LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for July 15, 2004Oracle's CMS patentPatent 6,745,238, assigned to Oracle, is entitled "self service system for web site publishing." The abstract for this patent makes it clear that its scope is broad:
The web site system permits a site administrator to construct the
overall structure, design and style of the web site. This allows
for a comprehensive design as well as a common look and feel for
the web site. The web site system permits content for the web site
to originate from multiple content contributors. The publication of
content is controlled by content owners. This permits assignment of
content control to those persons familiar with the content.
The patent application ws filed in March, 2000; it was granted on June 1 of this year. Offhand, it would appear that Oracle has patented the content management system. Such systems form the core of many thousands of web sites, so the potential impact of this patent is large. It is worth a deeper look. The "claims" section of the patent is even more impenetrable than usual:
A method for displaying content, comprising: receiving input that
defines a set of perspectives, wherein each perspective in the set
of perspectives is a cross category grouping of one or more content
items, and wherein said one or more content items is in a plurality
of content items; storing, in a database, the plurality of content
items, wherein each of the plurality of content items belongs to
one or more categories; receiving user input that associates
subsets of said set of perspectives with each of said plurality of
content items; and in response to a request to display a web page
that contains one of said plurality of content items, displaying on
said web page a selectable control for each perspective in the
subset of said set of perspectives that is associated with said one
of said plurality of content items.
Translated into English, this claim would appear to be describing a database-backed web site which allows the display of articles with category metadata and comments attached. Further claims add search capabilities, a form interface, etc. All pretty standard stuff. The "description" section is more readable, fortunately. It sets the stage with a summary of the Bad Old Days, when anybody who wanted to put content on the web had to hand it over to a site administrator who knew the right incantations. The administrator becomes a bottleneck which slows the process of getting content onto the net. Thus, says the patent:
Accordingly, it is desirable to generate a web site creation and
maintenance tool that permits non-technical people to publish
content on a web site. It is also desirable to generate a web site
creation and maintenance tool that apportions responsibility for
web site creation and maintenance task to the most appropriate
individuals.
One wonders why nobody else ever noticed this problem. But it seems that nobody did:
In the prior art, content contributors must go through the
information technology department in order to publish content. This
prior art methodology places content publication and maintenance on
a single source. In contrast, the web site paradigm of the present
invention provides for distributed control by, allowing the folder
owners ... to control content for a portion of the web site.
As an added bonus, Oracle's "invention" throws in web-based administration of the site, a "quick picks" navigation bar for the most-used content, a news box, etc. This patent clearly covers no end of free content management systems - and numerous proprietary offerings as well. There is no way that this particular patent could have been filed for in good faith; 2000, remember, was the end of the dotcom boom and content management systems were not exactly hard to find. The authors knew they were patenting widely-used technology which had been invented elsewhere. Oracle, after all, has not made its name through innovation in the web publishing arena. If Oracle were to attempt to enforce this patent, it could create trouble for anybody producing or using an allegedly infringing system: Linux distributors, web publishers, proprietary software houses, etc. With a determined effort, this patent could almost certainly be invalidated. But if you are a small publisher facing demands from Oracle's fearsome lawyers, invalidating the patent will look like a distant, difficult, and risky goal. For the time being, the threat seems low; Oracle seems more interested in acquisitions than patent shakedowns and litigation. In the future, however, when Oracle's core business has been gutted by free database management systems, the company might just take a new interest in enforcing its "valuable intellectual property."
DMCA fun from StorageTekThe latest effort to use the Digital Millennium Copyright Act (DMCA) as an obstacle to competition is courtesy of StorageTek. StorageTek, a company that sells a number of storage devices and data management software, is suing Custom Hardware Engineering & Consulting (CHE Consulting) for circumventing its GetKey algorithm to gain access to StorageTek tape library maintenance codes. So far, so good for StorageTek, which has received an injunction (PDF of the decision and the injunction) against CHE Consulting, essentially preventing the company from doing any maintenance on StorageTek tape libraries that requires access to the libraries' event messages. For the moment, an appeals court has put a stay on the injunction, but that stay could be withdrawn at any time.Reading through the decision issued by U.S. District Judge Rya Zobel, it seems clear that Zobel has been firmly convinced of StorageTek's case. From page 10 of the decision:
The balance of harm to plaintiff from the denial of the injunction
against that to defendant from the grant thereof tilts heavily to plantiff,
given its financial losses and damage to customer relations from
defendants' deliberate and calculated misconduct and theft.
It seems that StorageTek has managed to convince Zobel that CHE Consulting has violated the DMCA by going around the GetKey algorithm and that CHE has misappropriated StorageTek's trade secrets by gaining access to event messages on StorageTek equipment. CHE Consulting argued that Section 117 of the Copyright Act was designed to allow third-parties to perform maintenance or repair, but that did not convince Zobel.
Defendants copy the Code by turning on the machine; however, they do so not
just for repair, but also for the express purpose of circumventing
plaintiff's security measures, modifying the Maintenance Level, and
intercepting plaintiff's Event Messages.
What Zobel overlooks, of course, is that the only purpose to intercept the event messages is to allow CHE Consulting to perform maintenance on the equipment in question -- exactly what Section 117 of the Copyright Act was intended to allow. There is no benefit to CHE aside from being able to perform maintenance. In order to get additional background and both sides of the story, we spoke to StorageTek spokesperson Joe Fuentes and CHE Consulting's president, David York. According to York, this case has actually been going on for some time. He noted that CHE Consulting had purchased software to access the error codes from 1997 through the first quarter of 2001, when StorageTek sent a letter to CHE Consulting alleging that the company was infringing on StorageTek's intellectual property rights. York said that CHE Consulting provided documentation that they were buying the software and then they didn't hear from StorageTek again until October of 2002 when the suit was filed. He also noted that StorageTek stopped selling the maintenance code to CHE Consulting in 2001. When we spoke to Fuentes about the case, he was largely unable to answer most of our questions, as he said that he was not technical enough to respond to questions about the nature of the diagnostic tools and what would be required for a third-party maintenance provider to work on a StorageTek tape library without access to the maintenance code. Fuentes was also unable to provide access to a StorageTek spokesperson or employee who was knowledgeable enough about the case or the equipment to provide answers to our questions. Fuentes did provide a statement about the case:
We believe that CHE was using our intellectual property without
permission. Our job is to defend that intellectual property. I can't get
any more specific than that... I think what the court is saying kind of
confirms the value of our exclusive maintenance microcode. It's a
competitive business, and we use our developed codes to provide superior
services to enterprises.
We also asked Fuentes how StorageTek's customers would benefit from this action. According to Fuentes, "we value our relationships with our customers and want to make sure they get the best possible service. I have to stop there." While talking about StorageTek's services group, Fuentes also noted that the company serviced equipment produced by EMC, HP and other providers. Fuentes could not answer whether or not StorageTek used event messages generated by other manufacturers' equipment when providing service. Fuentes also said that StorageTek's position was that third-parties could provide service for the equipment if they "invest and develop their own diagnostic tools to work on our equipment." We asked York if it were possible for a third-party vendor to develop their own diagnostic tools. According to York, CHE Consulting has done so:
We've been providing this [service for StorageTek equipment] for seven
years, all we're accessing is their data. We're not accessing anything that
could be deemed to be actual diagnostics, we have developed our own
exercise routines [for the equipment] on our own... we're talking about
error data, data from the physical device. The error data is what they're
claiming to own a copyright on.
We then asked York if it were possible for a third-party vendor to develop tools, as Fuentes suggested, that would allow them to generate their own codes. "Is it technically possible? We could debate that for a long time." When asked if it were reasonable to suggest that a vendor should develop that functionality on their own, he was more firm. "No, it is not."
We are still in litigation and we are feeling this decision. CHE has worked
hard, its team members have worked hard. We believe we have a right to
compete, we believe we have a right to exist, and we don't believe we have
infringed upon anybody's rights here. We believe we're just some
hard-working people. Based upon the fact that we're using the software with
the customer's permission as it was designed is mind-boggling to me.
Zobel decided that "defendants' conduct has caused it [StorageTek] irreparable harm." However, Zobel doesn't seem inclined to consider the effects of the ruling on CHE Consulting. If StorageTek is successful in preventing CHE Consulting from maintaining their equipment, it is likely to be fairly catastrophic for CHE. York estimated that about half of their business consists of maintaining equipment that is now essentially off-limits to their company, unless they are successful in fighting the case. York says that CHE Consulting has filed a request for an appeal and stay of the order as of Monday, July 12. We also asked York whether he was concerned about other vendors using the DMCA to prevent third parties from servicing their equipment:
I'm certainly concerned, but I can't say what another company might do. We
service IBM equipment, even though we're partnered with them. For us to be
able to provide service, IBM sells diagnostic code, manuals,
parts... having said that, IBM, it appears, welcomes competition. If there
is competition, IBM makes the most of it by saying, "Okay, we can sell some
things, we win, independent organization wins, and most of all the customer
wins."
Meanwhile, StorageTek's customers lose, and so does CHE. There would be little incentive for CHE to access event codes if some of StorageTek's customers had not decided that they wanted to have their equipment serviced by another organization. StorageTek is not the first company to attempt to use the DMCA to lock competitors out of their business, nor are they likely to be the last. Until such a time as the DMCA is reformed, we will continue to see this sort of case. As this case illustrates, it's simply not enough to count on the courts to prevent abuse of the DMCA, nor is it enough to depend on the goodwill of corporations to protect the rights of their customers or act in their best interests.
SCO updateThere has been some movement in a few of SCO's legal cases, so it's time for an update.Our last episode in the Novell case ended with Judge Kimball dismissing SCO's suit because SCO did not make a claim of actual specific damages. SCO was given 30 days to refile the suit with that little oversight taken care of. SCO's new filing is available in PDF format; it's not clear that the company will get much further this time. The specific damages alleged include:
That is about it. This discussion may be enough to keep the suit alive for now; it depends on what the judge thinks. Said judge, who, in his previous ruling, said that there was considerable uncertainty in just what the asset purchase agreement transfered, may not be amused by the repeated reference to the "clear and unambiguous terms" that are alleged to have transferred the copyrights to SCO. The AutoZone case has been put on hold, pending the outcome of the IBM and Novell cases. AutoZone successfully argued that, until the issues in those other cases are decided, there is no point in going forward. This decision makes AutoZone's attempt to move the case to Tennessee moot for now; that motion may be reconsidered at a later time. SCO was given the opportunity to move for a preliminary injunction, however, if it can show "irreparable" harm which could be mitigated that way. It remains to be seen whether SCO will avail itself of this opportunity. In the mean time, SCO's one attempt to shake down an actual Linux user is stalled. Though, as described in this Groklaw article, the case SCO presented in Nevada centers around its OpenServer libraries, and has little to do with Linux. In the IBM case, things are heading toward the crucial August 4 hearing on IBM's motion for a partial summary judgment that its Linux activities do not infringe on SCO's copyrights. IBM's position is, essentially, that (1) SCO has certified that its response to IBM's discovery questions regarding allegedly infringing code is complete, and (2) that response contains no examples of infringing code. Thus, IBM says, there are no disputed questions of fact and the judgment can be rendered. Or, alternatively, if SCO now comes forward with some sort of evidence, it should be sanctioned for failing to comply with discovery while falsely certifying that its response was complete. SCO fears this hearing, even though it has never claimed (in court) that IBM has engaged in direct copyright infringement through its contributions to Linux. An IBM victory would make it impossible for SCO to make such claims in the future, and would go a long way toward establishing the cleanness of Linux in general. So SCO has moved for a dismissal of IBM's motion, or, at the minimum, yet another delay. SCO's motion has been accompanied by a massive tome of a memorandum in support (available in PDF format); the company had to ask for special permission to submit a memo of this length. With all those words, SCO tries to establish that it didn't really certify that its discovery response was complete, that it needs more time to dig through more of IBM's code (and IBM has been stonewalling), that it has not alleged copyright infringement resulting from IBM's Linux activities, and so on. There are also a few "examples" of copyright infringement included; these include the ELF code, read-copy-update (which SCO, it seems, now claims directly), the header files, etc. Here's one new example:
The Linux kernel, for example, uses a ULS [user-level
synchronization] routine to block and unblock access to shared
data. The Linux ULS routine is substantially similar to a ULS
routine in UNIX. A Mr. Russel [sic] of IBM helped a Mr. Jamie
Lokier contribute the UNIX ULS code into Linux. If SCO had access
to IBM's CMVC, then SCO might have discovered that Mr. Russel
worked on ULS for IBM, and could have deposed Mr. Russel to
determine what specific help he provided in the contribution of ULS
to Linux and to whom he provided that help.
SCO is talking about the FUTEX code, which was refined and fed into the kernel by Rusty Russell. It is highly unlikely that Rusty has been anywhere near the AIX code. In any case, the FUTEX code was developed in a very public mode over several months; every step in the process was posted to and discussed on the linux-kernel list. If SCO wishes to press a claim to any piece of the FUTEX code, it should have no trouble pointing out exactly which code and saying when, and by whom, it was contributed. SCO has also filed a renewed motion to compel discovery, claiming that IBM has not lived up to its obligations. SCO is requesting full access to IBM's revision control system. The company is also trying harder to turn up a "smoking gun" email from one of IBM's executives; the motion memo claims that IBM is being dishonest when it says that these messages do not exist. The Red Hat case, remember, is currently on hold. The judge in that case had ordered both parties to file a letter every 90 days describing how things are progressing. The first set of letters is now available. SCO's letter seems motivated by fear of an unfriendly ruling in the IBM case. The company is now backpedaling somewhat on its claims that the IBM case covers "most, if not all" of the copyright issues brought up by Red Hat.
At the same time, since September 2003, SCO has obviously had the
opportunity to conduct further investigation of improper
contributions to Linux by parties other than IBM. Through that
investigation, SCO has discovered significant instances of
line-for-line and "substantially similar" copying of code from Unix
System V into Linux. That non-IBM conduct is conduct that SCO's
complaint in Utah -- by its express terms -- does not challenge or
encompass.
SCO has found itself in a bit of a difficult position here. If the IBM case addresses all of the copyright issues, and IBM wins its summary judgment, then the outcome of the Red Hat case (which Red Hat filed to establish its claim that its Linux distributions do not infringe on SCO's copyrights) is clear. If, instead, the IBM case is not so all-encompassing after all, the Red Hat case may be taken off hold and moved forward - and that is not something that SCO wants. Red Hat's letter responds directly to SCO's, and does not mince words.
SCO's June 17 effort to explain away the numerous inconsistent
statements it has made to this Court and to other federal courts
around the country again make plain SCO's litigation
strategy. SCO's ultimate objective is to delay for as long as
possible resolution of the copyright claims that are at the heart
of each of the pending lawsuits. By avoiding final adjudication of
its copyright claims, SCO can continue to foster fear, uncertainty,
and doubt in the marketplace about the long-term viability of
Linux.
Red Hat points out that SCO wants the AutoZone case to go forward. If, says Red Hat, the AutoZone case presents sufficiently interesting issues that it should be heard now, Red Hat's case should go forward as well. Whether the judge agrees remains to be seen; given the history of this case, the likelihood of any near-term movement is small. Finally, for those of you who have not had enough SCO fun, remember that SCO Forum 2004 is happening in Las Vegas, starting on August 1. This will be your chance to attend no end of fascinating sessions, including a keynote speech by "analyst" Rob Enderle. Don't you wish you could be there?
Security Mozilla and securityIt looks like yet another in a series of bad weeks for Internet Explorer; exploitable bugs seem to come out more quickly than security firms can write up advisories about them. The web browser is an important piece of software from a security perspective; it has direct contact with random, external sites, some of which are almost certainly hostile. Web browsers are also large, complex programs, and thus hard to audit in any sort of thorough way. So it is not surprising that problems are found and exploited.Linux users, as usual, sit back and feel smug. We don't run Internet Explorer, and our browsers, being free software and thus inherently more secure, will not present us with this sort of unpleasant surprise. Right? As free browsers continue to grow in popularity, they will also attract more attention from the inhabitants of the darker side of the net. So it is worth looking at how Mozilla, which is the core of many free browsers, deals with security incidents. Linux users may well have missed this security advisory that went out on July 7, because only Windows users are affected. For those users, however, the impact of this bug could be large. Essentially, Mozilla-based browsers (including Firefox and Thunderbird) pass "shell:" URIs directly to the operating system, which happily runs the command included in the URI. It is a direct path to a command interpreter on the local system; all it requires is getting the user to click on the wrong link. Some commenters have said that this is really a Windows bug; Mozilla is just passing on the URI and Windows decides how to deal with it. But that is an evasive answer; a security-conscious application must sanitize any externally-supplied data that it passes on to the system. This vulnerability is a Mozilla bug; it was closed by having Mozilla do the checking it should have done in the first place. Others have complimented Mozilla for its quick response: a patch was available about one day after the vulnerability was posted. This response time has been favorably compared with the rather slower pace characteristic of Internet Explorer fixes. The only problem with this point of view is that the Mozilla developers have known about this issue since 2002; Mozilla bug 163767 suggested the addition of a preference which would disable the use of external protocol handlers. The bug remained open for almost two years, however, until the project had no alternative to fixing it. It seems that developers of free software are entirely capable of sitting on a vulnerability in the absence of an immediate exploit threat. The point here is not to flame the Mozilla project for shipping code with a vulnerability, or even for not realizing the importance of a known hole. These things happen, and Mozilla's record is better than that of many other projects. The point is that we cannot assume that, by accessing the web with a free browser, we are immune from exploits. Vulnerabilities are a fact of life, and the incentives for finding and exploiting vulnerabilities in free browsers are growing. In that context, it is encouraging to see this MozillaZine article which talks about some recent changes made by the Mozilla hackers. The Mozilla extension mechanism is a powerful way of adding new capabilities to the browser, but it could also become a mechanism by which attackers load hostile code directly into target systems. It should, thus, be hard to add an extension; it shouldn't happen automatically. The Mozilla hackers have noticed an increase in attempts to load unwanted extensions, and have responded with some new mechanisms designed to block those attempts. These include a whitelist of sites allowed to propose the addition of extensions. One should also note this vulnerability which could be of use to the perpetrators of the increasing number of "phishing" attacks out there. Through the use of some Javascript and frames trickery, an attacker can falsify somebody else's page while having the location bar show a legitimate URL. Internet Explorer is vulnerable, but so is Mozilla. (Thanks to Chester Young for the pointer). With luck, the Mozilla hackers (and khtml hackers too) will increasingly keep security in mind as they write their code. And we know they will fix problems quickly when they become apparent. But we cannot assume that our free browsers are immune from security problems; the world is, sooner or later, going to prove otherwise.
New vulnerabilities Ethereal: Multiple security problems
MoinMoin Group ACL Bypass
php: remotely exploitable memory errors
wv: buffer overflow
Updated vulnerabilities Apache mod_proxy: denial of service
apache2: stack-based buffer overflow in ssl_util.c
Apache: denial of service
aspell: bounds checking problem
dhcp: buffer overflows
Filename disclosure vulnerability in fam
flim: insecure file creation
FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling
gtkhtml: malformed messages cause crash
Horde-IMP: improper input validation
iproute: local denial of service
racoon: failure to verify signatures
racoon: denial of service vulnerability
kdelibs: cookie disclosure
kernel: symlink overflow in the iso9660 filessytem
kernel allows unauthorized changes to the group ID
kernel: netfilter denial of service
kernel-utils: setuid vulnerability
libpng, libpng3: buffer overflow
libxml2 - arbitrary code execution
logcheck: symlink vulnerability
mailman: password disclosure
mikmod: buffer overflow
mod_python: denial of service vulnerability
mozilla: multiple vulnerabilties
mpg321: format string vulnerability
MySQL: temporary file vulnerabilities
neon: buffer overflow
Nessus NASL scripting engine security issues
netpbm: insecure temporary files
openssh: timing attack leads to information disclosure
OpenSSL: denial of service vulnerabilities
pavuk: buffer overflow
postgresql buffer overflow in ODBC driver
python: buffer overflow
rsync remote file write attack
squid: buffer overflow
SquirrelMail cross site scripting vulnerabilities
Subversion: Remote heap overflow
sysstat: temporary file vulnerability
File overwrite vulnerability in tar and unzip
tcpdump: ISAKMP payload handling denial-of-service vulnerabilities
Multiple vendor telnetd vulnerability
tripwire format string vulnerability
webmin: denial of service
XChat 2.0.x SOCKS5 Vulnerability
XFree86, X.org: XDM ignores requestPort setting
xine-ui - insecure temporary file creation
Resources Phrack #62Phrack issue #62 is out, with discussion of the latest in cracking techniques. This issue has a relatively high number of Windows-oriented articles, but there are also articles on attacking Apache and "UTF8 shellcode." Click below for the full table of contents.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch is 2.6.8-rc1, which was released by Linus on July 11. The list of patches is huge; it includes the TEA and XTEA crypto algorithms, a bunch of USB work, snapshot and mirror support in the device mapper, vast amounts of "sparse" annotations and associated fixes, some virtual memory tweaks, an AGP update, an NTFS update, some read-copy-update improvements, x86 no-execute support, netlink support for SELinux, a serial ATA update, 64-bit SuperH support, fixes for locking problems found by the Stanford checker, reworked symbolic link lookups, and much more. See Linus's announcement for the brief listing of patches, or the long-format changelog for the details.Linus's BitKeeper repository contains a small number of patches, including some network driver updates, more sparse annotations, and various fixes. The current prepatch from Andrew Morton is 2.6.8-rc1-mm1; Andrew notes, however, that "This kernel runs like a dessicated slug if you have more than 2G of memory due to a 32-bit overflow." Recent additions to -mm include some latency fixes (see below), a set of gcc 3.5 fixes, a big user-mode Linux update, and various fixes. The current 2.4 prepatch is 2.4.27-rc3; Marcelo has released no patches since July 3.
Kernel development news The 2004 Kernel SummitContent on this page will be somewhat thin next week, as your editor will be in Ottawa for the 2004 Kernel Summit and the Ottawa Linux Symposium. The Kernel Summit will be happening Monday and Tuesday, July 19 and 20. The agenda has now been posted for those who are curious. The topics to be discussed will not be surprising to most readers: virtual memory management, NUMA, power management, clustered storage, networking, block I/O, security, and more. There will also be a pair of sessions on kernel support for desktop users, featuring a cameo appearance by Keith Packard.As usual, LWN will be carrying reports from the event; stay tuned. Your editor is also giving a talk in the very first OLS slot, 10:00, Wednesday, where he will engage in some wild speculation on where the 2.7 development series might go, assuming it actually starts sometime soon.
NULL v. zeroBack in June, this page looked at the sparse utility, which is being used to search out various kinds of errors in the kernel code base. Recently, large numbers of patches have gone in to address one particular sparse complaint: using an integer 0 to represent a null pointer value. These patches (example) have struck some developers as useless code churn, leading to complaints like:
If you want people to conform people to a certain CodingStyle
please document officially in the kernel, sparse isn't distributed
with the kernel and the sparse police is silently changing the
kernel all over the place with sometimes questionable benefit. Only
the __user warnings had really found the bugs, but the rest I've
seen changes perfectly legal code.
Linus responds that programmers who interchange NULL and zero are confused about the types they are using and are putting that confusion into the kernel. In his desire to enable the compiler (and other compile-time checkers) to find errors, he wants to separate the integer and pointer types as completely as possible. NULL is a pointer, while 0 can never be.
In other words:
char * p = 0; /* IS WRONG! DAMMIT! */ int i = NULL; /* THIS IS WRONG TOO! */ and anybody who writes code like the above either needs to get out of the kernel, or needs to get transported to the 21st century. One might conclude from this statement that Linus is pretty well convinced that the current course of action is correct. He also states that, without exception, changing zero to NULL has resulted in better, more readable code. So use of NULL seems to have become part of the official kernel coding style, even if the CodingStyle document is still silent on the matter.
Addressing latency problems in 2.6The 2.6 kernel is becoming increasingly stable, and the user base is, correspondingly, becoming happier. There is, however, one remaining group of disgruntled users out there: multimedia users and developers who depend on very quick response times from the kernel. Whether you are capturing a video stream, playing a movie, or burning a disc, you need the system to respond very quickly when the hardware involved needs attention. Failure to respond in time leads to buffer overruns or underruns; those, in turn, lead to video degradation, audio skips, writable media which is suitable only for use as drink coasters or grade-school art projects, and flames on various mailing lists.The traffic has been growing in recent times, as it has become clear that some in the multimedia community feel discriminated against:
"We" (the audio developer community) did not participate because it
was made clear that our needs were not going to be considered. We
were told that the preemption patch was sufficient to provide "low
latency", and that rescheduling points dotted all over the place
was bad engineering (probably true). With this as the pre-rendered
verdict, there's not a lot of point in dedicating time to tracking
a situation that clearly is not going to work.
The result of this discussion has been a renewed interest among the kernel developers in fixing this particular problem. It is pretty universally believed that the latency issue should be close to resolved, and that it is just a matter of fixing a few remaining trouble spots. One approach that has been taken is the voluntary preemption patch put together by Ingo Molnar and Arjan van de Ven. This patch tries to reduce latency by adding more scheduling points - essentially the approach that was taken back in the 2.4 days. Some things were done a little differently, however. The 2.6 kernel contains a hundred or so calls to might_sleep(). This function is a debugging aid; it is a way of marking functions which can sleep. If might_sleep() finds itself being called in a situation where sleeping is not allowed (while a spinlock is held, for example) it complains loudly and, hopefully, the problem gets fixed. Ingo and Arjan noted that any place which calls might_sleep() is, by definition, a good place to perform scheduling. So the voluntary preemption patch adds a cond_reschedule() call to might_sleep(), allowing a higher-priority process to be scheduled, should such a process exist. This tweak yields over 100 scheduling points without having to actually go into the code in that many places. While they were at it, Ingo and Arjan also added a few scheduling points in places that needed them, and also split up code in a couple of places which were holding locks for too long. This patch was not welcomed by everybody. In the mainline kernel, the might_sleep() call can be configured out entirely for production kernels; it is a pure debugging aid. The voluntary preemption patch turns it into a scheduler function and makes its presence required in production kernels. Some developers would rather see explicit rescheduling calls added in the places where they make sense. The strongest objection, however, would appear that the 2.6 kernel already implements involuntary preemption via the preemptable kernel option. Any place which calls might_sleep() is already, by definition, preemptable, so the voluntary preemption patch adds nothing which the kernel can't already do. Says Andrew Morton:
And please let me repeat: preemption is the way in which we wish to
provide low-latency. At this time, patches which sprinkle
cond_resched() all over the place are unwelcome. After 2.7 forks
we can look at it again.
So why are some developers pursuing the voluntary preemption patch? At this time, very few distributors are shipping 2.6 kernels with kernel preemption turned on, mostly out of fear of creating stability problems. Kernel preemption is, itself, reasonably well debugged at this point, but it has, over the last year or so, shaken out a fair number of bugs in other parts of the kernel. Few such bugs have been found recently, but the distributors continue to take a conservative approach. Users often find bugs in surprising places, and bugs related to preemption can be incredibly difficult to reproduce and track down. The voluntary preemption patch is a way of getting some of the benefits of kernel preemption without turning on a configuration option that the distributors find scary. Andrew has often stated his wish to have the mainline kernel meet the needs of the distributors, so he may eventually merge the patch:
Oh I can buy the make-the-bugs-less-probable practical argument,
but sheesh. If you insist on going this way we can stick the patch
in after 2.7 has forked. I spose. The patch will actually slow
the rate of improvement of the kernel :(
Meanwhile, the effort to find the real latency issues is going forward. William Lee Irwin and Con Kolivas have put together a patch which tries to track down high-latency parts of the kernel. It works by making a note of when kernel code disables preemption (usually by taking a spinlock) and when preemption is turned back on again. If preemption is disabled for too long, a message is printed stating where the problem is to be found. ALSA users who are experiencing latency problems, and who would like to help track them down, should also be aware of the xrun_debug knob. It is described in sound/alsa/ProcFile.txt in the Documentation directory. Turning this option on causes a message and a kernel stack trace whenever an audio device suffers from a buffer overrun or underrun. This information can often be used to find the source of latency issues in short order. Thanks to the preempt-timing patch and xrun_debug, a few suspects have been turned up already. Console scrolling turns out to be one of them. ReiserFS has also come up a few times as being a source of high latency, to the point that its use in latency-critical situations is being discouraged. Ext3 has been shown to be the source of a few problems as well; the -mm tree currently contains a set of patches aimed at fixing the worst of those. Another problem can be driver ioctl() methods, which run with the big kernel lock held. This process is just beginning, however. Yet another approach can be found in this patch by Joe Korty. Software interrupts have been fingered as a potential source of latency problems; they take priority over regular kernel code, and have no real, hard limit on how long they can run. Joe's patch pushes all software interrupt handling into the ksoftirqd daemon, giving the scheduler a say on when they run. In this way, high-priority user processes will see lower latencies - at the expense of higher latency for the handling of software interrupts. Tracking down and fixing the remaining latency problems may take a little while. But enough attention is now being focused on the problem that its resolution seems pretty well assured. The complete solution, however, requires enabling kernel preemption, meaning that, for the time being, 2.6 users in search of low latency will have to build and install their own kernels.
RCU-safe reference countingThe "kref" mechanism is a simple structure for implementing reference-counted objects in the kernel; it was covered here last March. At the core of a kref is an atomic_t counter which contains the number of outstanding references. When that counter goes to zero, the object is no longer used and can be freed.The kref functions are simple. Obtaining a reference is done with a call to kref_get():
struct kref *kref_get(struct kref *kref)
{
WARN_ON(!atomic_read(&kref->refcount));
atomic_inc(&kref->refcount);
return kref;
}
Releasing that reference is accomplished with kref_put():
void kref_put(struct kref *kref)
{
if (atomic_dec_and_test(&kref->refcount)) {
kref->release(kref);
}
}
The use of atomic types makes these functions safe in multiprocessor or preemptive environments; the reference count will always be correct. Except, of course, when things go wrong. Consider the following order of operations performed by two kernel threads; they could be running on separate processors, or on a preemptive, uniprocessor system:
The first thread will be left thinking it holds a reference to an object which, in fact, has been deleted. As a general rule, good things cannot be expected to result from this situation. The kref code deals with this possibility by fiat: simultaneous calls to kref_get() and kref_put() on the same object are not allowed. In practice, this restriction usually requires that these operations be called under the protection of a lock somewhere. Developers interested in high-end scalability, however, often try to use lock-free algorithms. Locks can easily become a performance bottleneck as the number of threads increases, so, if they can be eliminated, the kernel will scale better. That is the motivation behind the use of techniques like seqlocks and read-copy-update (RCU). The locking requirement associated with the kref type makes that type difficult to use with these techniques. Ravikiran G Thirumalai recently posted a patch entitled "Refcounting of objects part of a lockfree collection" which implements a new locking type (called refcount_t) for dealing with objects managed using no-lock techniques. The explanation goes to great lengths to describe reference counting issued when working with RCU, but, in the end, all the patch is really doing, via a long path, is making a type which is like the kref, but which is not subject to the race described above. kref_get(), as currently written, checks the reference count first; if that count is zero, the object has already been freed. The current implementation merely complains when this happens; one could argue that stronger action is called for. The real problem, though, is that this test and the subsequent incrementing of the reference count are not, together, atomic - other actions can come between the two. Ravikiran's patch addresses this issue by coding his _get() function differently:
static inline int refcount_get_rcu(refcount_t *rc)
{
int c, old;
c = atomic_read(&rc->count);
while ( c && (old = cmpxchg(&rc->count.counter, c, c+1)) != c)
c = old;
return c;
}
The core of this function is the call to cmpxchg(), which is an inline assembly function giving access to the processor's cmpxchg instruction. The function prototype looks like:
int cmpxchg(int *location, int old, int new);
(The actual definition is a little more complex, depending on the real type of location). The purpose of this function is to (1) compare the contents of *location with old, (2) if and only if the two are the same, assign new to *location, and (3) return the old value. If cmpxchg() returns old, the operation succeeded; otherwise the value pointed to by location is unchanged. The key point is that all of these operations are performed in an atomic manner cmpxchg() is, in other words, a form of test-and-set instruction. It is used here to increment the reference count in an atomic manner while being absolutely sure that nobody else can possibly have seen that count reach zero. When references are obtained in this way, the race described above cannot happen. There is still a pitfall, however. If the reference-counted object were to be freed and reused before another thread tried to obtain a reference, that thread might see a random "reference count" and think it succeeded. Preventing that turn of events is where RCU comes in. The actual object is freed by way of an RCU callback, which cannot happen until every processor has scheduled. If any thread can see a pointer to the object, said object will continue to exist, though its reference count may be zero. After a complete quiescence cycle, no threads can see such a pointer, and the object can be safely deleted. One other potential problem is that not all architectures offer a cmpxchg instruction. On such systems Ravikiran uses a rather more elaborate and unsightly scheme involving a hashed array of spinlocks; see the patch if morbid curiosity gets the better of you. This effort seems worthwhile; when this technique is used for looking up file descriptors, tiobench performance improvements of 13% to 21% are claimed. There were objections, however, to the creation of a new reference counting API which is very similar to the kref API. As a result, the patch is likely to be rewritten to use krefs, extending that API as need be to supply the required semantics.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Architecture-specific
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Distribution list updateThe LWN.net Distributions List contains 355 active distributions at this writing. This number is always in flux as new distributions are added almost every week. Distributions are also deleted from the list during rounds of link checking. It takes quite a while to check the entire list (nearly 400 links counting both active and historical distributions), and we try to be conservative about removing distributions. When web sites time out they are checked periodically over a period of months. Smaller projects may go for long periods without updates, and still be very much alive. Domain names disappear, but that doesn't necessarily mean the distribution is gone, it might have moved. Google may find lost distributions, but following trails of links can also be prohibitively time consuming.So periodically we like to mention those distributions that have been removed from this list. If you know that one of these deleted distributions is really alive and well, let us know and we'll put it back. Since we haven't done an update like this in over a year, the list is quite long, so let's get started. Chinese company BluePoint Software might still have something. The domain name disappeared for a while, although now an old site seems to back with some embedded Linux appliances. UK company Eridani Star System is alive and well, however they discontinued production of Eridani Linux in August 2003. Source-based Darkstar Linux never seemed to get off the ground. The Flying Linux web site claimed the project would return for nearly two years before disappearing. The domain name must have finally expired. OpenClassroom was another project that never seemed to get going, and finally disappeared. Go!Linux once came with the German magazine, PC!Linux. Happy Linux was a Chinese distribution. J-LINUX was an Italian distribution, based on Mandrake Linux. Lanthan Linux was from Germany. Linux/MNIS was from France. Monkey Linux supported the Czech language. Finnish company Probatus Oy once made Spectra Linux. TechLinux was from Brazil. LNX System is gone (not to be confused with LNX-BBC which is still around). Netule still has a .com site, but the distribution's .org site is gone. SCO Linux and Caldera OpenLinux are gone from the list. There's still a mention of UnitedLinux in the historical section. Embedix was Lineo's Embedded Linux distribution and now belongs to Metrowerks. Metrowerks provides Board Support Packages, embedded Linux tools and other products based on and for Linux - but not a stand-alone distribution. Midori Linux was created at Transmeta to demonstrate Linux on the company's new Crusoe processors. Linux should run on a laptop powered by Crusoe, but all mention of Midori Linux is gone from their site. ClumpOS has been replaced by PlumpOS and TrX has been replaced by GNOPPIX. Also gone: BanShee Linux/R, BYO Linux, Effort Linux, eLSD (Linux Society Distro), Floppix, IceLinux, Kaladix Linux, Keeper Linux, KSI-Linux, LEM, Linux Cyrillic Edition, Linux On A Floppy (LOAF), LSD, LuteLinux, Melon, MiniLinux, NeoLinux, PocketLinux, Proxyfloppy, Pygmy Linux, Rabid Squirrel Linux, Royal Linux, RU.nix, ShareTheNet, spyLinux, and Intimate (iPAQ).
Distribution News Fedora CoreFedora Core 3 Test 1 is out, (almost) right on schedule. The usual rules apply; this is a test and may eat your production systems, report all bugs, have fun, etc. Here's the announcement and a list of mirrors.FC2 updates:
Progeny Debian 2.0 Developer Edition beta 1The first beta release of Progeny Debian 2.0, Developer Edition is out. "This version of Progeny Debian was built using the new Anaconda for Debian, based on Anaconda from Fedora Core 2, and contains many updates to components from Debian's current testing distribution ('sarge')."
Onebase Project Releases 'KDE-3.3 Beta 1' LiveCD (KDE.News)KDE.News reports on the newest release from the Onebase Linux Project. "The Onebase Linux Project has released a special flavor of its OnebaseGo-2.0 edition, which includes the complete KDE 3.3 Beta 1 "Klassroom" suite and KOffice 1.3.2. The main purpose of this flavor (LiveCD) is to try, test and report bugs on this beta version. And also to provide a technology preview for KDE users."
Debian GNU/LinuxHere's the Debian Weekly News for July 13, 2004, with a look at the transition of GNOME 2.6 into testing, Debian use at Google, the Santa Fe desktop, commercial support for Debian, and other topics.The next Bug-Squashing Party will be held July 16 - 18, 2004. "As usual we will coordinate over #debian-bugs in freenode (irc.debian.org) where you will find pointers to all the useful websites, too."
Gentoo Weekly Newsletter - Volume 3, Issue 28The Gentoo Weekly Newsletter for the week of July 12, 2004 is now available. This week's edition looks at a Portage update, new Nvidia drivers, and several other topics.
Mandrakelinux Community Newsletter - Issue #93The Mandrakelinux Community Newsletter for July, 13 2004 has news on Mandrakesoft's acquisition of Edge IT, and other topics.
Java Desktop support site launched (News.com)News.com covers the launch of the Java Desktop support site, JDShelp.org. "JDShelp.org opened for business Monday with a collection of how-to articles, user forums and software download links. The idea is to help novice users--particularly individuals and small businesses without Sun service contracts--get comfortable with open-source software, said co-founder Sam Hiser, who came up with the idea for JDShelp.org with software developer Tom Adelstein. The two recruited a few more open-source backers to launch the site."
Xandros Linux in Acadia UniversityXandros has announced that Acadia University selected the Xandros Desktop Operating System as the Linux distribution of choice for its undergraduate students. The Canadian university offers a customized version of the Xandros Desktop OS on Dell D600 laptops as part of its teaching and learning environment.
Minor distribution updates AGNULA/DEMUDI 1.2.0-beta2 IS OUTAGNULA/DeMuDi 1.2.0-beta2, the Debian-based GNU/Linux distribution for audio/video, has been released. This version of the 1.2.0 series sports tighter integration with Debian, using the Sarge Debian Installer and the CDD (Custom Debian Distributions) framework. Many bugs have been fixed.
CrashRecoveryKit v2.6.7 releasedCrashRecoveryKit has released CRK v.2.6.7-mdk100, crash247-mdk100.iso, based on Mandrakelinux 10.0 (Official). "The ram filesystem is 24 Mb and now needs at least 32 ram to boot. The Logical Volume Manager (LVM2) administration tools and the NTFS driver v2.1.14 and ntfsprogs-1.9.2-1 have been added. In addition CD/DVD Burning support is added, using the OSS DVD version of cdrtools-2.01a27 and growisofs v5.17. Next to mounting remote NFS shares also remote CIFS SMB Samba or Windows folders can be mounted for backup over the network. The boot method is changed to isolinux. The kernel 2.6.7 is configured to use the so-called Preemptible scheduler profile."
Damn Small LinuxDamn Small Linux has released v0.7.2 with minor feature enhancements. "Changes: This release adds myDSLgui, a click and run system for extensions, includes the Lua scripting language and Lua sockets, replaces Scite with Beaver, replaces nvi with vim, changes the user from damnsmall to dsl (also removes 'damn' from the boot process), upgrades busybox, simplifies the filetool.lst usage, updates the Firefox flash plugin in the Firefox download script, and shrinks the ISO by nearly 1 MB."
DNA LinuxDNA Linux has released v0.3 with major feature enhancements. "Changes: This release features an updated base distro (Slax 4.1.2 instead of 3.x series) that includes several modifications and the last NCBI BLAST (2.2.9)."
GNOPPIXGNOPPIX has released 0.7 beta 1. "The Gnoppix Project is pleased to announce the first beta of Gnoppix version 0.7. Gnoppix is a free operating system, with the gnome desktop environment, features cryptographic software, is compatible with the FHS v2.2 and supports software developed for the LSB. Gnoppix 0.7-Series comes with Gnome 2.6"
Hiweed GNU/LinuxHiweed GNU/Linux has released v0.3RC2 with major bugfixes. "Changes: Users can now startx at any time, and the stardict's soundmark-display is okay. aptitude was removed, and aumix-gtk was replaced by xfce4-mixer."
Linux LiveLinux Live has released v4.1.4 with minor feature enhancements. "Changes: This version skips exporting variables to profile.d unless it exists, improves the accuracy of some requirement descriptions, updates isolinux to 2.10, and supports creating an ISO from a read-only filesystem."
YoperYoper has announced the Public Release of Yoper V2. "Seamless updating and software integration provided by Apt/Synaptic. Leading edge Technology enhancements using Linux kernel 2.6.7, bolstered with performance patches, innovative Prelinking, win4lin support, vmware support, vmware module integration, Nvidia 3D support, reiserfs4, Secure Shell file System, CDROM Supermount, and Ndiswrapper for Windows binary driver Integration."
Distribution reviews First look: Vidalinux (linux.com)Linux.com looks at Vidalinux, a new distribution based on Gentoo. "Vidalinux is a promising new GNU/Linux distribution based on Gentoo Linux and developed in Puerto Rico. It's currently in beta pending the first release -- and as such is full of bugs and problems. However, there's a bright future for this distro with its OS X-like GNOME interface and the new graphical front end for Gentoo's Portage system, Porthole."
Page editor: Rebecca Sobol Development p0f, the Passive OS Fingerprinterp0f, the passive OS fingerprinting tool, is a networking utility application that runs from a standard command line interface. It was written by Michal Zalewski, William Stearns, and others. p0f has been released under version 2.1 of the GNU Lesser General Public License (LGPL). p0f is cross-platform code, it runs on all of the major Unix variants and Windows.The project's README file explains how p0f works:
The passive OS fingerprinting technique is based on analyzing the
information sent by a remote host while performing usual communication
tasks - such as whenever a remote party visits your webpage, connecs to
your MTA - or whenever you connect to a remote system while browsing the
web or performing other routine tasks. In contrast to active
fingerprinting (with tools such as NMAP or Queso), the process of passive
fingerprinting does not generate any additional or unusual traffic,
and thus cannot be detected.
Captured packets contain enough information to identify the remote OS, thanks to subtle differences between TCP/IP stacks, and sometimes certain implementation flaws that, although harmless, make certain systems quite unique. Some of the uses of p0f include profiling, policy enforcement, network troubleshooting, and seeing through a firewall. Version 2.0.4 of p0f was announced this week, it features bug fixes, performance enhancements, and fingerprinting support for several additional network protocols including RST+ACK, SYN+ACK, masquerade and IP sharing. The README file has more information on what's new in this version. It is also a good place to read about the many command line options that p0f supports. Building p0f 2.0.4 was a breeze, it involved downloading the code, un-tarring, and typing make. It built and ran with no trouble on several machines that were tested. If you are interested in improving the accuracy of p0f, click on the fingerprint submission page and give the developers some feedback on whether it identifies your system correctly.
System Applications Audio Projects Planet CCRMA ChangesThe latest changes from the Planet CCRMA audio utility packaging project include updates to the CMT LADSPA Plugins, Xmms-ladspa, and the addition of the Planet CCRMA application meta packages for Fedora Core 2.
vorbis 1.1 rc 1 now tagged in SVNVersion 1.1 rc 1 of the Vorbis audio codec is out. "We're gearing up to the next full release of the Vorbis codec; I've just tagged a release candidate in SVN in order to encourage wider testing toward final 1.1 release."
Database Software Glom 0.8.7 releasedVersion 0.8.7 of Glom, a database table definition GUI, is out with field definition changes, bug fixes, and improved translations.
Knoda 0.7 stable releasedStable version 0.7 of Knoda, a database frontend for Mysql, Postgresql, SQLite and ODBC, is out. Changes include a new GUI, a query by example GUI, an SQLite driver, storage for queries, forms, and reports, and bug fixes.
phpPgAdmin 3.4.1 released (SourceForge)Version 3.4.1 of phpPgAdmin, a web-based PostgreSQL database server admin tool, is out with several bug fixes.
PostgreSQL Weekly NewsThe July 12, 2004 edition of the PostgreSQL Weekly News is available with the latest PostgreSQL database news.
Interoperability dosemu 1.2.2 announcedStable version 1.2.2 of dosemu, the DOS emulator, is out. Changes include backported features from the development version, support for GCC 3.4 and Fedora Core 2, and lots of bug fixes.
dosemu 1.3.1 releasedDeveloper version 1.3.1 of dosemu, the DOS emulator, is out with many changes and bug fixes.
Samba 3.0.5rc1 Available for DownloadVersion 3.0.5rc1 of Samba is available. "There have been several bug fixes since the 3.0.4 release that we feel are important to make available to the Samba community for wider testings."
Security logcheck 1.2.23 announcedVersion 1.2.23 of logcheck, a logfile security checker, is available. Changes include non-root operation, new rules, a testing mode, bug fixes, and more.
Web Site Development eGroupWare 1.0 RC7 released (SourceForge)Version 1.0 RC7 of eGroupWare, a multi-user, web-based groupware suite, is available. "RC7 will be the last release candidate for eGroupWare 1.0. When we don't have critical bugs in RC7, eGroupWare 1.0 will be released in the next days. Testing is encouraged."
mnoGoSearch 3.2.19 releasedVersion 3.2.19 of the mnoGoSearch web site search engine is out with several bug fixes. See the Change Log for details.
Desktop Applications Accessibility gnopernicus 0.9.6 releasedVersion 0.9.6 of gnopernicus, a GNOME screen reader for the visually impaired, is available. Changes include new and improved translations, improvements to the magnifier, speech, and presentation sections, and more.
Desktop Environments Announcing KDE 3.3 Beta 1 (KDE.News)The Beta 1 release of KDE 3.3 has been announced. "As another step towards the aKademy in late August, this release is named Klassroom. This beta release shows astonishing stability, so the KDE team asks everyone to try the version and give feedback through the bug tracking system. For packages, please visit the KDE 3.3 Beta 1 Info Page and browse the KDE 3.3 Requirements list. The Konstruct build toolset has been updated for this release."
KDE-CVS-Digest (KDE.News)The July 9, 2004 edition of the KDE-CVS-Digest is online. "In this week's KDE CVS-Digest: Query designer in Kexi now has the ability to switch between visual and SQL mode. KPresenter improves page effects. Krita adds computing histograms. amaroK adds support for streaming over any supported KIO protocol. Many bugfixes in aKregator, Kopete and Umbrello."
Quickies: Logical Desktop, KDE-apps.de, Qt/Mac Dev Contest, Digikam (KDE.News)The latest KDE Quickies article looks at the Logical Desktop, Digikam, and more.
KDE Configuration Tamers (KDE.News)KDE.News looks at three new GUI-based configuration tools, Kiosk Admin Tool, KConfigEditor, and KCfgCreator. "We introduce three applications which let administrators and developers take full control over their desktops."
XFce 4.0.6 released (SourceForge)Version 4.06 of the lightweight XFce desktop environment has been announced. "This is a maintenance release, aimed at bug-fixing."
Financial Applications SQL-Ledger 2.4.0 is outVersion 2.4.0f of SQL-Ledger, a web-based accounting package, has been announced. A long list of improvements are included in this release.
Games mapacman 0.90 released (SourceForge)Version 0.90 of mapacman, a multiplayer online pacman clone, is out. "This is the last release of mapacman because as you know our goal is to create a real online multiplayer RPG and not a pacman game :)"
GUI Packages Bakery 2.3.8 announcedVersion 2.3.8 of Bakery, a C++ Framework for creating document-based GNOME applications, is out with one bug fix.
Fl_PlotXY V1.0.4 releasedVersion 1.0.4 of Fl_PlotXY, an XY plotting widget for FLTK, has been released. The changes are: "Has Major bug fixes, and some added features. Development will now slow as it is suitable for what I designed it for."
GLib 2.4.4 releasedVersion 2.4.4 of GLib, the low-level core library for GTK+ and GNOME, is out. Changes include bug fixes, documentation updates, and improved translations.
GTK+ 2.4.4 releasedVersion 2.4.4 of GTK+ is available with lots of bug fixes and other improvements.
pygtk 0.6.12 announcedVersion 0.6.12 of PyGTK, the Python bindings to GTK, is available. "This version includes a small number of bugfixes and two API additions which have been incorporated during the last two years of stability."
Qt 4 technology preview releaseTrolltech has announced a "technology preview" release of the Qt 4 libraries. Qt 4 has a lot of new stuff, including the "Arthur" painting framework, a new Unicode text renderer, more container class templates, and "a modern action-based mainwindow/toolbar/menu and docking architecture."
Instant Messaging Initial Release of Gaim-RSS-Reader (SourceForge)A new project, the Gaim-RSS-Reader, has been announced. "This is the initial beta release of gaim-rss-reader, a RSS feed reading plugin for the popular multi-protocol chat client GAIM."
Interoperability Wine TrafficIssue #230 of Wine Traffic is online with more Wine project news.
Music Applications BEAST/BSE v0.6.2 is availableVersion 0.6.2 of BEAST/BSE, the BEdevilled Audio SysTem and the Bedevilled Sound Engine, is out. "This new development series of BEAST comes with a lot of the internals redone, many new GUI features and a sound generation back-end separated from all GUI activities. Outstanding new features include support for skins, many sample file formats, MIDI file import abilities, an improved piano roll widget, the track editor which allows for easy selection of synthesisers or samples as track sources, loop support in songs and unlimited Undo/Redo capabilities."
libgig 0.7.1 announcedVersion 0.7.1 of libgig is available. "libgig is a C++ cross-platform file loader library for Gigasampler and DLS Level 1 and 2 files."
Office Applications criawips 0.0.6 is availableVersion 0.0.6 of criawips, a presentation application for GNOME, is available. "This version improves the text handling for people who are using the main window to preview presentations. The text scales with other elements when zooming and the text is automatically resiyed to the correct size when opening a presentation."
Planner 0.12 releasedVersion 0.12 of Planner, a project management application for GNOME, is out. Changes include undo support, better printing and HTML export, usability fixes, bug fixes, and more.
Office Suites KOffice 1.3.2 availableKOffice 1.3.2 is out; see the release notes for details and downloads. This is mostly a bugfix release, but there are also some filter enhancements and a translation for the Upper Sorbian language.
Web Browsers Epiphany 1.3.2 releasedVersion 1.3.2 of Epiphany, a web browser for GNOME, is out with bug fixes and translation work.
Epiphany Extensions 1.1.1Version 1.1.1 of the Epiphany extensions is available with bug fixes, new translations, and more.
New Firefox 1.0 roadmapA new Firefox 1.0 roadmap has been posted. The plan calls for the first 1.0 release candidate to come out on August 10, with the final release scheduled for September 14.
Mozilla Links NewsletterThe July 8, 2004 edition of the Mozilla Links Newsletter is available. Take a look for news about the Mozilla browser and related projects.
Independent Status Reports (MozillaZine)The July 12, 2004 edition of the Mozilla Independent Status Reports are available. Here's the content summary: "The latest set of status reports includes updates from deskCut, Launchy, Dictionarysearch, Citations and Mnenhy."
Word Processors AbiWord Weekly NewsIssue #203 of the AbiWord Weekly News is online. Here's the content summary: "Tables now have the ability to summarise rows & columns. The AbiMath handler has just been branched to be incorporated with 2.3/2.4. And, naturally, we have GUADEC information (no one posted picture this time :*( )"
Miscellaneous Alexandria 0.3.1Version 0.3.1 of Alexandria, a book collection management application for GNOME, is out. "This is mainly a bugfix release. If you are using Alexandria you should consider upgrading, since a lot of bugs have been discovered and are now fixed."
Hardware Monitor applet 1.2 releasedVersion 12. of the Hardware Monitor applet is available. This version now supports (and requires) Gnome 2.6.
regexxer 0.8 announcedVersion 0.8 of regexxer, a search/replace tool for the desktop user, has been announced. Changes include support for new libraries, UI improvements, bug fixes, and more.
Languages and Tools Caml Caml Weekly NewsThe July 6-13, 2004 edition of the Caml Weekly News is available. Take a look for the latest Caml language news.
Lisp CL-PPCRE 0.7.8 releasedVersion 0.7.8 of CL-PPCRE, a Perl-compatible regular expression library written in Common Lisp, is out. "This version adds a new argument for REGEX-REPLACE(-ALL) and new compiler macro functionality."
LTK 0.8.5 releasedVersion 0.8.5 of LTK, the Common Lisp binding for the Tk graphics toolkit, has been released. "This version includes new generic functions for text and value widgets, new keywords, new widgets, and more."
Perl Perl 5.8.5 RC2 is out (use Perl)Perl 5.8.5 RC2 has been announced. "This is a regular maintenance release for perl 5.8.x, providing bug fixes and integrating module updates from CPAN."
This Week on perl5-porters (use Perl)The July 5-11, 2004 edition of This Week on perl5-porters has been published. Here's the content summary: "Perl 5.8.5 approaches, and the two release candidates of this week prove it."
This Week on Perl 6The July 4, 2004 edition of This Week on Perl 6 is out with another week's worth of Perl 6 development news.
PHP Building a PHP Front Controller (O'ReillyNet)Ethan McCallum shows how to build a PHP-based Front Controller on O'Reilly. "It's a rare web app that doesn't span multiple pages. It's also rare that such an app doesn't have some common behavior. The Front Controller design pattern can simplify processing, behavior, and the user experience. Ethan McCallum explains how to use this in your applications."
Python Python 2.4, alpha 1Python 2.4 alpha 1 is out, and ready for testing. "In this release we have a number of new modules, a number of existing modules that have been reimplemented in C for speed, a large number of improvements and additions to existing modules and an even larger list of bugs squished."
Dr. Dobb's Python-URL!The July 12, 2004 edition of Dr. Dobb's Python-URL! is online with new Python language article links.
python-dev SummaryThe June 16-30, 2004 edition of the python-dev Summary is available with another round of Python language articles.
Scheme Schemer's Gazette 1Issue #1 of the Schemer's Gazette (formerly the Scheme Weekly News) is available with a new collection of Scheme language articles.
Tcl/Tk Dr. Dobb's Tcl-URL!Dr. Dobb's Tcl-URL! for July 13, 2004 is out with more Tcl/Tk article links.
IDEs Beware the IDEs of JulyBenlast reviews Boa Constructor, an IDE for Python. "The source Explorer is brilliance in a tabbed window, the self-building UML and Hierarchy views do just what they say on the tin. Much kudos to the developers. If I did wxWindows development, I'll warrant I'd find it even more useful; perhaps one day. But where it falls down, it falls down hard. I mean, the sort of thing that will make you scream and use words that get you Looked At by your loving spouse."
DrPython 3.1.0 released (SourceForge)Version 3.1.0 of DrPython, an IDE for Python, has been announced. Here are the changes: "Made some changes to the menu, DrScripts can now be added to the Pop Up Menu, and organized in Folders. Lots of under the hood changes and bugfixes, including Find History and a new Scrolled Message Dialog that closes on <ENTER>. You can also add plugin functions to the pop up menu."
Miscellaneous Two New Bugzilla Releases, Bugzilla Website Redesigned (MozillaZine)MozillaZine reports that the Bugzilla Project has released version 2.16.6 of Bugzilla, which includes a number of security fixes. The first release candidate of Bugzilla 2.18 is also available, with additional enhancements.
Page editor: Forrest Cook Linux in the news Recommended Reading Can Linux Standard Base keep penguin from mutating? (NewsForge)NewsForge wonders if the LSB is enough to keep Linux from fragmenting. "Ted Tso, a member of the Free Standards Group board of directors, explained that a single, standardized Linux OS may not be feasible and pointed to unfruitful instances from the past with Unix. Efforts to standardize source-level programming interfaces -- such as Postable Operating System Interface (POSIX) and the Single Unix Specification (SUS) -- as well as attempts to develop a standard reference implementation to unify the operating system utilized by multiple companies, such as the Open Software Foundation's OSF/1 operating system, have not worked, according to Tso."
Running free with Linux wireless (IBM developerWorks)IBM developerWorks examines Wi-Fi on Linux. "This article focuses on the various options and tools offered to manage these access points. Basically, you're choosing whether to use tools with or without wireless extensions. (Wireless extensions is the name of a generic API that allows a driver to inform the user about space configuration and statistics specific to common wireless LANs.)"
The SCO Problem Robert Silver - Who and Why (Groklaw)For those interested in SCO case background, Groklaw has an article about the company's law firm (Boies et al), its tendency to overcommit itself, and the recent assignment of Robert Silver to the case. "The meaning I derive from Silver's assignment to IBM, Novell and DC is that they, or SCO, may be worried that SCO's case is going to sink like a stone. I think it also means we can expect the quality of the work to improve, unfortunately, so it could drag things out, and *then* SCO will sink like a stone."
Linux Adoption Australian government to offer guide to open-source (News.com)News.com reports that the Australian government will make available a guide designed to help federal government agencies evaluate open-source products alongside their proprietary counterparts. "The officials cited the increasing uptake of open-source solutions within the Australian government sector as the market driver behind preparing the new guide, citing "high-profile open-source software" initiatives being undertaken by the Department of Veterans' Affairs, Centrelink and the Bureau of Meteorology."
Oracle and Linux win over NZX (New Zealand Herald)The New Zealand Herald reports that the New Zealand stock exchange has moved to Oracle on Linux. "Apart from being able to consolidate 21 databases into one, the new NZX system runs faster, more reliably and at less cost, says the company's tech team." (Thanks to Kanchana Wickremasinghe)
Electronics design moves to Linux (NewsForge)NewsForge covers a company that ported its products to Linux. "Something odd started to happen a couple years ago at Advanced Wave Research, Inc., a developer of RF, microwave, and wireless electronics design software. From its founding in 1994, through the release of its first product in 1998, AWD had been a Microsoft shop, and all its products were Windows-only. But in the course of trying to grow, the company found potential customers asking, "What about Linux?""
Linux adapts to devices (vnunet)Vnunet expects to see more embedded Linux products following the release of the first CELF specification and reference implementation. "Celf's specification and implementation, freely available from its web site, is not intended to become a separate fork of Linux, but to provide enhancements to optimise the operating system for embedded designs - for example to improve power-saving and security, and to speed startup and shutdown. Celf said it will work with the open-source community and feed its changes back into mainstream Linux development."
Interviews Behind DragonFly BSD (O'ReillyNet)O'ReillyNet talks with DragonFly BSD developers. "Matthew Dillon: ... DragonFly split off from FreeBSD-5 over major architectural differences, not anything else. We really do feel that FreeBSD-5 is taking the wrong approach to SMP and building something that is so complex that it will ultimately not be maintainable. We think we have a better way."
Linux in Government: An Interview with John Weathersby of OSSI (Linux Journal)Linux Journal interviews John Weathersby of the Open Source Software Institute. "LJ: What does OSSI do exactly?JW: The Open Source Software Institute (OSSI) is a non-profit organization whose mission is to promote the development and implementation of open-source solutions within federal, state and local government agencies and academic entities. Our goal is to help identify and facilitate the adoption of open source within the public sector, specifically within the DoD."
Kontact Artwork News, Interviews with Dariusz Arciszewski and David Vignoni (KDE.News)KDE.News interviews two artwork designers for the Kontact project. "In an effort to bring the kde-look.org community's creative power to Kontact, a contest was launched some time ago: the Kontact Splash Screen Contest. It's time to present the winner: Dariusz Arciszewski, and to know a bit about him. There are news at the icons front as well. David Vignoni, of Nuvola Iconset fame, is designing a set of task oriented icons for use in Kontact, replacing the application oriented icons. We asked David some questions about his work and KDE."
Resources OOo Off the Wall: It's Numbering, but Not as We Know It (Linux Journal)Linux Journal takes a look at how lists are done in OOo Writer. "Like any word processor, OpenOffice.org's Writer automatically adds numbers and bullets to paragraphs for you. Unlike typical word processors, however, Writer does not make lists a part of paragraph styles. Instead, lists have styles of their own. These styles are called numbering styles. It's a rather misleading term, though, because it refers to both numbered and bulleted lists, but never mind."
Reviews Status of the Linux Standard Base (NewsForge)NewsForge takes a look at the upcoming release of LSB 2.0. "[FSG director Jim] Zemlin said LSB 2.0 features a revision of the core specification to support modules that are built on the foundation of the core LSB. "This will accommodate future growth as Linux standards for different vertical markets, for example, are developed as extensions to the core LSB," he said."
Miscellaneous Open source usability is a technical problem we can solve on our own (NewsForge)NewsForge presents on person's view of usability in open source projects. "As a participant in the KDE project (but expressing my own viewpoint here instead of speaking for KDE), the approach I have seen so far to our usability problems is... noise. Ideas are raised daily on the KDE usability email list, but they never seem to generate anything but endless discussions. Developers, users and reviewers all scream that something needs to be done, but apparently no one knows how."
Page editor: Forrest Cook Announcements Non-Commercial announcements OpenEMR adds Direct Claim Submission (LinuxMedNews)LinuxMedNews reports on a new claim submission capability in OpenEMR. "OpenEMR, a free, open source practice management, EMR and billing application will soon support direct submission of payments to Medi-Cal and Medicare of California. OpenEMR currently supports two clearinghouses, ProxyMed and ZirMed and is able to submit claims in the HIPAA ANSI X12 format allowing it to support other clearinghouses or direct billing."
Commercial announcements Active Endpoints Announces Open Source BPEL InitiativeActive Endpoints, Inc. has announced the formation of ActiveBPEL, LLC, an open source organization intended to promote industry interest, education and development around the BPEL (Business Process Execution Language) standard.
Merger Creates the UK's 'Biggest-Ever' Linux and Open Source EventLinuxWorld Conference & Expo has announced a merger with LinuxUser & Developer Expo. An Expo is planned for October 6-7, 2004 at London's Olympia Exhibition Centre.
HP and Mandrakelinux offer the 441 desktopMandrakesoft has sent out a press release (click below) describing the HP 441: a four-headed desktop system intended for use in schools in developing countries. By putting four monitors and keyboards onto a single box and running Linux, HP has kept the per-seat cost low enough, it hopes, to be interesting in the target market. See the "technical specifications" page for more information (and be amused that it tells us "HP recommends Microsoft Windows XP Professional").
Mandrakesoft to migrate 1500 French government serversMandrakesoft has announced that it has been chosen by the French Ministry of Equipment to migrate 1500 servers over to the Mandrakelinux distribution. "Mandrakesoft, the premier European Linux player, was also chosen for deployment, training and support for its Linux solution."
Mandrakesoft: half-year audited net resultMandrakesoft has announced its audited financial results for the first half-year (October 2003 - March 2004). Compared to previous unaudited results (announced in April 2004) the net result has been increased by more than a half-million Euro.
Novell joins SmartBUYNovell announces that it has hooked into the U.S. General Services Administration's "SmartBUY" program, which should make it easier to sell Linux-based products to the government. "The sole provider of open source software in the SmartBUY program, Novell will offer three Linux bundles -- a desktop solution, a 'starter pack' server solution for smaller departmental deployments, and a more managed/full featured server solution for large environments."
Red Hat to restate financesRed Hat has abruptly announced that it will be restating its results for the last few years. The actual change looks like a relatively small tweak: subscription income will be recognized on a daily, rather than monthly, basis. That means that the company will not recognize a full month's income for the first month of an RHEL subscription unless that subscription actually starts on the first day of the month. The end result is the deferral of some revenue to the end of the subscription period.
Rococo Software Releases Java/Bluetooth Developer Kit for LinuxRococo Software has announced the release of the latest version of Impronto Developer Kit, a Linux-based Developer Kit for Java/Bluetooth applications.
Announcing Specifix Inc.Specifix Inc., a company founded by longtime Red Hat hacker Eric Troan and Cygnus manager Kim Knuttila, has announced its existence. Specifix is concentrating on helping companies create and maintain customized versions of Linux. They will be presenting their "Conary" system at OLS in what, one hopes, will not be the first marketing talk to be given in that setting.
New Books "Eclipse Cookbook" Released by O'ReillyO'Reilly has published the book Eclipse Cookbook by Steve Holzner.
Resources The LDP Weekly NewsThe July 7, 2004 edition of the Linux Documentation Project Weekly News is available with the latest new documentation releases.
Upcoming Events UKUUG Linux 2004 Conference and TutorialsThe UKUUG Linux 2004 Conference & Tutorials will be held in Leeds, England on August 5-8, 2004.
2nd Swiss Unix ConferenceThe 2nd Swiss Unix Conference has been announced. The event will take place on September 2-4, 2004 at the Technopark in Zurich, Switzerland. Thanks to Attila Kinali.
Next Mozilla Developer Day Details (MozillaZine)The next Mozilla Developer Day has been announced. The event will take place in Mountain View, California on August 6, 2004.
Events: July 15 - September 9, 2004
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Page editor: Forrest Cook
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||