LWN.net Weekly Edition for September 26, 2002
A new era for LWN
When the plans for LWN.net were being laid, back toward the end of 1997, we (Liz Coolbaugh and Jonathan Corbet) set out to create a high-quality news source that would allow the Linux community to keep up with the incredible pace of its development. Plus, of course, we wanted to draw attention to an ill-advised support operation that we were launching at the same time. The support offerings are long since forgotten, but LWN has grown with the community it reports on. LWN, now approaching its fifth anniversary, processes a great deal of news and requires several people for its production. As readers of these pages have been told too many times, advertising does not cover even a fraction of the costs of producing LWN, and similar types of revenue, such as corporate sponsorships, are mostly unavailable.Back in July, we had come to the conclusion that LWN was not a sustainable operation, and that it was time for us to move on to other endeavors. The result was an amazing and unexpected show of support from our readers, in the form of donations, that caused us to rethink things. An unexpected show of, well, something else from our (former) credit card processor slowed that rethink greatly, but the time has now come. LWN is now at a definitive, and possibly final, crossroads.
We will now try to transition LWN into a subscription-based publication, supported by the readers that benefit from it. If LWN is valuable enough to its readers to earn that support, we will continue to produce it - and try to make it better. If not, well, then we will search for some other way to use our skills in the free software community.
Here's the deal: a basic LWN subscription will cost $5/month, with options for those wanting to pay a little less or a little more. Starting October 3, the LWN Weekly Edition will be available only to subscribers for the week following its publication; thereafter it will be freely available to all. Some other features, such as the ability to receive news via email, will be available to subscribers only. Other new features which we may introduce in the future will also be restricted to subscribers, at least initially. The LWN front page and the news items posted there will remain free, as will our security database, kernel patch page, and various other features of the site.
What this means is that all news posted to LWN will continue to be freely available - if you are sufficiently patient. But we strongly hope that most of our regular readers will consider becoming subscribers in order to have immediate access to our content, and, most importantly, to help keep LWN operating.
Those of you working in the software field may want to consider asking your employers to fund an LWN subscription as a useful tool for your job. Or, even better, have them talk to us about group subscriptions, which can provide access to LWN's subscription content for an entire group, company, or university at substantial savings in cost.
We have a lot of ideas for where we would like to take LWN. We would like to cover many important development projects the way we cover Linux kernel development now. We would like to have Linux in Business coverage that is more than a pile of press releases. It would be great to be able to pay for occasional articles by well-known authors. We will release our site code as free software as soon as we find the time to do it. It would be nice, even, to have a search engine that truly works well for the first time ever.
But first we have to stabilize LWN and turn it into a sustainable operation, and an important part of that process is now in the hands of our readers. With sufficient support from you, we can take LWN forward and make it better than ever: a reader-supported community news resource which need not worry about keeping big advertisers happy. If LWN is worthwhile to you, now is the time to act; please consider signing up for a subscription today.
The Native POSIX Thread Library
Readers of the LWN Kernel Page have been aware of the intensive effort to improve threading performance on Linux - at least from the kernel point of view. Now, with the announcement of version 0.1 of the Native POSIX Thread Library (NPTL), the user-space side of this project has come into view. This article will take a look at the technical and performance aspects of NPTL; the next will wander briefly into the political issues.Threads, of course, are processes (or something that looks like processes) that share an address space and various other resources. Multi-threaded applications can be tricky to write (they end up presenting the same sorts of problems with race conditions that operating system programmers have to deal with), but they can be a good solution to a number of programming challenges. Your web browser, for example, likely keeps one thread around to respond quickly to user events (mouse clicks and such) while another thread downloads a web page and yet another one renders it onto the screen. Java programs also tend to be highly threaded. Some applications can create many thousands of threads; obviously, such applications can only be reasonably run on systems with top-quality thread support.
Threading can be implemented entirely in user space, in kernel space, or a combination of both. User-space threads are traditionally lighter weight, since they do not require system calls and do not run in independent processes. They can be tricky to make work in all situations, however, and a pure user-space implementation can not make good use of multiprocessor systems, since all threads run within a single process. So most operating systems provide some degree of kernel support for threading. Linux has long had this support via the flexible clone() system call, which allows a great deal of control over which resources are to be shared with the new thread, and which are to be private.
Pure kernel-based threads are often perceived as being slow, however, since the kernel scheduler must be invoked to switch between threads. So conventional wisdom has often said that the best way to get good thread performance is with the "M:N model." M:N is a hybrid approach, where M user space threads run on each of N kernel threads. The multiple kernel threads allow the application to use all processors on the system, while keeping the performance benefits of doing (most) switching between user-space threads. Many people have said that the key to fixing the (not great) performance of Linux threads is adopting the M:N approach.
So it is interesting to note that NPTL has, instead, stayed with the 1:1 pure kernel thread model. NPTL authors Ulrich Drepper and Ingo Molnar took a close look at the problem, and came to the conclusion that 1:1 was, in the end, the more promising approach. Their reasoning can be found in the NPTL white paper (available in PDF format); the main points are:
- The kernel problems which slow down thread performance can be
eliminated; that has been the focus of Ingo Molnar's work.
- An M:N threading implementation requires two schedulers: the usual
kernel scheduler, and a user-space implementation. Getting the two to
work together for best performance is difficult - especially if you do
not want to impact performance for the system as a whole. Rather than
duplicate the scheduling function, the NPTL implementers felt it was
better to use the (highly optimized) kernel scheduler exclusively.
- Signal handling is the bane of many threading implementations, and
M:N implementations have an even harder time of it. The 1:1 model
leaves signal handling in the kernel.
- User-space threading implementations have to go to great length to ensure that one thread, when it performs a blocking operation, does not block all threads running under that process; this can be a complex task. Kernel-based threads naturally schedule (and block) independently of each other.
Finally, the 1:1 implementation is generally simpler, since user space need not duplicate functionality already found in the kernel.
Of course, all of that means little if the 1:1 model is unable to perform
up to expectations. The benchmarking process has just begun, but the
initial signs are encouraging. Ingo ran one
![[Benchmark results]](http://old.lwn.net/images/ns/thread-chart-sm.jpg)
test where he started up and ran 100,000 concurrent threads - in less
than two seconds. This test would have taken about 15 minutes before
the threading improvements went into the kernel.
Ulrich Drepper has posted some other benchmarks which mostly measure thread creation and shutdown time; some of his results can be seen in the chart to the right.. Such a test should naturally favor the M:N model, since user-space thread creation and destruction can be performed without any system calls. And, in fact, the M:N Next Generation POSIX Threading (NGPT) implementation beat standard Linux threads by at least a factor of two in these tests. The NPTL library, however, beat NGPT by about a factor of four. So the initial indications are that NPTL can deliver the goods. And this is only the 0.1 release.
On the NPTL process
At the first encounter, the Native POSIX Thread Library looks like ideal grist for the Red Hat basher's mill. The library appears to have sprung fully formed from the head of glibc maintainer (and Red Hat employee) Ulrich Drepper, who has made his plans clear:
Installing this library is not easy, since it requires some fairly bleeding-edge software: a 2.5.36 kernel, gcc 3.2, and a current glibc 2.3 snapshot. In fact, the "only environment known to date which works" is an updated version of the "(Null)" Red Hat beta. And, of course, this development has seemingly ignored the longstanding efforts of the Next Generation POSIX Threading project, which is at release 2.0.2.
A certain (relatively small) amount of grumbling along these lines has been seen on the net. But it's uncalled for.
NPTL was developed independently from NGPT for a straightforward reason: the NPTL developers wanted to try a very different approach. NGPT is designed around the M:N model, which, as noted above, NPTL avoids. There was no way to integrate the NPTL approach into NGPT without massive changes. The NPTL developers did, however, work with the NGPT hackers with regard to the kernel changes; those enhancements will benefit both projects in the end.
A new library at version 0.1 can probably be forgiven for using bleeding-edge tools; it is a bleeding-edge tool, after all. By the time NPTL has stabilized, the environments available to users will have caught up substantially. Ingo Molnar, author of the kernel side of the NPTL work, tells us that he intends to backport the kernel changes to the 2.4 kernel once things have stabilized in 2.5. (Whether 2.4 maintainer Marcelo Tosatti will accept them is a separate issue, of course).
And, in the end, this development has been going on for less than two months - it is a very new initiative.
This development shows some of the best aspects of the free software model. Two hackers with some good ideas have proved those ideas in the way the community accepts best: with code. We will all benefit from this work.
Looking the OpenSSL gift horse in the mouth
Sun's announcement of its donation of an elliptic curve encryption implementation to the OpenSSL project was generally well received. After all, the donation of more open source code has got to be a good thing. As it turns out, however, some people are looking at this gift and wondering how free it really is.If you look at the OpenSSL LICENSE file in the current snapshot, nothing has changed; it's a fairly straightforward BSD-style license. But the Sun-contributed code contains its own license text which differs from the OpenSSL license. In particular, it contains this rather impenetrable language:
One would that Sun, by virtue of having released the code under a free license, would have given up the right to sue people for using that code. This clause, however, seems to put a string on it: Sun explicitly says it won't sue, but only if you don't sue them either. The limitation seems to only apply to suits over the elliptical curve code itself, but it's hard to say for sure; the language is not all that clear.
For those who object to this language, the distinction does not matter. If you start attaching strings to free code, they say, it is no longer free. The most vocal of the dissenters is, of course, OpenBSD hacker Theo de Raadt, who states:
Theo has gone as far as suggesting a fork in the OpenSSL project as a way of maintaining a version that is, to his eyes, truly free.
Whether or not this particular bit of language bothers people, there is an issue here: companies often have a hard time resisting the temptation to attach their own language to free software licenses. The tendency toward custom licenses for each company and project has subsided somewhat, but it is not completely gone. It will always be necessary to scrutinize software licenses carefully, whether they are presented as free or not.
The Lulu Tech Circus
For those of you who are curious about what Bob Young has been up to since he left Red Hat: the Lulu Tech Circus is happening in Raleigh, NC starting September 27. It has the look of a fun event for people who like to play with free software, and with cool technology in general. Wish we could be there...
Security
Thanks for reading
This is my last week as LWN.net's Security Page Editor. I've opted to pass the Security Page duties on to an excellent editor so I can focus my time for LWN.net on administrivia and infrastructure issues."Thank You" to everyone who has read the security page this year. I'll miss the pleasure of providing you with our weekly security summary.
Safe Travels,
Dennis Tenney, LWN.net Dude
Brief items
OpenSSL worm in the news
The OpenSSL worm, has been referred to in various reports as Apache/mod_ssl worm, linux.slapper.worm, bugtraq.c worm and Modap worm. Please check out last week's security page for more information.This week CNET continued their coverage with a report that the worm "has reached a plateau after infecting about 7,000 servers and turning the hosts into a peer-to-peer network that could be used to attack other computers."
Personal Computer World covers the recent Slapper C varient "which, has infected 1,500 servers already and is spreading, although a source point has not been identified at this time."
Open-source group gets Sun security gift (CNET News.com)
CNET covers the recent donation by Sun of their "elliptic curve" cryptography technology to the open source community. "Elliptic curve cryptography will enable secure communications with devices that don't have as much calculating power as most desktop computers, said Whitfield Diffie, Sun's chief security officer and a pioneer of the Diffie-Hellman "public key" cryptography method used today in SSL and other encryption systems."London man charged with making virus (Reuters)
Reuters News Agency reports the arrest of the suspected author of "the malicious "T0rn" virus that attacked Linux computer systems". The suspect was assested at his home in Surbiton, southwest of London, England.
Security reports
Xoops RC3 script injection vulnerability
David Suzanne reports a script injection vulnerability in Xoops RC3; the current version.phpWebSite 0.8.3 fixes PHP source injection vulnerability
Tim Vandermeersch reports a PHP source injection vulnerabilty in phpWebSite which is fixed in version 0.8.3. Upgrading is recommended; the vulnerability allows remote execution of arbitrary PHP code by an attacker.JAWmail cross-site scripting vulnerabilities
Ulf Harnhammar reports cross-site scripting vulnerabilities in JAWmail 1.0-rc1. Versions 2.0-rc1 and later are not vulnerable.Squirrel Mail 1.2.8 fixes cross site scripting vulnerabilities
SquirrelMail 1.2.8 fixes all of the cross site scripting vulnerabilities described in this post.
New vulnerabilities
Multiple vulnerabilities in Zope 2.5.1
| Package(s): | zope | CVE #(s): | CAN-2002-0170 CAN-2002-0687 CAN-2002-0688 | ||||
| Created: | September 25, 2002 | Updated: | September 26, 2002 | ||||
| Description: | Three security hotfixes are available to fix vulnerabilities in
Zope 2.5.1:
| ||||||
| Alerts: |
| ||||||
Tomcat 4.x JSP source code exposure vulnerability
| Package(s): | tomcat | CVE #(s): | |||||||||||||||||||||
| Created: | September 25, 2002 | Updated: | January 29, 2003 | ||||||||||||||||||||
| Description: | Rossen Raykov reports that Tomcat 4.0.5 and 4.1.12 fix a JSP source code exposure vulnerability
in "Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also).".
The current version of Tomcat is available here.
Tomcat is the servlet container that is used in the official
Reference Implementation for the
Java Servlet and JavaServer Pages technologies.
The Java Servlet and JavaServer Pages specifications are developed by Sun
under the Java
Community Process.
| ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
Resources
OWASP Guide to Building Secure Web Applications v1.1
The Open Web Application Security Project announces the release of an updated version of the Open Web Application Security Project Guide to Building Secure Web Applications. The guide is available from here in PDF and HTML format.Linux Security Week and Advisory Watch
The September 23rd Linux Security Week and September 20th Linux Advisory Watch newsletters from LinuxSecurity.com are available.RATS 2.0 released
The RATS Team announces the release of RATS 2.0.The Art of Unspoofing
Sean Trifero and Brian Knox have published The Art of Unspoofing, an article on various ways to detect who might be behind a DoS attack. A post of the article garnered this response by Sean Trifero to some pointed comments.
Events
CanSecWest/core03 call for papers
CanSecWest/core03 computer security training conference will be held April 16-18 2003 in Vancouver, British Columbia, Canada.ToorCon 2002 Conference in San Diego this weekend
The ToorCon 2002 folks sent out a reminder that the conference is this weekend!ToorCon 2002 will be held September 27-29th in San Diego, CA, USA.
A Gathering of Big Crypto Brains (Wired)
Wired reports on the annual COSAC conference held recently in Naas, Ireland.Upcoming Security Events
| Date | Event | Location |
|---|---|---|
| September 26, 2002 | New Security Paradigms Workshop 2002 | (The Chamberlain Hotel)Hampton, Virginia, USA |
| September 27 - 29, 2002 | ToorCon 2002 | (San Diego Concourse)San Diego, CA, USA |
| October 16 - 18, 2002 | Recent Advances in Intrusion Detection 2002(RAID 2002) | Zurich, Switzerland |
| October 17, 2002 | ShadowCon 2002 | NSWC Dahlgren, VA |
| November 26 - 27, 2002 | HiverCon 2002 | (Burlington Hotel)Dublin, Ireland |
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.
Page editor: Dennis Tenney
Kernel development
Brief items
Kernel release status
The current development kernel is 2.5.38, which was released by Linus on September 21. It contains a bunch of IA-64 updates, more partition handling and filesystem work, a JFS update, some IDE changes, and a few important bug fixes. The long-format changlog is available with the details.Linus released 2.5.37 on September 20. Among other things, this release included a bunch more memory management and performance work from Andrew Morton, James Bottomley's x86 "subarchitecture" work (finally), an ACPI update, more threading performance work, an IrDA update, some IDE and block I/O enhancements, some device model work, various architecture updates, and the removal of Keith Owens from the MAINTAINERS file. Again, see the long-format changelog for the details.
Linus's BitKeeper tree, which will become 2.5.39, contains some preemptible
kernel fixes, a temporary disk elevator fix to deal with some performance
problems (see below for the likely form of the real fix), some thread
fixups, a USB update, more VM and block I/O work, an ISDN update, the
removal of the global blk_size array (Al Viro: "it is an
ex-parrot
"), and various other fixes and updates.
The current stable kernel is 2.4.19; there have been no 2.4.20 prepatches or -ac patches over the last week.
Kernel development news
Some followups from last week
Andrew Morton sent us a note stating that last week's discussion of the new API for putting processes to sleep missed an important objective of that work. The new interface is nice, but what he was really setting out to do was to improve wakeup performance. The new code removes waiting processes from the wait queue immediately at wakeup time, rather than letting the processes remove themselves whenever they get around to it. The result is that subsequent wakeups, if they come quickly, will run faster because they do not need to deal with processes that have already been awakened.We also mentioned, last week, a posting on the leading-edge features used in the TPC benchmark results posted by HP. Lest anybody think that HP was using a highly patched, special-purpose kernel, they have posted a followup stating that a stock Red Hat kernel (from Advanced Server 2.1) was used in the benchmark runs.
Ingo Molnar's new process ID allocator - and the objections to it - were covered last week. Ingo posted a new version of the patch which addressed some of the complaints, and which was to Linus's liking; it was merged into the 2.5.37 kernel.
A new deadline I/O scheduler
One of the results of all the recent VM improvements in the 2.5 tree is that the shortcomings of the current block I/O scheduler are becoming more apparent. The scheduler (or "elevator") tries to join adjacent requests together, and to sort requests along the disk in order to minimize seeks and optimize I/O performance. Unfortunately, the current scheduler is not all that good at treating requests fairly. In the name of overall performance, the scheduler can cause the starvation of individual requests for a very long time. Requests eventually get serviced, but if the starved request is satisfying a page fault in the X server, the user can get seriously annoyed in the mean time.The scheduler shortcomings have always been there, but they are more apparent now because the VM subsystem does a more effective job of filling the disk request queues. Now that the scheduler problems can't hide behind VM problems, they need to be addressed. To that end, Jens Axboe has dusted off and fixed up his deadline I/O scheduler patch, and is looking for people to try it out and report on how it works. His initial results are good:
The "AMIW" works, essentially, by creating a great deal of disk write traffic, then seeing how long it takes to list out a large directory while the writes are being handled.
The idea behind the deadline scheduler is that all read requests get satisfied within a specified time period - 1/2 second by default. (Write requests do not have specific deadlines; processes usually can not continue until their reads are performed, but writes can generally be deferred indefinitely). The deadline performance is achieved by sorting I/O requests into several different queues:
- The sorted queues (sort_list) contain I/O requests sorted
by the elevator for best disk performance. There are two queues, one
for read requests, and one for writes.
- The FIFO queue (read_fifo) contains all read requests. Since
it's a FIFO, the
request at the head of the queue will be the oldest, and will be the
one whose deadline expires first.
- The dispatch queue contains requests which are ready to be passed down to the block driver. Requests do not go into the dispatch queue until the scheduler decides that it is time to execute them.
With these lists, the operation of the scheduler is not that hard. Incoming requests are merged into the proper sort_list in the usual way: they are sorted by sector number, and merged with adjacent requests. (The real operation is complicated by barrier operations and a hashing mechanism designed to improve the performance of the scheduler itself, but the basic idea is as described.) Read requests are also given a deadline time stamp and put on the end of the read_fifo list.
When the block driver is ready to start another disk I/O request, the core algorithm of the deadline scheduler comes into play. In simplified form, it works like this:
- If there are requests waiting in the dispatch queue then the scheduler
need do no work, since it has already decided what it wants to do
next.
- Otherwise it's time to move a new set of requests to the dispatch
queue. The scheduler looks in the following places, taking requests
from (only) the first source that it finds:
- If there are pending write requests, and the scheduler has not
selected any writes for "a long time," a set of write requests is
selected.
- If there are expired read requests in the read_fifo
list, take a set from there.
- If there are pending reads in the sorted queue, some of them are
moved.
- Finally, if there are pending write operations, the dispatch queue is filled from the sorted write queue.
- If there are pending write requests, and the scheduler has not
selected any writes for "a long time," a set of write requests is
selected.
- Once that's done, if there are any requests in the dispatch queue (i.e. if there's anything for the disk to do at all) the first one is passed back to the driver.
The definition of "a long time" for write request starvation is simply two iterations of the scheduler algorithm. After two sets of read requests have been moved to the dispatch queue, the scheduler will send over a set of writes. A "set," by default, can be as many as 64 contiguous requests - but a request that requires a disk seek counts the same as 16 contiguous requests.
There has been no word from Linus on this patch; barring problems, however, it would be surprising if some form of it were not merged in the near future.
Keeping disks busy
Some of the changes that have been stressing the I/O scheduler have gone in very recently. A couple of patches from Andrew Morton are currently sitting in Linus's 2.5.39 BitKeeper tree; they are worth a look.In the end, much of the work done by the VM subsystem is deciding which pages to move to which disks, and when. A good set of decisions will lead to good performance; but if the VM is not smart in which pages it shoves out, performance can suffer. Some of Andrew's recent efforts stem from an important observation that has been somewhat overlooked until now: there is little point in trying to write pages to disks which are already overwhelmed with requests.
If you want to try to direct your efforts toward disks which are not overly busy, you first need some sort of indication of just how much work each drive has to do. So Andrew has added a new set of functions that report on whether a device's request queue is congested or not. The test used is simplistic: a device's read or write queue is not congested if at least 25% of the allocated request queue entries (a fixed number of these is allocated at queue creation time) are available for use. A simple test is good enough, though, especially considering that the size of a request queue tends to be volatile.
Once you can test for a congested state, you can start making smarter decisions. Once these functions were in, Linus merged another patch which causes the ext2 filesystem to cut back on speculative readahead operations if the underlying device is busy. If the disks are backed up, presumably there are more important things for them to be doing than reading ahead data that may or may not be used.
More impressive performance gains, however, can be had by looking at the pdflush subsystem. pdflush is a set of kernel threads whose job it is to write dirty file data back to the underlying filesystems. A fair amount of effort goes into keeping separate pdflush threads from trying to write back to the same device, and to simply keeping the right number of pdflush threads around.
With the new scheme, life gets easier. pdflush does its best to simply pass over pages when the destination queue is congested; instead, it concentrates on pages that can be written to less busy devices. Thus pdflush no longer blocks on request queues, and can concentrate on keeping them all full. A side benefit is that a single pdflush thread may now be sufficient.
According to Andrew: "This code can keep sixty spindles saturated -
we've never been able to do that before.
"
It is increasingly apparent that the 2.6 kernel is going to be an amazing
performer in numerous areas, thanks to work like this.
Doing things in the kernel
Kernel developers often put a great deal of effort into keeping tasks out of the kernel; the thinking is that if a task can be done in user space, there's where it should happen. Keeping things out of the kernel helps to keep the kernel code smaller, and it makes it easier for users to set their own policies. Sometimes, however, there are reasons to move tasks which have been performed in user space for a long time over the line and into the kernel. A couple of patches have been circulating recently which do exactly that.Ingo Molnar's kksymoops patch performs the same task as the classic "ksymoops" utility: it takes the numeric "oops" output from a kernel panic and attaches symbolic information so it actually makes sense to humans. Or, at least to kernel hackers, who really are human, despite occasional rumors to the contrary.
Why move this task into the kernel? Anybody who has actually used ksymoops to get a symbolic trace knows that it can be quite a pain to set up, especially when loadable modules are involved. Without quite a bit of information on the run-time configuration of the actual kernel that was running when the oops happened, ksymoops can not do its job. Expecting casual users (or customers) to set up ksymoops and use it properly when reporting problems is asking too much.
But the kernel itself knows a lot about its current configuration. It's actually not all that hard for the kernel to generate symbolic names for its own addresses; it's just a matter of keeping a symbol table around. If the kernel can generate useful oops reports from the beginning, the kernel developers will get better information on crashes, and problems will get fixed more quickly. It's probably worth the trouble.
Then, there is Rusty Russell's loadable module rewrite. The insmod utility has traditionally done much of the work of loading modules, including tasks like parsing the executable file and doing symbol binding and relocation. Rusty's patch, instead, moves these tasks into the kernel. Thus, with this patch, the kernel is in the business of picking apart ELF binaries and linking symbols itself.
Surely this sort of work belongs in user space, right? Rusty's answer is:
- The amount of kernel code required by the new module loader is smaller
than the older, "simpler" one. That is because the in-kernel loader
has fewer "communication with user space" issues, and doesn't have to
deal with differences between the user and kernel space runtime
environments.
- The amount of user-space code is, of course, much smaller. This
reduction is useful for some situations, such as initramfs, where the
module utilities need to fit into a small space.
- In-kernel module linking is more flexible and has an easier time with
tasks like discarding initialization code.
- In the end, the whole body of code is simpler.
Whether Rusty will succeed in convincing the other kernel developers remains to be seen. One way or another, he has made it clear that the proper place to draw the line between kernel and user space is not always obvious.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Janitorial
Memory management
Networking
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions
Distribution News
Debian GNU/Linux
The Debian Weekly News for September 24, 2002 is out. There's a Debian Cluster serving as a research tool at Syddansk Universitet (University of Southern Denmark); SE Linux for Woody; and much more.Rob Bradford supplied Bits from the RNE, a request for feedback on the 3.0r1 release notes.
Here's Gerfried Fuchs, the Website Translation Coordinator, with Bits from a WTC. Translators are
needed to help keep non-English web sites up-to-date. "So, if you
are interested and like to help to make the website more useful for the
people in your country who aren't that good in english feel free to contact
one of your translation coordinators...
"
Raphaël Hertzog introduces the Package Tracking System. There are some new tools to help Debian developers keep track of their packages and any outstanding bug reports.
EnGarde Secure Professional launched
Guardian Digital has sent out a press release announcing the launch of EnGarde Secure Professional, a hardened Linux distribution which, they claim, can be securely set up and run without the need for a Linux administrator on staff.Mandrake Linux
MandrakeSoft has announced the release of Mandrake Linux 9.0, codenamed "Dolphin." It includes all the latest stuff: 2.4.19 kernel, GNOME 2.0.1, KDE 3.0.3, OpenOffice 1.0.1, Mozilla 1.1, GCC 3.2, etc. This release is certified as being compliant with the Linux Standard Base 1.2. Enhanced security is also claimed: "In early 2000, MandrakeSoft first introduced the concept of "security levels" to the Linux world; in Mandrake Linux 9.0, that concept is expanded with the integration of professional Intrusion detection tools and utilities, encrypted communication support, encrypted filesystems, secured authentication, and more."
As is typical with Mandrake releases, this distribution is available for download immediately; the retail version can be purchased for delivery within a few weeks.
Mandrake Linux ProSuite 9.0 has been registered as conforming to the LSB Runtime Environment for IA32 version 1.2 product standard.
The Mandrake Linux Community Newsletter for September 19 is out. It looks at the new "Linux-Campus Courseware" offering, Kohan: Immortal Sovereigns, the OpenBrick, and more.
SCO Linux 4.0 Open Beta
The SCO Group has an open beta of SCO Linux 4.0 powered by UnitedLinux, available with free registration. SCO Linux 4.0 is the successor to OpenLinux Server 3.1.1. This beta should provide users with a taste of how United Linux will effect the products formerly branded Caldera Open Linux.
New Distributions
BanShee Linux/R
BanShee Linux/R is a two-floppy rescue system using uClibc and Busybox to make sure that the system is as small as possible. Initial verion 0.5 was released September 18, 2002.eLSD, Linux Society Distro
eLSD is a new distribution from the Linux Society. Derived from Devil-Linux this initrd-centric, bootable CD distribution comes in three flavors.0.1 - Devil-Linux offered as a build and burn kit.
0.2 - This version begins to make changes towards the eLSD goals by creating a bigger divide between the initrd/linuxrc boot and the init/boot in the OS. It also boots w/o the floppy that includes the /etc filesystem.
0.3 - This version actually converts Devil-Linux into an optional hard drive boot OS. The boot process occurs entirely in the initrd phase and then accesses the harddrive. This kit offers a robust kernel, two custom initrds -- one that boots to busybox/tinylogin -- and grub and parted support.
Firegate Server
The Firegate Server from Wiresoft is a self-managing server operating system designed for small and mid-sized businesses. It securely connects offices to the Internet and to each other, protecting valuable electronic information. Office staff can securely surf the web, send and receive email, host the company Web site, share files, host a customer database, and more. It is controlled through a simple Web browser or mobile telephone interface and managed by an artificial intelligence-based administration service. This package is a Linux-based system which also contains proprietary software. The Firegate Server, SMB Edition 7.1, was released September 25, 2002.MoviX
MoviX is a CD-ready tiny (~5MB) Slackware-based Linux distribution containing all you need to boot a PC from CD (using syslinux) and automagically play all the avi files you put in the CD root with mplayer through the framebuffer. You can use it to play all your movies, even on a diskless PC. Version 0.3 was released with minor feature enchancements, less than a week after the initial version, 0.2.Serverdisk diskette distro
Serverdisk diskette distro is a Linux floppy disk distribution which includes FTP and HTTP servers. Just a small server, not intended to be a rescue disk or standalone firewall. The initial version, 0.1, was released September 19, 2002.
Minor distribution updates
ClumpOS
ClumpOS has released R7.0. This release has been updated for Linux 2.4.19/MOSIX 1.8.0.herbix
herbix has fixed some bugs in v1.0-41.Kaiwal Linux becomes GrandLinux
Thai distribution Kaiwal Linux has changed its name to GrandLinux. GrandLinux 4.4 is available now. The website is in Thai. (Thanks to Joe Klemmer)uClinux
uClinux has released 2.5.38-uc0 with major feature enhancements.SnapGear Embedded Linux Technical Bulletin #13 - Using Flash Memory with uClinux
SnapGear's Greg Ungerer discusses theory and methods for building uClinux systems that boot, run and operate using Flash memory.Warewulf
Warewulf has released v1.1 with minor feature enhancements.Wolverine Firewall and VPN Server
The Coyote Linux Wolverine Firewall and VPN Server released 1.0RC2 (build 254) with minor bug fixes.
Distribution reviews
Review: Lindows 2.0 has beautiful skin, iffy personality (Register)
Here's a review of Lindows 2.0, courtesy of NewsForge. "Because Lindows is marketed to the disgruntled Windows user, I figured I'd try to do it justice and install it on a Windows ME system. I put the CD in, it "auto-started" and told me I didn't have one gigabyte available on the "C:" drive. The only option was to exit. Why couldn't I select a different drive letter? There's plenty of space on the D partition. But there was no way to do that."
Page editor: Rebecca Sobol
Development
The Phoenix 0.1 Lightweight Browser
Mozilla.org has released version 0.1 of Phoenix, a lighweight web browser. "Phoenix is a redesign of the Mozilla browser component, similar to Galeon, K-Meleon and Chimera, but written using the XUL user interface language and designed to be cross-platform."
The Phoenix release notes and FAQ state that Phoenix is primarily designed to be fast, but without sacrificing features. Some of the currently implemented features include:
- A Customizable toolbar.
- A Bookmarks and History Quicksearch capability.
- Fast start-up and operation.
- An overhauled Bookmarks Manager with undo/redo.
- A new look based on the Orbit theme.
- "Reasonable" Default Settings for pop-up blocking, tabbed browsing, and other features.
- Support for plugins like flash and real.
- Satchel, a replacement for Mozilla's Wallet functionality.
- A new Plug-in and Add-on Manager.
- A new Download Manager.
- "your favorite" preferences.
System Applications
Audio Projects
PHP Audio Extension
Tony Leake has released his PHP Audio Extension, which connects PHP to the Ecasound ECI interface. "The PHP Audio extension is currently a wrapper for Ecasound, in the future higher level functions will be written for those who want audio processing in their PHP applications without learning the Ecasound syntax."
Clusters and Grids
Heartbeat 0.4.9d released.
Version 0.4.9d (beta) of heartbeat has been released by the High Availability Linux Project. Heartbeat "implements serial, UDP, and PPP/UDP heartbeats together with IP address takeover including a nice resource model including resource groups. It currently supports multiple IP addresses and a simple two-node primary/secondary model." New features include performance improvements, an applicaton heartbeat daemon, new ipfail code, a CCM membership daemon, improved documentation, and a PILS library. (Thanks to Alan Robertson.)
Database Software
Full transaction support added to MySQL
MySQL Inc. has put out a press release announcing the addition of a fully ACID-compliant transaction engine (called "InnoDB") to the popular MySQL database management system. "Consistent with all MySQL offerings, InnoDB is easy to use and highly reliable, having been battle-tested by the Open Source community."
Knoda 0.5.4 released.
Version 0.5.4 of the Knoda database access GUI for KDE has been released. Changes include a Postgres driver, drag and drop support, copy and paste fields for forms and reports, column sorting, UI improvements, FreeBSD support, and lots of bug fixes.Introduction to Xindice (IBM developerWorks)
Arun Gaikwad introduces Xindece, an XML database system. "This article is an introduction to an Open Source Native XML Database System, called Xindice (pronounced zeen-dea-chay). It is also an introduction to Native XML Database concepts."
Education
Linux in education report
Issue #79 of the Seul/Edu Linux in education report is out. Topics include the DebianEdu project, Linux in Indian schools, manuals for the computer illiterate, Red Hat on educational Linux, the Office Admin and Teacher Admin modules, MIT's Lifelong Kindergarten project, and more.
Electronics
New Icarus Verilog snapshot
The 20020921 development snapshot of the Icarus Verilog electronic simulation language compiler has been released. The changes are listed in the release notes.
Embedded Systems
First public release of wxEmbedded
The first beta version of wxEmbedded is available for testing. wxEmbedded is the project name for support for small devices in wxWindows (currently PDAs are the primary target).BusyBox 0.60.4 released
Version 0.60.4 (stable) of BusyBox has been released. "BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides minimalist replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc." This is a bug fix release, see the Changelog file for a detailed list of changes.
Libraries
Native POSIX Thread Library 0.1 released
Readers of the LWN.net Kernel Page have been following the effort to provide Linux with "world class" threading support - at least, from the kernel point of view (see, for example the August 15 and August 22 Kernel Pages). The user-space side of this work has been harder to follow - until now. Ulrich Drepper has announced the release of version 0.1 of the Native POSIX Thread Library. Click below to read the full announcement, which includes a fair amount of information on what Ulrich and kernel developer Ingo Molnar have been up to. "Unless major flaws in the design are found this code is intended to become the standard POSIX thread library on Linux system and it will be included in the GNU C library distribution."
Peer to Peer
Internet Radio the P2P Way (O'Reilly)
Howard Wen talks about internet broadcasting with Peer to Peer technology. "First there was AM. Then FM. Now, the next evolution in radio broadcast technology could very well be "P2P." What could be even more controversial than Internet radio/audio broadcasting--which has made headlines this year over the issue of royalty payments--and P2P file sharing? Probably the merging together of these banes of the music industry. Two P2P clients, PeerCast and Streamer, are exactly that. Without the need to have your own dedicated server, these programs let you stream audio files to other users on a P2P network. Essentially, you can run your own Internet radio station whenever you start up your computer and get online."
Web Site Development
Zope Members News
The latest Zope Members News headlines include: Alternative implementation of ZPT - with i18n!, First book ever about CMF/Plone!, PropertyList 0.1 Released, and PropertyObject & -folder 1.1 released.mnoGoSearch-php-3.2.0.beta7 available
Version 3.2.0.beta7 of the PHP frontend to the mnoGoSearch web site search engine software is available. See the ChangeLog file for a list of changes.Embedding Web Servers (Perl.com)
Perl.com has an article by Robert Spier on Embedding Web Servers with Perl.
Desktop Applications
Audio Applications
Sweep Sound Editor
Conrad Parker has sent us a status update from the Sweep sound editor project. "Sweep is a full-featured open source sound editor, now used in production at Pixar and rapidly gaining popularity elsewhere. It features a character called Scrubby who is a very intuitive "scrub" tool and makes editing sounds a breeze. You can use Sweep for general sound editing on your Linux desktop, and thanks to Scrubby you can also use it as a tool for live DJing and experimental music. Sweep has undergone many changes recently to make it ready for widespread use, and I'd like to invite readers to try out the latest version (0.5.6)."
Desktop Environments
GNOME Summary
The GNOME Summary for September 12-18, 2002 is out with the latest GNOME development news.The latest FootNotes
This week's entries on FootNotes include Dropline GNOME 1.1.1, Workrave 0.1.0, Sodipodi 0.26, GStreamer 0.4.1, Gentoo Gnome 2.0.2, and more.Outlook Competition: Enter Kroupware and Kaplan
KDE.News looks at the Kroupware Project, part of a full-blown open-source groupware solution for KDE and commissioned by the German government. "But Don Sanders, KMail hacker, went one step further. He managed to transform KMail into a KPart and demonstrated how the different PIM components can be embedded in the pre-existing framework by Matthias Hoelzer-Kluepfel and Daniel Molkentin known as Kaplan"
Gspoof 2.1.1 relased
Stable version 2.1.1 of Gsproof is available. "Gspoof is a GTK+ program written in C language which makes easier and accurate the building and the sending of TCP packet with a data-payload or not. It's possible to modify TCP/IP fields also Ethernet header working to Link Level." This release features bug fixes and support for libreadline.
GUI Packages
FLTK 1.1.0rc7 Now Available
Version 1.1.0rc7 of FLTK, the Fast, Light ToolKit, is available. "FLTK 1.1.0rc7 is now available for download and is a candidate for the final 1.1.0 release. This release contains several portability and bug fixes."
Interoperability
Kernel Cousin Wine #136
Issue #136 of Kernel Cousin Wine is out. Topics include the ZDNet User Poll, a Linux Journal review, work on NetAPI32.DLL and WinASPI.DLL, mixing Unix and Windows calls, and Perl regression tests.
Office Applications
AbiWord Weekly News #110
The AbiWord Weekly News for September 23, 2002 is available. AbiWord 1.0.3 "Désir Satisfait" is now available, and more AbiWord news in this issue.Kernel Cousin GNUe #47
Issue #47 of Kernel Cousin GNUe is out with the latest GNU enterprise development news.Gnucash 1.8 proposed schedule
The Gnucash 1.8 proposed schedule is out, with an updated HBCI planned-feature list.
Web Browsers
Mozilla Independent Status Reports
The latest Mozilla Independent Status Reports include updates for Composite, Themes, Games, Bitflux Editor, TagZilla, Livelizard, Diggler, and MultiZilla.
Languages and Tools
Caml
The Caml Hump
This week, the new software on The Caml Hump includes toolpage, OCaml-SOAP, VisualML, OCamake, bdb, nML, and DML/de Caml.
Haskell
gtk+ haskell binding 0.14.10 released
Version 0.14.10 of Gtk+HS, the Haskell binding for the GUI toolkit GTK+, is available. "This release features a range of new widgets over the previous release and supports the use of the library as a GHC package."
Java
RelativeLayout, a Constraint-Based Layout Manager (O'Reilly)
James Elliott covers the RelativeLayout layout manager on O'Reilly. "Layout managers fall firmly into the periphery when talking about Swing. They're something you use all the time with Swing containers, but they predate Swing and you can use them just as well with an AWT application. Still, layout managers play such a fundamental role in arranging the pieces of your user interface that you need to develop a good understanding of at least a couple of them so that you can work effectively. And they hold the promise of enabling your application to look polished as it moves from platform to platform, gracefully adapting to new font metrics and component shapes."
Resin: The Instant Application Server
Daniel Solin writes about Resin on O'Reilly. "Imagine a Java Web application server that runs on Unix, delivers incredible performance, is really easy to set up, and inexpensive to boot. Even crazier, imagine that this little app server offers all of the features you expect from a modern Java server, including JSP/servlets, XML/XSL, and EJB/CMP. You can stop imagining. It actually exists, and it goes by the name of Resin."
Lisp
LML and aFTPd first public releases
The first public release of the aFTPd Lisp ftp server, and the LML Lisp Markup Language library for generating HTML and XHTML documents have been released.
Perl
This week on Perl 6
The September 9-16, 2002 edition of This week on Perl 6 is out. Topics include: Goal Call for 0.0.9, Scheme Implementation Details, chr, ord etc., Lexicals, IMCC 0.0.9 Runs 100%, Problem Parsing Builtins, building core.ops op_hash at runtime, Problems with 64-bit integer builds, and more.This Week on perl5-porters (use Perl)
The September 16-22, 2002 edition of This Week on perl5-porters is out Topics include pedantic compilation, the default install location, closures in BEGIN blocks, perlopentut, smoke reports, and more.PerlQt-3 released.
Version 3 of PerlQt, a Perl Object Oriented interface to the Qt GUI Toolkit, is now available.
PHP
PHP Weekly Summary #104
Issue #104 of the PHP Weekly Summary looks at XSLT, Sablotron and PHP, Redefining class errors, changing .phps, and fixing ext/mbstring, OpenSSL additions, and ext/FriBiDi.PEAR Weekly News
This week's Pear Weekly News is out. "The mailing list has been very active during the past week, a sign to the return of an active cadence of updates, adds or fixes on pear. The subjects were various, from the classic 'Naming convention & coding standards' to the automatic translation system or peardoc. Sebastian Bergmann and Kristian Köhntopp have worked intensively on XML_Transformer, that will make us happy to see a new and very good stable release. This week has seen not less than four stable releases, that is itself a very good news, and one beta."
Python
The State of the Python-XML Art (O'Reilly)
Uche Ogbuji introduces his new Python-XML column on O'Reilly's XML.com site. "Welcome to the first Python-XML column. Every month I'll offer tips and techniques for XML processing in Python and close coverage of particular packages. Python is an excellent language for XML processing, and there is a wealth of tools and resources to help the intrepid developer be productive. In what follows I'll survey these tools and resources, giving a sense of how broadly Python supports XML technologies and giving you a head start on the more in-depth topics to follow." An extensive list of XML software for Python is included.
This week's Python-URL
Dr. Dobb's Python-URL for September 24 is out with the latest from the Python development community.The Daily Python-URL
This week's Daily Python-URL topics include the CAMFR 1.0 Maxwell solver, PyANT 0.26, What's so special about Python 2.2?, the PyTone mp3 jukebox, the FOAFBot IRC bot, and more.
Scheme
Scheme Weekly News
The September 23, 2002 edition of the Scheme Weekly News is out with the latest Scheme developments.
Tcl/Tk
Tcl/Tk 8.4.0 Released
Stable version 8.4.0 of Tcl/Tk was recently released. Click below for the announcement. This is a fairly major update, see the release notes for the full story.Dr. Dobb's Tcl-URL!
The September 22 edition of the Dr. Dobb's Tcl-URL! is out with an assortment of articles about Tcl/Tk, including the announcement of Tcl 8.4 final.
XML
XML Canonicalization (O'Reilly)
Bilal Siddiqui writes about XML Canonicalization on O'Reilly's XML.com. "This two part series discusses the W3C Recommendations Canonical XML and Exclusive XML Canonicalization. In this first part I describe the process of XML canonicalization, that is, of finding the simplified form of an XML document, as defined by the Canonical XML specification. We'll start by illustrating when and why we would need to canonicalize an XML document."
Euro-XML (O'Reilly)
Rick Jelliffe illustrates several character encoding techniques for XML on O'Reilly. "There are three ways of representing the euro in XML:"
* numeric character references, * character entity references, and * direct characters.
This article examines these and other more arcane but important ramifications.
Brother, Can You Spare a DIME? (O'Reilly)
Rick Salz covers DIME on O'Reilly's XML.com. "This month we look at Direct Internet Message Encapsulation (DIME), a binary message format; and we'll also look briefly at the WS-Attachments specification, which provides a generic framework for SOAP attachments, and a definition for a DIME-based instantiation of that framework."
Page editor: Forrest Cook
Linux in Business
Business News
Campaign for Digital Rights responds to patent office paper; Plans protests at party conferences
The Campaign for Digital Rights plans protests of a consultation paper released by the UK Patent Office. The paper details plans to implement the European copyright directive. CDR believes that this legislation is flawed and will have disastrous effects on British research, innovation, music recording studios and software development.Regal deploying Linux in hundreds of theaters
Here's another 'big commercial Linux deployment' press release from IBM. This time around, it's Regal Entertainment Group, a large movie theater chain, which is making the leap: it is using some 2400 Linux-based point of sale systems, with the final number expected to grow to around 3500. "Regal is also testing a new, in-theater, Linux-based kiosk that will enable movie patrons to purchase tickets or retrieve tickets purchased from an online service." The POS systems are running Red Hat Linux.
Press Releases
Open Source Announcements
- Apple Computer Inc. (CUPERTINO, Calif.): Apple 'Open Sources' Rendezvous.
- ECHO (AGOURA HILLS, Calif.): Electronic Clearing House Releases Free Interchange Real-Time Payment Solution.
- Nemein (POZNAN, ESPOO): Aegir CMS beta 1.0 released.
Distributions and Bundled Products
- Guardian Digital, Inc. (Allendale, NJ): Guardian Digital Launches New EnGarde Secure Server Software.
- SCO Group (LAS VEGAS, GeoFORUM): SCO to Ship New Versions of OpenServer, UnixWare, SCO Linux.
Software for Linux
- ABAS AG (HERNDON, Va.): ABAS, Europe's Leading Small to Medium Enterprise ERP Package, Arrives in the USA.
- ATI Technologies, Inc. (MARKHAM, Ontario): ATI Introduces The New MOBILITY FIRE GL 9000 Visual Processor for Mobile Workstation.
- ActiveState Corp. (VANCOUVER, British Columbia): ActiveState Unveils Industry's First Professional Workspace For Open Source Languages: Komodo 2.0 With Web Services Support & GUI Builder.
- Bristol Technology (DANBURY, Conn.): Bristol Launches TransactionVision 3 Solution -- Enhanced Scalability for Tracking Issues in High-Transaction Environments --.
- CommVault Systems (OCEANPORT, N.J.): CommVault and XIOtech Announce Disk-based Data Protection for Mixed Windows, Linux and Unix Enterprises.
- CommVault Systems, Inc. (OCEANPORT, N.J.): CommVault Galaxy 4.1 Expands Application Data Protection for UNIX and LINUX Enterprises.
- GeCAD Software (White Plains, NY & Bucharest, Romania): GeCAD Software Introduces RAV AntiVirus For File Servers; Anti-Virus Solutions Provider Adds New Data Security Capabilities for IBM eServer zSeries Linux Servers.
- Heroix Corporation (NEWTON, Mass.): Heroix Strengthens Enterprise Application, System, and Infrastructure Performance Management Capabilities.
- InterSystems Corporation (CAMBRIDGE, Mass.): InterSystems launches CACHE 5; Provides real-time analytics on Linux platform.
- Linux NetworX (SALT LAKE CITY): Linux NetworX Announces LinuxBIOS Availability for its Cluster Systems.
- Lund Performance Solutions (ALBANY, Ore.): Lund Performance Solutions Announces Versatile, Inexpensive Data Replication Product; Enhanced Version of Shadow D/R Software Replicates Databases in Real Time.
- OPTX International (CHICO, Calif.): OPTX International's New ScreenWatch Producer 5.0 Screen Recording Software Comes Packed with New Features.
- ROC Software LP (AUSTIN, Texas): ROC Software Announces New Products to Extend the Life of MPE Investments.
- SWsoft, Inc. (S. SAN FRANCISCO, Calif.): SWsoft Releases Virtuozzo 2.5, Highest-Performing Server Virtualization Technology for Intel Xeon Processor-Based Servers.
- SlickEdit Inc. (MORRISVILLE, N.C.): SlickEdit Honored With North Carolina Technology Fast 50 Award For Second Consecutive Year.
- Xi Graphics, Inc. (DENVER): New Linux Accelerated-X Graphics Software Released by Xi Graphics, Inc..
- Zend Technologies Ltd. (RAMAT GAN, Israel): Zend Furthers PHP's Rapid Commercial Expansion With New Zend SafeGuard Suite for Businesses.
Products and Services Using Linux
- Bivio Networks (PLEASANTON, Calif.): Bivio Networks IP Service Platform Establishes New Performance Benchmark for Check Point Firewall-1 Software.
- LinuxIT (Bristol): LinuxIT announces solutions for Government and Public Sector..
- Sixfold Technologies (Chicago): Sixfold Technologies Launches at Cluster 2002.
- Thales Navigation (SANTA CLARA, Calif.): Thales Navigation Introduces Industry's First GPS Receiver with Direct Internet Connection.
Hardware with Linux support
- IBM Corporation (Armonk, NY): IBM Unveils Powerful Blade Server for Enterprise Workloads; AOL Time Warner Reduces Costs with IBM BladeCenter.
- LSI Logic Corporation (CAMPBELL, Calif. and MILPITAS, Calif.): Antares Microsystems Delivers Ultra320 SCSI Host Bus Adapter Using LSI Logic Controller.
- RackSaver Inc. (SAN DIEGO): RackSaver Introduces The World's Smallest Footprint 1-Teraflop SuperComputing Cluster.
- Terra Soft Solutions (Chicago): Terra Soft Debuts Xserves with Yellow Dog Linux at Cluster 2002: Press Release 2002 09/25.
Cross Platform/Porting Product
- Altera Corporation (SAN JOSE, Calif.): Altera Offers First C-code-based DSP Design Flow for FPGAs.
- eIQnetworks (WAYLAND, Mass.): eIQnetworks Delivers First Cross-Platform Mail Server Analysis Software for Microsoft Exchange, Lotus Domino and Sendmail.
- MontaVista Software, Inc. (SAN JOSE, Calif.): MontaVista Software Announces Support for Broadcom's SiByte BCM1250 Processor; Leading Embedded Linux Development Platform Optimized for Ultra High Performance Processor.
Linux at Work
- 1mage (ENGLEWOOD, Colo.): State of Minnesota Installs 1MAGE Document Management Software -- Environmental Health Group Replaces Existing System With the Linux Version of 1MAGE.
- Fidelia Technology, Inc. (PRINCETON, N.J.): Spirit Airlines and AutoTrader UK Give Customers a Smooth Ride with Fidelia NetVigil; Network & Performance Management Start-up Adds Customers to Roster.
- HP (PALO ALTO, Calif.): HP Installs $22 Million Supercomputer at Wellcome Trust Sanger Institute in U.K..
- IBM (RALEIGH, N.C.): Regal Entertainment Group Adopts IBM and Linux for Point-of-sale Application.
- Keithley Instruments (CLEVELAND, OH): Engineers Moving Toward Ethernet, Linux, and High Resolution, According to New Survey.
- Linux NetworX (SALT LAKE CITY): Los Alamos National Laboratory Selects Linux NetworX to Build 10 teraFLOP Linux Supercomputer.
- Pipeline Interactive (LEBANON, Pa.): Pipeline Interactive Partners With Casio to Redesign Web Site.
- Samsung SDS (New York, NY): Samsung SDS Announces Major Win with Leading Global Customer.
Java Products
- ACUNIA (Leuven, Belgium): ACUNIA to show Open Telematics Framework capabilities on XINGU-based prototype multimedia infotainment system.
- Nuesoft Technologies, Inc. (ATLANTA): Nuesoft Technologies Unveils Medicat iV, A Powerful New Health Center Practice Management Solution for Small to Mid-Size College Health Centers.
Books and Documentation
Training and Certification
- Knowledge Transfer Systems, Inc. (OAKLAND, Calif.): Knowledge Transfer Systems Expands Partnership With Gurukulonline.
- MandrakeSoft (Altadena, CA): MandrakeSoft Announces the Availability of its Linux-Campus Courseware at 30 Training Sites Across the Americas.
Trade Shows and Conferences
- AMD (SUNNYVALE, Calif.): AMD Delivers Hammer Technology Resources At AMD Developer Symposium; AMD Offers Sneak Preview Of AMD Developer Center, A Dedicated Resource for Hardware and Software Partners.
- Sysix Companies (LOS ANGELES, CA): Sysix Highlights Top Infrastructure Considerations for Linux Purchase Decisions at HP World Conference.
Partnerships
- HP (PALO ALTO, Calif.): HP Elected as Supporting Member of Eclipse Open Source Consortium; Company Continues to Lead Promotion of Heterogeneous Environments and Open Source.
- IBM eServer Tools Network (SAN FRANCISCO): Micromuse Joins IBM's Project eLiza Initiative; Netcool Management Solutions Move the IT Industry Toward Self-Managed Enterprises.
- Imperial Technology, Inc. and Tek-Tools (EL SEGUNDO, Calif.): Imperial Technology Partners with Tek-Tools for Storage Resource Management; Event Management and Notification Software.
- LynuxWorks Inc. (SAN JOSE, Calif.): LynuxWorks and TapRoot Systems Alliance Yields Customization Tools for High Performance Embedded Technology.
- MKS Inc. (WATERLOO, ON): MKS Joins Eclipse.
- Opera Software (Oslo): The most powerful Linux experience on the Web: Ximian Offers Customized Opera for Linux with Red Carpet.
- STMicroelectronics and AMD (PORTLAND, Ore.): STMicroelectronics Announces Collaboration With AMD to Supply the Portland Group Compiler Technology.
Miscellaneous
Page editor: Rebecca Sobol
Linux in the news
Recommended Reading
European Union Researches the Benefits of Open Source Software (O'Reilly Network)
O'Reilly reports on the research project "Free/Libre and Open Source Software: Survey and Study", funded by the European Union, which explores the reasons behind the widespread use and support of free software. "This is, to my knowledge, the first large-scale, rigorous study concerning any aspect of free software. It involves interviews with thousands of developers and hundreds of businesses, with carefully-chosen questions and a correlation of results."
Building the underground computer railroad (Salon)
Here's a Salon article on anti-globalization groups which are fixing up old computers and sending them off to developing countries. "If you just look at their specifications, the systems the activists are building here seem almost worthless, Pentium 100-class machines with about a gigabyte of hard drive space and 80 megs of RAM. The sort of computer that went for thousands in 1996, but that wouldn't fetch $50 on eBay today. But if you wipe Windows off these systems and replace it with a Linux-based operating system, and if you just plan to use them for the Web and e-mail, they can be quite useful..." Nobody seems to see any irony in installing a globally-developed operating system on computers and sending them around the world as a way of fighting globalization.
UnitedLinux might not be very GPL-friendly (NewsForge)
NewsForge has an article about the UnitedLinux closed-beta NDA's compatibility with the GPL. "Is UnitedLinux down with the idea behind software libre, or are they just trying to become a Red Hat killer and Linux oligopoly in order to make some fast bucks?"
A Bounty on Spammers (CIO Insight)
Lawrence Lessig suggests new methods for dealing with spam, and also looks at copyright issues. "But at least with the spam problem, there is a much simpler solution that, so far, Congress has failed to see. Imagine a law that had two partsa labeling part and a bounty part. Part A says that any unsolicited commercial e-mail must include in its subject line the tag [ADV:]. Part B says that the first person to track down a spammer violating the labeling requirement will, upon providing proof to the Federal Trade Commission, be entitled to $10,000 to be paid by the spammer."
Less RMS, more freedom - FSF pitches to wider audience (Register)
The Register looks at the changing role of the Free Software Foundation. Quoting Bradley Kuhn: "Of course, I love the Free Software community and am an active member of it. However, there was always one aspect of our community that didn't sit right with me: the idea that you had to 'prove your hacker credentials' to be taken seriously."
Companies
Jumpy Caldera needs vision correction (ZDNet)
This editorial goes through the business history of Caldera, suggesting where they have gone wrong in the past, and where they are going wrong in the present. "It doesn't take a degree in rocket science to imagine what the investors, including Ray Noorda, have been pushing for at recent Caldera board meetings: ditch Linux, and stick with the Unix cash cow. Oh, and change the name, just for good measure."
Ballmer: We'll outsmart open source (ZDNet)
ZDNet is carrying Microsoft president Steve Ballmer's latest comments about Linux. "'Linux is not about free software, it is about community,' he said. 'It's not like Novell, it isn't going to run out of money--it started off bankrupt, in a way.'"
MS design switch thwarts Xbox mod chips (Register)
Accordint to the Register, Microsoft has modified the hardware for its Xbox game platform, which will thwart the porting of Linux to the platform. "Microsoft has made some modifications to the internal design of Xbox in the name of security, the most immediate upshot being apparently that existing mod chips won't work with the new design. According to a posting last week on the Xboxhacker BBS (reproduced here, the first of the new designs have been spotted in Australia."
Red Hat 8.0 To Launch This Month (TechWeb)
TechWeb reports that Red Hat Linux 8.0 will be released with a large emphasis on the desktop. "Red Hat has never been a major advocate of Linux on the desktop, but version 8.0 will demonstrate a change of heart. The Raleigh, N.C.-based company, whose namesake Linux distribution is the de facto standard in the United States, maintains Linux is not geared for the typical consumer or business secretary but does have practical use for a select group of corporate and technical users"
Open-source group gets Sun security gift (News.com)
CNET has a few more details about Wednesday's announcement that Sun gave elliptic curve cryptography to OpenSSL. "The deployment schedule is on the order of several years to a decade unless something comes along in the interim. I would conjecture that by 2010 or so, this will be widely used."
Sun's Linux PC cheaper, McNealy boasts (News.com)
CNET has published a nice summary of Sun's Linux initiatives. "Sun Microsystems will get into the PC business next year, selling Linux-based desktops that will cost less than half to own and operate than comparable systems running Windows, Sun CEO Scott McNealy said Wednesday."
Sun releases Liberty Alliance tool (News.com)
Here's a brief News.com article on Sun's first Liberty Alliance release. "Sun executives say the Java-based tool is the first open-source implementation of the Liberty Alliance standard and a prototype of Sun's forthcoming server software, called Identity Server 6.0, which will manage computer user's access and authentication."
Business
CEO of Raleigh, N.C.-Based Red Hat Speculates on Future of Technology (Nando)
The Raleigh, N.C. News & Observer takes a look at what keeps Red Hat CEO up at night. "It has nothing to do with Wall Street investors and analysts who are still waiting for Red Hat's big pop -- some sort of return on the traction the alternative Linux operating system is getting in the marketplace."
Interviews
Practical Matters Rule IBM's Tactics with Competitors
The Seattle Times has an interview with Steve Mills, head of IBM's software division. "The reality is the world is very heterogeneous; it's not Windows-only and the overwhelming majority of business transactions in medium and large businesses are not running on Windows. They're running on a wide variety of Unix systems and IBM mainframes. It's a very complex world, and that world's not going to change very quickly."
Open source haunts Microsoft (ZDNet)
ZDNet interviews the program manager of Microsoft's Shared Source Initiative, Microsoft's answer to Open Source. "The fact is that Linux is now competing with Windows. That is good because it is spurring us on and making us compete better, but equally, it is difficult for us to say Windows has better management tools than Linux because all of a sudden people say we are attacking open source."
At the center of the patent storm (News.com)
News.com talks with Danny Weitzner, chair of the W3C patent policy working group. "The open-source community has played a really important role at the W3C because, clearly, royalty-bearing standards create a fundamental problem for open-source software. But the need for royalty-free standards would exist even if there were no open-source solutions."
Resources
Building a Linux Minicluster using commodity components (LinuxDevices.com)
The Embedded Reasoning Institute of the Sandia National Laboratories recently constructed a 4-node Linux cluster based on commodity PC/104 modules and other related components. The system was designed for use in parallel programming tutorials, demonstrations, and displays, and was showcased at the Supercomputing 2001 Conference (Denver, CO) and at the Embedded Systems Conference 2002 (San Francisco, CA). This LinuxDevices.com article by two key members of the project team describes the overall project and provides information on how the system was constructed.Using MPICH to Build a Small Private Beowulf Cluster (Linux Journal)
This Linux Journal article shows how you can build a small Beowulf cluster using MPICH. "Our new Beowulf cluster consists of a private network of eight systems dual-booting between Windows 2000 Professional and Red Hat 7.1. Each computer has a single AMD 1.4GHz Athlon processor, 512MB RAM, a 30GB hard drive, a 64MB NVIDIA video card and 100Mb Ethernet with switching hub (did I say that our administration and school board were kind to us?). We are using the current version of MPICH (1.2.2.3) as our MPI library."
Introducing YAFFS, the first NAND-specific flash file system (LinuxDevices)
LinuxDevices.com introduces YAFFS (yet another flash file system), an open source project working on a NAND-specific flash file system. "Hard disks are not a viable storage option for many embedded and handheld systems because they are too big, too fragile and use too much power. For some years now, people have been using common-old NOR flash for file system storage. JFFS and JFFS2 do an excellent job of this for Linux. For storage applications NOR flash is not that great because it is not very dense (i.e. not much storage per chip), is costly and is slow to write. NAND flash, on the other hand, is low cost, dense, and writes fast; but it has other limitations."
Anatomy of a Read and Write Call (Linux Journal)
Linux Journal dissects the anatomy of a read/write call. "As it turned out, the gcc benchmark was the one that everyone seemed to be improving on the most. As we analyzed what the benchmark was doing, we found out that basically it opened a file, read its contents, created a new file, wrote new contents, then closed both files. It did this over and over and over."
Using Logical Volume Management (Linux Journal)
Here is a Linux Journal article about Logical Volume Management. "Last December, I set up my Linux workstation. Since I didn't really know how I would use the machine over the next few months, I decided to install LVM - I was trained in IBM AIX LVM, so I knew what it could do. I also chose to create my filesystems using ReiserFS, which turned out to be a huge benefit. Four months later, I filled the /home filesystem. Traditionally, I would have been forced to move stuff around, and make a bunch of symlinks to use the space on another file system, or repartition, reformat and reload my data. In this case, /home was 100% full, but my /share and /tmp filesystems had several gigabytes of unused space on them. The LVM HOWTO descibes a classic scenario like this one that illustrates exactly why LVM is an excellent tool."
devfs for Management and Administration (Linux Journal)
Philip Streck illustrates the installation and use of devfs in a Linux Journal article.
Reviews
Linux Orbit reviews OEone HomeBase DESKTOP
Linux Orbit has a review of the OEone HomeBase DESKTOP. "The Linux desktop is certainly getting a lot of media play these days. Sun is on the verge of some major desktop announcements, Red Hat 8.0 promises to be another interesting wrinkle, and let's not forget Lycoris, Lindows and the upcoming release of Xandros. Not to be forgotten, OEone recently announced that their HomeBase DESKTOP product is now compatible with Red Hat 7.3. Since that is the current Linux distribution that I run, I thought I'd give their product a test drive."
Gwana-gwana landslide buries Sun Linux (Register)
Here is the Register's take on Sun Linux. "Sun's Linux Desktop turns out to be prime-time Gwana-gwana. Sun will release a distro at some point in 2003 - can't say when; and it'll be competitively priced - can't say how much, but it will be cheaper than whatever we reckon Windows costs. Er, that's it for now."
Jabbering along with tkcJabber (Open For Business)
Open For Business reviews TkcJabber a Jabber client that runs on the Sharp Zaurus SL-5500 PDA. "TkcJabber, which is produced by Rancho Santa Margarita, California-based theKompany, Inc., is a client for the Free Software instant messaging system known as Jabber. Jabber works in much the same fashion as better known protocols such as AOL Instant Messenger or MSN Messenger, allowing you to have real-time conversations with others. Unlike the others, however, Jabber does not have a central server like those services, but instead uses a decentralized system similar to the way e-mail works."
uClinux: World's most popular embedded Linux distro? (LinuxDevices)
LinuxDevices.com looks at the uClinux distribution from both technical and historical points of view. "Despite claims to the contrary, uClinux may well represent the world's first, most mature, and most commercially successful embedded Linux distribution. While other embedded distributions rely on upscale processors to get reasonable performance, uClinux uses solid code, a firm guiding hand, and actual product experience with deeply embedded systems. The results are smaller code, better performance, and lower cost -- all of which is applicable to both MMU-less and MMU-enabled systems."
Miscellaneous
United Linux Readies Open Beta Release (TechWeb)
TechWeb covers the upcoming beta release of United Linux. "UnitedLinux, a group of Linux providers building a common, enterprise-ready release of the open source operating system, said Wednesday it will let loose with a free beta of its source code Sept. 23."
UnitedLinux defends open-source roots (ZDNet)
ZDNet delves deeper into United Linux, and the "closed beta" that comes with a non-disclosure agreement. ""Since nearly all of the volunteers from the Free Software community (your fellow developers) did not receive a copy of the so-called 'closed beta', we ask that in a show of good faith, you make available at least the terms of distribution you used for that product," [FSF director Bradley] Kuhn said in the letter. "Even as you release your new product to the public, the past situation must be clarified."" Conectiva has made the full text of the NDA available in response.
Lab to sample Linux for weapons work (News.com)
News.com reports on a new Linux-based supercomputer that is being deployed at LANL for nuclear weapons simulation. "The lab has been a pioneer in building inexpensive supercomputers made out of ordinary computing components and the Linux operating system. Thus far, however, LANL's nuclear weapons simulation software runs on more expensive systems from SGI and Hewlett-Packard such as HP's $215 million "Q" now under construction. A $6 million price tag may sound like a bargain in comparison, but software must be reworked to run using less expensive clusters of Linux machines."
We are the west, we are the IP (ZDNet)
ZDNet covers the work of an international group, The Commission on Intellectual Property Rights. "A distinguished group of academics, government representatives and businesspeople this week came out with a set of recommendations which, if taken seriously by governments around the world, could have a drastic effect on the software industry. The proposals, by the Commission on Intellectual Property Rights, would also have a drastic effect on the lives of millions of people in the developing world. All areas of intellectual property are addressed in the Commission's report--including health, as well as agricultural and genetic resources and traditional knowledge."
Page editor: Forrest Cook
Announcements
Resources
Linux Laptop Sound Configuration (O'Reilly)
Dave Phillips writes about his experience of installing sound on an HP Omnibook 4150 laptop. "Configuring sound for laptops running Linux can be a very tricky process. Drivers may be difficult to find or install, reference materials may be incomplete or misleading, and even after careful configuration, your system may still emit no more than the beep from its internal speaker. In other words, setting up sound on a Linux laptop can quickly become an unwanted exercise in patience and frustration."
Top Five Open Source Packages for System Administrators
O'Reilly has an article on using Amanda for doing Linux backups. "Amanda stands for Advanced Maryland Automated Network Disk Archiver. It was developed at the University of Maryland. James da Silva was the initial author. Amanda is a network-based enterprise backup utility that includes features previously available only in expensive commercial packages."
Upcoming Events
Barbarians at the Gates! Bruce Perens speaks on Creating a Level Playing Field for Computer Software
Bruce Perens will be speaking at Stanford's Gates Computer Science Building lecture hall B03 on Wednesday September 25, 4:15 to 5:30 PM. The talk is open to the public, and will be webcast live and broadcast over the SITN network.YAPC 2003 Call For Venues (use Perl)
A call for papers has been issued for the 2003 YAPC::America conference. The venue will be announced this November.The Business Case for Open Source Software: a panel discussion.
Register now to attend The Business Case for Open Source Software: Successful Models and Implementations - a panel discussion scheduled for October 1, 2002 at Patterson, Belknap, Webb & Tyler LLP, New York, New York.Events: September 26 - November 21, 2002
| Date | Event | Location |
|---|---|---|
| September 26 - 27, 2002 | The Second Open Source Content Management Conference(OSCOM) | (Lawrence Hall of Science, University of California)Berkeley, CA |
| September 27 - 29, 2002 | Lulu Tech Circus | (State Fairgrounds Complex)Raleigh, North Carolina, USA |
| October 11 - 13, 2002 | V Congreso Hispalinux | San Sebastian-Donostia, Spain |
| October 14 - 16, 2002 | The Singapore Linux Conference 2002 | (Le Meridien Singapore)Singapore |
| October 14 - 15, 2002 | The Open Group Conference | (Hotel Martinez Palace)Cannes, France |
| October 17 - 18, 2002 | Open Source for E-Government | Washington, DC |
| October 24 - 25, 2002 | PHPCon 2002 | (The Clarion Hotel SFO)Millbrae, California |
| October 28 - 31, 2002 | International Lisp Conference 2002 - The Art of Lisp | San Francisco, CA |
| October 30 - 31, 2002 | Think-Linux, The Solutions Show | (The Pinnacle)Toledo OH |
| November 1 - 3, 2002 | 2nd Annual Ruby Conference(RubyConf 2002) | (Washington State Trade and Convention Center)Seattle, Washington |
| November 2, 2002 | Southern CaliforniA Linux Expo 2002(SCALE) | (Davidson Conference Center, University of Southern California)Los Angeles, CA |
| November 3 - 6, 2002 | International PHP 2002 conference | Frankfurt, Germany |
| November 3 - 8, 2002 | 16th System Administration Conference(Lisa '02) | Philadelphia, PA |
| November 14 - 15, 2002 | The Open Source Health Care Alliance(OSHCA) | (UCLA Medical Center)Los Angeles, CA |
| November 18 - 21, 2002 | Embedded Systems Conference, Boston | (Hynes Convention Center)Boston, Mass |
Web sites
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Miscellaneous
The Great Perl Monger Cull Of 2002 (use Perl)
Use Perl mentions that the list of Perl groups on the Perl Mongers site is being culled and verified. Here's your chance to get your favorite Perl group represented.
Page editor: Forrest Cook
Letters to the editor
Closed betas ...
| From: | "Anthony W. Youngman" <Anthony.Youngman@ECA-International.com> | |
| To: | "'letters@lwn.net'" <letters@lwn.net> | |
| Subject: | Closed betas ... | |
| Date: | Thu, 19 Sep 2002 12:24:22 +0100 |
> That does not stop distributors from doing closed beta tests, however. Corel > did it. Caldera (oops...SCO Group...) has done it. Lindows has done it. And > UnitedLinux is doing it. The closed beta period ends on September 23, at > which point the UnitedLinux beta, with source, will be available to all. In > the mean time, however, one might wonder how the current closed beta is > being kept closed. The way I'd do it is simple. "United Linux" is a trademark. You sign up to the beta, you do not damage the trademark by releasing any code that could be associated with the trademark. In other words, there's nothing stopping people releasing UL code, provided they delete all references to UL that are in the code, and they don't mention UL when they post it wherever. Seeing as deleting references and acknowledgements is taboo, any reputable developer will then quite happily keep UL itself closed. And as someone mentioned in the comments, you simply have code there that is your own copyright, so that it becomes a breach of copyright to just copy the UL distro "as is". (As for open betas being better than closed - no that's not necessarily the case. Far better start with a closed beta and squash the obvious problems first, then go open and get the more subtle problems later. There *is* something known as "overload" :-) The whole *point* of a beta is to find bugs, and having your bugzilla flooded with hundreds of reports of the same bug can easily become counter-productive) Cheers, Wol
Vice President Gates
| From: | Leon Brooks <leon@cyberknights.com.au> | |
| To: | charles.cooper@cnet.com | |
| Subject: | Vice President Gates | |
| Date: | Sun, 22 Sep 2002 09:11:30 +0800 | |
| Cc: | letters@news.com, letters@lwn.net |
Hi Charles! At http://msnbc-cnet.com.com/2010-1071-958721.html you wrote: > the image of Bill Gates getting his marching orders from President > George [W] Bush just doesn't compute. Before dealing with your main point, I don't think you understand how the people dealing with *any* nation's security think, and your conclusions will be invalid until you do. William Henry "Trey" Gates III or one of his subordinates may or may not shut down China's computers (hey, CodeRed4 may well do that anyway...), but you're about to bet one and a half billion lives, including yours, on whether he does or not. Does this impact your thinking? It would impact mine. The question flips from "is it certain that Bill can pull our collective plugs?" to "is it *possible* that Bill could pull our collective plugs?" - and of course that flips the answer from "Ha, ha" to "Yes." Now, as to whether Bill has the capability to actually do this, let's use Microsoft's own words: "The OS Product or OS Components contain components that enable and facilitate the use of certain Internet-based services. You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its components that you are utilizing and may provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer." [Text from the Windows 2000 SP3 EULA and Windows XP SP1 EULA] The implication is that Microsoft can alter the software on your computer at will, AND you agreed to let them do that when you installed it. Wouldn't it be handy - but not for China - if a wartime update to Windows was or included a TCP stack that stopped recognising Chinese IP addresses at a specific date and propagated itself as hard as it could by fair means or foul until then? As to *how* Microsoft propose do that, well, why not just read the source code yourself and find out? (-: Finally, given that Microsoft seem to have both means and opportunity, how about motive? Bush orders Gates, so-so, maybe. National Guard orders Gates at gunpoint is quite a different scenario. CIA plant pushes button for Gates yet another. Is a troublemaking cracker from Saint Petersburg unprecedented? The possibilities are myriad. Just don't be dumb enough to say that it's impossible. Cheers; Leon -- http://www.cyberknights.com.au/ Modern tools, traditional dedication http://slpwa.linux.org.au/ Member, Linux Professionals West Aus http://linux.conf.au/ THE Australian Linux Technical Conf: 22-25 January 2003, Perth: be there!
Page editor: Jonathan Corbet