LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for June 24, 2004On dealing with MicrosoftSequels, it is said, often fail to live up to the original. So it may not be entirely surprising that Eric Raymond's latest, Halloween XI, lacks some of the impact of its predecessors. There are no "smoking gun" memos to dissect this time around; instead, Eric looks at Microsoft's latest marketing techniques and redefines the free software community in terms of a cold-war style confrontation with Microsoft. This view of things is not likely to be helpful.Eric's analysis of Microsoft's latest road show does have its good points. The company, he notes, has dropped its discussion of "intellectual property threats" posed by Linux and Microsoft's higher level of "innovation." Instead, Microsoft is pushing total cost of ownership arguments and trying to sell the idea that its "shared source" program is as good as truly free software. The company's position does, indeed, appear to have shifted into a more defensive mode. But consider this quote:
Because coexistence is not a stable solution for them, it cannot be
for us either. We have to assume that Microsoft's long-term aim is
to crush our culture and drive us to extinction by whatever
combination of technical, economic, legal, and political means they
can muster.
One can imagine several ways of characterizing the whole free software movement. A couple of those might be:
The truth of the matter is that we are not fighting a war. We are building a set of tools which allow us to better run and control our lives, and, with luck, having some fun in the process. Forcing our efforts into the mold of a battle is not likely to help us in that process. The competitive threats to Linux are relevant. In general, expanding the user base of free software is a good thing; it causes a corresponding expansion of the developer base and makes it more likely that we will encounter free software in all aspects of our lives. Growing the user base means dealing with competing forces which have their own ideas of how things should go. That's capitalism. Certainly some people should be thinking about how to make free software competitive; this task naturally falls on those working to build businesses around free software. There is also a definite legislative threat - as there is in many aspects of our lives. This threat goes far beyond Microsoft, however. Software patents, black-box voting systems, cryptography regulations, mandatory digital rights management schemes, anti-circumvention laws, etc. are all part of the fight for freedom which is as old as the human race. Focusing on Microsoft as the Big Threat can only distract attention from the real battle, in which Microsoft is only a part. In that context, consider this quote:
The thing not to do is talk abstractions. FSF-style propaganda
about freedom or user's rights has its uses occasionally, but it
will register on this campaign's target audience of
bottom-line-fixated IT managers as irrelevant or nutty. And when
you look irrelevant or nutty, you hand Microsoft a victory.
If your focus is Microsoft, this advice may make some sense. But if your goal is an "abstraction" like freedom from software patents, systems which spy on you, etc., a focus on Microsoft seems short-sighted. Let the folks at IBM, Novell, Red Hat, and so on talk to the bottom-line people; that's their job. They should, while they are at it, be able to find ways of selling freedom as well; that freedom is just as valuable to a large corporation as to anybody else. The rest of us, meanwhile, can find better things to do. Microsoft can certainly be expected to attack us. It will fund corporations which attempt to claim ownership of Linux via the courts. It will fund "think tanks" to spread doubts - see this impressive list of Microsoft-funded organizations which have published attacks on free software. It will attempt to intimidate government officials contemplating switching away from its products. But Microsoft is a small piece of the problem, and the best way to fight it is the production of more, better code. That approach, after all, has worked pretty well so far. As a postscript, it is worth noting that there are good things to be found in the latest Halloween essay. In particular, Eric's advice to work to increase the adoption of Linux inside governments makes a lot of sense. If we can feed a government enough free software that it becomes addicted, that government is more likely to think twice before passing laws which are highly inimical to free software. Of course, that's "drug dealer" talk, which we'll get to in the next article.
A legal attack in BrazilThe recent reports that Microsoft has filed suit against Sérgio Amadeu, the president of the Brazilian National Institute for Information Technology and a leader of Brazil's move toward free software, have upset many in the community. This suit looks very much like an attempt to intimidate a government which has been making increasingly friendly noises about free software. A closer look shows that, while this may be the case, there probably is not too much to be concerned about here.For the curious, Microsoft's complaint is available in PDF format. That complaint comes down to the following: Mr. Amadeu compared Microsoft's tactics to those of drug dealers, and Microsoft doesn't like it. So Microsoft has filed a a "demand for explanation" aimed at getting Mr. Amadeu to retract his statements, or, at least, to back them up in court. The "drug dealer" comment was, beyond doubt, over the top. Many public statements made by Microsoft about free software are, beyond doubt, equally over the top, as is Microsoft's reaction in this case. Microsoft seems unlikely to get very far with this particular complaint, especially in the face of public statements like:
As long as they are going to steal it, we want them to steal
ours. They'll get sort of addicted, and then we'll somehow figure
out how to collect sometime in the next decade .
(Bill Gates, 1998, quoted in News.com). The most likely result of this action may well be to convince more governmental employees that dealing with Microsoft is generally a bad idea. This kind of ham-fisted attack seems unlikely to slow any government's move toward Linux, though it may make the people involved watch their words a little more carefully.
Large ISPs ponder spamThe Anti-Spam Technical Alliance is a consortium of large Internet service providers, including Yahoo, Microsoft, EarthLink, American Online, and others. This group has just announced the publication of a set of guidelines intended to reduce the amount of spam in circulation; the document is available in PDF format. These ISPs carry enough network traffic between them that it's worth looking at their recommended policies. After all, if these carriers decide to screw up the net, they could succeed in making a big mess for everybody.The recommendations, unsurprisingly, are aimed primarily at ISPs. For the most part, they are reasonably obvious stuff; they include:
There is also a set of recommendations for bulk mail senders, with ideas like "do not harvest email addresses," avoid forged headers, and provide clear opt-out instructions. The best recommendation, however (which would be "cease and desist") is absent. The "recommendations for consumers" section limits itself to suggesting the installation of firewalls and anti-virus software. In one sense, these guidelines are a step in the right direction. They are an admission from a number of large ISPs that they must take responsibility for spam originating on their networks. In the best possible scenario, ISPs will take a higher level of interest in their contribution to the problem and shut their spammers down. In the worst case, however, we could see a significant reduction in what "normal users" are allowed to do on the net, major hassles for anybody wanting to run mailing lists or handle their own mail, and increasingly intrusive probes from ISPs which are ostensibly intended to root out compromised systems - all with a wink to "legitimate" bulk commercial emailers and no real reduction in spam volumes. For now, at least, vast parts of the net are beyond the control of these large ISPs. That puts a limit on their ability to make a significant dent in the spam problem, but also in their ability to impose their own vision of how the net should work. Limits of that sort can only be a good thing.
Security Long-lived security holesIt is time, once again, to look at quick distributor response to security holes - or the lack thereof. We could start by poking fun at the distributors which have taken over a week to fix the latest kernel vulnerability - but we won't. The updates probably should have come out more quickly, but, in the end, it was a local denial-of-service vulnerability; it was not the top priority for a lot of administrators.Let's look, instead, at a fix that took a little longer. Red Hat, Fedora, and Whitebox recently sent out advisories for a buffer overrun in the libpng library; this problem could be exploited by way of a hostile image to run arbitrary code on a victim's system. These distributors are thus running just a little behind Debian, which sent out its advisory on December 19, 2002. In fact, Red Hat had issued an advisory as well. It just turns out that the problem had not actually been fixed. As a result, Red Hat users were vulnerable to attackers wielding evil PNG images for over two years. This is not the quick response time that is a source of such pride for the free software community. Of course, one should note that, as far as anybody can tell, not a single Red Hat user suffered any sort of compromise as a result of this unfixed bug. It almost certainly could have remained unfixed for another two years without ill effect. Perhaps the world isn't quite as dangerous as we sometimes think. The truth of the matter is that our community finds (and fixes) dozens of vulnerabilities every year which are unlikely to ever be exploited. These fixes add to the load of already overworked system administrators and give ammunition to "alert counters" who like to claim that Linux is less secure than other operating systems. Perhaps it is time to come out and admit that many of the patches issued every year are not actually all that important. System administrators already prioritize updates as they come in. Remotely exploitable holes (should) get fixed in a hurry. Vulnerabilities like this week's aspell hole - a buffer overflow caused by words more than 256 bytes long - can be allowed to sit for a while. It would be nice if distributors could help out by explicitly noting the importance of every update. If the truly serious fixes came with a bright red flag, they might stand out from the noise and be applied more quickly. There are some obvious problems with this idea. Some truly serious vulnerabilities are not seen as such when they are originally fixed. In certain litigious countries, nobody wants to be exposed to lawsuits from users who were broken into by way of a "non-urgent" vulnerability. These issues would need to be addressed, but the fact remains: we are not necessarily helping ourselves by treating all updates as if they were equally important.
New vulnerabilities aspell: bounds checking problem
dhcp: buffer overflows
racoon: improper certificate validation
rlpr: format string vulnerability
sup: format string vulnerability
super: format string vulnerability
usermin: information disclosure and denial of service
www-sql: buffer overflow
Updated vulnerabilities Apache mod_proxy: denial of service
apache2: stack-based buffer overflow in ssl_util.c
Filename disclosure vulnerability in fam
flim: insecure file creation
gtkhtml: malformed messages cause crash
Horde-IMP: improper input validation
iproute: local denial of service
racoon: failure to verify signatures
racoon: denial of service vulnerability
kdelibs: cookie disclosure
kernel: symlink overflow in the iso9660 filessytem
kernel: denial of service
kernel-utils: setuid vulnerability
krb5: unauthorized root privileges
libpng, libpng3: buffer overflow
libxml2 - arbitrary code execution
logcheck: symlink vulnerability
mailman: password disclosure
mikmod: buffer overflow
mod_python: denial of service vulnerability
mozilla: multiple vulnerabilties
mpg321: format string vulnerability
MySQL: temporary file vulnerabilities
neon: buffer overflow
Nessus NASL scripting engine security issues
netpbm: insecure temporary files
openssh: timing attack leads to information disclosure
OpenSSL: denial of service vulnerabilities
postgresql buffer overflow in ODBC driver
python: buffer overflow
rsync remote file write attack
squid: buffer overflow
SquirrelMail cross site scripting vulnerabilities
Subversion: Remote heap overflow
sysstat: temporary file vulnerability
File overwrite vulnerability in tar and unzip
tcpdump: ISAKMP payload handling denial-of-service vulnerabilities
Multiple vendor telnetd vulnerability
tripwire format string vulnerability
webmin: denial of service
XChat 2.0.x SOCKS5 Vulnerability
xine-ui - insecure temporary file creation
Events ESORICS 2004The 9th European Symposium on Research in Computer Security is happening September 13 to 15 in Sophia Antipolis, France. The preliminary program has been posted; click below for the details.
RAID 2004The Seventh International Symposium on Recent Advances in Intrusion Detection is scheduled for September 15 to 17 in Sopia Antipolis, France, immediately after ESORICS 2004. Speakers include Bruce Schneier; click below for the program.
Usenix Security SymposiumRegistration is now open for the Usenix Security Symposium, happening in San Diego on August 9 to 13.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 kernel is 2.6.7; the first 2.6.8 prepatch has not yet been released as of this writing. There is, however, a large pile of patches in Linus's BitKeeper tree, including support for new Apple PowerBooks, more sparse annotations, some netfilter improvements, some kbuild work, a new wait_event_interruptible_exclusive() macro, support for the O_NOATIME flag in the open() call, sysfs knobs for tuning the CFQ I/O scheduler, mirroring and snapshot targets for the device mapper, the removal of the PC9800 subarchitecture, reiserfs data=journal support, preemptible kernel support for the PPC64 architecture, and many fixes and updates.The current prepatch from Andrew Morton is 2.6.7-mm1; recent additions to -mm include a new knob for controlling how aggressively the system reclaims VFS caches when memory gets tight, a memory allocation tweak to improve DMA segment merging (see below), and various fixes. The current 2.4 prepatch is 2.4.27-rc1, which was released by Marcelo on June 19. Only a small number of fixes have gone in since the last prepatch. Now is the time for those interested in a stable 2.4.27 release to do some testing.
Kernel development news A handful of DMA topicsThe generic DMA layer provides a way for device drivers to allocate and work with direct memory access regions without regard for how the underlying hardware does things. This interface works well, for the most part, but, as with the rest of the kernel, occasional issues come up. Here's a few that were discussed over the last week.Many devices can perform full 64-bit DMA operations. This capability is nice on large-memory systems, but working with larger addresses can also bring a performance penalty. As a way of helping drivers pick the optimal size for DMA address descriptors, James Bottomley has proposed the creation of a new function called dma_get_required_mask(). The current API already has dma_set_mask(), which tells the kernel about the range of DMA addresses the device can access. The new function would be called after an invocation of dma_set_mask(); it would return a new bitmask describing what the platform sees as the optimal set of DMA addresses, taking the device's original DMA mask into account. If the specific hardware situation does not require the use of larger addresses, the platform can suggest using the faster, 32-bit mode even when the device can handle larger addresses. The driver can then use that advice to set a new mask describing what it will actually use. The "scatterlist" mechanism is another part of the DMA subsystem; it allows drivers to set up scatter/gather I/O, where the buffer to be transferred is split into multiple, distinct chunks of memory. Scatter/gather is useful in a number of situations, including network packets (which are assembled from multiple chunks), the readv() and writev() system calls, and for I/O directly to or from user-space buffers, which can be spread out in physical memory. The mapping functions for scatter/gather I/O will coalesce pieces of the buffer which turn out to be physically adjacent in memory. In practice, that has turned out not to happen very often; one recent report showed that, out of approximately 32,000 segments, all of 40 had been merged in this manner. It turns out, however, that the Linux memory allocator is not helping the situation. When the allocator breaks up a large block of pages to satisfy smaller requests (a frequent occurrence), it returns the highest page in the block. A series of allocations will, thus, obtain pages in descending order. If those pages are assembled into an I/O buffer, each page will need to be a separate segment in a scatter/gather operation, since the reverse-allocated pages cannot be merged. William Lee Irwin put together a patch which causes the allocator to hand out pages from the bottom of a block instead of the top. With this patch applied, the merge rate in this particular test went up to over 55%. Larger segments lead to faster I/O setup and execution, which is a good thing. Sometimes a tiny patch can make a big difference, once you know where the problem is. Meanwhile, Ian Molton turned up a different sort of problem. Some types of interfaces have their own onboard memory. This memory is, often, accessible to the CPU, and it can be used by devices attached to the interface for DMA operations. But that memory is not part of the regular system RAM, and it typically does not show up in the system memory map. As a result, the generic DMA functions will not make use of this memory when allocating DMA buffers. It would be nice to be able to make use of this memory, however. It is there, and it can be used to offload some DMA buffers from main memory. On some systems, it may be the only memory which is usable for DMA operations to certain devices. The DMA API has even been set up with this sort of memory in mind; it can handle cases where, for example, the memory in question has a different address from the device's point of view than it does for the processor. It would seem that the addition of an architecture-specific module to the DMA API could enable such memory to be allocated on platforms which have it, when the DMA target is a device which can make use of it. The biggest problem would appear to be that this sort of remote memory is not part of the system's memory map, and, thus, there is no struct page structure which describes it. The lack of a page structure makes certain macros fail. It also completely breaks any driver which tries to map the buffer into user space via the nopage() VMA operation. And, it turns out, drivers really do that; the ALSA subsystem, for example, maps buffers to user space in this manner. Once a problem is identified, it can usually be fixed. The right approach in this case would appear to be a combination of two things. The first is to simply fix any bad assumptions in drivers with regard to how they can treat DMA buffers. If the driver expects that a page structure exists for a DMA buffer, it is broken and simply needs to be fixed. The second part is to provide an architecture-independent way for device drivers to map DMA buffers into user space. To that end, Russell King has proposed yet another DMA API function:
int dma_map_coherent(struct device *dev,
struct vm_area_struct *vma,
void *cpu_addr,
dma_addr_t handle,
size_t size);
This function would take the given mapped DMA buffer (as described by cpu_addr and handle) and map it into the requested VMA. Device drivers could use this function to make a buffer available to user space, and would be able to discard their existing nopage() methods. The new interface would thus simplify things, though it does still leave a reference counting problem on the driver side of things: freeing the DMA buffer before user space has unmapped it would be a big mistake.
Separating kernel source and object filesThe build process in recent 2.6 kernels allows for the separation of source and object trees. If a kernel build is started with the O= option, the resulting object files (and other built files) will go into the directory specified, rather than being mixed in with the source. Some developers find this way of doing things easier to manage, especially if the same source tree is being used to build kernels for multiple architectures or with multiple sets of configuration options.One distributor (SUSE) has begun shipping kernels which have been built in this manner. The difference has gone unnoticed by almost all users, but one vendor of proprietary modules recently posted a strong message accusing SUSE of forking the kernel. The specific issue is that this vendor's modules would no longer build with SUSE's kernels, and that problem turned out to be a result of the separated source and object trees. When a kernel's modules are installed under /lib, a symbolic link called build is made pointing to the source tree. This link is used by the external module build process to find kernel headers, configuration files, and needed object files. When SUSE adopted the separate object directory, it redirected the build link to point to that directory, rather than to the original source. That is, after all, where many of the necessary files will be found. Unfortunately for this particular vendor, their modules needed some other files which are only found in the source tree. When the build link was directed elsewhere, those modules would no longer compile. The fix was relatively straightforward, but this situation forced a new discussion on how the build system should work when separate object directories are in use. The result is a new patch from Sam Ravnborg which nails down how these links should work. With this patch (not merged as of this writing), the build link would always point to the object directory. Doing things this way allows most external modules to continue to build without changes. A new link (source) will be added to point to the source directory when needed. And a small, special-purpose makefile is placed in the object directory; its job is to bridge the gap between the two trees and make most external module builds work with no changes required.
Reworking the wireless extensionsTwo weeks ago this page covered the launch of a new wireless networking effort. The scope of this effort now seems to be expanding to a redesign of the "wireless extensions" portion of the network stack. This code handles wireless network interfaces, and, in particular, provides a set of functions to user space for the control of those interfaces. Scott Feldman has posted an initial set of objectives for a wireless extensions rework.Much of what is being proposed is uncontroversial. There has been some disagreement, however, over proposed changes to the "iw_handler" interface. This interface is the mechanism by which wireless adapter drivers respond to ioctl() calls from user space. Each driver registers a set of functions, one for each of the command codes supported by the wireless extensions. The mechanism used is different from what is seen in other parts of the kernel, however; a wireless interface driver fills in a simple array of function pointers and passes that to the core. The array is indexed by the ioctl() command code, and the proper function is called. The problem with this interface is that it defeats the compiler's normal type checking. All wireless extension handler functions must have the same prototype, and there is no real way to tell if the right one is being called. As a way of improving the code base, Jeff Garzik would like to replace the iw_handler array with a structure full of specific, named function pointers - the same mechanism which is used in the rest of the kernel. Initially, all of these functions would keep the current iw_handler prototype, but, over time, each function would be migrated over to taking exactly the arguments it needs. Nobody disputes that the new interface would be cleaner. Jean Tourrilhes, the designer of the wireless extensions, has an objection, however: changing this interface would break backward compatibility. Jean does not like this idea:
The wireless extension has remained backward compatible over almost
8 years, while tremendously improving and adding new features. And
I believe that moving forward, the price of keeping backward
compatibility is small, as you can see from my patch.
It's possible. It's not difficult. Breaking backward compatibility is not a design goal. Jean proposes, instead, to create a wrapper layer around the existing interface, thus avoiding breaking any out-of-tree drivers. Jeff, however, would rather get rid of the old interface entirely, since he sees it as dangerous.
We want to design driver interfaces that make it tough for the
driver writer to screw up. Excluding yourself, myself, and others
on this list, I think we all know that driver writers can't code
their way out of a paper bag. A properly designed interface lets
the compiler flag incorrect code at the first possible opportunity.
The other relevant point is that Jeff, like most kernel developers, does not see backward compatibility of internal interfaces as an important goal. Interfaces need to be able to change, and the developers can't be held back by the prospect of breaking out-of-tree drivers. As a result, the wireless extensions changes are quite likely to happen - though, perhaps, not until 2.7.
Debugging kernel modulesLinus is famously against the use of interactive debuggers on the kernel, but many developers use them anyway. Debugging a running kernel is a little harder than working with a typical application, but it can be done in a couple of ways. It is relatively easy to query kernel data structures in the current running kernel by running gdb with /proc/kcore as the "core" file. More extensive debugging, allowing the use of breakpoints and such, can be done by using gdb on a remote machine and controlling the target via a serial line or a network interface. The -mm tree contains the necessary patches for using gdb in this mode for a few architectures.One limitation with using gdb this way is that it can't be used to work with loadable modules. The debugger can query the memory used by loadable modules, set breakpoints there, etc. The problem is that it does not know what addresses get assigned to functions and variables when a module is loaded. Those addresses, obviously, are not in the core kernel executable, and there is no real way to find them at run time. The developer can thus work by typing in hex addresses directly, but that gets tiresome fairly quickly. Your editor was recently finishing out the debugging chapter for Linux Device Drivers, Third Edition (which is getting closer to ready - honest) when he ran up against the loadable module problem. The kernel knows where all of the symbols go when it loads a module; it really seemed like it should be possible to communicate that information to a debugger. A bit of digging revealed that, in fact, the relevant information gets dropped once the module gets loaded. So it was time for a fix. Like any other ELF executable, a loadable module is divided up into several sections. The section called .text contains (most of) the module code itself; .data and .bss contain most of the variables. The module loader looks at all of the sections and lays them out sequentially in (vmalloc) memory; after relocating symbols it forgets about where the sections went. If the positions of the sections could be recovered, however, they could be passed to gdb in the same add-symbol-file command which tells the debugger about the module code. The section offsets are all that gdb needs to figure out where the module's variables live. Your editor, rather than tell LDD3 readers that symbolic debugging of kernel modules was impossible, chose to do a little hacking. The result was this patch, which hangs a new kobject onto each loadable module and populates it with a set of attributes containing the section offsets. Those attributes will show up under /sys/module. Thus, for example, after module foo is loaded, /sys/module/foo/sections/.data will contain the beginning of the .data section. The foo developer can then fire up gdb and, after connecting to the target kernel, use the section offset information to issue a command like:
add-symbol-file /path/to/module 0xd081d000 \ # .text
-s .data 0xd08232c0 \
-s .bss 0xd0823e20
Thereafter, debugging the module is just like debugging the rest of the kernel. There is a little script (included with the patch) which generates the add-symbol-file command, reducing the operation to a simple cut-and-paste. The patch has been merged into Linus's BitKeeper tree, and will be part of 2.6.8.
Patches and updates Kernel trees
Build system
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Page editor: Jonathan Corbet Distributions News and Editorials A First Look at Asianux 1.0When Asianux was first announced in January 2004, it raised the eyebrows of those Linux users who have to deal with the many complex writing systems found across the culturally rich Asian continent. Will we finally have a distribution that solves all the headaches associated with reading, inputting, mixing, and printing Asian characters in documents? Will Asianux become a standard distribution throughout Asia? We downloaded and installed the newly released Asianux 1.0 in search for answers to these and other questions.First a little background. Asianux is a joint collaborative project by Japan's Miracle Linux and China's Red Flag Linux. Miracle Linux is a well-established server oriented distribution, essentially a Red Hat Enterprise Linux pre-configured for certain specific tasks (e.g. database, cluster, backup, etc.), and sold as complete sets. Some of these sets are not cheap - as an example, a standard Miracle Linux 2.1 together with Oracle 9i sells for an equivalent of $2,450 per seat. On the other hand, Red Flag Linux has historically been focusing on the desktop with an attempt to create a very Windows-like user interface and configuration utilities, thus easing the migration of computer users to Linux. Although Red Flag is a well-known Linux distribution, reports from China indicate that most Chinese users prefer Fedora or Mandrakelinux rather than any of the domestically developed products. Asianux is designed as a base server platform, not dissimilar from the now-defunct United Linux. Each vendor takes the common base and customizes it to serve a certain purpose, then ads localization features depending on the vendor's sphere of influence. Thus, while Asianux is a usable and installable distribution in its own right, it will also serve as a base for the upcoming Red Flag Linux 4.1 and Miracle Linux 3.0. The influence of each of the two vendors is apparent - Asianux inherits Miracle's strong bias towards server use (you won't find any office suites, multimedia or graphics software in Asianux 1.0) and Red Flag's KDE modifications (e.g Konqueror includes a very Windows-like Control Panel module and many configuration utilities strongly resembling those present in Microsoft Windows; see screenshot). Yes, despite being designed for server use, Asianux ships with XFree86 and KDE. The installer is a simplified Anaconda. However, unlike Red Hat's original Anaconda, the number of available languages during installation and for later use is limited to three: simplified Chinese, English and Japanese. This was the first disappointing aspect of the distribution - the term "Asianux" somehow implies that it is intended to be a pan-Asian project supporting, at the very least, the most widely-used Asian languages. Even worse, there is no easy way to change the language after installation. When choosing to install the distribution in simplified Chinese, the system was ready for Chinese input immediately after install; however, when choosing Japanese, it required further command line tweaking by following instructions in the release notes before one could start typing text in Japanese. Interestingly, looking through the RPM package list it would seem that Asianux also supports Korean, although the release notes make no mention of the fact and they don't provide instructions for setting up a Korean desktop. Traditional Chinese, used in Taiwan and Hong Kong, where many people would struggle to read the simplified Chinese character set, is absent from the distribution, and so are all other Asian languages. There was further disappointment when examining the security features of the distribution. Firstly, the simplified Anaconda installer is missing the "Add Users" screen, so the only user created during installation is root. Of course, it is easy enough to add new users to the system, but one has to question the wisdom of creating an entire user infrastructure for the root user, including a "My Documents" folder and an easy root login without any warnings. This is obviously a "feature" by Red Flag, which has been known for trying to emulate Windows to the extent that it even removes some of the inherent security aspects from its Linux distribution. No wonder that the Red Flag Linux web site is hosted on a server running Red Hat Linux, rather than the company's own distribution! Another worrying factor is the lack of any package update tool. Red Hat's up2date is not included in the distribution and there seems to be no repository designed to provide security updates for Asianux. Perhaps the distribution itself is not meant to be a standalone product and those interested in deploying it should use one of the products based on Asianux, be it Red Flag Linux or Miracle Linux. If this is the case, the Asianux web site, which, incidentally, is entirely in English, does not make it very clear. Other than the above peculiarities and the reduced number of available applications, Asianux seems to differ little from Red Hat Linux 9. This poses an interesting question - why would any user choose Asianux over Red Hat Linux or any other well-established distribution? The Asianux development team provides very few innovations of its own, with the only exception being the above-mentioned addition of graphical configuration utilities strongly resembling the Control Panel found in Microsoft Windows. A questionable value, some would say, especially for a distribution designed for server use. Nevertheless, the idea behind Asianux is sound. What the product needs now is broader support by Linux vendors from across the region; it would certainly benefit the project if the likes of Korea's Hancom Linux and Hong Kong-based ThizLinux joined the development. Hancom Linux has emerged as the dominant Linux player in Korea with extensive effort at "Koreanization" of KDE and other applications. ThizLinux has evolved as one of the most significant Linux development companies in Greater China, with expertise in both simplified and traditional Chinese character sets (including Cantonese), Chinese input methods and printing. Another Asian country with substantial Linux development drive is Thailand, and even less developed countries of the region, such as Vietnam or Mongolia, have their own internationalization projects and Linux development communities. Once all these vendors and communities get together and establish an efficient working group, perhaps we could see Asianux as a significant Linux player in Asia, able to compete with Red Hat, which enjoys strong brand recognition in the region, and with the newly revived Turbolinux currently making strong gains in Japan and China. A foundation has been laid. All that needs to be done now is to persevere in building upon it.
Distribution News Gentoo Weekly NewsletterThe June 21 Gentoo Weekly Newsletter is out; this issue looks at the Wasabi 0.2 release, and, among other things, contains a call for new kernel developers for the Gentoo project.
New Distributions Announce: HOACD 1.0 (bootable OpenBSD + honeyd CD)HOACD (Honeyd+OpenBSD+Arpd) is a live CD system which is intended for setting up honeypots; it performs logging to a local hard disk. The version 1.0 release is available now; click below for the details.
Minor distribution updates 2-Disk Xwindow embedded Linux2-Disk Xwindow embedded Linux has released source code v1.2.12. "Changes: The zlib dependencies, maplay, and the intitial font hack were removed. SSL suport was removed from the desktop system, and many other superfluous files were removed. busybox was upgraded. The fbdev code was reintegrated with kdrive. Font changes were made. The init scripts were modified and optimized for the upcoming 1disk 386 version. A .config file was added for kernel 2.4.26. Improvements in kernel VM paging were added. Xlib was integrated into desktop. Documentation updates were made."
AGNULA/DeMuDi 1.2.0-beta1 is out!Version 1.2.0-beta1 of the AGNULA/DeMuDi music distribution has been announced. "This version is the second beta of the 1.2.0 series, which sports tighter integration with Debian, using the Sarge Debian Installer and the CDD (Custom Debian Distributions) framework."
Ark LinuxArk Linux 1.0 Alpha 12.1 is out. The release notes can be found here.
Cobind DesktopCobind Desktop 2.0 (beta) has been released. This release includes a new software management program, mplayer, K3B, and other improvements.
CRUXCRUX has released v2.0 with major feature enhancements. "Changes: This release features the 2.6 kernel, Glibc 2.3.3 with NPTL, GCC 3.3.3, and X.org's X11 6.7.0."
DeLi LinuxDeLi Linux has released v0.6 with major feature enhancements. "Changes: A new "graphic" deliinstall, a new network and PPP install floppy disk, and enhanced delisetup."
LinuxDefenderLinuxDefender has released v1.5.6 with major feature enhancements. "Changes: This release adds BitDefender SMTP Proxy 1.5.6 with antispam, kernel 2.6.1, BitDefender Remote Admin 1.5.6, and GNOME Desktop."
Linux LiveCD RouterLinux LiveCD Router has released v1.9.5 with minor feature enhancements. "Changes: The new default language is English. A new version of linux-wlan-ng 0.2.1-pre21 for Prism2 wifi cards is included. USB webcam driver support was added, including ov511, ov51x, nw802, spca5xx, philips, pencam, and more. Hotspot, Samba, and webcam server documentation was added."
LormaLinux 5 RC1 releasedLormaLINUX 5 RC1 has been released. "Based on Fedora Core 2 and optimized for i686 architecture and above, Lormalinux 5 features extremely simple installation for Education and Workstation users on just one CD!"
Recovery Is Possible!RIP has released v9.5. "Changes: The kernel and some of the software were updated. There's a way to install and boot the system, from a USB flash/pen drive, under Linux or Windows XP."
Skolelinux 1.0 releasedSkolelinux, a Debian-based distribution aimed at deployment in public schools, has announced its 1.0 release. "Skolelinux v1.0 is the first stable version, after more than three years of development. 47 test candidates and 3 prereleases have been released, and more than 93 Norwegian schools have registered as test schools -- with a surge the last few months. Recent changes include improved installer support, better hardware detection, a Java J2RE upgrade, and more. (Thanks to Tom Simonsen).
System-Down::RescueSystem-Down::Rescue has released v1.0pre7 with minor feature enhancements. "Changes: The kernel has been upgraded to 2.4.25, and the glibc libraries were upgraded to 2.3.2. The system architecture is now fully modular. There are new modules with new useful tools, for example, tools for system recovery, network analysis, some network servers (ftp, ssh), and PCMCIA support. Support for the ClamAV Anti Virus toolkit was added. The boot sequence has been redesigned, both in the scripts and in the graphics."
White Box LinuxWhite Box Linux has released v3.0 Respin 1 with minor feature enhancements. "Changes: This version included all errata released by Red Hat through May 31, 2004, an x86_64 port, and an FC2 Up2date ported in for transparent mirror support. rhn-applet was fixed and added to the default install. 3rd party package repo support was improved, and Tora was linked against Oracle 10g and MySQL."
Distribution reviews Linux Lite: Cobind and the Simpler Life (OSNews)OSNews checks out the new Cobind Desktop beta. "The surprising thing has been just how much of a pleasure Cobind is to use. Most things snap to the screen. The software feels modern and smoothly integrated. I haven't had this much fun with a new distribution in a long time. For just a second version (with first only a month or two old), Cobind is remarkably stable and polished."
Xandros Desktop OS 2.0 (UnixReview.com)UnixReview.com reviews Xandros Desktop OS 2.0. "Xandros was extremely easy to install, configure, and use. The whole effect is completely different from the first version of Linux I put on my computer several years ago--and different, even, from the version of Linux I put on my computer 18 months ago. Of the three versions I've reviewed recently, Xandros does the best job of steering the user away from the classic Linux complexity, showcasing the most useful open source tools, and keeping the experience intuitive and easy."
Page editor: Forrest Cook Development The New Age of ProgrammingA long time ago in a Galaxy far, far away I was a programmer by profession. This was in the days of Mainframe COBOL programs. Over the years I have gradually found myself becoming a Systems Administrator. While I do less "real" programming now, I have picked up a number of different languages like perl, php, shell, C/C++, etc. Recently I have found myself thinking about the differences in programming languages and it seems to me that there are two basic kind of languages. For lack of better terms I'll call them "Standards Based" and "Internet Based". These two branches have some interesting differences that might not be apparent at first glance.What do I mean by Standards Based languages? These are languages that are generally defined by ISO standards committees. For the purpose of this piece we'll consider the following languages to be in this category: Ada, C, C++, COBOL, Pascal and SmallTalk. As for Internet Based languages, we'll use Java, Perl, PHP, Python, Ruby and Tcl/Tk. So what is the significant differences between these two camps? What are the advantages and disadvantages of using one or the other? One of the advantages of the Internet Based languages is the fact that they are languages that have grown up and proliferated on the Internet. Being designed and built to work in the online world, they can easily do things that other languages can't, or must be shoehorned into doing. Even though C and C++ are quite capable of dealing with the 'Net, they aren't as at home as, say, Java. With the Internet Based languages you can develop and implement a system or application in a much easier fashion than with the others. The developers of these languages also had the advantage of being able to learn from the older languages, making what had previously been difficult much simpler. There are also some down sides to the Internet Based languages. The most noticeable one is, ironically enough, one of their considered strengths; the speed with which they evolve. The language definitions for PHP, Python, Ruby and even Perl and Java are done at light speed. It's lucky if a language lasts for a few years before being massively updated. While this is fun for developers doing small, cutting-edge work and those doing R&D, it's not so good if you need to build an application for a large production system. I've been involved with a massive online system that's been built in Java. The application works fine, but the amount of work that the developers have to do to maintain and enhance it with older versions of Java is not insignificant. With the older languages there's much more long-term stability. You don't find major changes in the language definitions happening at such a fast pace. A program written in Ada or C++ twenty years ago will still compile and run on today's platforms. These languages are not stagnant, however. The current C standard is C99 and it may surprise you to know that the most up to date language is COBOL with the current standard dated 2002. Standards Based languages, by definition, are standardized and stable. This does make for slow adaptation to changes in the IT/IS world, such as the development of WiFi and other new technologies. This adaptability/stability aspect is, as I said earlier, both an advantage and a disadvantage for each of the different models of languages. Programming languages are tools. Different languages have their own strengths and weaknesses. Most seasoned developers have an idea of these issues. However, the speed of a language's evolution is often an overlooked aspect. Sometimes, slow and steady is better than fast and new.
System Applications Audio Projects Planet CCRMA ChangesThe latest changes from the Planet CCRMA audio utility packaging project include updated versions of Libsndfile, Specimen, Blop, and the addition of apt and configuration file links for Fedora Core 2.
Database Software Glom 0.8.3 announcedVersion 0.8.3 of Glom, a database table definition GUI, is out. This release features bug fixes, improved documentation, and an updated German translation.
PostgreSQL Weekly NewsThe PostgreSQL Weekly News for June 22, 2004 has been published. "With 7.4.3 now out the door, all eyes have really turned to finishing up 7.5 development. The biggest progress in that regard was the committing of the long awaited tablespaces patch."
PyORQ 0.1 releasedVersion 0.1 of PyORQ, a Python Object-Relational binding, is out."With PyORQ you can use Python expressions to write queries which are automatically translated into SQL and executed by the backend. This leverages the search capabilities of RDBMSs in an object-oriented programming environment. PyORQ 0.1 is a technology demo. It's purpose is to demonstrate the possibility to translate python expressions into SQL queries and to solicit feedback on this approach and its implementation".
ZODB 3.2.2 (final) releasedVersion 3.2.2 (final) of ZODB is available. "As promised with the ZODB 3.2.2b1 release last week, the tests for the unsupported Berkeley-based storages are now disabled in 3.2.2. In addition, a small but critical bug in FileStorage.restore() was identified and repaired. This bug didn't affect the Zope core, but is critical for sites running ZRS."
Mail Software bogofilter 0.91.4 released (SourceForge)Version 0.91.4 of bogofilter has been announced. "This release fixes a minor bug that could result in an "err: 17, File exists" message. The bogofilter package implements a fast Bayesian spam filter as suggested by Paul Graham in "A Plan For Spam"."
milter-bcc/0.2 (alpha) is availableThe 0.2 alpha release of milter-bcc is out. "This is a Sendmail utility milter that can add to the recipient list of any inbound and/or outbound message one or more blind-carbon-copy recipients (Bcc) depending on the MAIL FROM: and/or RCPT TO: addresses for any given message. This is particularly useful for mail hosts that manage several domains, such as an ISP."
Sendmail 8.13.0 releasedVersion 8.13.0 of Sendmail has been announced. New features include the ability to query maps via tcp/ip sockets, connection rate control, LDAP enhancements, message quarantining, support for certificate revocation lists, experimental MTAMark support, and more. See the release notes for more information.
Printing LinuxPrinting.org newsThe latest news from LinuxPrinting.org includes the release of version 3.0.1 of the Foomatic printer database, and the release of a number of Okidata PPDs under the GPL. On Foomatic 3.0.1: "Most important new features are: CUPS drivers can be used with any spooler, better compatibility of the PPDs to the Adobe specifications and to Windows, better PJL support, workaround for bug in OpenOffice.org 1.1, LPRng improvements, clean-up of Perl scripts, enhancements on *BSD compatibility."
Security Filtering IDS Packets (O'Reilly)Don Parker explains how to filter network packets on O'Reilly. "Anyone who has worked with an intrusion detection system knows that it can produce an enormous amount of data. For many network security analysts this vast ocean of packets flagged for further inspection quickly becomes an unruly beast to tame. How then to tame the beast?"
Web Site Development Project/Open 2.0Version 2.0 of Project/Open has been announced. "Project/Open is an open-source web-based "project resource planning" system (Project-ERP) with project rooms and tools for managing clients, invoices, time and cost. It is designed for companies in the consulting, advertizing and translation sectors."
Quixote 1.0c1 releasedVersion 1.0c1 of the Quixote web development platform has been released. The changes include bug fixes and more.
Miscellaneous POE 0.29 Released (use Perl)Version 0.29 of POE, A Perl-based networking and multitasking framework, has been announced. "POE 0.29 is released after three months and hundreds of human-hours of hard work. Thanks go out to everyone who helped make it possible. This release includes a substantial performance increase in I/O intensive programs. It improves portability to Solaris, Windows, and Mac OS X."
Announcing Wasabi 0.2Version 0.2 of Wasabi, a log file monitoring application, has been released. Changes include support for multiple files, performance improvements, improved signal handling, and lots more.
Desktop Applications Audio Applications Muine 0.6.3 is availableVersion 0.6.3 of Muine, a music playing application, is available. "This release works with mono beta 3."
CAD Sixteenth release of PythonCAD now availablePythonCAD release sixteenth is out. "Due to packaging problems in the fifteenth release, and a code snafu the bit the Cocoa interface, I'm releasing the sixteenth version of PythonCAD. The missing Cocoa files have been added, and a patch addressing the Layer problems on Cocoa have been applied."
Electronics XCircuit 3.2.22 releasedVersion 3.2.22 of XCircuit, an electronic schematic drawing application, is available. This version adds a new tcl parameter selection mechanism.
Financial Applications KMyMoney 0.6 releasedKDE.News announces the availability of KMyMoney 0.6. This version supports double-entry accounting, multiple account types, a new XML file format, and more.
SiGeFi 0.1.1 releasedVersion 0.1.1 of SiGeFi is out. "SiGeFi is a Financial Management System, with focus in the needs of the administration of the money in each personal life and house. It's written in Python/Tkinter, so it'll run in every system that supports Python."
Games Exult Version 1.2 released (SourceForge)Exult Version 1.2 has been announced. "After two years of development, we are pleased to Version 1.2 of Exult, the multi-platform engine for playing the classic game Ultima 7. This release contains many bug fixes and gameplay enhancements."
gnome-games 2.6.2 releasedStable version 2.6.2 of gnome-games is available with backported bug fixes.
Spineless game engine 0.0.1Version 0.0.1 of the Spineless game engine has been announced. "Spineless is a generic 3D game engine implemented in Python with C++ optimizations. Focus is on clean design and ease of use, not pure speed. It is still very incomplete and not really useful yet for serious use, but I would appreciate feedback, comments and suggestions."
WoodPusher 0.1 releasedVersion 0.1 of WoodPusher, a chess application written in C# under Mono, is out. This is the initial release.
GUI Packages New FLTK softwareThe latest new software for FLTK,The Fast Light Toolkit, includes SPTK 2.2 beta 2, vtkFLTK 0.6.0, and Table 040621.
gtkglextmm 1.1.0 is outUnstable version 1.1.0 of gtkglextmm is available. "gtkglextmm is C++ wrapper for GtkGLExt, OpenGL Extension to GTK. C++ programmers can use it to write GTK+-based OpenGL applications using gtkmm 2."
gtkmm and glibmm 2.4.3 are availableVersion 2.4.3 of gtkmm and glibmm are out with minor improvements. "gtkmm provides a C++ interface to GTK+. gtkmm 2.4 wraps additional API in GTK+ 2.4. gtkmm 2.4 installs in parallel with gtkmm 2.2, so you can have both installed at the same time. glibmm is now a separate module, for use in non-GUI software."
LTK 0.8 releasedVersion 0.8 of LTK, the Lisp ToolKit, is out. "LTK (The Lisp Toolkit) is a portable "Common Lisp binding for the Tk graphics toolkit". Unlike other similar bindings, LTK provides a high level interface and does not require any knowledge of Tk."
Imaging Applications ImageProcess 0.4 releasedVersion 0.4 of ImageProcess, a cross-platform image processing tool, is available. New features include remote processing, undo/redo, and a toolbar.
Interoperability Wine 20040615 releasedRelease 20040615 of Wine has been announced. Changes include a major winedbg rewrite, a new Wine preloader, audio support improvements, and bug fixes.
Wine TrafficThe June 18, 2004 edition of Wine Traffic has been published. Take a look for the latest Wine project news.
Music Applications BLOP LADSPA Plugins 0.2.8Version 0.2.8 of the BLOP LADSPA Plugins are out. "After way too long, a new release of the BLOP LADSPA Plugin set. Orginally named Bandlimited LADSPA Oscillator Plugins, but there's more than oscillators... they're more useful in a modular host, such as Spiral Synth Modular, gAlan, Alsa Modular Synth etc."
gmorgan 0.23 releasedVersion 0.23 of gmorgan, an organ synthesizer, is out. "This release is a bugfix version and solve compilation problems."
mcontrol 0.0.01 releasedVersion 0.0.01 of mcontrol has been released. "mcontrol is a ALSA MIDI sequencer client and brings the possibility to assign up to twelve "simultaneous" MIDI control messages for each controller in your MIDI keyboard (Modulation Wheel, Breath Controller, Foot Controller, Pitch Bend and After Touch)."
TAP-plugins 0.6.0 +moreVersion 0.6.0 of the TAP-plugins is available. The initial release of the TAP Reverb Editor is also out. New features include the TAP Fractal Doubler, the TAP Reflector, and the TAP Pink/Fractal Noise. Changes have been made to the reverb section as well.
News Readers Liferea 0.5.0 is outLiferea Version 0.5.0 is available with bug fixes, new translations, and more. "Liferea (Linux Feed Reader) is a fast, easy to use, and easy to install GNOME news aggregator for online news feeds. It supports a number of different feed formats including RSS/RDF, CDF, Atom, OCS, and OPML."
Office Suites OpenOffice.org 1.1.2 releasedOpenOffice 1.1.2 is out. "OpenOffice.org 1.1.2 introduces the FontOOo Autopilot, which downloads and installs fonts from various sources. In addition, this release provides improved support for dBase database files, additional language support, and improved XML export facilities." Click below for the details.
Web Browsers Galeon 1.2.14 "End of the Line" releasedVersion 1.2.14 of Galeon has been announced. "Well, after far too long, here's a new 1.2.x release to coincide with the Mozilla 1.7 release. It's also significant because I'm not planning to try and keep up with mozilla beyond 1.7. AA font support is no longer supported for gtk1 builds of mozilla 1.8, making it pretty clear that it's viewed as deprecated so this seems a good point to stop."
Mozilla 1.7 releasedMozilla 1.7 is out. New features include improved popup blocking, the ability to extract passwords from the password manager, numerous mail improvements, better performance, and more; see the "what's new" document for details.
Wireless Applications gnome-bluetooth 0.5.1 and libbtctl 0.4.1 are availableNew development releases of gnome-bluetooth and libbtctl are available. "gnome-bluetooth is a suite of tools for managing Bluetooth devices and sending/receiving data under the GNOME desktop. libbtctl is a GObject-based library for the Bluetooth and OBEX operations on Linux. It comes with Python and Mono language bindings."
Miscellaneous First release of gaminVersion 0.0.1 of Gamin is available. "Gamin is a file and directory monitoring system defined to be a subset of the FAM (File Alteration Monitor) system."
Hydrogen 1.0 releasedHydrogen 1.0 is out; click below for the details. Hydrogen is, perhaps, the first offshoot of the recently-freed Ximian Connector; this project, sponsored by Sun, enables Evolution to work with the Sun Java Enterprise System Calendar Server.
GNOME Phone Manager 0.3 development releaseDevelopment version 0.3 of GNOME Phone Manager is available. "Phone Manager allows you to send and receive text (SMS) messages from the desktop, connecting to your mobile phone via Bluetooth, serial or IrDA. It's finally here! A version of Phone Manager that works with the latest gnome-bluetooth code. This release is feature-wise exactly the same as the 0.2 release, but more or less completely rewritten underneath. The user interface is a bit rough, in particular."
xtopdf v1.0 announcedThe xtopdf project aims to provide a tool for conversion from various file formats into .pdf form. The current version can read plain text and .DBF files as input.
Languages and Tools Caml Caml Weekly NewsThe June 8-22, 2004 edition of the Caml Weekly News is available with another round of Caml language information.
Java Introduction to Jena (IBM developerWorks)Philip McCarthy introduces Jena on IBM's developerWorks. "RDF is increasingly recognized as an excellent choice for representing and processing semi-structured data. In this article, Web Developer Philip McCarthy shows you how to use the Jena Semantic Web Toolkit to exploit RDF data models in your Java applications."
Perl Perl's Special Variables (O'Reilly)Dave Cross shows how to work with Perl internal variables in an O'Reilly article. "One of the best ways to make your Perl code look more like ... well, like Perl code -- and not like C or BASIC or whatever you used before you were introduced to Perl -- is to get to know the internal variables that Perl uses to control various aspects of your program's execution. In this article we'll take a look at a number of variables that give you finer control over your file input and output."
This Week on perl5-porters (use Perl)The June 14-20, 2004 edition of This Week on perl5-porters is available with more Perl 5 news. "Maybe it's due to the conferences, but this week was a low-traffic one."
PHP PHP Weekly Summary for June 21, 2004The PHP Weekly Summary for June 21, 2004 is out. Topics include: Reflection API testers required - and php.net to go live with five!
Python Weave a neural net with Python (IBM developerWorks)Andrew L. Blais describes a Python-based neural network on IBM's devloperWorks. "Hot things cool, obviously. The house gets messy, frustratingly. In much the same way, messages are distorted. Short-term strategies for reversing these things include, respectively, reheating, cleaning, and the Hopfield net. This article introduces you to the last of these three, an algorithm that can, within certain parameters, undo noise. A very simple Python implementation, net.py, will show you how its basic parts fit together, and why a Hopfield net can sometimes retrieve a pattern from its distortion."
Python-dev SummaryThe May 1-31, 2004 python-dev Summary is available with a summary of the python-dev mailing list traffic.
Python-dev SummaryThe June 1-15, 2004 python-dev Summary is out with more Python language information.
Dr. Dobb's Python-URL!The June 21, 2004 edition of Dr. Dobb's Python-URL! is online with the latest Python language articles.
S SLgtk 0.5.9 and Vwhere 1.2.2 releasedNew versions of SLgtk and Vwhere are available. "The SLgtk package binds the Gtk2 and GtkExtra widget sets to the S-Lang scripting language (www.s-lang.org). SLgtk wraps more than 2200 functions from Gtk2 and its constituent libraries, includes over 4000 lines of sample code in 40+ working guilets, and bundles a code generator (SLIRP) which can be useful for building additional S-Lang modules."
Tcl/Tk Dr. Dobb's Tcl-URL!The June 22, 2004 edition of Dr. Dobb's Tcl-URL! is available with the latest Tcl/Tk article links.
Editors Conglomerate-0.7.14 ReleasedVersion 0.7.14 of Conglomerate, an XML editor, is available. "This is still an unstable release; there are still some known repeatable crash bugs. Please download it and test that no new bugs have been introduced!"
IDEs Eclipse 3.0 announcedA press release has gone out announcing the June 30 availability of the Eclipse 3.0 release. "With release 3.0, Eclipse now extends its sophisticated object-oriented development technologies to support a rich-client platform (RCP) that enables construction of desktop applications."
Java Development on Eclipse, Part 2 (O'ReillyNet)O'Reilly has published part two in a series about Java on Eclipse by Steve Holzner. "In this conclusion of a two-part series of excerpts from Eclipse, author Steve Holzner provides still more examples of how Eclipse makes it easier to create Java code from scratch. This week he covers creating Javadocs, refactoring, adding certain skills to your Eclipse toolbox, and customizing the development environment."
Miscellaneous Associative Array Usage in Python, Perl, and awk (Unix Review)Ed Schaefer explores associated arrays on Unix Review. "Associative arrays are a staple of Unix productivity tools, as well as the modern ksh-style shells, ksh, bash, zsh, etc. This month, Charles Leonard discusses associative array usage in Python, Perl, and Awk."
Code Improvement Through Cyclomatic Complexity (O'ReillyNet)Andrew Glover analyzes code by looking at its cyclomatic complexity on O'Reilly. "Overly complex code is dangerous, hard to maintain if not already buggy. But what do we mean by "complex"? The metric of cyclomatic complexity helps show where the most complex code is. As Andrew Glover illustrates, finding the complex code is also the first step to refactoring it."
Page editor: Forrest Cook Linux in the news Recommended Reading The Linux Killer (Wired)Wired is running a long article about SCO with an interesting emphasis on the history of the association between Darl McBride and Mike Anderer (who is the person who brokered the Microsoft license payments and BayStar investment). "At Silicon Stemcell, McBride and Anderer polished the strategy they'd repeat at SCO: turning intellectual property into a revenue stream. Anderer, McBride, and four managers who had served with them at Ikon's technology services division pooled their ideas for products, then attempted to patent them. It was 1999, and they were in the business vanguard, devising a new way to create wealth. Something as intangible as a claim to owning an idea, they realized, could be used to extract money from innovators in related fields. Even if Silicon Stemcell's patents weren't finalized, it might still be cheaper for startups to pay licensing fees to Anderer's group than to fight protracted legal battles. Silicon Stemcell wouldn't even have to create businesses, it could thrive just by collecting these fees."
INDUCE Act is Free Speech Killer (Copyfight)Here's a Copyfight column on Orrin Hatch's "INDUCE" act, apparently about to be introduced into the U.S. Senate. INDUCE stands for, believe it or not, "Inducement Devolves into Unlawful Child Exploitation Act of 2004," but the intent of the law is to penalize any "inducement" to copyright infringement. As noted in the column, this is a rather large expansion of copyright law which would doubtless be used against those who develop tools which might be used for copyright infringement, or, conceivably, even those who are simply critical of current copyright law.
Dutch Parliament Considers Revoking Support for Patent Directive (OSnews)OSnews is carrying a lengthy article describing the process that has led the Dutch government to reconsider its position on software patents in Europe. "The Dutch parliament will make a final decision about the position the Minister will take in September. A debate about this issue will take place at Thursday, the 24th of June, 19:45-20:45 CET... They may also decide to require the European Presidency to open a new voting procedure, which would completely reopen the case for all member states." (Thanks to Daniel Mantione).
Trade Shows and Conferences A Report from the 5th International Free Software Forum (Linux Journal)The Linux Journal reports from the International Free Software Forum in Brazil. "With a GDP of around 493 billion USD and a population of 170 million, Brazil boasts the world's 15th largest economy, but it also is rated among the worst when it comes to distribution of wealth.... At the same time, the country is paying out 1.2 billion USD every year in software licensing fees. It therefore is essential to find some way of keeping these resources within the country. This idea led José Dirceu, the chief of staff, to affirm that free software is a fundamental issue here."
The SCO Problem Notice this Notice? ~ by Dr Stupid (Groklaw)Groklaw tries to figure out whether Novell really sold the Unix copyrights by looking at the actions of the parties involved - and, in particular, what sort of copyright notices they put into the Unix code. "oldSCO's handling of the UnixWare source code in the years following the deal seem to me most consistent with those of a company that had obtained the right to freely derive from and sell products based on the code, but inconsistent with those of a company that had been granted, or believed they owned, the copyrights on that code."
"Every Step You Take, Every Move You Make, I'll Be Watching You" (Groklaw)Groklaw has the latest SCO filing in the DaimlerChrysler case - an affidavit from the company's "director of software licensing" William Broderick. "SCO had made good-faith attempts to contact over 750 of those licensees to secure assurances of their compliance with the terms of their licenses. If each licensee disregards the request or unilaterally determines that it may respond whenever it wants, SCO may have to spend extraordinary resources and potentially commence hundreds of court actions to enforce its rights. It would be impracticable and costly for SCO to have to sue each one to obtain basic assurances of performance."
Eyewitness Account of Blepp's Speech in Germany (Groklaw)Groklaw has an informal report from a speech made by SCO executive Gregory Blepp in Germany. "Someone needs to send Mr. Blepp the memo that mum's the new word at SCO. He spills the beans that SCO at the beginning just wanted IBM to pay them some millions for 'copyright infringement', and they are puzzled why that didn't happen."
Companies Nokia cash boosts Mozilla (News.com)News.com has posted an article on Nokia's funding for the Mozilla Minimo project. "Sources described the Nokia deal, inked last year, as a potential model for Mozilla's financial self-sufficiency. The group hopes to land more development grants to meet the needs of particular clients and at the same time make the resulting code freely available to all-comers. The foundation also plans to announce the corporate members of a technical advisory board in coming weeks."
Sun reveals tidbits of Solaris open source strategy (NewsForge)Sun Microsystems releases a few more details on its plan to release its Solaris operating system as open-source software, according to this article on NewsForge. "Bryan Cantrill, senior kernel engineer for Solaris, said that he's excited about his and his team's work going public. "Technically, this is not a problem to do this," he said. "I can assure you, the engineers in this room write some of the cleanest code in the entire world. We're proud to open it. We feel we were born to do this work. But I'm also sure we'll be revisiting a few comments in the code here and there -- I just thought of a particularly disparaging one I might have left in having to do with C++ unions," Cantrill said with a laugh."
Linux Adoption France Challenges Microsoft in Software Re-Fit (Reuters)Reuters reports that the French government is shopping for free software solutions. "Civil service minister Renaud Dutreil told Reuters France wanted to use 'open-source' software providers to resupply part of the almost one million state computers under a government cost-cutting drive designed to trim a bulging public deficit. 'We are not starting a war against Microsoft, or against American companies in the software sector,' Dutreil said in an interview. But he added that Microsoft 'must return to being one supplier to the state among others.'" Unfortunately, the story also says that open source software is "uncopyrighted."
Legal DMCA Foes Find Allies in House (Wired)Wired looks at a new bill that would soften the DMCA anti-piracy act. "If some in Congress get their way, you may soon be able to hack DVDs and CDs to get around copy protections and make as many copies of albums and movies as you want -- with no fear of the feds breaking down the door. A bill in the House of Representatives, HR107, would overturn a major provision of the controversial Digital Millennium Copyright Act of 1998, which bars consumers from circumventing encryption on digital media products, even if they only intend to make copies for personal use."
Tech heavies support challenge to copyright law (News.com)News.com reports that attempts to fix the DMCA are gaining some support. "But members of the nascent coalition, including Intel, Sun Microsystems, Verizon Communications, SBC, Qwest, Gateway and BellSouth, are lending their support to a proposal by Rep. Rick Boucher, D-Va., to rewrite that part of the DMCA. Boucher's bill says that descrambling utilities can be distributed, and copy protection can be circumvented as long as no copyright infringement is taking place."
Interviews The Hill's property rights showdown (News.com)News.com talks with Representative Rick Boucher about his DMCA reform attempt and other topics. "I think that our legislation has a good chance of being approved, at least in the House of Representatives, this year. I think that the major push for passage probably will come during the course of the next Congress. There has been a tremendous change in public perception with respect to the appropriate level of protection for intellectual property over the course of the years since the Digital Millennium Copyright Act was passed in 1998."
Novell: Fighting Microsoft's FUD machine (ZDNet)ZDNet talks with Novell managers David Patrick and Alan Murray. "The first big global deployment of desktop Linux will be Novell. We are moving 6000 employees over to Linux. By 1 August, everyone in the company is going to be on Open Office and then, by this autumn, roughly half the company will be on Linux and the rest we are finishing off as soon as possible after that."
Richard Stallman interviewed in La RepubblicaLa Repubblica is carrying an interview (in Italian) with Richard Stallman. Regarding software patents in Europe: "I don't know the motives, but I tell you: pay attention, don't make this mistake. Copyrights and software patents worsen the digital divide and concentrate wealth in the hands of the few." (editor's translation).
Interview with Jean Tourrilhes of HP (LinuxQuestions.org)LinuxQuestions.org interviews Jean Tourrilhes. "In an interview with LinuxQuestions.org, Jean Tourrilhes discusses how he first got introduced to Linux, OS zealotry, the origins of his famous Wireless How-to page, Linux on the desktop, the state of Linux wireless device driver support, the best and worst wireless chipset manufacturers, the biggest limitations of the current 802.11 implementations and his opinion on the emerging wireless networking standards."
Resources OO.org Off the Wall: Paragraph Styles, Part II (Linux Journal)Bruce Byfield continues his Linux Journal series on OpenOffice.org with part two. "So, you've chosen the fonts for your paragraph style and its positioning. What next? In many cases, nothing is next. Font and positioning choices are the basics of paragraph styles in OpenOffice.org Writer. Often, you need nothing more. But, when you do need more, Writer's paragraph styles have a grab bag of tricks waiting for you."
Putting together PDF files (NewsForge)Scott Nesbitt shows several ways to merge PDF files under Linux. "Sadly, Adobe hasn't deigned to put out a version of Acrobat for Linux, but there are a number of Linux utilities available that enable you to quickly and efficiently combine PDF files. This article looks at three command line utilities: Ghostscript, joinPDF, and pdfmeld. Each does a good job of combining PDF files, and they all pack some interesting features."
A fast, free distributed method for C/C++ compilation (developerWorks)developerWorks shows how to use distcc to speed up compilations. "Now, just having distcc on one machine is pointless; this won't really give us any benefit. I'm going to find three friends on my LAN who are running Linux and see if they're interested, since everyone who installs distcc can benefit from the 'pool.' It is also worth noting that apart from the version of gcc you are running, there doesn't need to be anything else common about the machines: they needn't share a filesystem, header files, or libraries, or even be running the same Linux kernel or distribution."
Reviews Eclipse readies 'rich client' software (News.com)News.com looks forward to the Eclipse 3.0 release. "Eclipse 3.0, which is freely available software aimed at Java programmers, includes tools for building and running so-called rich-client applications, which have more sophisticated graphics capabilities than standard Web browser-based applications."
Kommander Looks to Shake Up the Desktop (KDE.News)KDE.News has a review of Kommander. "So the answer to the question many of you may be asking, "What is Kommander?", really has to be answered from each perspective. A simplified technical description is that Kommander is two programs, an editor and an executor, that produce dialogs that you can execute."
Miscellaneous A Day in the Life of #Apache (O'ReillyNet)This O'ReillyNet article tries to answer the question on everybody's mind: should one be using Apache 1.3 or 2.0? "Most of the active Apache developers work on Apache 2.0. This means that, increasingly as time goes on, Apache 2.0 is likely to be the better product by greater margins. I expect that 1.3 will still be maintained for a long, long time. And there will always be security patches available for 1.3, as long as anyone is using it."
Backdoor program gets backdoored (SecurityFocus)SecurityFocus reports on the discovery of a "master password" in the Optix Pro backdoor program. "At least one security expert says there's a lesson to be learned from the whole affair. 'It obviously says you should always use open-source Trojans,' says Mark Loveless, a senior security analyst with Bindview Corporation. 'That's the moral. You can't even trust Windows malware.'" (Thanks to Rajesh Bhandari).
The BlueSpace wall display project (IBM developerWorks)Barry A. Feigenbaum describes the code behind the BlueSpace wall display on IBM's developerWorks. "The BlueSpace wall display is an exciting demonstration of the potential of multimedia development on the Java platform. In this project, first developed by the IBM Worldwide Accessibility Center in 2003 and presented this year at JavaOne, a large-scale, high-resolution visual screen is implemented as a grid of projected computer displays. The resulting display is infinitely malleable in size and form and has numerous multimedia and presentation capabilities. Regular developerWorks contributor and Worldwide Accessibility Center engineer Barry Feigenbaum summarizes the concept and implementation details behind this project, for which he was the development team leader."
The Importance of Being Linux (ABC)Here's a strange Dvorak column hosted on ABC News. "Other than Linux, all the other open-source projects move along at a rate best described as glacial. Even principals in the community are sometimes shocked at the slowness of open-source development. This probably is a function of how motivation and lack of fear work among open-source developers. Often they're motivated like hobbyists. And there is no fear to drive anyone to do anything -- no fear of getting fired or yelled at by a mean boss." That notwithstanding, it's actually a somewhat positive column.
Page editor: Forrest Cook Announcements Non-Commercial announcements OSDL: 22 Companies Now Contributing, Implementing or Supporting Carrier Grade LinuxThe Open Source Development Labs has announced a list of 22 companies that are supporting the development of its Carrier Grade Linux specifications. "The companies include Alcatel, Cisco, Comverse, Ericsson, Force Computers, Fujitsu, Hitachi, HP, IBM, Intel, MontaVista Software, NEC, Nokia, Novell, NTT Data Intellilink, NTT Group, Red Hat, Sun Microsystems, SuSE Linux AG, Timesys, TurboLinux and Wind River."
Commercial announcements IBM's supercomputer successesClick below for an IBM press release proclaiming its success in the cluster business. The company claims over 200 installed supercomputing systems, and 150 Linux clusters on the list of the top 500 computers worldwide.
Lindows gets into retailLindows has announced the opening of Sub500.com, a physical retail store in Toronto which will sell computers with Linspire preinstalled.
Red Hat's first quarter resultsHere's the press release from Red Hat on its first quarter results. Revenue was $42 million, yielding income of almost $11 million. Red Hat has just under $1 billion in the bank now.
New courses from Red Hat to support RHCARed Hat is setting itself up to launch a new level of certification, called the "Red Hat Certified Architect." To that end, the company has announced a new set of training courses for people with architect-level aspirations. They cover topics like network security, large organization systems administration, directory services, storage management, and more.
Skype for Linux BetaSkype Technologies has announced the availability of a beta version of its Internet telephony application for Linux. The application is propretary, but binaries can be freely downloaded.
TransGaming releases and renames WineX 4.0TransGaming has announced the availability of WineX 4.0, which is now able to run a wider range of Windows games under Linux. As of this release, WineX also has a new name: Cedega.
Resources Embedded Software Development with eCos Available OnlineAn online version of the book Embedded Software Development with eCos is available.
The LDP Weekly NewsThe LDP Weekly News for June 23, 2004 is out with the latest new documentation releases.
Contests and Awards Proposals for Incorporating Machine Learning in Mozilla Firefox (MozillaZine)Blake Ross is looking for ideas relating to machine learning and the Firefox browser. "I will be doing research this summer at Stanford with Professor Andrew Ng about how we can incorporate machine learning into Firefox. We're looking for ideas that will make Firefox 2.0 blow every other browser out of the water. People who come up with the best 3-5 ideas win Gmail accounts, and if we implement your idea you'll be acknowledged in both our paper and in Firefox credits."
Event Reports 1st European Lisp and Scheme Workshop material availableConference papers and other materials are available from the 1st European Lisp and Scheme Workshop, the event took place in Oslo, Norway on June 13.
Upcoming Events Linucon - Linux and Sci-FiThe Linucon event will take place in Austin, TX on October 8-10, 2004. "Our guests of honor are Eric Raymond, Wil Wheaton, Steve Jackson, Eric Flint, and Howard Tayler. We'll have panels, tutorials, masquerade, filk, 802.11b wireless internet, pocky, liquid nitrogen ice cream, 24 hour hour video room, caffienated jello, Evil Stevie's Pirate Game, chaos, Munchkin: the LARP, Anime Music Video contest..."
OpenOffice.org Conference 2004The OpenOffice.org Conference 2004 will be held in Berlin, Germany on September 22-24, 2004. The event's Call For Papers has gone out, submissions are due before the end of July.
International PHP Conference 2004The International PHP Conference 2004 will be held in Frankfurt, Germany on November 9-10, 2004. A series of tutorials will be held before the conference on November 7 and 8.A call for papers has gone out, submissions are due by July 16, 2004.
RPF for OSCOM.4 with ApacheTracksA Request for Proposals has been sent out for the OSCOM.4 event. The event will take place in Zurich, Switzerland from September 29 to October 1, 2004.
Plone Conference 2004The Plone Conference 2004 will be held on September 20-22, 2004 in Vienna, Austria.
Slony-I Workshop following OSCONA Slony-I Configuration Workshop will be held on July 31, 2004 in Portland, Oregon. "Afilias' Software Engineer Jan Wieck will conduct a FREE seminar for PostgreSQL consultants and DBAs on Slony-I, a new enterprise-level replication system for PostgreSQL that he is currently developing."
Events: June 24 - August 19, 2004
Web sites LinuxQuestions.org Linux Forum Surpasses One Million PostsLinuxQuestions.org has announced its millionth post. "In just under four years, LinuxQuestions.org has grown to become one of the largest Linux communities online. With over 100,000 users and more than 1,000,000 posts the site continues to not only grow in size, but in content as well."
The Planet Python Blog SiteThe Planet Python site is available for those of you who wish to follow the activities of various Python Bloggers.
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Page editor: Forrest Cook Letters to the editor Re: The Grumpy Editor's guide to terminal emulators
Hi!
Re: MH / exmh
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
