LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for May 27, 2004Documenting kernel code provenanceLinus's request for discussion made his motivation clear:
Some of you may have heard of this crazy company called SCO (aka
"Smoking Crack Organization") who seem to have a hard time
believing that open source works better than their five engineers
do. They've apparently made a couple of outlandish claims about
where our source code comes from, including claiming to own code
that was clearly written by me over a decade ago.
He notes that the process of debunking these claims, while highly effective, has not been entirely fun. As a way of making life easier when the next SCO comes along, Linus is proposing a lightweight mechanism which would document how each patch finds its way into the kernel. In essence, this scheme would require each patch to contain at least one line like:
Signed-off-by: Some kernel hacker <skh@some.host>
One such line would be added by each person who handles the patch on its way to the mainline kernel. Together, these lines would document the originator of the patch and the path it took before it was merged. Each developer, by "signing off" on the patch in this way, would indicate that he or she has the right to submit it to the kernel under a free license - either by virtue of having written the code, or by having obtained it from a source which allows this form of redistribution. Companies which require review of code contributed to external projects can designate a person who must sign off on patches before they go out. This procedure is a far cry from, for example, the full-blown copyright assignment required from contributors to GNU projects. Contributions to the kernel will still require no physical, signed papers, no assignment of copyright, no indemnification, and no documented permission from the contributor's employer. The Free Software Foundation, with its assignment policy, is trying to set itself up as the owner and custodian of the GNU system, with clear title to the code, the ability to specify the license under which that code will be released and to enforce the terms of that license. The kernel hackers, instead, seem to feel that they can get by without such a custodian, wish to retain ownership of their code, and, as the netfilter team has demonstrated, they feel entirely capable of enforcing their own licenses. The kernel system is, instead, aimed entirely at documentation. The next time somebody questions the legitimacy of code in the kernel, it would be nice to be able to point out, quickly, exactly where the code came from. In this way, perhaps, people can spend less time digging through ancient mail archives and more time developing. For this reason, suggestions varying from GPG-signing of patches to the (poorly received) idea of adopting an ISO-9000 process will probably not be implemented. Some tweaking will probably happen, but whatever system finally gets adopted will remain a simple, lightweight documentation mechanism. While the new kernel contribution scheme is aimed at documenting future contributions, the just-launched Grokline project is trying to document the past. From the site:
This is an open, community-based, collaborative research project, a
living history, designed to carefully trace the ownership history
of UNIX and UNIX-like code with the goal of reducing, or
eliminating, the amount of software subject to superficially
plausible but ultimately invalid copyright, patent and trade secret
claims against Linux or other free and open source software.
The project has put together a basic Unix timeline, and is soliciting input from anybody who can help document where all this code came from. Grokline will, without doubt, yield no end of interesting historical information. One can't help wondering, however, if the community isn't gearing up to fight last year's war. The SCO Group has done us a tremendous favor by showing that (1) finding copyright infringements in free software (and the Linux kernel in particular) really is hard, and (2) the community will unite with devastating effect against anybody who seeks to profit from baseless attacks on free software. It is hard to imagine another company wanting to be the next SCO. The next time a copyright claim is raised against free software, the claimants will be well advised to have their evidence in place from the beginning - and to be right. If there is another SCO-scale war in our near future, it will probably not involve copyrights. It will be, instead, a patent fight. Unless it serves to establish prior art, documentation of the provenance of code will not be helpful in a patent case. It is also worth noting that the SCO case has forced a remarkable alignment of interests between many large, deep-pocketed companies and the broader free software community. That alignment of interests may well be absent in a patent battle. Next year's patent war may not be fought off as easily as this year's copyright and (formerly) trade secret suit. By all means, we should be documenting where our code comes from, and, in general, doing our best to ensure that it has been contributed legitimately. But it would be a mistake to believe that this documentation alone will be sufficient to defend us from all "intellectual property" charges.
Fedora: looking forwardWith the final release of Fedora Core 2 out the door, and on schedule no less, now might be a good time to take stock of the project and where it's going. Unfortunately, that's not as clear as one might hope.It's easy to see where the project is now, but the future is a bit more murky -- at least for those outside the project. For the most part, the Fedora Project seems to be meeting its goals. A quick glance at the objectives for Fedora Core shows that the project is meeting nearly all of its objectives. Fedora Core 2 contains a wide range of open source packages on the "leading edge" of development. The project has done well at sticking to release schedules, and at putting together a fine Linux distribution that more or less picks up where Red Hat Linux left off. What Fedora has not yet achieved, however, is a significant level of community involvement beyond simple testing of releases. The situation has not been helped by the project's recent change in leadership; Cristian Gafton assumed the position of Technical Lead in January, but some have complained about a lack of communication from Gafton about the project. A quick search of the Fedora devel archives gives some credence to this complaint: Gafton has only posted twelve messages to the Fedora devel lists since he assumed the Technical Lead position -- six in January, and six in May. We contacted Gafton to see if we could get a glimpse at the roadmap and find out whether the community will have an opportunity to become more involved in the development of Fedora Core 3 (FC3) and future releases. Here's what we learned. LWN: How long will FC1 remain "supported" now that FC2 is being released?
Our current plans are calling for issuing security updates for FC1 for
two-three months after Fedora Core 2 has been released. Realistically, once
the Fedora Core 3 test1 is out (or shortly after) I would expect the
development interest in the Fedora Core 1 to diminish and we will take a
formal look at declaring the End of Life for Fedora Core 1.
LWN: It looks like the project managed to stick to the schedule set for FC2 pretty well. In retrospect, was the schedule too aggressive or just right? Will the schedule for FC3 be as aggressive as this one? Any breathing room between FC2 and starting FC3?
We're all very happy with the fact that we have not run into any major
issues in our quest to incorporate the features we have planned for the
Fedora Core 2. Of course, the desire for more development time will always
be there, but I think that we have managed to put together a very good
schedule and we have managed to stick successfully to it. This is one of
those times where we come to appreciate the Red Hat developers' experience
and leadership in planning and managing an OS release, as well as the
resourcefullness demonstrated by Fedora development community.
LWN: Speaking of FC3, what can we expect to see in the next release? Do you have a clear picture of what the next release will include?
We will start having a public debate about what we will plan for FC3 pretty
shortly. As far as I am concerned, I will pay attention to the deployment,
testing and migration to the new GCC 3.4 SSE compiler base, further
refining of the SELinux techonlogy, and - of course - the new versions of
Gnome, Evolution, KDE that are planned for release in the next few
months. As of right now we have encouraged every developer to build up the
wish list for the next round, and through a public debate process we will
get a clearer picture of a feature list in the next couple of weeks.
Planning the release will require us to figure out what will be reasonable to expect to include and what would be our stretch goals. We will start this process in very short order, because we want to get a tentative schedule out as soon as possible, so that developers around the world will know what to expect. For the Fedora Core 2 release I have been happy to notice that some projects have attempted to syncronize their release schedules so that we will have an easier time integrating their new code bases in the Fedora Core. It is my sincere hope that this trend will continue, and we are aware of the fact that we have to give people plenty of time to plan ahead. LWN: According to the FC2 schedule, the SELinux functionality was considered "stop-ship" -- but it was disabled by default in the last test release. Is SELinux ready for mass consumption in the final FC2 release, or does it still require some polish before it's ready for prime time?
I think the SELinux functionality is pretty well cooked and I encourage the
seasoned users and developers to play with it. Unfortunately at this stage,
the implementation and management of the SELinux security policies are
complex tasks that require an advanced degree of familiarity with the inner
workings of the operating system.
The challenge we face in developing a default security policy is the balance one needs to strike between the level of security barriers deployed and the functionality people would reasonably expect out of this release. For example, can we subject third party applications, that are not aware of the security contexts, to a paranoid policy that most likely will prevent them from functioning correctly, or do we provide a more relaxed policy at which point the security advantages of SELinux are not so readily apparent? Also, the legacy of the discretionary access control setups will be a tough nut to crack - we found out that a lot of users still expected that the root account will be able to do and fix everything - an assumption no longer valid when running under SELinux. So, for the Fedora Core 2 we have decided to court the experienced users and developers to help us figure out the lines of compromise between the challenges posed by the SELinux policy - a sort of a continued beta program for refining what would be an acceptable set of defaults. Of course, this does not preclude the development of very strict or more relaxed policies as alternatives to the balanced default set. LWN: No doubt you've seen the parody published by Konstantin Ryabitsev about Fedora/Red Hat's interaction with the community. Though it's a bit over the top, it has raised quite a bit of discussion. Is it likely that RH will seek more involvement from the community in terms of setting the direction of Fedora? Will there be any changes in the way Fedora is managed in the near future?
This is and continues to be one of the challenges Red Hat faces - how do we
build an effective way of engaging more of the external development
community and how do we enable them to participate in this project. The
parody you are referring to, while an entertaining read, assumes a
political conflict out of the current state, when in fact the challenges we
are facing are logistical. We are talking about deploying a parallel
development process for the Red Hat developers, geared and built to support
external parties contributing code on various sections of the operating
system. This means planning and executing a huge change in everything
infrastructure-related inside Red Hat engineering, which has the potential
of causing big impacts in the other corners of our business, like support,
professional services and even sales. We are working hard on opening up our
infrastructure, but we have to do it responsibly and we have to be mindful
of the business impact we are going to cause on the commitments Red Hat
needs to fullfill as a publicly traded company. Oftentimes we internally
compare this process to working on a jet engine while it is running...
Our short-term plans include the opening of a source code management repository where the interested developers can follow closely the development activity of the Red Hat engineering team. We will also be revamping the fedora.redhat.com website, adding dynamic content to it and allowing people to start participating in forums and start oganizing according to their common interests. These are steps that are going to happen in the very few next weeks, in time for the start of the Fedora Core 3 development process. LWN: On the same topic, a lot of discussion has been comparing Fedora to Debian -- obviously, there are some serious differences in the way that both distros are put together. Would you say that the Fedora approach is better, or just different? Why?
Well, some things are better, some things are "different." The Red Hat
engineering team is more experienced at putting together high-quality,
commercial distributions. The planning, scheduling and focus we bring to
the process are superior, and by transforming the Fedora Project into a
community-focused release we now also have the flexibility of doing more of
what is right when it comes to setting up a schedule.
In the software development process there are always three factors that are at play: features, quality and development speed. In commercial software development one can always have only two of those three. I believe that the community focus of the Fedora Project allows us to seek a more reasonable balance between those three objectives. Our background in commercial releases will allow us to keep focus on the fact that we need to have timely releases and we need to manage aggressively against the schedules we set. As far as Debian goes, they have been more successful at engaging the open source development community and there is a lot we can and will learn from their experiences. There is no question that as of now Fedora and Debian are very different in the way we put things together - but I think in the near future we will start to look more and more alike as far as the level of involvement with the development community. That may yet happen, but the Fedora project is going to have to open up significantly before it can begin to shake off its image (in some quarters, at least) as a beta test program for Red Hat's enterprise products. With luck and work, perhaps Fedora can begin to approach Debian's level of community involvement. If this can be done while retaining Fedora's rather more predictable release schedule, so much the better.
Movable type and "almost free" softwareMovable Type is a highly popular and capable content management system oriented toward the publication of weblogs. It is written in Perl, and is necessarily distributed in source form. It has never, however, been free software. Its license did not allow distribution of modified versions, though patches could be distributed. As a whole, the license was "free enough," and Movable Type developed a large, happy user base.That user base is rather less pleased now. With the announcement of Movable Type 3.0 came the news that, for all but the smallest, personal sites, use of the new version would require a paid license. Six Apart Ltd., the company which owns Movable Type, has since learned what happens when you upset thousands of people, each of whom has a personal printing press. Many online commenters have expended countless electrons on criticism of Six Apart and its new license. We'll not join them. Six Apart owns its code, and sets the terms for its use. The company is behaving no worse than any other proprietary software vendor, and better than many. One might argue it should have made its new licensing plans clear before inviting beta testers to help them finish 3.0, but that's about it. What Six Apart has done is to provide an object lesson in the perils of "almost free" software. If you do not have the right to run, modify, and redistribute a program, you will, eventually, find yourself in a situation where that program loses its value to you. If its owner fails to maintain it, nobody else can. If its owner imposes an onerous license, your only options are to take it or leave it. Source-available proprietary software can be deceptive; it feels much like free software. But every such package is another MT 3.0 waiting to happen. Consider, for example, the case of qmail. It is, beyond doubt, a powerful and secure mail transfer agent. It is distributed in source form. But it also comes with a non-free license which forbids distribution of modified versions, and which makes the distribution of binary packages difficult. There has not been a new qmail release since June, 1998. Patches are required to get it to build on a modern Linux distribution, and others are needed to bring it up to the level of functionality needed by many sites. But, due to the redistribution restrictions, nobody can take over qmail maintenance and release a new version. That notwithstanding, many sites (LWN included, it should be said) have chosen to run qmail. But all such users should bear in mind that qmail's license terms are, at best, vague; the software itself comes with no explicit license. If qmail's author were ever to proclaim a new license, it would be hard for users to prove that any other terms had ever been in force. Even without that sort of problem, it seems pretty clear that qmail's author has long since lost interest in working on the code; the chances of there ever being another qmail release appear small. The Movable Type episode has shown, once again, that licenses really do matter. A free software license represents a sort of gift from a developer to users: those users will never be deprived of the right to use, modify, and distribute the covered software. Developers are not (and should not be) required to offer such a gift. But if the author of software you use has not given you those rights, you should not be surprised when the terms change in the future.
Security Did they read it?Return receipts for email have been around for quite some time. They can be useful in some settings where a user is willing to verify that they've received an email without taking the time to compose a reply. However, the return receipt depends on the user's willingness to participate in the process. Often, for one reason or another, users do not wish to do that; these users can simply configure their email client to deny requests for return-mail receipts -- if, in fact, the user's email client supports that feature at all.There are, however, those who aren't content to depend on voluntary responses. Rampell Software is peddling a subscription service for nosy correspondents who want to know whether or not their email has been read. Rampell is a company that pushes several spyware products for MacOS and Windows that are aimed at monitoring the use of other peoples' computers. The "DidTheyReadIt" service is aimed at people who are determined to know whether or not their mail has been read, and who are willing to pay for the privilege. This, of course, has some not-so-pleasant implications for personal privacy. While the company assures its potential customers that it respects their privacy, nothing is said about the privacy of the recipient who may not wish to divulge whether or not they've read a particular email or where they've read it from. On the company's About Us page, they identify what kinds of people might want to find out whether an email has been read -- including some that make DidTheyReadIt sound like a must-have for potential stalkers:
Users of online dating services such as match.com who want to know if their
potential dates are reading their messages...or ignoring them.
It isn't particularly cheap to violate others' privacy either, at least not when using DoTheyReadIt on a regular basis. A quarterly subscription for the service, with the ability to track 500 messages per month, is $24.99. To use the service, the user has to send email through DidTheyReadIt's servers by tacking ".didtheyreadit.com" onto the recipient's email address. DidTheyReadIt's server then tags the email with a "web bug" and sends it on its way to the intended recipient. For the uninitiated, web bugs are a well-known spammer trick to verify working email addresses. The spammer includes a bit of HTML in the email that will request an unique image name (usually a small image that is invisible to the reader) from a remote server that tracks the hits. The image name and email address are paired so that the spammer can identify working email addresses with users gullible enough to open the spammer's email. When the image is requested from didtheyreadit.com, a hit is logged and the sender can then view the information on the DidTheyReadIt website and/or be notified via email. DidTheyReadIt takes the web bug idea further than the spammers do, however. It responds to the request for the web bug image by sending a slow stream of data back to the mail client; that stream will continue until the receiving system resets the connection. The amount of time the connection was allowed to run will be roughly equivalent to how long the message was on the reader's screen, giving a sense of how seriously the message was read.
When the service works, the amount of information provided to the sender is
quite intrusive. Not content to simply verify that a user opened an email,
Users who are even moderately knowledgeable about the way that the Web works will have no problem blocking DidTheyReadIt from divining whether or not they have opened an email sent through this service. Rampell's claims of success "the vast majority of the time, upwards of 98% in extensive testing" are a bit suspect. In fact, many users are already protected by sane defaults in their mail clients that prohibit the display of remote graphics in HTML email by default. This writer had to deliberately disable the defaults in the Yahoo! and SpamCop (which uses Horde) webmail clients to allow DidTheyReadIt to track test emails. The tracking did not work with Thunderbird or Opera's mail client. It goes without saying that users of mutt and Pine will easily slip under the radar. Furthermore, once word gets around about this service, many users may simply opt to filter out email that passes through the DidTheyReadIt servers altogether. Some folks might also decide to play havoc with this service by writing scripts to call random images from DidTheyReadIt's servers to generate false positives and render the service useless. Ed Felten predicts that DidTheyReadIt will not succeed in the long run:
Products like this sow the seeds of their own destruction, by triggering
the adoption of technical measures that defeat them, and the creation of
social norms that make their use unacceptable.
One would hope that the use of such a service would be considered "unacceptable" by most people already. Whether or not that is true, however, the use of free software for crucial tasks like email gives users the upper hand against this sort of service. There is, after all, nothing that forces us to tolerate a mail system which supports this kind of monitoring. If only all of our email problems were so easy to solve.
New vulnerabilities firebird: Locally exploitable stack overflow
kernel: exploitable bug in the cpufreq code
SquirrelMail cross site scripting vulnerabilities
xpcd: buffer overflow
Updated vulnerabilities apache - denial of service in mod_ssl
apache: multiple vulnerabilities
cvs: heap overflow
ethereal - multiple vulnerabilities
Filename disclosure vulnerability in fam
flim: insecure file creation
gtkhtml: malformed messages cause crash
heimdal: missing input sanitizing
icecast: denial of service
iproute: local denial of service
racoon: failure to verify signatures
racoon: denial of service vulnerability
kdelibs: cookie disclosure
kde: URI Handler Vulnerabilities
kdepim: VCF file information reader vulnerability
kernel: symlink overflow in the iso9660 filessytem
kernel - root exploit in MCAST_MSFILTER
Linux kernel 2.2.10 failing function and TLB flush vulnerability
kernel-utils: setuid vulnerability
kolab: password disclosure
LHA: stack buffer overflows and directory traversal flaws
libpng: denial of service vulnerability.
libpng, libpng3: buffer overflow
libxml2 - arbitrary code execution
logcheck: symlink vulnerability
mailman denial of service
mc: multiple vulnerabilities
metamail: integer and buffer overflows
mikmod: buffer overflow
mod_python: denial of service vulnerability
mozilla: multiple vulnerabilties
mpg321: format string vulnerability
MySQL: temporary file vulnerabilities
neon: buffer overflow
Nessus NASL scripting engine security issues
netpbm: insecure temporary files
openssh: timing attack leads to information disclosure
OpenSSL: denial of service vulnerabilities
passwd: various problems
postfix: denial of service vulnerabilities
Pound format string vulnerability
proftpd privilege escalation
python: buffer overflow
rsync remote file write attack
subversion: buffer overflow
sysstat: temporary file vulnerability
File overwrite vulnerability in tar and unzip
tcpdump: ISAKMP payload handling denial-of-service vulnerabilities
Multiple vendor telnetd vulnerability
utempter problems with symlink and strncpy
XChat 2.0.x SOCKS5 Vulnerability
xine-lib: malicious code execution
xine-ui - insecure temporary file creation
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch is 2.6.7-rc1, which was announced by Linus on May 22. The most significant changes are certainly the scheduling domains patch, and, surprisingly, the full set of object-based reverse mapping patches, including the anon_vma work. This patch also includes a generic msleep() function for millisecond-scale waits, a CPU frequency control update, a set of autofs4 patches, a set of patches to shrink the heavily-used dentry structure, the "filtered wakeup" mechanism (see the May 5 Kernel Page), a libata update, some architecture updates, the removal of the Intermezzo filesystem due to lack of use and support, a sysctl variable giving "huge page" access to a administrator-specified group, the ability to re-enable interrupts while waiting in spin_lock_irqsave() (for all architectures now), support in reiserfs for quotas and external attributes, the NUMA API, a big ramdisk fixup, and lots of fixes. See the long-format changlog for the details.Linus's BitKeeper repository contains an implementation of separate interrupt stacks for the PPC64 architecture, an ALSA update, and a fair number of fixes. The current tree from Andrew Morton is 2.6.6-mm5. Recent additions to -mm include a reworking of the symbolic link following code (allowing the eventual increase of the maximum symbolic link depth from five to eight), a new block I/O request barrier implementation (for IDE and SCSI), and the usual collection of fixes. Andrew has also quietly restored the 8KB stack option on x86 systems. The current 2.4 prepatch is 2.4.27-pre3; no prepatches have been released since May 18.
Kernel development news The merging of anon_vma and 4G/4GImmediately prior to releasing 2.6.7-rc1, Linus merged the full remaining set of virtual memory patches from Andrea Arcangeli and Hugh Dickins, including the anon_vma code. This action has raised eyebrows in some quarters; some developers had been under the impression that 2.6 was a stable kernel series. Nobody seems to doubt that the object-based reverse mapping code is a good idea in the long run, but merging it now strikes some developers as unlikely to increase the stability of the 2.6 kernel in the near future.Linus defends the change in this way:
It's not "fundamental", in that the reverse mapping is still
done. It's just done in a slightly different way. Going to rmap
was a _fundamental_ change to how we did VM. In contrast, this was
just an "implementation detail".
Most "implementation details" fit into rather less than 40 individual patches, do not involve difficult special cases (such as making all uses of mremap() work correctly), and avoid making significant changes to core parts of the virtual memory subsystem. That said, one should note that the core decision-making VM code has not been changed; the algorithm for choosing pages to move into and out of memory is the same as before. It is also notable that there have been almost no VM-related problem reports since 2.6.7-rc1 was released. This particular change may just work out in the short term after all. A related topic is the 4G/4G patch, which separates kernel and user space entirely so that each can make full use of the 4G virtual address space on 32-bit systems. This patch has been considered for merging for some time, but has never quite found its way in. Most developers see it as an ugly hack (though, perhaps, a necessary one), and there is fear of the (possibly overstated) performance overhead that the 4G/4G mode imposes. Even so, some people wonder when this patch might be merged. The answer seems to be "never, if at all possible." The motivations behind this patch are (1) to make more kernel-space low memory available on large-memory systems, and (2) to provide a larger virtual address space for applications. The first reason may well have just become moot; the anon_vma patch was merged because, among other things, it significantly reduces the amount of low memory used by the VM subsystem. The initial reports suggest that the current VM code handles 32GB of memory nicely on 32-bit systems. Since 32-bit systems rarely come more heavily loaded than that (so far), it is thought that the VM has gotten as good as it needs to be on those systems. The real hope, however, is that a serious transition to 64-bit systems will happen before too long. The x86 architecture has been stretched much further than anybody would have expected it to go, and x86_64 makes the transition so easy that there is very little reason not to do it. The 4G/4G patch is likely to hang around (and be included by some distributors) for some time; if nothing else, all of the currently-deployed monster x86 systems are likely to go on running for a while yet. But the mainline kernel may just get away with saying "switch to 64-bit" and leaving that particular patch out.
The Big Kernel Lock lives onIt was recently noted that ioctl() system calls are still executed with the Big Kernel Lock (BKL) held. A suggestion was made that drivers which can implement ioctl() without the BKL held should be specially flagged as a way of increasing parallelism. That suggestion looks like it will not get very far. But it did pique your editor's interest in current use of the BKL. Besides, there hasn't been a whole lot else going on this week.The BKL is an artifact from when the Linux kernel first supported multiprocessor systems. Making the kernel safe for concurrent access from multiple CPUs has been a multi-year task; it is not a job that could have been done all at once at the beginning. So Linux 2.0 supported SMP systems by way of the BKL, which only allowed one processor to be running kernel code at any given time. The BKL is essentially a spinlock, but with a couple of interesting properties:
The BKL made SMP Linux possible, but it didn't scale very well. Its overhead could be felt even with two processors, and it made running on anything larger problematic. So the kernel developers have been breaking the BKL into finer-grained locks ever since. Thus, for example, the block I/O subsystem went from the BKL to its own lock (io_request_lock) in 2.2, and from that to individual queue locks in 2.6. The kernel now has thousands of locks, and some people had assumed that the BKL would be gone by 2.6. As it turns out, there are still over 500 lock_kernel() calls in the 2.6.6 kernel. For the curious, here are some of the places which still rely on this old, system-wide lock:
Given how poorly the BKL is viewed, it may be surprising that so many places in the kernel still use it. The simple fact is that, with regard to the BKL, all of the low-hanging fruit has long since been taken. For most of the remaining calls, removing the BKL is not worth the trouble and code churn. So, while removal of the remaining calls over the 2.7 development series looks entirely possible, it would not be surprising if that does not happen.
The new Debian kernel teamHerbert Xu was the maintainer of a surprising number of core Debian packages, including the i386 and Alpha kernels. Unfortunately, Mr. Xu became upset over the Debian Project's perceived recognition of Taiwan as a separate country, and resigned from the project on May 5. Many of his packages have been picked up by others or have gone into the orphan state, but the kernel packages are important enough to require more careful handling.The actual process of selecting the new kernel maintainer would appear to have been done in private; we were not able to get an answer from the Debian leader about just how it was done. The results have now been made public, however. The Debian kernel will now be maintained by a team, with William Lee Irwin and Al Viro at the core. Additional helpers include Troy Benjegerdes, Dann Frazier, Goto Masanori, Christoph Hellwig, Benjamin Herrenschmidt, Anton Blanchard, and Arjan van de Ven. In other words, Debian will now have a set of kernel packages maintained by active kernel developers. This should help to improve the quality of Debian's kernels (though, it should be said, complaints about Mr. Xu's kernels were rare) and to improve the feedback from Debian into the kernel development process. Mr. Irwin's plans include "aggressive mainline tracking" and, eventually, a unified source package for all architectures supported by Debian. Expect some interesting things from the Debian kernel in the near future.
Patches and updates Kernel trees
Build system
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Architecture-specific
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials The RULE ProjectA modest computer training center appears in the African Republic of Togo in December of 1998. In January, 2001 a Cyber Cafe goes up in Cameroon. In the summer of 2002 a "Computer-College" is established in Congo. Around Africa and across the developing world, technology is seeping in. People there may have very little, but they do have hope and they need jobs. They need to start nurturing a local tech community, building local skills and creating human capital.Most of the world is not fortunate enough to have access to the latest hardware and they have neither the money nor the local computer store for acquiring parts. If free software is to fulfill the promise of software access for all, then something needs to be done to accommodate the needs of the great majority of the world running on donated 486– and Pentium–era computers. Unfortunately, the mainstream distributions do not target older hardware. Even selecting individual packages presents problems because of cascading dependencies (try removing gpm). Some suggest using older releases, but older software often lacks important features, contains many security holes, and no longer has an active support community. Enter the RULE Project (Run Up2date Linux Everywhere). RULE is not a new distribution. It makes an existing distribution install and run on older hardware. Specifically, it takes standard Red Hat Linux, adds a custom installer, provides resource–friendly RPM package lists, and packages alternative light–weight GPL applications. The advantage of this approach is that the original distribution provides all the patches and documentation, reducing the maintenance load for RULE. The result is amazing. Machines that would otherwise have been unusable are suddenly doing web browsing, word processing, instant messaging, and even multimedia tasks. Of course, using alternative programs is a huge part of what makes this possible. Instead of Mozilla or Opera, you use w3m or links or dillo. Instead of OpenOffice.org, you use AbiWord and Gnumeric. Instead of KDE, you use IceWM or XFCE. But the other secret is KDrive, Keith Packard's light–weight X server. This allows X to consume much less memory. It doesn't do everything that the full–blown X does, but it provides the core functionality at a greatly reduced resource penalty. At the helm of this effort is Marco Fioretti, a telecommunications systems designer in Rome, Italy. It all started when he spoke up on the Red Hat users mailing list. Standing up to much resistance, he argued for better packaging to reduce dependencies, for more optimization and for less bloat. Despite initial cynicism, he pushed on. When he opened the project on Savannah, people began to join. One of those people was Michael Fratoni, an electronics technician in New England. Michael had already become familiar with the difficulties of slimming down Linux by putting together low–resource firewalls for family and friends. He never expected to become the project's lead developer, but he is responsible for most of what has been implemented so far. From their "home" page, the goals of the project are to
Thanks to Michael, they have already completed their first goal. They have created Miniconda, a low–resource version of Red Hat's installer, Anaconda, that lowers the memory requirement from 20MB to about 12MB and provides reduced package lists. They have also created Slinky, a completely new installation routine written in Bash, which can do a complete install on a system with only 8MB of RAM. Both installers work with the latest Red Hat Linux distribution media, but Slinky is under active development and Miniconda appears to be on the way out.
Now that Red Hat Linux has become Fedora Linux and is taking on a much more community–driven aspect, RULE is poised to make great strides toward its other goals. Last fall, Marco announced his group's intentions on the Fedora developers list. Besides an endorsement from Alan Cox, he received encouragement from a kernel RPM maintainer. While Fedora will likely not restructure its packaging, it sounds like RULE will soon be able to have a low–resources i386 kernel configuration maintained within Fedora. So, if you have a system that balks at the demands of the latest distributions, but you want to have access to a large, flourishing user community, look into RULE. Install it on that old 486 in the closet. Submit your results to their test machine list. Join the mailing list. Pitch in and help with the website or the database or the development. More importantly, if you are looking to deploy a herd of old boxen in an underfunded area, RULE could be the way to make those donated systems useful again. I cannot overstate the importance of RULE in the developing world and in underprivileged neighborhoods. It is already being used to great success by VUM (the Association for the Support of Humans) in several African nations. It can be made to serve many other purposes such as this. There are, of course, other noteworthy attempts to bring GNU/Linux to low–resource systems. The KNOPPIX revolution has spawned several LiveCD contenders, such as Feather, Puppy, and DamnSmall Linux. These can be run from CD and thus do not require a hard drive. They come with light–weight desktops like Fluxbox and apps like dillo. One weakness of this approach is that the CDROM drives one generally finds in today's donated PCs are often excruciatingly slow (4x). In this case, the ability to install to a hard drive is quite valuable. Vector Linux is a distribution based on Slackware that claims to perform admirably on a 386. It is a very polished distribution and may be a good choice for donated PCs, but it doesn't seem to be as "hard core" as RULE. For instance, it uses the full-blown XFree86 X-server instead of kdrive. It might be appropriate for a 586 with 64MB of RAM, but probably wouldn't give much hope to someone using a 486 with 16MB of RAM. There has been talk recently on the RULE mailing list of using RULE with LTSP. The Linux Terminal Server Project also gives new life to old hardware. It takes the thin client approach, using a decently powerful server to serve up logins, applications, and storage to terminals over a network. While RULE and LTSP take different approaches, they can work together nicely. RULE can be used as the basis for the LTSP server, allowing it to do more with less. So, while an LTSP server tasked with serving up KDE, OpenOffice.org and Mozilla to 12 terminals would have to be a dual-processor P-III with at least 512 MB of RAM, a RULE-ified LTSP server providing IceWM, AbiWord, and dillo to 12 terminals could be a PII-350 with 128 MB of RAM. In short, while there are other distributions and projects that recognize the need to serve older hardware, only RULE exists in its particular niche. It may be a while before a "Low–Resources" option appears in the installers of the main distributions. Until then, there's RULE.
Distribution News Debian GNU/LinuxDebian news is slow this week because many Debian developers are at DebConf, however we do have the Debian Weekly News for May 25, 2004, which covers a Debian 3.0 DVD in the June issue of Australian Personal Computer magazine, installing Debian with Overclockix, and several other topics.
Fedora CoreIssue #12 of the Fedora News Updates is online with information about the Fedora Core distribution. "Fedora Core 2 has been released, after over six months, and it's been a big week for all of us. Updates here don't contain much more information on the test3 release any longer, unless the issues still got carried over."Looking for more Fedora news and Fedora forums? Check out Fedorazine. Fedora also has many mailing lists. This mailing list reminder will help you find the right list for your Fedora questions. The Fedora Hardware Project aims to document hardware that works (or doesn't work) with Fedora Core. Some information has been added to the project's wiki page. So chime in, and let people know how Fedora works on your hardware. A Fedora Core 1 update to php is available providing bug fixes since the previous 4.3.4 release. Fedora Core 2 updates:
Making Fedora Core 2 and Windows play well togetherAs some users have found to their dismay, installation of Fedora Core 2 on a dual-boot Windows system can render Windows unbootable. The Fedora hackers have now put together a draft document on how to avoid that outcome, and how to recover your system if it's already too late. Click below for the full text.
LinspireEspanolLindows, Inc. has announced the opening of its Mexico City office. The new office will work with system builders, resellers, OEMs, business partners, and the retail channel to provide LinspireEspanol in Latin America.
MandrakelinuxMandrakesoft has announced the availability of Mandrakelinux 10.0 Official for download. Find out more Mandrakelinux 10.0 news in the May 26th edition of the Mandrakelinux News Digest. Also here is a Mandrakelinux 10.0 update for mkinitrd-net which removes a debugging statement that could cause problems in booting a client machine.
Slackware LinuxThe slackware-current changelog was a busy place this week, with a variety of fixes and changes. Upgrades include mysql-4.0.20, cvs-1.11.16, slackpkg-1.2.1, lilo-22.5.9, automake-1.8.5, curl-7.11.2, brltty-3.4.1, emacspeak-20.0, fluxbox-0.9.9 and lftp-3.0.4; and the packages device-mapper-1.00.17, LVM2.2.00.15, alsa-driver-1.0.4, kernel-generic-2.6.6, kernel-modules-2.6.6 and mkinitrd-1.0.0 have been added to testing.
The Complete Reference: Red Hat Enterprise Linux & Fedora Edition (Linux Journal)Linux Journal reviews the book The Complete Reference: Red Hat Enterprise Linux & Fedora Edition. "The first half of the book is geared towards novice to intermediate users, and the second half is dedicated to more advanced subjects. Chapters covering installation, command-line and GUI environments help novices become oriented to Linux while other chapters about NFS, Samba DNS and Security should appeal to system administrators. Several reference books are available that cover a great many topics but often fail to go into the proper detail. Considering the breadth of topics included in this book, I was pleasantly surprised to find that the most important details were present."
New Distributions Debian From ScratchJohn Goerzen has released "Debian From Scratch;" click below for the full announcement. DFS is yet another Debian live CD, with an emphasis on system rescue tools and the ability to install Debian (including the x86_64 port) onto a hard disk. Perhaps the most interesting part, however, is the "DFSbuild" utility, which enables the creation of custom live CDs with whatever packages seem like they might be useful.
YES LinuxYES Linux (YourESale) provides the YES business appliance, an easy-to-use Business in a Box designed specifically for the small businesses and non-profits to be able compete with the larger businesses. YES Linux, at the core of the appliance, contains the tools neeeded to create a website, set up email and more. YES Linux joins the list at version 2.0.8, released May 23, 2004.
Minor distribution updates Astaro Security LinuxAstaro Security Linux has released v4.022 with minor security fixes. "Changes: This Up2Date package fixes Exim vulnerabilities (OpenSSL and stack overflow), the License key replication bug in HA mode, and the issue with dropped packets in the LogAllow chain."
floppyfwfloppyfw has released stable v2.0.9 with minor security fixes. "Changes: This release features kernel 2.4.26 and a few other small fixes."
GoboLinuxGoboLinux has released v011 Beta 2. "This version is far more stable than beta1, and is almost a release candidate. The main item remaining to be done is the addition of a kernel 2.6.6 image. Probably 011 final will be released in the next few days, so any report on this version very, very welcome."
Linux LiveLinux Live has released v4.1.2 with major feature enhancements. "Changes: create_bootdisk.sh was fixed, the mv and cut commands were added to the initrd, and tohd and fromhd boot options were implemented."
OraluxOralux has released v0.6-alpha. "Changes: The audio menu is now available in Russian. The new settings concern the braille display or the external synthesizer. A new cheatcode has been added to select the external synthesizer at boot time. Two new voice synthesizers have been added: ParleMax (in French) and Multispeech/Ru_tts (in Russian and English). This new release proposes a new environment based on Yasr, a lightweight and portable screen reader. A mini menu has been added so that the user can select and launch software under Yasr."
Rock LinuxRock Linux has released v2.0.1 with minor feature enhancements. "Changes: This release features improved compilation on other distributions (SuSE, Red Hat), updates to KDE, GNOME, Linux, OpenSSL, OpenSSH, neon, Subversion, CVS, silo, and dietlibc, and some package additions. There were also single user mode improvements, ROCK Net and ROCK Plug updates (and speed optimizations), a reinclusion of source CD creation, and some PowerPC and SPARC fixes."
Server optimized LinuxServer optimized Linux has released v18.00 with major feature enhancements. "Changes: This is the fifth stable release of SoL since 2002. The installation- and rescue-system is now based on the new SoL-ISI technology, which was first introduced in the live-CD distribution XoL 18.00. RunSoL, the XML boot-technology introduced by antitachyon was extended by many features. The release includes gcc 3.3.3 and gcc 2.95.3 integration with fast-switching, Linux Kernel 2.6.6, a multilanguage installer (English, German, Nederlands, Italian, Spanish, and Greek), the LIVE-CD Diagnosis and rescue system SoL-ISI, a ready to run copy of spamassassin, and easy X11 configuration."
SLAXSLAX-Live CD has released v4.1.2 with major feature enhancements. "Changes: This release fixed xconf, so the mouse should finaly work. DBdiff (configsave) was modified to skip mounted partitions (or Samba shares), and tohd, fromhd, and server boot options were added. gpart, a tool for guessing PC-type hard disk partitions was included. Network services are no longer started automatically at bootup due to security issues, and a simple firewall is activated to disallow all incoming connections. Modules were added for Czech, Polish, Brazillian, Italian, French, and German."
Distribution reviews Fedora Core 2 Review (LinuxLookup.com)LinuxLookup.com reviews the Fedora Core 2 distribution. "This leads me to my biggest problem with Fedora. On one hand, it is a great introduction to Linux. It installs easily, works well and is attractive. On the other hand, it plays right into the hands of Linux's biggest critics, which is the mistaken notion that it is unfinished and most things don't work. You are given a browser with no plugins, so if you jump online excitedly with your new system, there are a lot of things that won't work. You load your favorite mp3s, then find out you cannot play them. God forbid you have a dvd drive. You notice the red exclamation point telling you there are updates available, but up2date freezes leaving you unable to get them. I know there are fairly simple solutions to these complaints, but the fact remains that not everyone who tries Fedora will know how to do it. They will just feel disappointed by a system that lets them down, deciding that this Linux thing is not ready for prime time."
Experiences with Gentoo, CRUX and Onebase Linux (OSNews)OSNews takes a look at three source based distributions. "Crux is simple to use, non-user-friendly-at-all, but simple. Just the way I like it. I use xfce4 window manager, firefox, gimp2, xpdf, nedit, openoffice, gqview, gaim, thunderbird, xmms, gxine and a few other gtk/gtk2 apps. These programs and a handful of their dependencies are all I compiled and installed, with my optimized architecture and optimization flags of course. Sadly nothing breaks. Nothing crashes. I love to tinker with my system but there is no need. That is why I keep a partition empty to try out the new ones."
First look: Sun Java Desktop System Release 2 (linux.com)Linux.com reviews the second release of the Sun Java Desktop System. "Despite my best efforts, this software just didn't work for me, so the rest of this review will cover what the software includes and what it should offer if you manage to get it installed and working on your machine. I can't verify that any of these features work as stated; I can't even verify that Sun Java Desktop System 2 works at all on any computer hardware, although I'd say it's a safe bet that someone, somewhere has a computer that this software will work properly on."
Review of Fedora Core 2 (OSNews)Here's an OSNews review of Fedora Core 2. "First, allow me to say that I have only been using Linux for about 5 months, so I'm a comparative newbie to many in the Linux world. I don't make presumptions to know everything. With that in mind, this review is not geared toward the Linux veteran, but for people who have more curiosity than experience with Linux."
Page editor: Rebecca Sobol Development Interview with Audacity developer Dominic MazzoniThe full text of this interview (much longer) is available here.As a long time musician, or so I like to call myself, and a free software enthusiast, I have personally found Audacity to be an indispensable tool for mastering mixes. Other people find a variety of uses for it, including deployment into public radio stations, restoring LPs for CD-burning, and more. Audacity has been in continuous development since 1990. It is a multi-track recorder, mixer, wave form visualization tool, and editor all rolled into one. It's the Free Software equivalent of Protools, Soundforge, and Cakewalk, albeit without the midi portion of any of those programs. Recently I exchanged some email with Dominic Mazzoni, the Lead Developer and founder of Audacity. As a long-time lurker on the Audacity-devel mailing list, I've come to be familiar with Dominic as one of those kind, gentle spirits who leads first with his coding and second with his ideas, and is an inspiration to us all. Here, then, is the email interview with Dominic Mazzoni: Q: In the Audacity FAQ, it says "Audacity was started in the fall of 1999 by Dominic Mazzoni while he was a graduate student at Carnegie Mellon University in Pittsburgh, PA, USA. He was working on a research project with his advisor, Professor Roger Dannenberg, and they needed a tool that would let them visualize audio analysis algorithms. Over time, this program developed into a general audio editor, and other people started helping out." Would you provide some information on the nature of the tool? How did it turn into a general audio editor? Was it a graded assignment, and if so, what grade did you get?
A:
I was in a Ph.D. program at CMU, and the way it works there is that grad students are supposed to work on independent research right from day one, even while we're taking classes. My dream was to develop automatic music transcription software that could take any recording and turn it into sheet music. This was too difficult, of course, so I was working on monophonic pitch transcription and melody matching, which eventually led to some reasonably successful research in how to retrieve a melody from a database of songs based on a sung/hummed query. While I was trying to visualize pitch transcription algorithms, I started developing my own tool. Since there weren't any other audio editors for Linux that I liked, and I couldn't afford any good editors for the Mac (my two preferred platforms), I thought it would be fun to turn my project into a complete editor.
My advisor, Roger [DF: Roger Dannenburg is the mastermind behind the Nyquist scripting library which is now embedded in Audacity and is just one way to extend Audacity's sound processing capabilities], was very supportive of the project, and convinced me to turn the editor into a Computer Science research project. So I came up with an interesting data structure that could do editing operations quickly, and we wrote a paper on it. By the end of that year, though, I was having a lot of fun with the audio editor and was spending more and more time on it outside of my official research. I came up with the name "Audacity" and released it on Sourceforge. It was pretty limited at the time, but it was cross-platform, which was a big deal, and it worked well enough to generate interest. From that point on I worked on it mostly as a hobby, rather than as a part of my research, though I did find it useful for my research, too. Q: Audacity has been gaining a lot of traction in the market, lately. How do you feel about that? Do you ever get the "15-minutes of fame" feeling, or is it something you ever really think about?
A:
I've thoroughly enjoyed all of the attention that Audacity has gotten. I enjoy working on something that people find useful, and I would choose fame over fortune any day. I've invested so much time into Audacity that it can affect me pretty seriously - seeing a good review or getting an email full of praise can give me an emotional high that lasts all week, but unfortunately bug reports, especially serious ones where people have lost work because of a bug in Audacity, can really make me feel depressed. Recently I had to take a step back and give myself a vacation from responding to emails to audacity-help for my own sanity (thankfully, other developers and users have done a great job of answering the mail).
Q: How do you feel, and how do you respond when users show up that want specific features found only in specific commercial applications?
A:
Actually I don't think that anyone has ever said they wouldn't use Audacity if it didn't work exactly like their favorite proprietary application. Most people are perfectly happy to do things a different way as long as it's equally intuitive and powerful. Sometimes we're able to satisfy users by making Audacity as customizable as possible - for example you can edit all of Audacity's keyboard shortcuts and make them the same as some other program if you want. The other Audacity developers and I came up with our own keyboard shortcuts based on what we thought would be the most intuitive and useful, but users are free to modify that (and they can even save their keyboard layouts as XML and share them with other users).
I've been a Mac user since the very beginning (my parents bought an original Macintosh in 1984) so I've always been a fan of intuitive, "discoverable" interfaces. My main complaint with other audio editors is that too often they are trying to emulate the interfaces of analog mixing boards, which I didn't think was very intuitive for the rest of us. I wanted to create an interface that anyone computer-literate could figure out how to use on their own. Q: For that matter, even the digital mixing boards are trying to emulate the analog interfaces when they don't really have to. :) Are there any specific areas where you think Audacity could really take advantage of the fact that it's software for a general use computer to make some really nice interface?
A:
There are lots of areas where an audio editor could be "smarter" than it is now to save users time. I'd like to see Audacity do automatic beat detection and have an option to snap the selection to the nearest beat boundary, making it easier to cut an entire chorus out of a song without breaking the tempo, for example. I'm sure there are hundreds of other things like that.
If you look closely, you'll see lots of subtle differences in the way that Audacity operates. Unlike almost every other audio program I've seen, Audacity lets you have multiple tracks, each with a different sample format (16-bit/32-bit) and sample rate (44100 Hz, etc) - and Audacity automatically mixes them on the fly. It also has a rather unique built-in amplitude envelope editor, and one of the best frequency analysis views. Q: How would you define Audacity's target market?
A:
Well, it's free, so everyone. Seriously. I'd like Audacity to be good enough to meet the needs of 90% of the users who just want to record a song or an interview, create a mix, convert a tape or LP to CD, etc. Then for everyone who has more advanced needs than that, there are plenty of other tools available - but there's no reason not to keep Audacity around also for the few things that Audacity might do best.
Audacity is a particularly good choice when it's helpful to have a truly cross-platform tool, such as in a mixed-operating-system school computer lab - or when the licensing cost of other tools is prohibitive, such as in third-world countries or at public radio stations. Q: I understand that Audacity uses a block file approach, where instead of manipulating each track as one large file you guys have broken each track down into many small files. Would you tell us more about this setup? Why did you chose it over other methods? What are the benefits and drawbacks with using block files?
A:
Well, to be honest, when I started Audacity I didn't know about Edit Decision Lists. My only experience was with tools like SoundEdit and (early versions of) CoolEdit, both of which were very slow at doing things like Cut, Copy, Paste, and Undo, because they rewrote the entire audio file on disk after each operation.
Q: How about some more information on Edit Decision Lists?
A:
An edit decision list is a list of all of the modifications you made to the original audio. The original audio file is left alone, and when you press play, the computer applies all of the edits in real-time to render the audio. This makes editing very fast, since the program is just manipulating a list of edits, but it can increase the amount of processing power required to playback audio in real-time. These days, though, you can do hundreds of edits before you even begin to slow down a modern PC.
I knew I could do better using my Computer Science knowledge, and soon I had worked out a method that involves splitting each track into small pieces - say about 2 MB each. If you allow each piece to be any size from 1 MB to 2 MB, but no smaller or larger, then it turns out you can implement all of the basic editing operations (cut, paste, etc.) without ever having to modify more than 5 pieces ("blocks") at a time. This was what I ended up writing a paper on. In doing the research for the paper, I learned about Edit Decision Lists and other techniques for nondestructive audio editing. In the end I decided while there were some advantages to EDLs, there were just as many advantages to the blocked-file approach, so it would be better to keep Audacity unique and capitalize on the strengths of this approach, rather than switch to EDLs just to copy everyone else. One advantage of the blocked-file approach is that you can have multiple "references" to the same data in multiple places. So duplicating a track in Audacity, or creating a loop (using the Repeat effect), are both virtually instantaneous. Also, because Audacity never splits files smaller than about a megabyte, it doesn't slow down trying to playback a region that contains hundreds of edits, which can be a problem with EDL-based editors. Q: More recently, there has been a bit of buzz over a new back end implementation of Audacity's work code in a library that has been named "Mezzo". Would you tell us a bit about Mezzo?
A:
We've been talking about something like Mezzo for years, but Joshua Haberman (one of the earliest Audacity developers) and I finally started working on it a couple months ago. We did a lot of redesigning and rewriting together early on, but now that we're mostly happy with the new design, Joshua has been doing most of the work.
Mezzo is a rewrite of all of the major core features of Audacity aside from the graphical interface. While Audacity is distributed under the terms of the GNU General Public License, which means that the source code can only be borrowed for use in other GPL or GPL-compatible programs, Mezzo will be released under a very unrestrictive BSD-like license that will allow it to be used by almost anyone. We hope that this will encourage many more people to use Mezzo in projects unrelated to Audacity, including commercial products, which will lead to Mezzo being much more robust and stable. Well, thank you very much Dominic for your time, both in this interview and your time spent bringing us Audacity. It definitely fills a hole for many of us, and as usual, there isn't really any way to properly thank you other than continuing to use and support Audacity. Audacity can be found at audacity.sourceforge.net. Information on Mezzo can be found in the Audacity Wiki.
System Applications Database Software PostgreSQL Weekly NewsThe May 25, 2004 edition of the PostgreSQL Weekly News is online with new PostgreSQL database information. "This week saw a swing back toward enhancements to existing systems rather than new functionality, although given that some of these changes will make old functions now usable for new people I guess that is in the eye of the beholder."
Interoperability Samba 3.0.5pre1 Available for DownloadSamba Version 3.0.5pre1 is available. "This is the first preview release of the Samba 3.0.5 code base and is provided for testing only. This release is *not* intended for production servers. Use at your own risk. There have been several bug fixes since the 3.0.4 release that we feel are important to make available to the Samba community for wider testings."
Libraries Common C++ Version 1.1.8Version 1.1.8 (stable) of Common C++ is out. "Common C++ is a C++ class library that abstracts various system services in a portable manner, thereby making the creation of portable applications much easier. It is portable code, with very low runtime overhead, that works well on a very wide range of target platforms and C++ compilers in everyday use."
libannodex 0.5.66 releasedVersion 0.5.66 of libannodex, a C library for reading and writing Annodex media, is out. "Annodex is an open standards based technology that extends the World Wide Web's hyperlinking, searching, and compositing infrastructure to time-continuous data, enabling video surfing, searching for clips of audio and video files using ordinary Web search engines, and on-the-fly composition of a video on a Web server from previously annodexed clips."
libfishsound 0.6.2 is outVersion 0.6.2 of libfishsound, a library which provides an interface for the Vorbis and Speex audio codecs, is out. This release adds the fish_sound_prepare_truncation() API call and has an improved encdec-audio test.
liboggz 0.8.3 releasedVersion 0.8.3 of liboggz, a C library for working with Ogg compressed audio files and streams, is out with improved Theora parsing, bug fixes, and new documentation.
Web Site Development Latest Release of Back-End CMS (SourceForge)Version 0.7.0.5 of Back-End CMS has been announced. "Back-End CMS is a flexible, multi-lingual template driven PHP/MySQL CMS which includes in-line editing and text, html, wiki or WYSIWYG editing interfaces. Release 0.7.0.5 is a major release and includes a serious security fix and a great many added features. We have extended our multi-lingual support to offer better support forunicode fonts like Persian, Arabic and Hebrew."
Midgard 1.6.0 beta releasedVersion 1.6.0 beta of the Midgard Content Management Framework is out. New features include support for multiple languages, support for PAM, an Apache2 module, a PHP4 module that works with Apache 1 and 2, and more.
phpWebSite 0.9.3-3 Stable released (SourceForge)Version 0.9.3-3 Stable of phpWebsite, a web site content management system, has been released. "The focus of this release was to address bugs. There have also been several user submitted patches applied."
Quixote 1.0b2 releasedVersion 1.0b2 of Quixote, a Python-based web development platform, is out with bug fixes. See the changes document for details.
ZopeMag Weekly NewsIssue #31 of the ZopeMag Weekly News has been published. Take a look for news on the Zope web development platform.
Web Services What's New in WSDL 2.0 (O'Reilly)Arulazi Dhesiaseelan investigates WSDL 2.0 on O'Reilly. "The WG published its WSDL 2.0 working drafts on 26 March 2004. This is a significant milestone in the progress of WSDL. In this article, I discuss the changes that were made to the WSDL 1.1 specification and other major improvements to the service description language."
Desktop Applications Accessibility gnopernicus 0.9.3Version 0.9.3 of gnopernicus, a screen reader for the visually impaired, is out with a number of new features.
Audio Applications Ardour 0.9beta13 releasedVersion 0.9beta13 of Ardour, a multi-track audio recording utility, is out. The project status page says: "clearing mantis of as many bug reports as possible". The long-awaited 1.0 version is now projected for release around June 30.
Desktop Environments KDE-CVS-Digest (KDE.News)The May 21, 2004 KDE-CVS-Digest is online. Here's the content summary: "Security fixes in URI handlers. KAddressbook now handles IM addresses. Kppp now can handle multiple modem configurations. KUser now can use LDAP, Samba and MD5 Shadow passwords."
Quickies: KDEvibes, Zeroconf, New User Guide, Konqi's Background (KDE.News)KDE.News has a Quickies posting that list a slew of new and updated applications for KDE.
KDE 3.3 Release Cycle Starts with KDE 3.3 Alpha 1 'Kindergarten' (KDE.News)KDE 3.3 Alpha 1 'Kindergarten' has been announced. "There won't be any binary packages for this release, everyone using Kindergarten is asked to compile it with --enable-debug, so that we can get valuable feedback."
Electronics gEDA NewsThe latest news from the gEDA project includes a new development snapshot of the Covered Verilog code coverage analysis tool, and a new gEDA talks page with slides from a recent presentation.
XCircuit 3.2.19 releasedVersion 3.2.19 of XCircuit, an electronic schematic drawing tool, is available. Changes include a new bus notation handling capability and bug fixes.
Financial Applications Compiere R2.5.1c (SourceForge)Release 2.5.1c of Compiere, an open-source business application, is available. "Release 2.5.1c is the first release with transactions based on Workflow. In addition to great customization flexibility, it is also a big step towards database independence as Java replaced PL/SQL."
Games GNOME War Pad 0.3.0 releasedVersion 0.3.0 of GNOME War Pad, A 'VGA Planets' client for GNOME, is out with lots of enhancements and a few bug fixes.
WorldForge Weekly NewsThe May 21, 2004 edition of the WorldForge Weekly News has been published. Take a look to see the current status of the WorldForge game project.
Graphics Gimp-Perl 2.0 ReleaseVersion 2.0 of Gimp-Perl for UNIX/Linux has been announced. This release features a plug-in to selectively sharpen an image, removal of unused plug-ins, bug fixes, and more.
JGraphAddons 0.1 Released (SourceForge)Version 0.1 of JGraphAddons is available. "This package contains a collection of layout algorithms (radialtree, circle, annealing, gem, moen, spring, sugyiama, tree), graph algebra stuff (shortest path, minimum spanning tree), and a number of useful utilities (mostly cleaned-up code from JGraphpad) for JGraph 4.0."
GUI Packages PyGTK 2.3.92 unstable releasedVersion 2.3.92 (unstable) of PyGTK, the Python bindings to GTK, is out. "It includes a number of changes since the last pygtk release; We'd really appreciate testing and bug reports on this release; please take the time out to download and test it to ensure it works for your application[s]."
Interoperability Wine TrafficIssue #223 of Wine Traffic is online with the latest Wine project development news.
Medical Applications Care2x PM, Care2x CDS, Care2x HXP are now included (SourceForge)SourceForge has an announcement for the merging of several projects into the Care2x project. "The Care2x project now becomes an "Integrated Healthcare Environment", not just a hospital information system."
OpenEMR Developer Access - Subversion (LinuxMedNews)LinuxMedNews has an announcement that states that the OpenEMR Electronic Medical Record system is now available under the Subversion version management system.
Office Suites OpenOffice.org build 1.1.54Build 1.1.54 of OpenOffice.org is out. "This package contains the Gnome integration work for OpenOffice.org, and a much simplified build wrapper, making an OO.o build / install possible for the common man. It is a staging ground for up-streaming patches to OO.o. This release is mostly a snapshot of the (in-progress) merge of the SuSE patch-set, and adding a SuSE build target / distro etc".
Web Browsers Mozilla Foundation and Opera Software Describe Joint Vision for Web Application Framework (MozillaZine)MozillaZine reports on a joint effort between Mozilla and Opera Software to standardize Web applications. "The Mozilla Foundation and Opera Software have published a paper outlining their vision for Web applications. The paper, submitted in preparation for next week's W3C Workshop on Web Applications and Compound Documents, describes a device-independent Web application framework based on HTML and backwards-compatible with existing Web content."
Mozilla 1.8 Alpha 1 Released (MozillaZine)The Alpha 1 version of Mozilla 1.8 has been announced. "New in this release is a basic FTP upload UI, better Linux mouse support, and a number of other features."
New Milestone Schedule Announced (MozillaZine)MozillaZine mentions the posting of a new Mozilla Milestone Schedule. "The main change is the now longer periods prior to a final release, with two longer Alpha periods, and a longer Beta period. This allows for more time to land large changes and get them stable prior to a final release. Along with these changes, there will now be at least one release candidate prior to each final release."
Word Processors AbiWord v2.0.7 Released (GnomeDesktop)GnomeDesktop.org has the announcement for version 2.0.7 of the AbiWord word processor. "While our current development series is bound to be a great success, we have not forgotten our stable releases. Therefore, the AbiWord development team is proud to release AbiWord v2.0.7. This release benefits greatly from the feature freeze currently active on our development series, which means that all our efforts are focussed on fixing bugs; bugs that might be present the stable versions as well."
AbiWord Weekly NewsThe May 22, 2004 edition of the AbiWord Weekly News has been published. Read about all of the latest AbiWord word processor developments.
Miscellaneous OpenLP 0.993 released (SourceForge)Version 0.993 of OpenLP, the Open Lyrics Projector, has been released with minor changes. "OpenLP is a powerful lyrics projection application, specifically for use in church worship services. It will include easy & instant switching between slides, customisable backgrounds, a full song database & support for guitar chords and tablature (in v2)."
VXL 1.1 released (SourceForge)Version 1.1.0 of VXL has been announced. "VXL is a set of multi-platform C++ libraries for computer vision research and deployment."
Languages and Tools Caml Caml Weekly NewsThe May 18-25, 2004 edition of the Caml Weekly News is available with the week's Caml language article collection.
Haskell Haskell Communities and Activities ReportThe Haskell Communities & Activities Report for May 25, 2004 is available. Thanks to Duncan Coutts.
Java Flexible User and Environment Ant Configuration (O'ReillyNet)Grant Bremer writes about Ant configuration issues on O'Reilly. "Among the many feats it can perform, Ant can save your team from having to have all of the same files in all of the same places. As Grant Bremer illustrates, flexible Ant configurations will make your build work among many developers, operating systems, and will even deploy to app servers with different file structures."
Build distributed object management frameworks for J2EE apps (IBM developerWorks)Zhengrong Tang works with distributed object management frameworks on IBM's developerWorks. "Many enterprise Java technology developers build their own object management infrastructures to improve application performance. However, traditional object pools encounter problems in applications that run across distributed JVMs on multiple physical machines. In this article, Zhengrong Tang presents an object management framework that uses the concept of scopes to handle distributed systems with ease."
FindBugs, Part 1: Improve the quality of your code (IBM developerWorks)Read about FindBugs on IBM's developerWorks. "Static analysis tools promise to find existing bugs in your code without requiring much effort on the part of the developer. Of course, if you've been programming for long, you know those promises don't always pan out. Even so, good static analysis tools are a valuable addition to your toolbox. In this first of a two-part series, Senior Software Engineer Chris Grindstaff looks at how FindBugs can help improve the quality of your code and eliminate bugs lying in wait."
Nested Classes, Part 2 (O'ReillyNet)O'Reilly has published part two of a series on Java nested classes. "Robert Simmons continues his efforts to clarify confusion over the use of nested classes in Java. In this week's installment, excerpted from Chapter 6 ("Nested Classes") of Hardcore Java, Robert discusses the somewhat troublesome limited-scope inner classes; one specific type within this category, known as anonymous classes; and the problems programmers encounter with limited-scope classes."
Lisp CL-PPCRE 0.7.7 releasedCL-PPCRE version 0.7.7,a Perl-compatible regular expression library written in Common Lisp, is available. New features include hyperdoc support, new documentation strings, and bug fixes.
Perl This Week on perl5-porters (use Perl)The May 17-23, 2004 edition of This Week on perl5-porters is online with the latest Perl 5 news.
PHP PHP 4.3.7RC1 released!Version 4.3.7RC1 of PHP has been announced. "This is the first release candidate and should have a very low number of problems and/or bugs. Nevertheless, please download and test it as much as possible on real-life applications to uncover any remaining issues." Change information is available in the NEWS file.
Writing Scalable Applications with PHP (Linux Journal)Xavier Spriet continues his Linux Journal series on PHP with the second article. "The first part of this article, "Real-World PHP Security", appeared in the April 2004 issue of Linux Journal and covered the subject of secure PHP development. This article takes you, the professional PHP developer, one step further, by providing detailed explanations and reliable source code that illustrate the steps to follow in order to develop successful PHP applications."
Python python-ldap 2.0.0 releasedVersion 2.0.0 of python-ldap is out: "python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. Mainly it wraps the OpenLDAP 2.x libs for that purpose."
Dive Into Python 5.4 releasedVersion 5.4 of the online Python book Dive Into Python has been published. See the Revision history document for change information.
Tcl/Tk Dr. Dobb's Tcl-URL!The May 24, 2004 edition of Dr. Dobb's Tcl-URL! has been published. Take a look for lots of Tcl/Tk article links.
XML Thinking XML: Use the Atom format for syndicating news and more (IBM developerWorks)Uche Ogbuji introduces Atom on IBM's developerWorks. "The Web has always included sites that present series of articles, events, and other postings which are meant to be shared and cross-referenced. With large parts of the Web becoming conversational communities, many in these communities have come together to work on an XML-based standard for such interchange and cross-reference. Atom is the product of this effort -- a format and API for exchanging Web metadata."
SAX processing in Python (DevChannel)Derek Fountain explores SAX on DevChannel. " An application developer can choose any one of a number of strategies to read and use an XML document. In some very simple examples a script containing a number of regular expressions might do the job, but normally a more rigorous technique is required. The Simple API for XML (SAX) is one of the two key techniques for analysing and processing XML documents (the other is the more complicated Document Object Model (DOM))."
XML Matters: GUIs and XML configuration data, Part 2 (IBM developerWorks)David Mertz continues his series on GUI configuration with XML with part two. "He looks at Mozilla's XML-based User Interface Language (XUL) which allows you to write applications that run without any particular dependency on the choice of underlying operating system. This may seem strange at first, but you'll soon see that this Mozilla project offers powerful tools for GUI building that allow you to develop for an extensive base of installed users."
Cross Assemblers GPICD 0.2-1 is availableVersion 0.2-1 of GPICD, a programmer and in-circuit debugger (ICD) for the Microchip PIC micro-controller family, is available on the OpenCollector site. This version works with GTK2, and includes bug fixes.
Test Suites TET 3.6a adds support for PythonVersion 3.6a of TET is out with new support for Python. "The Test Environment Toolkit (TET), is a multi-platform uniform test scaffold, into which non-distributed and distributed test suites can be incorporated. TET supports tests written in C, C++, Perl, Tcl, Shell (sh , bash), Python, POSIX shell and Korn Shell."
Miscellaneous Prothon gets Major Facelift in Vers 0.1.0Prothon version 0.1.0 is available. Prothon is: "A classless prototype-based programming language a la Self with the sensibilities of Python."
Page editor: Forrest Cook Linux in the news Recommended Reading Is Torvalds really the father of Linux? (News.com)News.com has a long look at the ADTI report and an interview with its author. "In an interview conducted for the study, [Andrew] Tanenbaum said Minix 'was the base that Linus used to create Linux. He also took many ideas from Minix, including the file system, source tree and much more. If Linux is a derivative work of Minix, that makes Linux vulnerable to charges of intellectual property infringement by Prentice Hall, which published books and the Minix source code but restricted its use until 2000, the study said. 'Arguably, Prentice Hall has lost out on tens of millions of dollars' because of lost book sales, the study said."In this context, it is more than worthwhile to read this posting by Andrew Tanenbaum about the whole thing. "Thus, of course, Linus didn't sit down in a vacuum and suddenly type in the Linux source code. He had my book, was running MINIX, and undoubtedly knew the history (since it is in my book). But the code was his. The proof of this is that he messed the design up.... My conclusion is the Ken Brown doesn't have a clue what he is talking about. I also have grave questions about his methodology."
A followup from Andrew TanenbaumAndrew Tanenbaum has posted a second followup commenting on the strange stuff coming out of the Alexis de Tocqueville Institute. Worth a read. "Brown calculates that due to the creation of Linux, Prentice Hall sold 500 fewer copies of my book, Operating Systems: Design and Implementation, which at $100 [sic] per book cost them almost $1 million. Reminds me of the kind of arithmetic used on the NASDAQ prior to March 2000. If Brown can't multiply small positive integers correctly, how much faith can we have in the rest of his reporting?"
Grokline Launches - Come and Help, Please (Groklaw)Groklaw announces the release of Grokline 0.1. "We hope with this Grokline project to be able to identify any conceivable legal issues that those wishing to block, slow, hobble or tax GNU/Linux may try to use in future legal assaults on the community. If there are litigation risks, even just from nuisance lawsuits, particularly with respect to patents, we want to find those risks, hopefully before they do, and mitigate or resolve them now. I am personally convinced, as you no doubt are too, that the next wave of attacks on GNU/Linux and the GPL will involve patents."
Free software guru speaks on patents (Register)The Register covers Richard Stallman's London talk on software patents. "Against this political backdrop, Stallman's message is an important one, so it is a real shame that it gets clouded by his choice of analogy. There is little doubt that allowing patents on software will have a devastating impact on the free software community, and good reason to believe, based on the current situation in the US, that it will hurt smaller companies working in the field. Likening this impending doom to the AIDS crisis in Africa is counterproductive, and merely allows pro-patent groups to label Stallman, and by association the anti-patenting movement, as a crackpot."
Trade Shows and Conferences Berners-Lee Keeps WWW2004 Focused on Semantic Web (O'Reilly)Paul Ford covers a talk by Tim Berners-Lee on the Semantic Web. "But now that the Web is unquestioned as a basic medium, part of a parcel with television, publishing, and radio, there is risk of stagnation. To that end, Tim Berners-Lee, creator of the first Web browser and server, and inventor of HTML, gave an open-ended plenary talk focused on two open questions: What should we do with top level domain names (TLDs)? And what should we do with the Semantic Web?"
The SCO Problem Open source group won't hand over SCO docs (Silicon.com)Silicon.com covers the response from the Free Software Foundation on a subpoena from SCO. "FSF general counsel Eben Moglen said: "I'm not going to permit a fishing expedition at the Free Software Foundation from a party that has shown a great deal of hostility to the Free Software Foundation and its community. We will not produce material that is the subject of attorney-client privilege, and I don't think anybody expects us to.""
SCO Responds to AutoZone (Groklaw)Groklaw looks at SCO's response to two motions in the AutoZone suit. "Remarkably [SCO] even tells the court that they should *not* have to provide a more definite statement. It was plenty definite enough, they say, and AutoZone, they wax indignant, is improperly trying to obtain discovery.... Telling them what lines, files or organization of Linux code is the subject of the litigation is a question for discovery, they state. AutoZone will find out later. I don't think it would be prudent for AutoZone to hold their breath."
Companies CA Moves with New Open-Source Licensing (eWeek)eWeek covers this week's open source announcements from Computer Associates. "Computer Associates International Inc. will use its annual CA World user conference in Las Vegas on Monday to make a slew of open-source announcements, including establishing a new open-source foundation that will support Plone, an out-of-the-box content management system built on the free Zope Application server; unveiling a new open- source license, and placing a version of Ingres, CA's flagship DBMS, under it."
Kill Bill (Forbes)Yes, it's a Forbes article by Daniel Lyons, but he seems to have turned over a new leaf; this one is a lengthy look at IBM's involvement with Linux which doesn't mention lawsuits at all. "IBM seems to go to any length to push Linux into customer sites. Last year at the U.S. National Weather Service, IBM offered a free demo machine and a guarantee to keep its systems up-to-date, even writing software drivers for components IBM doesn't build, such as video cards. The result? The NWS spent $3 million to buy a thousand IBM desktop machines running Linux, replacing 900 HP Unix workstations."
Dell nears Sun in IBM-led server race (News.com)News.com looks at the latest Gartner numbers on server sales. "One area that blossomed in particular was sales of Linux servers, which grew 57.3 percent to $1.02 billion... IBM was the top Linux seller, with 28 percent share, followed by HP with 26.9 percent, Dell with 17.8 percent, Silicon Graphics Inc. with 3.1 percent, Fujitsu with 2.8 percent, NEC with 1.9 percent and Sun with 0.9 percent."
Business Open-source companies see profit aplenty (News.com)News.com reports on comments from a panel discussion at the Software and Information Industry Association's Enterprise Software Summit. "The mix of license models has been controversial among open-source believers, but Urlocker said it's vital to MySQL's success. "We're not a religion, we're not a cult, were not a charity--we're a business," he said. "There's always going to be grassroots people...who see open source as a free ride, but there are corporate customers who are absolutely willing to pay for reliability, flexibility, support.""
Linux Adoption Linux Going Mainstream (Information Week)Information Week looks at Linux adoption at United Parcel Service, Boeing, and other companies. "A key driver behind business use of Linux is support from high-profile vendors. Dell, Hewlett-Packard, and IBM are all several years into strategies to use Linux to increase sales of Intel-based servers. Applications vendors such as Oracle and SAP push Linux as an option for companies transitioning portions of their data centers from proprietary to open-source software."
A Greens and Linux ticket (SMH)The Sydney Morning Herald has an article on the use of Linux by the Australian Green Party. "Beyond the notions that Greens candidates and open source evangelists are viewed to be on the economic 'left', or seeking a more just and sustainable environment - depending on your point of view - the party has stopped using commercial software as much for pragmatic reasons. It wants to win more seats at the impending federal election, and Linux will help it do that, the Greens believe."
Two Medical Clinics Choose OpenEMR (LinuxMedNews)LinuxMedNews reports on the adoption of the open source electronic medical record (EMR) application OpenEMR. "Pennington Firm is delivering OpenEMR with CMS 1500 (formerly HCFA 1500) billing support, and connection to a clearinghouse for the processing of claims. OpenEMR is a full featured, practice management, electronic medical record and prescription writing application that can serve as a direct open source replacement for proprietary medical applications such as Medical Manager, HealthPro and MegaWest."
Linux at Work How Linux Saved My Files and My Job (Linux Journal)This Linux Journal author used BG-Rescue Linux to save data from a "knackered" NTFS-based drive. "The current version of BG-Rescue Linux is 0.3.1, which is compiled with kernel version 2.4.24, and it supported a host of Ethernet devices--it even had USB and PCMCIA network device support. A host of command-line utilities are provided by BusyBox, and BG-Rescue Linux uses the uClibC C library. What really made my eyes light up was the inclusion of NTFS support."
Interviews Interview with Everaldo and Jimmac (OSNews.com)OS News interviews KDE artist Everaldo Coelho and GNOME artist Jakub Steiner (Jimmac). "Currently Everaldo works for Lindows inc. and Jakub works for Novell inc. They were very kind to answer our questions related with the art in Linux, its future and much more."
An Interview with Allison Randal (Perl.com)Simon Cozens interviews Allison Randal on O'Reilly's Perl.com. "This week, perl.com has the pleasure of interviewing Allison Randal, one of the key figures in the Perl community. Allison has been active in the Perl 6 design process since its inception, and is the President of the Perl Foundation. Let's hear more from Allison about what all of this means to her."
Dreams of Longhorn (News.com)News.com has an interview with Microsoft's Bob Muglia. "The world has changed a bit. If you went back 18 to 24 months ago, it was unclear what Linux would look like and how it would evolve. It was thought of as free. And there was a whole series of attributes that were attributed to Linux that in retrospect were inaccurate. As time has gone on, it's apparent that Linux is becoming a set of offerings from commercial vendors. When I think of Linux, I don't think about it as our competitor. I think about Linux as a technology that is used by our competitors to build competitive offerings.""There's no question about who our biggest competitor is. It's IBM."
Resources Top Ten Ethereal Tips and Tricks (O'ReillyNet)O'ReillyNet presents the top ten list of Ethereal tips and tricks, from the book Ethereal Packet Sniffing (from Syngress). "Installing Ethereal from the source code is very beneficial in a number of ways. Not only will you have all of the source code, additional documentation, and miscellaneous files to peruse, you will also have the ability to control numerous aspects of the build process. Building software from source will give you a better feel for how the whole process works and what goes on behind the scenes. What you will take away is a wealth of knowledge about the software package, programming, and operating system management."
Secure programmer: Minimizing privileges (developerWorks)David A. Wheeler covers secure programming by minimizing privileges, on IBM developerWorks. "Real-world programs have bugs in them. It's not what we want, but it's certainly what we get. Complicated requirements, schedule pressure, and changing environments all conspire to make useful bugless programs unlikely. Even programs formally proved correct using sophisticated mathematical techniques can have bugs. Why? One reason is that proofs must make many assumptions, and usually some of those assumptions aren't completely true. Most programs aren't examined that rigorously anyway, for a variety of reasons. And even if there are no bugs today (unlikely), a maintenance change or a change in the environment may introduce a bug later on. So, to handle the real world, we have to somehow develop secure programs in spite of the bugs in our programs."
Build Web apps with Maypole (developerWorks)developerWorks is running a lengthy introduction to Maypole (a Perl framework for creating database-backed web applications) written by Maypole's creator. "The big problem with Ninkasi's recipe is that the nicer the end result, the more of it you consume, and, for some reason, the less likely you are to remember how good it was in the morning, and so you never know whether or not you want to buy that particular beer again. So you have to buy it anyway to try to work out whether or not you liked it. This is enjoyable, but not particularly economical. I found myself needing some kind of database to keep track of my tastings."
Reviews GUI Administration with KSysguard (Linux.com)Linux.com reviews KSysguard. "This app has absolutely nothing to do with guarding anything. KSysguard lets you manage processes and monitor resources on local or remote systems. According to the documentation, it can be built on Solaris, BSD, and Linux." (Found on KDE.News)
Book Review: The Official GNOME 2 Developer's Guide (OSNews)OSNews reviews The Official GNOME 2 Developer's Guide. "The book was written around the time of Gnome 2.0-2.2 but was released recently in the English language, and so newer material like the new GTK+ file selector or Gstreamer are not discussed. Even back then though, Gnome was capable of games, OpenGL views (via GtkGLArea), generic music and video, which are also not discussed. Also, while there is a whole chapter on the auto* development tools, there is not a mention of how to properly debug a GTK+ application using existing tools, or how to use Alleyoop and Valgrind to trace memory leaks. And there are not any tips & tricks on how to profile or optimize your application." (Found on GnomeDesktop)
Linux Magazine: Play and Manage your Music with JuK (KDE.News)KDE.News points to a review of JuK, the KDE Jukebox. "For starters: JuK is KDE's outstanding playlist-based jukebox application with a lot of unique and powerful features. The article talks about playlist management, advanced tag guessing with musicbrainz and how to keep your music collection consistant easily."
Miscellaneous A model for open source software development (NewsForge)In this NewsForge article a pediatric oncologist finds analogies between biomedical research and the open source software development model. "It has been argued that the only way to make money off of software is to follow the closed proprietary system of software development. If this were true, then no company would be able to make money in biomedical research, which depends on full disclosure and published research. It can hardly be argued that there is no money to be made in biomedical research. Pharmaceutical companies do make money. But they do so in no small part due to the fact that they participate in research that is published in peer-reviewed journals."
Results from the 2004 ONJava Reader Survey (O'ReillyNet)O'Reilly has published the results of the 2004 ONJava Reader Survey, with some interesting operating system statistics. "There was a healthy variety of operating systems reported in our questions about what you develop on and what you deploy on. 86 percent of you develop on Windows, 58 percent on Linux, 21 percent on Solaris, 16 percent on Unix, and 14 percent on Mac OS X. It looks like a lot of our readers have two boxes -- or emulators -- on their desks, given the implicit level of multi-platform development. As for deployment, Linux was a target for 69 percent of our readers, as was Windows, followed by Solaris at 37 percent, Unix at 29 percent, and Mac OS X at 10 percent."
Page editor: Forrest Cook Announcements Non-Commercial announcements BEA and Apache Software Foundation Announce Project BeehiveBEA Systems, Inc. and the Apache Software Foundation have announced the acceptance of Project Beehive as an open-source project in the Apache community. Apache Beehive is based on the runtime application framework in BEA WebLogic Workshop, aims to be an easy-to-use, open source foundation for building enterprise Java and service-oriented architecture (SOA) applications.
Bull Joins the Open Source Development LabsThe latest Open Source Development Labs (OSDL) member is Bull HN Information Systems Inc., according to this announcement.
New Creative Commons licenses releasedThe Creative Commons project has announced the 2.0 release of its set of licenses. "Unlike the 1.0 licenses, the 2.0 licenses include language that makes clear that licensors' disclaim warranties of title, merchantibility, fitness, etc. As readers of this blog know by now, the decision to drop warranties as a standard feature of the licenses was a source of much organizational soul-searching and analytical thinking for us." There have been several other changes; see the announcement for details.
OSDL on kernel patch provenanceYesterday, Linus posted a request for discussion on the idea of a "developer's certificate of origin" for kernel patches. Today, the Open Source Development Labs has announced that it is helping to implement the process. "OSDL has committed to providing resources to ensure that contributions made to the kernel adhere to the DCO and the process improvements. The Lab will review the content of the contributions to confirm that submissions to the kernel have been signed off by contributors in accordance with the DCO. In addition, OSDL plans to launch an educational campaign for developers and end users on the DCO and the process improvements."
Plone Foundation CreatedThe Plone Foundation has been announced. "The Plone Community today announced the formation of the Plone Foundation, an organization committed to elevating the use of the Plone open source content management software, expanding its integration in software solutions and increasing collaboration and development with the open source community and industry."
Commercial announcements CA Outlines Open Source StrategyComputer Associates International, Inc. (CA) made several announcements this week. These include the release of Ingres and KGEM (Kernel Generalized Event Management) under an open source license, the introduction of a document management solution that uses the Plone Engine, and collaborations with JBoss and Zope.
FreeMED Software Support Services (LinuxMedNews)Two FreeMed Software support companies have been formed in New York and Massachusetts. "FreeMED Software Foundation, Inc. announced the formation of two companies to help physicians, specialists, nursing homes and small hospitals implement, maintain and migrate to Linux and FreeMED Software."
Gupta Technologies Opens SQLBase 9.0 for LinuxGupta Technologies has announced a beta version of its SQLBase 9.0 database for Linux.
Microsoft's Appeal DeniedLindows, Inc. has announced that the United States Court of Appeals for the Ninth Circuit denied Microsoft's petition for interlocutory appeal in its ongoing trademark litigation against Lindows, Inc.
Thousands of New Partners Join Novell in Linux PushNovell, Inc. has announced software developers, channel partners, and independent software and hardware vendors are supporting the company's Linux strategy.
Novell Reports Financial Results for Second Fiscal Quarter 2004Novell, Inc. has announced financial results for its second fiscal quarter ended April 30, 2004. Jack L. Messman, Novell chairman, president and chief executive officer said. "We are encouraged that NetWare(R)-related revenue in the quarter declined only 2% from the year ago period, or a 5% decline after adjusting for foreign currency effects. This figure compares to the prior year's decline rate in NetWare-related revenue of 12%, after adjusting for foreign currency effects. We believe this slowing of the rate of NetWare-related revenue decline reflects a favorable response from our customers to our Linux* strategy."
Nuxeo releases CourierCPS, the generic solution for mail management in CPS 3Nuxeo has announced the release of their CourierCPS mail management solution for Collaborative Portal Server 3. "This software module allows organisations to dematerialize from end to end the processing chain for incoming and outgoing mail."
Oracle claims world's largest Linux-based development organizationOracle has sent out a press release claiming to have the largest Linux-based development organization in the world. "The company began the global initiative last year with the migration of 5,000 developers to Linux, and anticipates that by the end of 2004, its core development team worldwide will be leveraging the operating system. With Linux, Oracle developers have a broader choice of hardware platforms and can use cheap, fast hardware in a grid environment to help increase productivity and enhance testing capabilities."
Symbio Technologies Uses Old PC's as Diskless Thin ClientsHere's a press release from Symbio Technologies, a company that's turning old PCs into Linux thin clients. "Just remove the hard drive, CD-ROM, and floppy disk drives and connect the reborn PC to a server loaded with our Symbiont Management Suite and you'll have a robust, new computer that runs as fast as your server..."
Xteam Software International Limited to Acquire Software Businesses of Beijing DevelopmentXteam Software International Limited has announced that it will acquire the software business of Beijing Development. "Xteam has established a strong presence in Beijing thanks to its leading edge Linux technology and R&D expertise. The new entity, leveraging on both strong positions in software in Beijing, will capture a dominant market share in Beijing to provide Linux operating systems and software solutions to government authorities in four key sectors: social security, labour security, e- government and e-education."
New Books "Hibernate: A Developer's Notebook" Released by O'ReillyO'Reilly has published the book Hibernate: A Developer's Notebook by James Elliott. Hibernate is an open-source object/relational persistence and query service for Java.
Resources Austin Group Minutes of the May 20 TeleconferenceThe minutes are available for the May 20, 2004 Austin Group Teleconference.
The LDP Weekly NewsThe May 19, 2004 edition of the LDP Weekly News has been published, take a look for the latest new documentation.
The LDP Weekly NewsThe May 26, 2004 edition of the Linux Documentation Project Weekly News is available with another selection of new and updated documentation.
OSIA position paper on SCO v. IBMOpen Source Industry Australia has released a position paper intended to guide Australian companies in deciding what to do about licensing demands from the SCO Group. Click below for the announcement; the paper itself is available in PDF format. "To any Australian organisation which receives any request for licence payment from The SCO Group, we recommend that you do not respond in any way, seek legal advice, taking this document to your lawyer, and also submit the received documentation from SCO as evidence to the Australian Competition & Consumer COmmission (ACCC)."
Translate.org.za Newsletter May 2004The May, 2004 Translate.org.za Newsletter has been published. "Translate.org.za is a project translating Opensource software into all of South Africa's official languages and offering assistance and creating tools to help other language teams."
Upcoming Events Linux Professional Institute Offers Its First Certification Testing at CeBIT America (eBCVG.com)eBCVG.com reports on the LPI certification program at the CeBIT America conference on May 25-27 in New York City. "¨For many years LPI has been a regular participant in the prestigious international CeBIT show in Hanover, Germany. However this is the first time we have participated in this North American event and we are proud to be invited to attend. This demonstrates yet again the growing importance of Free and Open Source Software, particularly Linux, to the enterprise business community, ¨ said Evan Leibovitch, President of LPI."
IDA's Open Source Competence WorkshopThe IDA Workshop on OSS Competence in the Public Sector will be held at the LinuxTag Conference and Exhibition in Karlsruhe, Germany on June 23, 2004. Thanks to Sofia Segedy.
Registration for German Perl Workshop 2004 is open (use Perl)Registration for the 2004 German Perl Workshop has been announced. "The registration for the German Perl Workshop 2004 from Tuesday, June 29th to Thursday, July 1st 2004 at the Barbara-Künkelin-Halle Schorndorf (near Stuttgart) is now open."
YAPC::NA::2004 Only 22 Days Away (use Perl)Use Perl has a reminder for the upcoming YAPC::NA Perl conference.
Tenth VistA Community Meeting (LinuxMedNews)LinuxMedNews has an announcement for the Tenth VistA Community Meeting. The event will be held at the University of Washington School of Medicine in Seattle, Washington on June 17-20, 2004.
IBM pSeries Technical ConferenceIBM will be holding a Technical Conference on the IBM pSeries platform in Cairns, Australia on July 26-30, 2004. "This technical conference not only covers pSeries and AIX, but has some 30+ Linux sessions as well, most of which include hands-on labs. Speakers come from IBM themselves, Red Hat and SuSE."
Events: May 27 - July 22, 2004
Mailing Lists The GNOME devel-announce-listThe new GNOME devel-announce-list has been announced. "Today we present the Fresh New Taste of devel-announce-list! This is a new, low-volume, moderated list for GNOME development related announcements and information"...
Web sites Linux-on-Hynix page launches (LinuxDevices)LinuxDevices reports that a new web site and mailing list has been created to support Linux on ARM processors from Hynix.
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[DidTheyReadIt report]](/images/ns/didtheyreadit_thumb.jpg)