclined to say it's no worse than anything else we've dealt with in recent years. Early OS X releases constituted the hoodwinking of an entire user community that had no idea it was paying for the privilege of running two years of beta software. It took a veritable bucket brigade of third-party software developers to let us stand the sight of a pulsing blue button. We've been similarly troubled by Windows XP and its obvious anxiety over OS X, and we've looked at the latest from the KDE project, which provides a cluttered riot of over-configurability." (Found on GnomeDesktop)
Trade Shows and Conferences International PHP Conference in Amsterdam (NewsForge)NewsForge covers the recent International PHP Conference in Amsterdam. "One of the most exciting novelties I saw at the conference was PIMP, a new graphic extension for PHP 5 meant to replace GD as the main image manipulation tool for PHP. Its author, Pierre-Alain Joye, gave an interesting demonstration of its capabilities. Even though PIMP is still experimental and unstable, its performance and nice API are really impressive. PIMP will certainly be an improvement compared to GD, which is quite buggy and has caused a lot of headaches over the last few years."
The SCO Problem A Year of Groklaw: SCO On The Ropes? (Groklaw)Groklaw celebrates one year on the net. "What a difference a year makes. When we started, all the headlines were saying that SCO was going to destroy Linux or at least make it cry. Now, looking around today, I see almost everyone predicting SCO's imminent doom instead. I think the truth, as usual, isn't in the headlines, and that it's somewhere in between those two extremes."
Companies Mandrake 'charges' $13k for $132 membership (Register)The Register reports that a bug in payment software from Natexis has been overcharging Mandrakesoft customers. "The system is now up and running properly and Natexis is talking to the banks so anyone who overpaid should get a refund soon."
Microsoft offers a self-test diagnosis on system security (Taipei Times)Microsoft Taiwan Corp is claiming superior performance over several popular Linux distributions in the availability of security patches, according to this article in the Taipei Times. "Citing a report released in March by Forrester Research, Chan said Microsoft is the only company that fixed all the flaws found in its platform, unlike Red Hat Inc, Debian Systems, Mandrakesoft and Suse, who are the major developers of the open-source Linux operating system. Chan said the number of security alerts announced by Microsoft had decreased from 43 in 2002 to 38 last year, while Red Hat, Debian and others reported more alerts during the period."
MS drags Linspire back to court (Register)The Register reports that Microsoft is taking Linspire to court again, despite the name change from Lindows. "The software giant is taking action in the Dutch courts, where it won its previous case, claiming that the word Lindows is still appearing on Linspire's website. A decision is expected by the end of this month. Michael Robertson, chief executive of Linspire, said: "Microsoft is continuing the bullying tactics which have obliterated competition over the last 20 years...Its recent actions demonstrate that it has not reformed, but continues to be one of the world's worst corporate citizens that will do anything to squash competitors that threaten its monopoly profits."
Novell's Linux Desktop Zeroes In on Integration (eWeek)eWeek covers Novell's enterprise desktop plans. ""So, we are essentially taking the best of all three companies: strength from SuSE in terms of multiplatform support and enterprise-hardened Linux distributions; our expertise and usability and innovation and interoperability on the desktop from Ximian; and Novell's strength as a billion-dollar-revenue company with an enormous channel and very powerful reach and great product quality and support," Nat Friedman, Novell's vice president of Linux desktop engineering, told eWEEK in an interview."
Red Hat updating both Linux versions (News.com)News.com reports the recent release of Red Hat Enterprise Linux 3 Update 2 and the expected release of Fedora Core 2. "In Red Hat Enterprise Linux 3 Update 2, released Wednesday, the Linux seller added support for Intel's 64-bit "x86" processors and IBM's Power processor-based JS20 blade servers. In addition, the update adds 64-bit versions of developer tools for Intel's Itanium and Xeon chips and Advanced Micro Devices' Opteron." Fedora Core 2 is scheduled to be available on May 18.
Business Making money for FreeDave Fancella looks at issues behind making money with free software. "Once, a long time ago, we had one of the Rock Stars--er, businessmen himself appear on the list. He basically said "How am I supposed to make money off this software when people can just download it for free?". Well, you're not. Sorry. You asked the wrong question. The right question for him is "How can I add value to this software so that people will buy it from me rather than download it for free?"."
Linux Adoption Asian Governments Start to Speak the Same Language on Linux Implementations (LinuxInsider)LinuxInsider.com reports that several Asian countries are sharing research about conversion to Linux. "According to Japanese officials, the purpose of talks between Japan, South Korea and China is to share research findings, reduce the amount of money spent on Windows licensing and maintenance fees, and promote the use of Linux in the private sector. The main goal is to come up with a Linux standard that will support Asian languages -- which have many more characters than Western alphabets. In the Chinese language, for example, there are literally thousands of characters."
Linux at Work The Gelato Federation (Bioinformatics.org)Bioinformatics.org reports on an organization called the Gelato Federation. "The Gelato Federation, also known as Gelato, is working to develop scalable, commodity software to enable researchers to advance their studies in developing and technology-intensive areas, such as life sciences and physical sciences. Gelato invites participation from all interested organizations. Co-founded by HP and seven of the world's leading research institutions, Gelato is launching an open source community initiative designed to foster the development and dissemination of focused computing solutions for researchers and associated IT staffs working on the Itanium Linux platform."
Legal Congress mulls revisions to DMCA (News.com)Declan McCullagh reports on the House subcommittee meeting which considered the Digital Media Consumers' Rights Act (a DMCA reform bill). "It's unclear what the prospects are for the Boucher-Doolittle bill. It has a mere 15 co-sponsors in the House and no Senate version exists. What's more, the consumer protection subcommittee that convened Wednesday's hearing does not have jurisdiction over copyright law, making it unlikely the bill will be forwarded to the House floor this year."
Una direttiva europea minaccia l'open source (Repubblica)La Repubblica reports (in Italian) that some members of the Italian government are opposed to the introduction of software patents in Europe. "'An excessive reliance on software patents risks putting small and medium enterprises in this sector at a disadvantage, limiting the development of the market.' With these words, the Minister for Innovation and Technology, Lucio Stanca, expressed himself today against the proposed software patent directive..." (Editor's translation. The headline reads "A European directive threatens open source.") Sig. Stanca will not be representing Italy when the directive is discussed, however, so it is unclear what the country's position will ultimately be.
Interviews Interview: Andrea ArcangeliKernelTrap interviews VM hacker Andrea Arcangeli. "The VM at large is a big heuristic, and there's no perfect formula you can use to tell which page it's time to swapout to disk when, nor you can exactly predict how well the swapping will behave at runtime until you test or simulate it; that is the really hard part of the VM.'
Interview with International Hout (KDE::Enterprise)Fabrice Mous talks with Walter Stolk at International Hout about the company's KDE use on KDE::Enterprise. "The big advantage we have from using using KDE is the manageability of the workstations. Because there is not much need for maintenance I can take care of this aside of my daily work without the need for external expertise. This saves us a lot of money." (Found on KDE.News)
The People Behind KDE: Gunnar Schmi DtThe People Behind KDE will be going on a summer vacation after this interview with Gunnar Schmi Dt. "Which section of KDE is underrated and could get more publicity?The accessibility project could live with many more people. Some jobs that can increase the accessibility of KDE without requiring much knowledge about programming are to test all applications in order to find accessibility issues and to read bug reports and decide whether they are accessibility related or not. " (Found on KDE.Net)
Putting Linux on the desktop (vnunet)vnunet talks with Red Hat CEO Matthew Szulik about desktop Linux. "One of those Wall Street banks now has one administrator for 800 machines. One did it then everybody else came rushing to him to say: 'how did you do that?' Now nine out of the 10 leading Wall Street banks are Red Hat customers."
Resources File alteration monitoring techniques under Linux (DevChannel)The OSDN DevChannel looks at monitoring filesystems with tools like dnotify and FAM. "Most modern operating systems provide file monitoring facilities to give applications real-time information about changes to the filesystem. A variety of notification methods are used to tell the application when a change happens, ranging from an asynchronous signal being sent from the kernel through a user space tool printing the name of the changed file on its standard output. We'll take a look at some of the file monitoring facilities available to the Linux developer, starting with the lowest-level mechanism and working up to the highest."
Reviews BloGTK - a Linux blog tool for Moveable Type (Planet Geek)Planet Geek has a review of BloGTK, the Python-based blog tool. "The interface is clean and easy to work with, nothing was difficult to find or unintuitive. I'm able to save postings for later re-editing, (though the 'draft posts' are not available from my MT installation, so if I've been working on something online, I can't switch to using BloGTK to continue editing, or vice versa)."
Desktop Publishing with OpenOffice.org (Linux Journal)Linux Journal examines desktop publishing using OpenOffice.org. "Desktop publishing (DP for short) differs from word processing. In word processing, you type pages of characters and numbers to create documents for others to read. They might include graphics, such as tables and charts, to illustrate points made in the text, but the goal is to create a written document to convey information. In DP, you use graphics, along with text, to create a document with more visual appeal. Look at any printed advertising--the graphics in the document often are more important than the written word."
Application of the Month: KMPlayer (KDE.News)KDE.News reviews KMPlayer in its Application of the Month series. "KMPlayer is a multimedia player for the KDE Desktop capable of playing audio and video. The difference between KMPlayer and other multimedia players like Kaffeine is that KMPlayer acts as a frontend to multiple multimedia libraries. KMPlayer supports not only Mplayer but also Xine and Ffmpeg. This means that KMPlayer will play everything MPlayer and Xine will play. With KMPlayer you can also record streams with mencoder and watch TV if your card is supported by Video4Linux."
Linux boot camp: A sharp wake-up call to all attendees (linux.com)Linux.com reviews Linux training from The Training Camp. "The most important thing to realize when attending The Training Camp's LPIC certification course is that it really is a boot camp. You need to be prepared to eat and sleep Linux for seven days. Although there are no prerequisites, students should familiarize themselves with Linux before attending. Browse the Web, read up on Linux, install it, acquire a frame of reference. Being able to learn and retain this much information in this short of a timeframe is a skill. It's important to put yourself in that mindset when attending."
Cultured Perl: Three Essential Perl Books (developerWorks)IBM developerWorks reviews three perl books: Perl 6 Essentials, Perl Cookbook, 2nd Edition, and Perl Template Toolkit. " After finishing the second edition of the Perl Cookbook, I felt ready for the challenges of programming Perl in today's environment. Where the first edition seems inadequate today because of technologies that have emerged since its printing, the second edition again provides a stable foundation for any Perl programmer, beginner to advanced. I recommend the Perl Cookbook strongly, even for those who already have the first edition."
The Official Samba-3 HOWTO and Reference Guide (Linux Journal)The Linux Journal reviews The Official Samba-3 HOWTO and Reference Guide. "Due to the complexity of modern Samba installations, it isn't sufficient for a book to cover only the Samba software itself. A number of external software packages are needed to integrate a Samba server into a large network. Fortunately, the book does not let us down. The use of OpenLDAP, PAM, ISC BIND and DHCP in conjunction with Samba are all touched on in varying degrees."
Page editor: Forrest Cook Announcements Non-Commercial announcements Weird stuff from Alexis de Tocqueville InstitutionRemember the Alexis de Tocqueville Institution? They are the folks who put out the "Linux may help terrorists" press release almost exactly two years ago. They are at it again with this strange release hyping an upcoming book. "In one of the few extensive and critical studies on the source of open source code, Kenneth Brown, president of AdTI, traces the free software movement over three decades -- from its romantic but questionable beginnings, through its evolution to a commercial effort that draws on unpaid contributions from thousands of programmers. Among other points, the study directly challenges Linus Torvalds' claim to be the inventor of Linux." They promise excerpts from the book on May 20.
FFII: EU Ambassadors vote to back Software PatentsFFII has sent out a news release (click below) stating that the EU Council of Ministers has approved a new patent directive which removes the amendments added by the European Parliament last year. "Instead the lax language of the original Commission proposal is to be reinstated in its entirety, with direct patentability of program text fragments added as icing on the cake. The proposal is now scheduled to be confirmed without discussion at a meeting of ministers on 17-18 May, unless one of the Member States changes its vote." As one might imagine, FFII is urging action to bring about such a change.
The AGNULA project protests against software patentsThe AGNULA project has published a protest against EU software patents. "In September 2003, the European Parliament had voted to maintain and reinforce the exclusion of software and business methods from patentability. On May 5 2004, the Irish Presidency managed to secure a qualified majority for a counter-proposal to the software patents directive, with only a few countries - including Belgium and Germany - showing resistance. This proposal discards all limiting amendments from the European Parliament, reinstates the laxist provisions from the Commission, adding direct patentability of data structures and process descriptions as icing on the cake."
EU Software Patent Legislation: a real threat for Linux and Open SourceMandrakesoft urges people to get involved in stopping the adoption of software patents in the EU. "Mandrakesoft would like to forewarn and mobilize its users and the software community about the very real threat of such a law. Please contact the media, your political representatives, and your government, and urge them to vote against unlimited Software Patents and to revert to the previous European Parliament position."
Marist College joins OSDLMarist College in Poughkeepsie, New York has announced that it has joined the Open Source Development Labs. Marist is the first college to become an affiliate member of OSDL through a newly established College and University affiliate program.
Open Source Based Search EngineObjectsSearch.com has announced a web search engine that is based on open-source code.
Anti-FUD from Open Source Industry AustraliaOpen Source Industry Australia has sent out a couple of press releases relevant to current attacks on free software. This one warns against the risks of using proprietary software in defense applications: "Whilst there have been numerous attempts at inserting trojan code into both closed and open source products, all such attempts on open source program have been discovered and reversed, prior to the code becoming widely deployed and therefore a security risk to business, government and security agency users.."Then, there is this warning about relying on vendor "roadmaps." "Very often the actual path followed by the vendor marketing the 'vision' bears little real resemblance to the eventual technology users will be asked to run a few years later."
Reusable Zope Public LicenseVersion 2.1 of the Zope Public License has been announced. "We have updated the Zope Public License (ZPL) to revision 2.1. ZPL 2.1 is reusable. It supports having a consistent license for Zope and third-party products without requiring 3rd-party developers to assign copyright to Zope Corporation."
Commercial announcements Acucorp Announces Support for Red Hat Enterprise Linux 3Acucorp, Inc. has announced its support for Red Hat Enterprise Linux 3. "Acucorp's announcement of support for Red Hat Enterprise Linux 3 coincides with its official designation as a Red Hat Ready Partner. This designation requires companies to meet certain certification guidelines, confirm that their software runs on Red Hat Enterprise Linux, and agree to support customers who deploy their applications on the Red Hat platform."
Astaro Raises $6.7M in Venture CapitalAstaro Corporation has announced that it has raised more venture capital. "Astaro Corp., developers of the most popular Open Source-based security product, today announced it has raised a Series B round of $6.7 million from co-investors Insight Venture Partners of New York and Wellington Partners of Munich, Germany. The same group of investors co-led the companys Series A round of $6.2 million in May 2003, bringing the total amount raised to date to $12.9 million."
California Digital and Lawrence Livermore Deploy Fastest Linux ClusterCalifornia Digital, Quadrics, and Intel have announced that they have successfully deployed the "most powerful Linux supercomputer ever built", a 4,096 Itanium 2 processor based Linux cluster code named "Thunder" at Lawrence Livermore National Laboratory.
Flashline's Pattern Book for Open Source InitiativesFlashline, Inc. has announced the Flashline Pattern Book for Open Source in the Enterprise. "The Flashline Pattern Book offers a collection of documents based on best practices that address various aspects of the creation, launch and ongoing management of an open source software initiative, from building a business case to budget, staffing, and licensing issues."
LynuxWorks Announces Fourth Quarter ResultsLynuxWorks has announced growth and profitability at the close of its fiscal year 2004. BlueCat Linux 5.0, "the industry's first embedded Linux product built on the 2.6 kernel, continues to be the platform of choice for developers of consumer electronics products."
Mandrakesoft introduces Personalized Solutions and Maintenance ProgramMandrakesoft has announced its new Personalized Solutions and Maintenance Program (PSMP). "The "Personalized Solutions and Maintenance Program" (PSMP) is an easy-to-use, cost effective program designed to meet the needs of businesses of all sizes. PSMP allows you to purchase Mandrakesoft solutions at volume prices. It reduces the costs associated with evaluating, acquiring, implementing, and maintaining eBusiness software, and provides streamlined purchasing and centralized solution management through an Internet based graphical interface."
Metrowerks Enables Development With LinuxMetrowerks Corporation has announced the CodeWarrior Development Studio for ColdFire ISA, Linux Platform Edition.
New Books "JavaServer Faces" Released by O'ReillyO'Reilly has published the book JavaServer Faces by Hans Bergsten.
No Starch Releases "How Linux Works"No Starch Press has published the book How Linux Works by Brian Ward.
"Network Security Hacks" Released by O'ReillyO'Reilly has published the book Network Security Hacks by Andrew Lockhart.
Two new books on RVolumes 1 and 2 of The R Reference Manual are available from Network Theory Ltd. "They are published under a free documentation license and raise money for the R Foundation ($10 for each set of manuals sold)."
Prentice Hall PTR publishes "Understanding the Linux Virtual Memory Manager"Addison-Wesley/Prentice Hall PTR has published the book Understanding the Linux Virtual Memory Manager by Mel Gorman.
Resources CLOS papers by Richard Gabriel available onlineA set of papers on the Common Lisp Object System are available online. "Richard Gabriel has made available online the text of all the CLOS papers he authored or co-authored. They include the original design documents and some overview articles. CLOS (Common Lisp Object System) is the Object-Oriented subsystem of the Common Lisp programming language."
LPI-NewsThe April, 2004 edition of the LPI-News has been published. Take a look to see what the Linux Professional Institute is up to.
Contests and Awards The Seventh ICFP Programming ContestThe Seventh International Conference on Functional Programming (ICFP) Programming Contest has been announced. "On Friday 4th June at 16:00 UTC (12:00 noon EDT), the programming task will be published on this web site. Teams will have 72 hours to write and submit a program to perform this task."
SCO in the SD Times 100The SCO Group has sent out a press release proclaiming its being named in the "SD Times 100." ""SCO is honored to be named among the many influential companies that comprise the SD Times 100. We pride ourselves in the work we do to create world renowned Unix-based solutions designed by some of the most experienced and outstanding engineers in the industry." For the curious, here is the SD Times 100; SCO appears under "Influencers" in the company of Apache, Eclipse, O'Reilly, OSDL, and the W3C; the entry reads "The company's legal assaults on IBM and Linux users dominated 2003's tech headlines and shook up the open-source community. No other IT topic inspires such fervent debate, fear, uncertainty and doubt." Honored, indeed.
UKUUG 2004 Open Source AwardUKUUG (the UK's Unix and Open Systems User Group) has made its 2004 Open Source Award to Julian Field of the University of Southampton for his work in creating, developing and supporting MailScanner, an e-mail security system. The award is made annually to give particular recognition to the development of free and open source software in the UK. MailScanner is distributed free under the GNU General Public License.
Upcoming Events THE AGNULA PROJECT @ creAzioneRepresentatives of the AGNULA project will be present at the creAzione event in Milan, Italy on May 20-22, 2004.
EuroPython UpdateThe EuroPython Team has posted a status update for the event. "EuroPython 2004, being held June 7-9 in Göteborg, Sweden is now less than three weeks away!"
OLS early registration ends in 15 Days.If you are planning to go to OLS and haven't registered yet, there's still time to get the early registration discount.
Linux Audio Conference 2005The 2005 Linux Audio Conference will take place at ZKM in Karlsruhe, Germany on April 21-24, 2005.
Forum PHP 2004, ParisThe forum PHP 2004 (in French) will be held in Paris, France on November 25 and 26, 2004.
Events: May 20 - July 15, 2004
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Page editor: Forrest Cook Letters to the editor If Cisco ignored Kerckhoffs's Law, users will pay the price
The 15 May 2004 theft and publishing of the source code for Cisco's
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||