LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for August 12, 2004The value of middlemenCreators of Linux distributions perform a number of useful functions. They go out and find useful free software for their users. They put together a nice packaging system so that all that free software can be managed without going nuts. They ensure that the programs all fit together in a coherent design of the system as a whole. They create nice CD images for the distribution of their work, and installer programs so that all that software can be loaded onto your systems. Distributors run online repositories, create security updates, and, sometimes, even answer questions from users who are having difficulties.Users may not fully appreciate another role filled by Linux distributors, however: they serve as middlemen between the producers and consumers of free software. This work goes beyond packaging programs and feeding back bug reports; Linux distributors also serve as crucial advocates for their users. When developers fail to act in the interest of the people using their software, the distributors can come in with their advocacy and patching skills to improve the situation. A good example of how this process works was brought to light via a long and unpleasant linux-kernel discussion involving Jörg Schilling, the maintainer of the much-used cdrecord program. For the curious, the thread starts with this message. There are several issues discussed, but much of it comes down to some fundamental disagreements between Mr. Schilling and the Linux distributors on how cdrecord should work. For example: in the 2.6 kernel the preferred way of performing raw SCSI operations on a device (which is how CD burning is done) is to simply open the device directly and issue the right ioctl() calls. So, if your drive is /dev/hdc (or, better, /dev/cdwriter), you run cdrecord with dev=/dev/cdwriter and be done with it. Mr. Schilling swears that the only proper way to specify the output device is via SCSI bus, target, and unit numbers - despite the fact that most of these devices do not sit on a SCSI bus and have no such numbers. And despite the fact that figuring out that, say, dev=0,2,0 is the right magic sequence to type is not something many users want to do. So cdrecord issues a set of scary warnings with the "open by device" mode is used, despite the fact that it is the best way to do things. Another example: some users have a strange idea that they might actually like to write DVDs on their DVD-capable drives. The official version of cdrecord has no such capability, and Mr. Schilling has refused to add it. Some of the more cynical observers have noted that the fact that Mr. Schilling offers a proprietary version of cdrecord with DVD support may have something to do with this refusal. Users of cdrecord could try to address these issues directly with its author. Experience has shown, however, that this can be an unpleasant and unrewarding process. This is where the distributors step in. A quick check in the latest Fedora source RPM for cdrtools shows a good dozen patches; these vary from small documentation tweaks through to DVD support and the removal of unnecessary, scary warnings. Other distributors have done similar things. The end result is that users get a version of cdrecord which works as they would expect, while the distributors take the heat (and there is some heat) for the changes that they make. Mr. Schilling has given us a true gift: the cdrecord program embodies a great deal of knowledge of just what is required to make a wide variety of CD writers work on numerous operating systems. We get to make use of that knowledge because Mr. Schilling has released his work under the GPL. Before criticizing him too much, it is good to reflect on the value of that gift. But this is also a good place to appreciate the extra value added by the Linux distributors. Sometimes a middleman is just what is needed to make the whole process work.
Sarge is comingSarge is, finally, approaching. Last week, Steve Langasek announced a proposed timeline for Sarge and that Anthony Towns had stepped down as release manager for Debian. Langasek and Colin Watson are filling the post for the Sarge release. According to Watson's follow-up on Saturday, the release target for Sarge is now September 19. Joey Hess also announced release candidate 1 of the new Debian-Installer for Sarge on Saturday.With the release so close at hand, we decided to take a look at the state of Sarge. We touched base with Langasek on the status of the release, and also asked Towns for comment on his decision to step down. In Langasek's announcement, he alluded to "the recrimination and hostility towards some of our most dedicated developers" as a possible reason for Towns' departure from the release manager post. Towns declined to elaborate on his decision to step down from the release manager position, but said that Sarge is in good hands:
I've got complete confidence that Colin and Steve can do a better job
getting sarge out than I could, and are doing so. They might think
differently, but if so, the resolution to that little quandary is quite
simple: they're wrong. :)
We also asked Langasek about the statement, and whether he feels that the internal conflicts in Debian have gotten worse.
For my part, I'm well aware that there's always a certain amount of
off-topic digression and conflict on the mailing lists -- this is nothing
new in Debian, it's part and parcel of the kind of rough-and-tumble
development model that's always been in effect in this community. One thing
that *has* changed recently, however, is that the General Resolution
process... has become unstuck in the past year, after having been held up
for quite some time by a committee charged with fixing some subtle bugs in
our constitution. Suddenly, the GR process seems like a good way to address
lots of problems in the project, and lots of changes are being proposed
without necessarily considering the full effects in the context of Debian,
or sometimes without much consideration of whether this is something that
*can* be legislated in Debian.
It's also true that as the project has grown, it has tended to become more politicized as it's harder for everyone to know everyone else personally. I don't think this is inevitable, though; it's simply something we need to learn to deal with as we grow. Since Debian has essentially been growing for its entire existence, we have a fair amount of experience with learning to address growing pains. In any case, I definitely don't think AJ's decision represents any sort of crisis in Debian. The release manager's job is a hard one even when everything seems to be going right, so it's perfectly understandable that he would decide to step down. With that unpleasant topic behind us, we also asked Langasek about the release schedule, and whether the schedule was realistic.
The important message to bring away from the announced release schedule is
that we're close enough now to being able to release that it's time for
developers to change focus. The schedule may slip a few days here or there,
but the truth is that's something we have to contend with no matter how
aggressive our proposed schedule is. So we might as well be ambitious!
Our brief tests of the RC1 of the Debian installer were quite positive. The installer is still a text-based system, but consists of a fairly easy set of choices for the average Linux user to follow. We tested RC1 on a dual-PIII Xeon system, and tried out both the normal and "expert" installer modes. Users have the choice of installing the 2.4 or 2.6 kernel in either mode. The "expert" mode is largely unnecessary unless one wants (or needs) to dabble more directly with the kernel modules that are loaded or if one wishes to experiment with installer modules that are not part of the default installation. The new installer also offers to partition the disk for the user, no doubt a welcome addition for many Linux users who aren't familiar with disk partitioning. The user has a choice between an all-in-one partition, a separate /home partition, or a multi-user partitioning scheme if they choose to let the installer do the work for them. Both the /home and multi-user schemes provided sane partition layouts on a 40GB disk, using the Ext3 filesystem. We might have chosen more swap space (the installer opted for 512MB on a system with 1GB of RAM), but both partition layouts were quite usable. The hardware detection worked fine for the test system, though the system admittedly contained a sparse selection of components -- an add-on IDE controller, network card and generic video card, PS/2 keyboard and mouse, no sound card. This writer found it very nice not to have to know which module is appropriate for the system's network card while in the middle of an install. Users have the option of choosing packages manually, or selecting from seven pre-selected groups of packages like "desktop," "Web server," and "DNS." These can be mixed and matched, so users who want a print server and desktop in one machine can choose both at install time. The desktop set of packages provided both the KDE and GNOME desktops, and a fair selection of desktop apps and games. There were only two things we didn't like, overall and neither can rightly be considered a bug -- though there is a bug report for our first complaint. Though the machine in question is a dual-CPU machine, neither the normal or expert install gave the option of an SMP-enabled kernel. Though it's not at all difficult to download a suitable SMP kernel (or compile your own) it's an additional step that should be unnecessary. Likewise, it seems to this writer that OpenSSH should be installed by default on any network-connected system. While not difficult to do after the fact, one would think that including OpenSSH is a no-brainer on almost any Linux system. It is certainly as likely to be used as wget or nano, which are installed by default. Those are extremely minor grumbles, however. It appears that Sarge is just about ready to make its debut. The schedule is a bit ambitious, but it doesn't seem unrealistic based on our tests of the RC1 of the installer and packages now in testing. Langasek asks that users start banging on the new installer and install manual to help the process along:
Now that the first release candidate of the debian-installer is available,
we also need users to help test this new installer, and to also help review
the installation manual to check for omissions and accuracy.
We hope to soon have security support available for testing, at which point we will also send out a general call for users to test the upgrade path from woody to sarge. And, of course, Langasek asks that users report bugs wherever they find them "particularly if they're using testing or unstable." As users are trying out the new Debian installer, they might wish to read the d-i retrospective, which recounts the history of d-i and gives perspective on the work that went into the installer. Langasek says that the work has paid off:
Debian-installer stands head and shoulders above the boot-floppies system
we used for woody, and we owe a lot of thanks to the developers responsible
for giving us an installer that people can actually be enthusiastic about
contributing to. :-)
Indeed, this writer is enthusiastic about the installer as well. Though the old installer was usable enough (as evidenced by the enormous Debian user base), the new installer is much improved. The final Sarge release should do a great deal to help Debian's popularity with newer Linux users.
Munich and software patentsAs was covered here last week, the high-profile Linux deployment in the city of Munich has been put on a temporary hold while a legal review of possible patent threats. This hold is a direct result of two motions filed recently by a Green Party alderman in the city. The motions, and their aftermath, have created a small storm, both in the city of Munich itself, and among free software advocates and anti-software patent activists. Those who oppose the transition from proprietary to free software in Munich took the opportunity to put a spanner in the works, and that prompted swift reactions from free software advocates; the events seem to have created some stress between the free software and anti-software patent communities. The motivation behind the alderman's motions was simple: to persuade the city of Munich to put more pressure on German and European politicians to stop the EU's directive on the patentability of computer-implemented inventions. And insofar as they aimed to raise the problems associated with software patents among German politicians, they have met with some success. The city of Munich does appear to remain committed to its free software project, and despite speculation in the press, the only thing about which we can be certain is that, as LWN commented previously, the process will be slowed down while the lawyers do their thing. The latest word is that the delay may not last more than a few weeks. So why, then, did the Free Software Foundation Europe feel compelled to issue a press release emphasizing that free software is no special case, and that the dangers posed by software patents affect all small and medium enterprises and projects, regardless of their licensing? I asked FSFE President Georg Greve whether he felt that the Green party should be condemned for its actions, and whether the FFII, which could be accused of spreading the flames with a widely-reported press release of its own, should be included in that as well. Mr. Greve described "condemnation" as "too strong a term," but it is clear that they aren't too happy, especially given that they have been actively campaigning against software patents for four years without jeopardizing free software deployments. He asked:
Why did the FFII and Green Party target
the currently most prominent Free Software migration and not some
proprietary software projects?
In response, the Green Party in Munich notes that it is software patents which threaten free software, and not anybody's attempts to fight the imposition of patents. Ignoring the patent directive, they say, would be far more dangerous than forcing this sort of confrontation. As Tim Bray noted in his weblog, almost all software in the market probably infringes on some existing software patents, and the issue is one of financial resources (i.e. the ability to defend a case in court), not one of licensing. Greve claims that "[the] link is entirely artificial". Bizarrely, part of the explanation of events lies in a mistake within the FFII. The study that lists the patents that affect the Munich project was never released as an FFII study; rather, it was a personal document on an FFII member's homepage. Harmut Pilch, the President of the FFII, wrote that he was "surprised by the announcement of Wilhelm Hoegner and the mayor", and that he "learnt from both only through the media". Nevertheless he goes on to defend the message given out by the Green Party, if not the exact methods they used, pointing out that the city of Munich had to assess the risk caused to its project by software patents. The fallout of all of this is difficult to predict. We can be fairly sure that, barring an extraordinary risk assessment by the city of Munich's lawyers, their Linux project will go ahead. But it's impossible to judge the impact that the news will have on the vote in European Parliament later this year, and on other government projects involving free software. However, if the EU says "no" to software patents, the free software community in Europe could be saved from, possibly, the most damaging legal framework seriously considered to date. The knock-on effect in other countries and trade areas also can't be underestimated. So if steps like those taken by the Green Party in Munich can derail software patents in Europe at the expense of delaying, or even stopping, various free software deployments in government, would it not be worth the sacrifice? In this light the Green Party's actions seem like fine political ju jitsu. An implicit assumption in that question is that the Green Party's initiative can be followed elsewhere. The only other example of a major deployment of free software in government in Europe is in Extremadura, where local politicians are already firmly against software patents. Employing this sort of technique elsewhere must be done carefully: emphasizing the software patent risk to free software could end up turning politicians against free software, rather than patents. A compromise approach, as Greve suggested, would be:
...for Free
Software advocates to always raise the point that their opposition against
SWPATs is not on the grounds of Free Software alone, but on the grounds of
the entire local hardware and software industry.
It may be too late for effective damage control in Munich, so we will have to wait for the outcome there. But in the future, it would seem wise for anti-software patent activists to be mindful of Greve's suggestion. Free Software advocates must fight software patents, and we must recognize that they are more important than individual deployments of free software. But all the same, we mustn't unnecessarily prejudice politicians and those who make technology decisions against free software for the sake of gains in the fight against software patents.
Security The Information Technology Security HandbookThe World Bank InfoDev Program has set itself a goal of helping computer users in developing countries avoid security problems. To that end, it has published the Information Technology Security Handbook; it can be downloaded from the site in PDF format. It is a very introductory-level book on security threats to computers and their users; if users at that level can be convinced to read the whole thing, it may well do some good. Unfortunately, however, this book does the developing world a disservice by being strongly biased toward proprietary software.The "Security for Individuals" section, for example, contains a couple of pages on "non-traditional and non-commercial software." Topics covered are, in this order, shareware, open source software, and pirated software. The open source discussion gives a brief overview of the "which is more secure?" debate, and informs us:
The update processes for Open Source products tend to be more
difficult that [sic] those for Windows, but are in line with other
Unix products and the installation procedures for the original Open
Source products.
The fact of the matter, of course, is that the major distributors have all made the application of security updates into a trivially easy task, which can even be automated. The above statement might have been true some years ago; it certainly is not true now. The discussion of free software pretty much ends there. So, for example, we get a long section on email problems; infection via email is said to be "highly likely." Six rules are given for protecting a system from email-borne malware ("Do not open an attachment from someone you do know and trust unless you are sure that they sent it deliberately"), but there is no mention of the fact that email-borne malware is, for all practical purposes, unknown outside of the Windows world. The "security for organizations" chapter is written in an entirely different voice. It covers a wide range of topics, including regulatory compliance, wireless security, personnel threats, etc. There is a lot of useful material there for somebody who is beginning to think about security in an organizational context, but no specifics at all. There is a section on government policy which has mostly to do with bureaucratic organization and the crafting of security-related legislation. The final and largest section is aimed at technical administrators. Interestingly, this section is mostly oriented around Unix and Unix-like systems. The coverage is strange, however; NIS netgroups warrant several pages, while PAM is breezed over in a single page. There is a long section full of rules on writing safe CGI scripts, but nothing about web server setup. The chapter contains some good stuff, but it looks like it was gathered together from several different sources. This handbook looks like a useful resource in many ways. It falls short of what a book on security for the developing world could be, however. Like the rich world, the developing world has no need to rely on expensive and insecure proprietary software. A book on information security on developing countries really owes it to its readers to point out that, with free software, they can take greater control over their systems and not have to rely on the good intentions of a large, foreign company.
New vulnerabilities Cfengine: RSA Authentication Heap Corruption
cvstrac: arbitrary code execution
opera: remote filesystem read access vulnerability
PuTTY: pre-authentication arbitrary code execution problem
shorewall: temporary file exploit
SpamAssassin: Denial of Service vulnerability
Updated vulnerabilities Apache mod_proxy: denial of service
apache2: stack-based buffer overflow in ssl_util.c
apache mod_ssl format string vulnerability
aspell: bounds checking problem
courier: cross-site scripting vulnerability
Ethereal: Multiple security problems
Filename disclosure vulnerability in fam
flim: insecure file creation
gnome-vfs: backend script vulnerabilities
gtkhtml: malformed messages cause crash
Horde-IMP: improper input validation
iproute: local denial of service
racoon: failure to verify signatures
kdelibs: cookie disclosure
kernel allows unauthorized changes to the group ID
kernel information leak
kernel-utils: setuid vulnerability
libpng: multiple vulnerabilities
libxml2 - arbitrary code execution
logcheck: symlink vulnerability
mikmod: buffer overflow
mod_python: denial of service vulnerability
MoinMoin Group ACL Bypass
mozilla: multiple vulnerabilties
mpg321: format string vulnerability
MPlayer: GUI filename handling overflow
MySQL: temporary file vulnerabilities
neon: buffer overflow
Nessus NASL scripting engine security issues
netpbm: insecure temporary files
openssh: timing attack leads to information disclosure
OpenSSL: denial of service vulnerabilities
pavuk: buffer overflow
php: remotely exploitable memory errors
phpMyAdmin: remote PHP execution
python: buffer overflow
samba: potential buffer overruns
sox: buffer overflow
squid: buffer overflow
SquirrelMail cross site scripting vulnerabilities
Subversion: Remote heap overflow
sysstat: temporary file vulnerability
File overwrite vulnerability in tar and unzip
tcpdump: ISAKMP payload handling denial-of-service vulnerabilities
Multiple vendor telnetd vulnerability
wv: buffer overflow
XChat 2.0.x SOCKS5 Vulnerability
xine-ui - insecure temporary file creation
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch is 2.6.8-rc4, which was announced by Linus on August 9. There was, he says, just a little too much new stuff in there for him to have been comfortable putting it out directly as 2.6.8. That new stuff includes a replaced 586-optimized AES implementation, a new internal infrastructure for handling file positioning and seekability (see below), a sysctl API change, and some architecture updates. See the long-format changelog for the details.Linus's BitKeeper tree contains a big Prism54 driver update and various fixes. Things are stabilizing for an official 2.6.8 release which may have happened by the time you read this. The current prepatch from Andrew Morton is 2.6.8-rc4-mm1. Recent additions to -mm include a mechanism for gathering CPU scheduler statistics, the "mlock as user" patch (covered briefly last week), some asynchronous I/O fixes, version 17 of the wireless extensions API, some read-copy-update enhancements, resident set size ulimit support (see below), in-kernel cryptographic keyring management, a number of architecture updates, and lots of fixes. The staircase scheduler has been dropped from -mm for now ("it used up its time slice") in favor of a simpler patch which simply disables the use of the expired array. The quest for the best way to improve the scheduler continues. The current 2.4 kernel is 2.4.27, released by Marcelo on August 7. 2.4.27 contains fixes for a handful of security problems, some new crypto algorithms, a big serial ATA update, TCP Vegas and BIC backports from 2.6, and vast numbers of fixes.
Kernel development news Safe seeksThe lseek() system call allows user space to move the current read/write position within a file. It is not an operation which normally attracts attention, since its full effect is, normally, to change an internal integer index. It turns out, however, that lseek() has been poorly implemented in many parts of the kernel. The recent vulnerability discovered by Paul Starzetz has highlighted the problem, with the result that the internal handling of lseek() is changing significantly for 2.6.8.Seeking within a file is straightforward; it is just a matter of changing the current position index inside the kernel. The situation gets a little murkier, however, when dealing with things that are not regular files. Virtual files implemented by the kernel can often be seeked in a meaningful way, if it's done carefully; the same is true of a very small number of physical devices. For most devices, however, along with objects like network connections, seeking makes no sense at all. The default behavior for lseek() is to change the internal offset pointer and return success; if code for the the underlying object (device, network connection, file, etc.) has not provided its own llseek() method, the call appears to succeed. Implementation of a non-seekable device requires an explicit action, instead, to ensure that user space is given the proper error. The traditional way of handling lseek() within a device driver is to include a simple llseek() method which looks like this:
loff_t my_llseek(struct file *file, loff_t offset, int whence)
{
return -ESPIPE; /* Not seekable */
}
More recent kernels (2.4 and beyond) also provide a no_llseek() helper which looks like the above. This technique works, as long as the author bothers to do things this way. In some cases, this little step gets skipped, and the resulting object appears seekable even though it is not. Even when this method is provided, however, it is not a complete solution; the pread() and pwrite() system calls, which specify a specific offset for the operation, involve seeks. Objects within the kernel do not see these calls directly; they just look like regular read() and write() calls. This works because the internal methods for these calls are always passed the offset to use. What this means is that, for a non-seekable object, every read() or write() method should include a test like this:
ssize_t my_read(struct file *filp, char *buf, size_t count,
loff_t *ppos)
{
/* ... */
if (ppos != &filp->f_pos)
return -ESPIPE;
/* ... */
}
This test works because, for normal read() and write() calls, the ppos pointer goes directly to the offset (f_pos) stored in the file structure. If ppos points elsewhere, it means that a pread() or pwrite() call has been made, and an error should be returned. These tests are simple, but they are bits of boilerplate code which must be added to the implementation of all non-seekable objects, and not all authors bother. After all, for most uses, the code works just fine without. The above code also forces widespread knowledge of the contents of the file structure and how position information is passed to read() and write() methods. For sysctl methods, things are even worse: there is no position passed in, so there is no alternative to getting it from the file structure. Finally, there are some interesting race conditions associated with the handling of file offsets. Often a device driver will test a position for validity, sleep (while waiting for device operations or user-space copies), then change the offset. But that offset could have changed in other ways during the sleep, leaving its final value in an indeterminate state. In response to all this, Linus has thrown together a set of patches changing the way seeks are handled inside the kernel. These patches have found their way into 2.6.8-rc4, but they were not posted separately on any open mailing lists first. The first patch adds a new FMODE_LSEEK bit to the file structure, so that the virtual filesystem (VFS) code knows which files are seekable and which are not. The idea is to move all tests for illegal seeks to the core VFS code. A second patch adds separate mode bits for pread() and pwrite(); as it turns out, files implemented with the seq_file interface are seekable, but do not support those two calls. A pair of patches then followed to make use of the new tests in the VFS core. The nonseekable_open() helper was added to enable drivers (and other code) to clear the new bits and mark an object as not being seekable. It is meant to be called in the corresponding open() method. Then came changes to a large number of drivers making them use the new infrastructure; the net result was the removal of quite a bit of code. It's worth noting that this patch represents a change in how device drivers should be written, but the actual API has not been changed in any incompatible ways. Unmodified drivers will still work - at least, as well as they did before. The sysctl change does involve an API change, however. All sysctl methods now have the offset passed in explicitly as a parameter; they should no longer go digging through the file structure for that information. Unmodified sysctl implementations will no longer compile. The final step is to change how the read() and write() system calls are implemented. They now create a copy of the f_pos field and pass that to the appropriate methods, and copy the result back afterward. So those methods never work with f_pos directly, regardless of how they are invoked. As a result of all this work, the handling of seeking has become simpler and more robust.
Simple resident set size limitsOne of the problems which can afflict any virtual memory system is a process which expands to fill all of memory. All it takes is, say, a quick OpenOffice session, and everything else running on the system finds itself shoved into a corner of memory and pushed out onto swap. Avoiding this problem is a simple matter of limiting the amount of physical memory that any given process can occupy, but Linux lacks such limits.Rik van Riel seems to have started off on a series of relatively simple patches which address immediate VM issues. His latest patch implements resident set size limits for Linux processes. Once this patch is applied, a bit of appropriate limit setting could do a lot to keep those memory hog processes in their place. The core of the patch comes down to two lines:
if (mm->rss > mm->rlimit_rss)
referenced = 0;
This code appears in the function page_referenced_one(), which tries to decide whether a process has actually made use of one of its in-core pages. If the page has not been referenced, it goes directly onto the list of pages to reclaim. All that this particular patch is doing is pretending that a process which has exceeded its maximum resident set size has not actually used any of its pages; as a result, the memory hog's pages will be the first ones to be reclaimed. This patch applies on top of the token-based mechanism discussed last week. It modifies that code by depriving a process of the swap token once it goes over its memory limit. Many systems in the past have chosen to implement hard resident set size limits. On such systems, a process which incurs a page fault will, if it's at its memory limit, immediately surrender one other page back to the memory management system. Rik's patch works differently, in that there are no hard limits. If there is no particular memory pressure, a process can grow to any size. The limit is only applied when the system starts looking for pages to reclaim for other users. This approach is simple, which is always good; it also allows the system to make full use of its memory when there is not a lot of contention.
Out-of-lining spinlocksSpinlocks, as the core kernel synchronization primitive, are highly performance critical. They are implemented differently on each architecture, by way of some carefully-crafted assembly code, so that not one extra cycle is spent there, especially when the lock is not contended. They are also implemented as inline assembly, so that no function calls get in the way of that fast path through.Recently, however, Zwane Mwaikambo has pulled a patch out of the -tiny tree which moves spinlocks into normal, out-of-line functions - at least, on the x86 and x86-64 architectures. The reason for doing this is to shrink the kernel; there are a lot of spinlock calls in the kernel, and the inline code gets replicated for every one of them. Moving the spinlock code out of line gets rid of that duplication, and shrinks the kernel text size by 50KB or so. Zwane posted some benchmarks showing that there are no performance regressions. In fact, on some hardware, the improved cache utilization brought about by pulling together the spinlock code can actually improve performance by a slight amount. The patch comes with a configuration option allowing the spinlock code to be built in either mode. Given that moving the code out of line seems to be a win, some have wondered if things shouldn't always be done that way. Linus pointed out one advantage to the inline code: it makes the sources of lock contention very clear in kernel profiles. With out-of-line spinlocks, all a profile will show is that a lot of time was spent waiting for locks; with the code inline, the function which is actually waiting for the lock shows up instead. So out-of-line locks may be best for production kernels, but developers may want to keep them inline.
Presentations from the cluster summitThe Minneapolis Cluster Summit, held on July 29 and 30, was a gathering of developers interested in pushing forward the state of the art in Linux clustering. The slides from the presentations have now been posted. The topics covered include high availability, OpenSSI, cluster block devices, GFS, lock management, and more.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Interview with Cobind's David WatsonNot long ago I did a review of Cobind Linux. There's more to Cobind than just a Linux distribution, though. The company is developing some very interesting tools and utilities; YUMGUI and DiY Linux Toolkit. David Watson is listed as Cobind's Founder and CEO. He graciously took some time out of his schedule for an interview.Joe Klemmer: Tell us a bit about who Cobind is. There's a page on your site that lists the team with mini-bio's on it but how did you guys come together? How was Cobind created? David Watson: Bryan [Mills - Founder and
President] and I have worked together doing software development since
the summer of 2001. We have similar views on software design despite our
differing ages and skill sets.
We wound up working together on an XML appliance product in the summer of 2003 with a startup here in Pittsburgh. We had to put together a custom Linux distribution for that product and discovered that a) it was a lot of work, b) the work was tedious and error-prone, and c) it was expensive as a result. There are consulting firms that build custom Linux distributions, but they are very expensive owing to the sophisticated labor required. Cobind grew out of our desire to build custom Linux distributions without requiring expensive consultants. That is, a product-oriented solution that makes building custom Linux distributions accessible to a wider range of people. We were able to launch Cobind, Inc. after we won a fellowship to fund our market research, business planning, product development, etc. JK: There are two major products you are working on, Cobind DiY Linux Tools and Cobind Software Manager (YUMGUI). Let's talk first about YUMGUI. What was the impetus for making a GUI to run on top of YUM?
DW: a) YUM lacked a GUI and we weren't the only ones
looking for one. Since we picked YUM for Cobind Desktop, it was
one of the few places on the desktop where you still needed
command line skills to install, update, remove, or search for
packages.
b) Differentiation. There are many Linux package management systems but we believe YUM's architecture and CLI simplicity provided a solid foundation for a GUI with a similar design mantra. c) Our skills were a good match for the application. JK: You chose Python to develop this tool. Why use Python?
DW: YUM is written in Python. We believed that if a GUI
was going to be successful with YUM, it would have to be
integrated into the YUM sources and distributed with YUM. Aside
from all the obvious and oft-repeated advantages to developing in
Python, the decision was made for us by the YUM team.
JK: Is YUMGUI in a "production" state yet or do you still have some plans for expansion? Additional feature? Interface updates?
DW: No, it's still going to go through some twists and
turns before it gets to a stable state. We are working with the
YUM team to integrate the code into the YUM source. This is
difficult because, as with most projects, the YUM development has
not stood still while YUMGUI was being developed. That means
there's a bit of a branch and merge issue, where the underlying
code has changed substantially, but that's a soluble problem.
Once the code is integrated into YUM, then it can evolve with the community. We won't make any concerted effort to change the features or interface substantially prior to that code integration. JK: YUMGUI is a good little tool. I know that some businesses would keep this as a commercial product. Did you have any thoughts of keeping it as a "closed" tool or were you already set to GPL it from the beginning? DW: We believe in the tenets of open source software and the benefits make sense in this case. It would be very difficult to build a GUI on top of YUM if YUM was not open source. So yes, we viewed YUMGUI as a GPL product from the beginning, owing to its extension of YUM. JK: Do you think that this tool could become a standard tool for all Linux distributions based on RPM? DW: That's an ambitious but laudable goal and we are a humble bunch. Time will tell. There is another question embedded in this one which is whether RPM-based distributions would benefit from vendors coalescing around a single package management standard. We believe that everyone would benefit from convergence in Linux package management since that convergence implies network effects benefiting users of the standard. Whether the social forces shaping the future of Linux will allow that to happen remains to be seen. That said, we believe that YUM, with some additional refinement such as the work being done currently in CVS, is a legitimate contender for that standard package management tool and we remain hopeful. JK: Now let's talk about your DiY Linux Tools. The gist of the web page for DiY is that it will help in generating a custom built Linux distribution. Basically letting anyone build their own configuration and application base to, in the end, have a Linux distribution of their own. Is this what DiY is for? DW: Yes, fundamentally that is correct. In terms of user interface, the DiY Linux Tools present screens governing brand, licensing, groups,and packages, along with wizards for deploying custom applications such as LAMP. A big part of the value proposition here is dependency resolution. On the surface, it seems simple to add a package to a distribution,unless you've gone through dependency hell trying to rpm -ivh *.rpm on a single package with deeply nested, unresolved dependencies. The tools demonstrate their utility because you can add packages and the dependency resolver will resolve most dependencies transparently and prompt you when it can't resolve dependencies. In addition the tools have a visual display of the dependency tree which helps people to understand tacit dependencies in the system. We see three primary markets for the tools: 1) Hardware Vendors who want to produce custom Linux distributions for their hardware (this may range from the vendor doing the configuration pre-sale to the end-use customer using the tool to build the distribution in-line with the machine purchase, similar to Dell's online hardware configurator), 2) Software Vendors who are attracted to the "software in a box" model of selling Linux-based appliances with the software pre-configured, 3) Systems Administrators and consultants who want to use the tools to streamline their Linux deployments on desktops and servers. JK: Can you tell us something about how DiY works under the hood? Is it also based on Python?
DW: The DiY Linux Tools are comprised of a PHP
front-end, Python middle tier, MySQL back-end, and Python build
farm, with SOAP protocol connecting the tiers. The system defines
a data model representing an abstract Linux distribution. The
front-end is responsible for presenting the browser interface and
doing inserts, updates, and deletes to this data model while
invoking events such as build. The middle tier manages build
events by queuing builds to the build farm, which scales from
1..n machines. The data model can also be transformed into an XML
build descriptor which enables builds to be exported and imported
between disparate build systems.
Essentially, this system defines abstractions in the UI that make it easier to build and maintain a custom Linux distribution, relative to doing it from the command line. The hard part is finding the places where those abstractions leak and trying to contain those leaks. There's still a lot of work to be done. JK: Do you see DiY having an effect on the major Linux distributors?
DW: No, all of the evidence suggests that we're running
below their radar, with very few exceptions. They've got Point
Clark Networks, Progeny, Specifix, and Terra Soft Solutions to
keep them occupied. If any of these models are successful, you'll
probably see some consolidation in the future though the
parameters are hard to predict with confidence.
JK: DiY is, initially, going to be available only through Cobind as a service. Will there ever be an open/free version of the tools?
DW: Perhaps, there are a number of variables impacting that
decision and we're not likely to conclude the discussion for some time.
Obviously, an open source release of the tools could place downward price
pressure on custom Linux development since a variety of the tasks
associated with building a distribution are faster and cheaper with the
tools, enabling more individuals and organizations to do it themselves
while relying on a vendor only for those parts of the system that are not
addressed fully by the tools.
JK: It seems that your plan is to have YUMGUI and Cobind Desktop Linux as your feed and use DiY as your income generator along with other services. This seems to be the preferred current model for "Open Source Companies". Is this a long term trend that you feel is going to be the basis for "Open Source" businesses for a while?
DW: With regard to our plan: Yes, we have three broad
categories of products: applications, distributions, and tools.
We have several applications that we've written which are
probably useful beyond our offices, but we just haven't had the
time to get them cleaned up for release. Additionally, we have at
least one additional distribution that we're likely to introduce
to provide a differentiated server offering. Like most other
companies in the space, we are using service revenue to support
our product development work until the tools are baked.
The short term trend for open source businesses is likely to be what you describe. However, in the long term where hardware and software are commodities and developing countries exert significant downward price pressure on labor, it's likely that the margins that companies have enjoyed as benefactors of their own reputation economy will shrink over time. Whether increased volume in open source businesses makes up for the tightening margins remains to be seen. This may be a limiting factor in investment in new open source businesses. It's certainly difficult for a small company to sustain the costs without significant seed capital, pointing toward consolidation invoking economies of scale. That is, the costs may be prohibitive for a small company such as Cobind, but are reasonable in the context of a large hardware company where strategic initiatives (software and hardware being complementary assets) justify the R&D expenditures. JK: Thank you for taking the time do do this interview.
DW: You're welcome.
Distribution News Mandrakelinux 10.1 Beta1 is availableFor those of you who like being early adopters, the first beta of Mandrakelinux 10.1 has been released for testing.
Debian GNU/LinuxThe Debian Weekly News for August 10, 2004 is out. Topics this week include, the Debian Women website, new libtiff in unstable, sarge release date, a Debian-Installer retrospective, compatibility problem with Bash 3.0, Debian-Installer Release Candidate 1, the Call for Participation: Popularity Contest, and more.Colin Watson provides a sarge release update. All base and standard packages have been frozen, except for RC and important bugs and updated package translations. The Debian-Installer team has announced the first release candidate of the Debian sarge installer. The installer now supports all 11 Debian architectures.
Gentoo Weekly Newsletter -- Volume 3, Issue 32The Gentoo Weekly Newsletter for the week of August 9, 2004 is out. This week's issue covers Gentoo at Linux World Expo, an update on the Gentoo website redesign, and more.
FedoraFedora Core updates:
New Distributions Hidden LinuxHidden Linux is an enterprise grade Linux distribution, created to address the needs of organizations wishing to develop a secure Internet presence. It is designed for experienced Linux administrators and can be used as a mail, Web, database, FTP, print, Samba (PDC), PPTP, IPSec gateway server and client, firewall, DHCP, cache/proxy, and time server.
Minor distribution updates AGNULA/DeMuDIAGNULA/DeMuDI 1.2.0-rc2 has been released. Click below for the release announcement.
BLAG Linux and GNUBLAG Linux and GNU has released v19999.00071 with major feature enhancements. "Changes: This alpha release is based on Fedora Core 2. All Fedora updates were applied along with many new packages from Dag and freshrpms. The new packages included gift, fluxbox, inkscape, firestarter, and gstreamer-plugins-extra-*."
Hiweed GNU/LinuxHiweed GNU/Linux has released Hiweed Server v0.3beta1. "Changes: This version modifies the installer to enable custom installation. The user can select their favorite MTA, FTPD, or database package, and if the user chooses Webmin, the relative Webmin module will be installed."
Lineox Enterprise Linux Grows with Application ServerLineox has announced (click below) the Lineox Application Server and a Developer Suite, both available as updates to Lineox Enterprise Linux.
OnebaseGo 'KDE 3.3 Beta2' LiveCD Released (KDE.News)KDE.News reports the release of a new OnebaseGo 2.1 Live CD with KDE 3.3 Beta2.
tinysofatinysofa has released tinysofa classic server v1.1 (Rio) and tinysofa enterprise server v2.0 (Odin).
Whitebox Linux Errata & VacationsWhite Box Linux has a status report on errata and new packages. Click below for the full report.
Terra Soft Launches Yellow Dog Linux v4.0 RC1Terra Soft Solutions has announced the release of Yellow Dog Linux 4.0 RC1. "Yellow Dog Linux v4.0 offers an incredible graphical interface with both KDE 3.2.2 and GNOME 2.6.0 desktops. Terra Soft's graphic designer Jake Fedie has prepared an all new presentation for both the Installer and post-install desktop environment. Included with v4.0 are OpenOffice 1.1.1, Rhythmbox 0.8.3, Mozilla 1.6 and development tools glibc 2.3.3 and gcc 3.3.3 built upon the 32-bit kernel 2.6.7."
Distribution reviews Review: Debian-Installer Release Candidate 1 (linux.com)Here's a review of the new Debian installer on linux.com. "Debian-Installer Release Candidate 1 (RC 1) has some ways to go in accessibility. It is still text-based, a sub-project to provide a GTK GUI having apparently suffered crib-death. In places,too, it requires system knowledge that might make the inexperienced feel a trickle of sweat. Yet compared to the labyrinthine twists and turns of the old installer, the new Debian-Installer is a stroll through a suburb whose streets are laid out on a grid. Unless you choose more control, only a minimal amount of user input is required - language, keyboard, time zone, root and user passwords - and in less than forty minutes the result is a working Debian system." (Thanks to Steven G. Johnson)
DragonFlyBSD 1.0A: A strong start (NewsForge)NewsForge reviews DragonFlyBSD. "DragonFlyBSD's FreeBSD origins are quite clear -- the boot loader, boot selection screen, Ports tree, and source tree all share structural and functional similarities to FreeBSD, even if in some cases the code is totally different. The outdated FreeBSD sysinstall installation utility has been replaced by installer. It's still ncurses-based, but it's easier to navigate and use. In spite of the easy installation procedure, you have to know your way around FreeBSD in order to use DragonFly, as the manual pages are all still FreeBSD-centric and there is no handbook or guide to help you learn the system."
Page editor: Rebecca Sobol Development Interview with the GNU Directory's Janet CaseyThis week, we feature an interview with Janet Casey from the FSF/UNESCO Free Software Directory site. This is a shortened version of the interview's highlights, you may want to skip directly to the complete interview.Q: Please give us an overview of the purpose, history, and mechanics of the FSF/UNESCO Free Software Directory site.
A:
The Directory was started from scratch in late 1999. It was originally
funded by a grant from the Cordelia Corporation, but there was enough
interest in it that the FSF has continued to fund it on an ongoing
basis (our membership program is particularly valuable in this
respect). UNESCO joined us in April of 2002. It is run from the FSF's
offices in Boston, and accounts for between 40 and 45% of the traffic
on the FSF's Web site; in a recent five day period, it had almost 2.5
million total hits. It has more than 3,400 listings, each one
individually license-checked.
The scope of the Directory has broadened considerably over its lifetime: when Richard Stallman and I designed the original template for an entry, it had 30 possible fields; the current template has 47. The additional fields reflect changes in free software in general; for example, adding irc-help and irc-devel fields, and a bug-database field for packages that use (for example) bugzilla, reflects the general movement towards real-time interaction. Q: What functions do you carry out for this site?
A:
I decide which packages go into the Directory, license check them,
write up entries, and update existing entries so the Directory is as
accurate as possible. In the beginning I never had to chase down dead
links, but now the Directory has been around long enough that packages
disappear, and I have to find them. I also answer user email, both what
comes to me personally and what comes in through our trouble ticket
system (we use RequestTracker).
The single most important of these tasks is license-checking; it's what sets the FSD apart from other free software directories. I open each package and check the license of each source code file. Almost 90% of the packages in the Directory are under the GPL or LGPL, but we will include any package under a license we consider acceptably free (see http://www.gnu.org/licenses/license-list.html), that runs on a free OS, and that does not depend on non-free software. Q: As one of the people in charge of The Free Software Directory, have you observed any software categories that have been particularly busy lately? Are there any other trends in the open-source software world that you have noticed?
A:
I'm heartened by the growing interest in free versions of two
particular programs: a free Flash, and free Java Swing. Neither
project is complete, but both are under steady and active
development. Anyone who spends any time on the Web knows that more and
more sites these days are using Flash; a
free version
will be particularly valuable for
the free software desktop, since it's mainly commercial and consumer
sites that use Flash.
A really exciting and creative area is free software for video artists. There are packages available for real-time processing/manipulation (FreeJ, MoB, EffecTV, PiDiP, veejay), editing (LiVes), and a set of general tools and libraries (piksel). The authors of these packages, originally developers, have moved into the artistic arena through their software. This isn't surprising; the ideals of freedom that underlie free software are the same as those that drive artistic creation. The ability to create (or hire someone to create) tools to create exactly the effect you want, without having to depend on the development whims of a software corporation, will attract video and multimedia artists, people who might not otherwise choose free software as their platform. In general, the development of the Directory has mirrored the trends in free software. In the early days of the Directory, standard software had a command-line interface and was written in C; GUIs were just coming into vogue. Now, almost all packages have some kind of GUI interface, whether native or a front-end. In the past couple of years the Web interface has come to the fore. This reflects an increase in live/interactive communications in general, as we see in the growth of blogs and forums for both personal expression and technical support. Q: What direction do you see the site going in? Is it expanding or stable, and are there any big changes coming?
A:
The changes you'll see in the future will be refinements of the
Directory as it now exists. For example, the fourth iteration of the
classification system, one that reflects the growing diversification
and depth of free software, will be rolled out in a few weeks.
I'd like to tweak the Directory's home page. Right now it has a listing of "most recently updated" packages; I'd like to break that into "updated" and "new" packages, and add a sidebar that regularly features a different group of software: i.e. software for video streaming, software from one research facility, even fun stuff like a list of software by French developers for the week of Bastille Day. The Directory has more than 3,400 packages; I want to use the front page to tell users about *all* of them, not just the well-known ones. Q: In a recent LWN editorial, we pointed out some difficulties in finding current change information on new project releases. Has there been any progress in improving the access to this information?
A:
We will implement, probably through a link to the changelog, a field
that lets users find this information out. It looks like this will
happen at the same time the new version of the classification
structure goes live. Thank you for pointing this out, by the way. The
FSF doesn't have the resources to do usability studies, so this kind
of feedback is particularly valuable to us.
The editorial also revived an ongoing internal discussion about how to mine the deeper levels of data (possibly down to the file level) that are collected in the Directory. We've got a huge amount of data, and I know that, properly presented, it would be of great value to our users. It's no secret, however, that documentation is not always the most important priority for free software developers. I urge developers to keep changelogs up to date. It would also be useful if a package's home page listed the changes for the most recent version, if not the changelog itself. Q: Would you like to fill our readers in on any other issues regarding the Free Software Directory?
A:
I don't want to stifle the creative anarchy that has always been a
hallmark of free software, but there's a certain amount of repetition
in the kinds of programs that exist. Believe me, the world does not
need another window manager, and pretty soon there's going to be more
image viewing packages than there are images on the Web!
Last, please pay attention to proper licensing. Put a license header with copyright date, name of copyright holder, and a statement telling what license the package is listed under in each source code file. The full text of a short license, such as the X11 license, can go right in the header. With the GPL or LGPL, please include a full copy of the license in the distribution. Since the "How To Enforce These Terms and Conditions" text is legally considered part of the GPL and LGPL, please be sure that it's in the copy of the license that you include in your software. The more popular and economically viable free software becomes, the more it will come under attack. A trail of legal bread crumbs, in the form of a clear statement that the software you've written is free, is the best way to ensure that it remains free. LWN: Thank you for your time.
A:
Thanks for giving me this chance to talk about the Directory!
System Applications Database Software PostgreSQL 8.0.0 goes betaThe first PostgreSQL 8.0.0 beta release is out, and "is ready for some serious testing." Major changes include a native Windows port, savepoints, "point-in-time" continuous backup, "tablespaces" (a way of simplifying disk management), better buffer management, and more; see this history file for the full list.
PostgreSQL Weekly NewsThe August 9, 2004 PostgreSQL Weekly News is online with the latest PostgreSQL database news, including information on the new 8.0.0 beta release.
Firebird 1.5.1 ReleaseVersion 1.5.1 of the Firebird database was announced recently. "Firebird V1.5.1 is an updated version of Firebird V1.5. The V1.5 release of Firebird represented a major upgrade to the Firebird database engine, and was released earlier this year. Firebird V1.5.1 represents a committment by the project to develop and deliver ongoing improvements to this popular open source database engine."
Glom 0.8.8 announcedVersion 0.8.8 of Glom, a database table definition GUI, is out. Changes include improvements to the Details Layout, better documentation, and bug fixes.
CLSQL 3.0.0 releasedVersion 3.0.0 of CLSQL, a Common Lisp interface to SQL databases, is out. "This major rewrite of the system includes full backward compatibility with CommonSQL, an extensive test suite, and new backends."
Interoperability Samba 3.0.6rc2 Available for DownloadA new release candidate of Samba, version 3.0.6rc2, is available. "There have been several bug fixes since the 3.0.4/5 release that we feel are important to make available to the Samba community for wider testings."
Web Site Development Nvu 0.4.0 Released (MozillaZine)Version 0.4.0 of Nvu, a standalone Mozilla Composer, has been announced. "Based on Mozilla 1.7, this version adds horizontal and vertical rulers for mouse-driven resizing, context menus on tabs, improved toolbar customisation, a document inspector and many other bug fixes."
phpWebSite 0.9.3-4 Stable released (SourceForge)Version 0.9.3-4 Stable of phpWebSite, a web site content management system, is out. "Version 0.9.3-4 contains mostly bug fixes which were found in the 0.9.3-3 release, but there are some new features/enhancements."
Desktop Applications Audio Applications Marlin 0.4 and 0.5 releasedVersion 0.4 of Marlin, a sound sample editor based on Gnome and GStreamer, is available with incremental improvements. Version 0.5 of Marlin was also released this week. It features better mono/stereo conversion, bug fixes, and more.
Desktop Environments KDE 3.3 About to Finish: Public Release Candidate 2 (KDE.News)KDE.News covers the release of KDE 3.3 RC2, which is out and in need of testing.
Metacity 2.8.2 releasedVersion 2.8.2 of Metacity, a GNOME 2 window manager, is out. "Metacity 2.8.2 breaks with the old versioning in order to try to match the Gnome version numbering[1]. Thus while 2.8.0, 2.8.1, and 2.8.1.x are stable versions of Metacity, 2.8.2 is an unstable version. It will EAT YOUR BRANE[2]." Numerous bug fixes are included in this release.
Revelation 0.3.2 releasedVersion 0.3.2 of Revelation, a password manager for the GNOME 2 desktop, is available. "Yesterday's release of version 0.3.1 had a brown paper bag bug, this new version doesn't attempt to load the removed druid module."
Graphics JGraphpad v5.0 released (SourceForge)Version 5.0 of JGraphpad, a diagram editor for Java, is available. Here's the description: "A major new version with EPS export, a series of new layouts, new and extended cell views, and many major bug fixes. A Portuguese translation is also available."
GUI Packages Gnome-Python 2.5.90 is outVersion 2.5.90 of Gnome-Python, the Python language bindings to the GNOME platform libraries, has been released. Lots of changes are included.
gtkmm 2.4.5 and glibmm 2.4.4 announcedNew versions of gtkmm and glibmm are available with bug fixes.
Instant Messaging Application of the Month: Konversation (KDE.News)KDE.News has an announcement for a new Application of the Month feature. This edition looks at the Konversation IRC client.
Interoperability Wine TrafficThe August 6, 2004 edition of Wine Traffic is available with the latest Wine information.
Music Applications Ardour 0.9beta19 releasedVersion 0.9beta19 of Ardour, a multi-track audio editing system, has been released. "Although this is not the "feature-complete" beta19 I was hoping for, the set of changes are large enough to warrant a new beta number." Many bug fixes and several new features are included.
jamin 0.9.0 releasedVersion 0.9.0 of jamin, the JACK Audio Mastering interface, is available. Changes include improvements to the limiter, OSC control for scene changes, support for 20 scenes, GUI improvements, improved bypass controls, better translations, and bug fixes.
News Readers BLAM! 1.2.3 releasedVersion 1.2.3 of BLAM!, an RSS reader, is out. "this release features OPML import/export as well as rendering fixes for Gtkhtml 3.1. Also added Ctrl+] for next unread message (works as well as "."), so now it works exactly like Evolution in that respect."
Web Browsers Mozilla to implement xformsThe Mozilla Foundation has announced a new initiative, supported by Novell and IBM, to implement the XForms 1.0 recommendation. "XForms is the forms module in XHTML 2, developed by the World Wide Web Consortium (W3C), which enables developers to deliver the type of next-generation, rich, portable web-based applications desired by corporate IT."
Mozilla Links NewsletterThe August 7, 2004 Mozilla Links Newsletter is out with FireFox status, a review of WebMail Compose 0.3.5, and more.
Galeon 1.3.17 "The one that can (x)print"Version 1.3.17 of the Galeon browser has been announced. "This one's got quite a few goodies in it along with the usual flood of bug fixes. We've got UI support for Xprint if your mozilla supports it and Ricardo's celebrated his return by implementing vfolders for bookmarks. As in evolution, these allow you to create views of your existing bookmark hierarchy based on various criteria."
Miscellaneous Gnome OSD announcedA new project called Gnome OSD has been announced. "Gnome OSD is a new small project to create an OSD (On Screen Display) infrastructure, similar to XOSD. It includes a command-line client, and sample xchat and rhythmbox plugins."
Languages and Tools C GCC NewsletterThe August 11, 2004 GCC Newsletter is out with the latest Gnu Compiler Collection development news.
Lisp CMUCL 19a releasedVersion 19a of CMUCL, CMU Common Lisp, is out. "This major release includes several changes concerning performance improvements, better ANSI compliance, overflow checking, a better FFI, a basic implementation of simple streams, and many more."
Perl This Week on perl5-porters (use Perl)The August 2-8, 2004 edition of This Week on perl5-porters is online with the following topics: File tests on AIX, Uninitialized versus undefined, Version objects, Releases, and more.
This Week on Perl 6 (O'Reilly)The July 31, 2004 edition of This Week on Perl 6 is online with the latest Perl 6 language developments. "Good news! Guido is a gentleman and declined to throw a pie at Dan. Bad news! The Perl community is a bunch of savages, and they paid $520 to be able to throw pie at Dan. Good news! There are photos."
Using advanced widgets in Perl/Tk (IBM developerWorks)Philipp K. Janert illustrates GUI programming with Perl and Tk on IBM's developerWorks. "Perl is one of the most popular languages out there, and is used for everything from mission-critical projects to Web applications to "glue." It is not, however, often used for GUI programming and prototyping. Philipp K. Janert thinks it should be, and you probably will too -- after this look at some of the more complex widgets available for Perl/Tk."
Perl Command-Line Options (O'Reilly)Dave Cross works with Perl's command line options on O'Reilly. "Perl has a large number of command-line options that can help to make your programs more concise and open up many new possibilities for one-off command-line scripts using Perl. In this article we'll look at some of the most useful of these."
PHP Simplify Business Logic with PHP DataObjects (O'ReillyNet)Darryl Patterson works with DataObjects in PHP in an O'Reilly article. "Are you sick of writing the same SQL over and over in your application? Would you like to simplify and unify your access to the same tables in multiple places? DataObjects may be for you."
PHP Weekly Summary for August 9, 2004The PHP Weekly Summary for August 9, 2004 is out. Topics include: MD5/SHA1 digest calculation patch, new inet functions, better date support, realpath() continued, win32 libxml/xsl update, PHP 5.0.1 on the way, disabling emalloc, substring writes and buffered char streams, NULL TRUE FALSE gone, and PHP-GTK 1.0.1 test roll.
Python Python 2.4 alpha 2 has been releasedVersion 2.4 alpha 2 of Python has been released for testing. "In this release we have new syntax for function decorators, a fix for failing imports so that they don't leave a broken module in sys.modules, a host of updated modules in the standard library (including optparse and doctest) and a large number of other bug fixes and improvements."
Dr. Dobb's Python-URL!The August 9, 2004 edition of Dr. Dobb's Python-URL! is out. Take a look for numerous Python language articles and resources.
python-dev SummaryThe July 16-31, 2004 edition of the python-dev Summary is available. Take a look to see the latest Python language developments.
SQL Hierarchical SQL (O'Reilly)Joe Celko works with trees in SQL on O'Reilly. "There are many different ways to represent trees in SQL and this short article discusses one of them."
Tcl/Tk Dr. Dobb's Tcl-URL!The August 9, 2004 edition of Dr. Dobb's Tcl-URL! is online with another week's worth of Tcl/Tk article and resource links.
XML Describe XML content with the Dublin Core Metadata Initiative (IBM developerWorks)David Mertz introduces the Dublin Core Metadata Initiative on IBM's developerWorks. " The Dublin Core Metadata Initiative (DCMI) is a standardized vocabulary for handling information about documents. In general, the DCMI vocabulary defines a hierarchy of terms that describe the purpose, context, and origin of a document (rather than describing the document itself). David shows you how DCMI provides a set of metadata primitives that you can reuse (through namespaces) in broader XML vocabularies, such as RSS variants. Various standards, including those from ISO and NISO, have adopted parts of DCMI."
Build Tools Maven: Trove of Tips (O'ReillyNet)Andreas Schaefer gives some tips on Maven. "Maven not offers not just a build tool but an entire project environment, including documentation and testing features. All of which is a lot to bite off with an existing project. Andreas Schaefer made the switch to Maven and has some real-world lessons he learned from the experience."
Debuggers GPICD 0.3-1 releasedVersion 0.3-1 of GPICD, a programmer and in-circuit debugger (ICD) for Microchip PIC microcontrollers, has been released. Changes include a fully configurable hardware interface and bug fixes.
Editors SLIME 1.0-beta releasedVersion 1.0 beta of SLIME, the Superior Lisp Interaction Mode for Emacs, is out. "Changes in this version are related to autodoc mode, interactive evaluation, group customization, code indentation, setup, the modeline, and more."
IDEs DrPython 3.3.0 released (SourceForge)Version 3.3.0 of DrPython, a cross-platform Python language IDE, has been released. "Lots of work has been done, reworked several dialogs, tweaked the interface (now shows overtype, indentation informationin statusbar), and plugins (automatic install/uninstall scripts), and the toolbar (add drscripts, plugins, customize specific icons), and important bugfixes in find/replace, keyboard shortcuts, in general."
Page editor: Forrest Cook Linux in the news Recommended Reading Patent problems plague Linux (ZDNet)Dan Ravicher justifies his Linux kernel patent survey in this ZDNet column. "A study that quantifies the potential risk eliminates the guessing game by supplying users with specific information they can use to determine whether they are sufficiently prepared. Studying a threat does not create the risk; it only makes that risk easier to more accurately address. You would not accuse a weatherman of spreading fear for profit by warning of a 25 percent chance of showers and saying 'tune in later for more information.'"
Open Sourcing Java (IT-Director)Robin Bloor suggests that Sun should free Java in this IT-Director article. He seems to have picked up the fragmentation fear, however. "The problem with programming languages is that they evolve. They dont get to be commodities. They evolve because they need to evolve. However there needs to be control in this, because it would do no-one any good for Java to turn into a 'thousand tongued hydra' - it could turn into 'write anyhow run nowhere else'. Actually Java has several different versions already anyway, due to the need to fit into small footprints."
Trade Shows and Conferences Adaptations (Linux Journal)Doc Searls presents his view of the common threads from O'Reilly's OSCON and the LinuxWorld Expo. "I see two fundamental divisions. The first is between noncommercial open-source infrastructure and commercial products and services that rely on it. The second is between traditional open-source development communities and the growing population of practitioners for which the main benefit of open-source is free (as in beer) building materials, rather than the deeper concerns (for example, freedom) of the original development communities. These are not opposed divisions but, rather, symbiotic roles in a maturing and proliferating marketplace in which large new species, all dependent on open source, are coming to dominate the commercial space."
EFF hosts 'fund- and consciousness-raising' party (NewsForge)NewsForge attends Freedom Fest 2004. "Freedom Fest is not a new idea. EFF has held these outdoor concerts annually for the last five years. The only new thing for 2004 was that it was the first one to be held during LWE."
More news from LinuxWorldHere's another round of announcements, press releases, and press coverage from the LinuxWorld Expo.
Linux for sale in San Francisco (ZDNet)ZDNet Australia looks at LinuxWorld. "The Free Software Foundation sits in its tiny little stand like a circus freak, while IBM and HP sales executives "work" potential customers drawn into their sales trap by the dazzling lighting, like flies to one of those buzzing bug zappers in a fish and chip shop. Smiling their toothy, American smiles and dispensing their business cards from gleaming card holders, Linux is the pitch. Linux is money. Bzzzzz CRACK!"
Impressions of LinuxWorld August 2004 (Linux Journal)Linux Journal provides another view of LinuxWorld. "The theme of last week's LinuxWorld Conference and Expo in San Francisco was Linux for the Enterprise, a fact made visually obvious the moment one stepped in to the exhibition hall at the Moscone Center. Full of huge booths and over 150 vendors, LinuxWorld attracted all the big names in computing. Buzz about Linux in a meaningful business sense was everywhere."
The SCO Problem The latest SCO/IBM documentsFor those following the details of the SCO/IBM fight, Groklaw has recently put up a couple of new filings. The first is IBM's memo in opposition to SCO's "renewed" motion to compel discovery. "Renewed" is quoted in the original title; IBM portrays the whole thing as being another exercise in delay on SCO's part.Also available is a motion to strike Chris Sontag's declaration. IBM seems to think that Mr. Sontag, the person in charge of SCOsource, is not in a position to be an expert on IBM's revision control system.
Companies Linspire - aka Lindows - cuts IPO price (Silicon.com)Silicon.com reports that Linspire has lowered its expected IPO value. "The company in July had set a price range of $9 to $11 for the 4.4 million shares it planned to sell on the public market. But on Friday, Linspire lowered that range to $7 to $9 per share, according to a filing with the Securities and Exchange Commission. That means the San Diego, Calif.-based company expects to raise between $30.8m and $39.6m rather than $39.6m and $48.4m."
Novell Planning Release Of Combination SuSE/Ximian Linux Desktop (LinuxWorld.com)LinuxWorld.com reports that Novell plans on releasing a new corporate desktop that merges SuSE Linux and Ximian. "Novell is still deciding what software will be included. Some companies and products, like RealNetworks and its popular media player, and Mono, the open-source clone of Microsoft's .Net infrastructure, have been confirmed; while other software integration - the Mozilla browser for example - is up in the air."
Linux Adoption French tax office takes up open source (News.com)News.com reports that the French internal revenue service has decided to use the JBoss open-source application server. "Jean-Marie Lapeyre, Copernic's technical director, said a "detailed evaluation" had been conducted during the tender process, and JBoss was chosen because of its reliability and performance. "The advantages of open source are already well-known: very low-cost (or free of charge) and source-code opening that guarantees the reliability, durability and security of these solutions," Lapeyre said."
Linux at Work Open Supercomputing Hits Big 1-0 (Wired)Wired covers 10 years of Beowulf supercomputers. "Who's afraid of the big bad Beowulf?No one now, but 10 years ago the scientific community greeted the first Beowulf supercomputer cluster with fear and loathing. "The initial reaction of the supercomputer-oriented scientific community to the Beowulf project was very negative," says Donald Becker, co-founder of the original Beowulf project."
Interviews Matthias Ettrich talks about KDE and aKademy (KDE.News)KDE.News talks with Matthias Ettrich about the status of the KDE project, its achievements, and what he is looking forward to in aKademy. "Matthias Ettrich: Today I am very much focused on KDE's underlying technology, the Qt toolkit. This pretty much is a full-time job, so I'm no longer feeling bad about not actively contributing code to other parts of KDE anymore. When you take a step back and recognize how much the KDE team achieves in relation to its financial backup and the number of developers, you'll clearly see how important a solid foundation is. We are an insanely productive development community, and we achieve that by layering our software stack and investing into the foundation, instead of constantly reinventing the wheel."
Nils Magnus (of LinuxTag) on Security and aKademy (KDE.News)Here's a KDE.News interview with Nils Magnus of LinuxTag about security on the desktop. "Nils: I work with a Linux system that was set-up from an installed Knoppix with some adjustments for a more secure operation. I travel a lot, so I use computers in environments where I can not be sure about their integrity (e.g. my notebook). Important data is stored on a central, well-secured place that I can reach via an encrypted Internet connection. So any computer with a network connection is sufficient for me, because I always have a Knoppix DVD or a memory stick with me."
Resources Linux can save your data (NewsForge)Chris DiBona uses Linux for data recovery in this NewsForge article. "There are a lot of reasons to use Linux. You've seen people write or heard people speak about its use in clusters, offices, Web servers, and other common uses. One thing that hasn't been talked about enough is its utility as a superior tool for recovering data from other operating systems."
Miscellaneous Using Unicode to Power the World's Largest Democracy (Linux Journal)Linux Journal looks at efforts to convert voter lists to Unicode in India. "[Professor Jitendra Shah] explains that the voter list data already is computerized and available in local languages. But there is no provision in the system for a public interface in Indian languages. He believes that Linux and free software, localized in all Indian languages, and the Unicode standard alone can provide an affordable universal interface. "It will provide access to people who wish to work with proprietary software as well as those who wish to use free software", he says."
Page editor: Forrest Cook Announcements Non-Commercial announcements OSDL announces new office in BeijingThe Open Source Development Labs (OSDL) has announced plans for an office in Beijing, China.
Software patents no bigger threat to Free Software than to proprietary softwareThe Free Software Foundation Europe has sent out a press release which reminds people that software patents affect proprietary software as well as open-source software. "In reaction to the decision by the City of Munich to re-evaluate its migration plans to Free Software, the Free Software Foundation Europe points out that software patents are equally a significant problem for both Free Software and proprietary software alike. "Without doubt, software patents are a roadblock to innovation. They will extort a high price that has to be paid by all European citizens through loss of competitiveness, and also jobs", says Georg Greve, President of the FSFE."
Commercial announcements American Arium Delivers Linux Support for ARM and Intel XScale Processors Residing on 'Headless' TargetsAmerican Arium has announced support for ARM and Intel XScale(R) systems running Linux. Arium provides a hardware-assisted solution that lets users debug full kernel and processes/applications simultaneously on systems that have neither serial nor network ports.
Circuit City goes LinuxCircuit City has announced that it will be deploying Linux-based point of sale systems in over 600 stores. "By employing the IBM Retail Environment for SUSE Linux at the point of sale, Circuit City will have the flexibility and reliability of open standards, enabling Circuit City to adapt quickly to changes in the retail marketplace and to cost-effectively institute future upgrades to the platform."
Linuxant releases DriverLoader 2.0Linuxant has released version 2.0 of its DriverLoader software. "DriverLoader is a revolutionary compatibility-wrapper allowing standard Windows NDIS (Network Driver Interface Specification) drivers shipped by hardware vendors to be used as-is on Linux x86 systems. RNDIS (Remote NDIS) is now also supported for USB."
OpenGL 2.0 Unleashes the Power of Programmable ShadersSGI has announced the latest version of the OpenGL(R) specification, incorporating support for the OpenGL Shading Language application programming interfaces.
OptimaNumerics Libraries for Intel Xeon EM64T LinuxOptimaNumerics has announced the availability of its OptimaNumerics Libraries for the Intel Xeon EM64T Linux platform. "OptimaNumerics Libraries, with linear algebra, parallel linear algebra and parallel random number generators modules, provide high performance versions of LAPACK, ScaLAPACK, SPRNG and PLFG libraries."
OSoft Releases ThoutReader - A Virtual Library for DevelopersOSoft has announced the initial release of the ThoutReader, an open source documentation platform that works like a virtual library so developers can quickly organize and search all of their reference documentation at once.
The Weather Channel switches to HP Linux serversIntel and HP have issued a press release about the Weather Channel's switch to Linux servers. "The Weather Channel replaced 138 RISC-based processors with 42 Itanium 2 processors. The Weather Channel deployed 17 two-way HP Integrity rx2600 servers and two, four-way HP Integrity rx5670 servers running RedHat Enterprise Linux 2.1 and 3.0 and Oracle(1) 9i Real Application Clusters. The servers run applications which power corporate databases, transportation logistics, budgeting software, supply chain management, Web systems, asset management, and a file and print system. According to The Weather Channel, the Linux operating system provides increased flexibility and a better price performance ratio when compared to the RISC platform."
New Books Dive Into Python publishedThe book Dive Into Python, an online work by Mark Pilgrim, is now available in paper form.
"Upgrading to PHP 5" Released by O'ReillyO'Reilly has published the book Upgrading to PHP 5 by Adam Trachtenberg.
New Open Source Technical Books from Addison-Wesley/Prentice Hall PTRAddison-Wesley/Prentice Hall PTR have published three new books: A Practical Guide to Red Hat Linux, Second Edition, The Design & Implementation of the FreeBSD Operating System, and Open Source Security Tools: A Practical Guide to Security Applications.
Resources FSF Europe NewsletterThe August 6, 2004 edition of the FSF Europe Newsletter is online. Take a look to see what the European branch of the Free Software Foundation is up to.
New List of Linux Audio ApplicationsDave Phillips has updated his list of new MIDI and audio applications for Linux. Take a look for the latest new tools and resources plus some recent conference reports.
Contests and Awards Desktop Integration Bounty : Check-in 2 Check it out !!!!Another GNOME Desktop Integration Bounty contest has been announced. "GNOME Foundation is proud to announce the relaunch of the open source desktop integration bounty. The aim of the contest is to recruit new developers and to more tightly integrate the various projects that make up the desktop into a more coherent, and complete user experience. The contest consist of new set of small projects and also the unsolved old projects from the previous rounds. Complete the hack, enter the contest, and collect the prize."
Ghostscript 8.50 bug bounty programArtifex Software, Inc. has announced a bug bounty program for the Ghostscript 8.50 PostScript rendering program. "As before, each accepted patch that closes a bug marked with the bountiable keyword is worth US $500 for bugs at priority P3 and lower. New in this round are a couple of higher-priority bugs that pay double. A fix for a bug marked P2 or higher is worth $1000."
Event Reports 2004 O'Reilly Open Source Convention Wrap-upO'Reilly has sent out a wrap-up press release from this year's Open Source Convention.
A portrait of an "analyst"For the morbidly curious, SCO has posted the text of Rob Enderle's keynote from SCOforum. Suffice to say it gives a good picture of the sort of person we are dealing with.
Upcoming Events 5. Encuentro LinuxThe 5. Encuentro Linux conference will be held in Valparaiso, Chile on October 21 and 22, 2004.
KDE World Summit to Feature PGP Keysigning Session (KDE.News)A PGP key signing session will be held at the KDE World Summit in Ludwigsburg, Germany on August 23. Key IDs should be submitted by August 15.
linux.conf.au call for papersMark your calendars: the 2005 version of linux.conf.au will be held in Canberra, Australia, from April 18 to 23. The call for papers has gone out (click below) with a submission deadline of October 5. If you are interested in holding a miniconf, now is the time to get moving on that as well.
Less than 7 weeks until OOoCon 2004!A registration reminder has gone out for the upcoming OpenOffice.org convention. The event will take place on September 22-24, 2004 in Berlin, Germany.
Ohio LinuxFest 2004The Ohio LinuxFest 2004 will take place on October 2, 2004 at the Ohio State University in Columbus, Ohio. "This year's list of speakers includes representation from the Apache Software Foundation, Red Hat, the Samba Team, Novell (SUSE), and more." This is a free event.
Linux Installfest workshop in DavisThe Linux Users' Group of Davis, California will be holding another Linux installfest on Sunday, August 15 at the John D. Kemper Hall of Engineering on the UC Davis campus.
Events: August 12 - October 7, 2004
Web sites KDE.de Relaunched (KDE.News)KDE.News reports that the KDE.de site has been relaunched. "The web team of KDE Germany is proud to present the German KDE website with a new layout."
GnomeFiles.org Officially LaunchedA new Gnome/GTK+ software repository, gnomefiles.org, has been launched. "Gnomefiles lists apps created for the GNOME DE and the GTK+ multi-platform toolkit. All bindings, wrappers & their apps are welcome too, so developers are invited to post their applications to the site."
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||