LWN.net Weekly Edition for February 3, 2005
Interview: OSI's new president
On January 31, the Open Source Initiative announced an expansion of its efforts and the appointment of Russ Nelson as its president. Mr. Nelson was kind enough to answer a few questions from LWN on the OSI and where he thinks it is headed. The questions, and his answers, can be found below. We thank Russ for taking the time to fill us in.LWN: So you're the new president of OSI. Why did you take on that role, and where do you anticipate taking the OSI in the near future?
No, wait, that's Bruce Perens' line [Bruce worked for Pixar and is in the Toy Story credits].
Never before in history have we had a time when one person of ordinary intelligence can write a program which becomes used by half the worldwide computer-using population. This creates so many problems between countries that I really feel they have to be addressed with a treaty.
I think that the end goal is an international treaty concerning Open Source. Just to take one tiny portion of that issue: today somebody asked us for an "official Spanish version de license MIT". We can't do that. I mean, we could translate it (or more properly find a volunteer to translate it and publish it on opensource.org), but the problem is that almost certainly the author of the MIT-licensed software didn't give us permission to license his software under the Spanish-language MIT license.
In many ways, the OSI appears to have fallen from view. Until this news hit, the most recent item listed on the front page was dated October, 2001. The OSI gets called upon to put its stamp on a license occasionally; what else does the OSI do now? Is it relevant to the free software development process, and how?
We continue to do what we've always done: talk to people about open source. Calm their fears, and renew their hopes.
The press release states that OSI will set out on "the establishment of principles of Open Source development and best practices" and "the creation of a registry of software projects that adhere to those principles." What need is driving the creation of these principles and the associated registry?
When you talk about "inclusion of international perspectives and initiatives related to Open Source," what do you mean?
Why does the OSI need *two* legal counselors? What do they do?
How will the new OSI board members be selected? In general, how is the OSI kept accountable to the community it hopes to represent?
How do you expect OSI to work with other free software-oriented groups, such as OSDL and the FSF? Will there be more cooperation in the future?
Is there anything else which you would like to communicate to LWN readers?
I think it's great to be President of the OSI at this point in time. We've had a strong president in Eric Raymond who took us from nothing to a highly respected member of the open source community. As corporations and governments come to be part of the community, we have to double and redouble our educational and advocacy efforts. We need to make sure that corporations know how to work with individual developers, and that governments know how to set the rules so everybody can work together. And we have to squash software patents, but that's a different interview.
GNOME and KDE priorities
With the KDE 3.4 and GNOME 2.10 releases on the horizon, we decided to take a look at both projects to see where both desktop teams were focusing their efforts. To get a feel for the priorities of each team, this reporter "test drove" the KDE 3.4 beta 1 using the SUSE 9.2 packages and GNOME 2.9.4 with Ubuntu's Live CD. We also spoke to KDE core developer Zack Rusin about the 3.4 release and GNOME release team member Luis Villa about GNOME's 2.10 release.
Both KDE 3.4 and GNOME 2.10 are incremental releases. That is to say,
neither desktop is undergoing dramatic changes in the upcoming release and
casual users may not notice many changes. Instead, there are a number of
![[KDE screenshot]](https://static.lwn.net/images/ns/kde-3.4-sm.png)
small improvements and enhancements to the current desktop that users will
find in each release.
Both projects are concentrating on backward compatibility. KDE's Rusin said that
the 3.x series is basically in "maintenance" mode, with the KDE team trying
to add features that users want, without major changes that would
compromise compatibility with older releases. He noted that one of the goals
for the 3.4 release is to maintain binary compatibility with the earlier
3.x releases. GNOME's Villa said that the GTK core toolkit has a strict ABI/API
compatibility policy. "If you build against GTK 2.0, you should be
able to run against GTK 2.6 with no problems
". He also said that
other core GNOME libraries provide the same guarantee, "that's why we
have Firefox and Eclipse building against us
".
According to Villa, the 2.10 release will see more bugfixes than
usual. He said that, depending on how you track bugs, the 2.10 release
![[GNOME screenshot]](https://static.lwn.net/images/ns/gnome-2.10-sm.png)
already includes between 1,000 and 5,000 closed bugs -- and that's before
the final feature freezes and bug fixing before the final release. Villa did
note that the GNOME team always places a high priority on quality control,
but that this release seemed to have a higher than normal number of
bugfixes.
Another focus for the GNOME team in 2.10 is implementation of freedesktop.org standards agreed upon by the GNOME and KDE teams. Villa noted that the GNOME team had revamped the menu structure to comply with the freedesktop.org menu specification.
The GNOME release adds a new "Places" menu to the panel that allows the user to quickly navigate between their home folder, the desktop, CD-ROM and network locations. Villa said that the GNOME team has also addressed some of the complaints about the file chooser from the last version of GNOME, and that the typeahead feature has returned.
Both desktops are increasingly friendly for users with disabilities. Villa
said that the 2.10 release did not focus on improvements to accessibility
because GNOME is "already far and away the leaders in
accessiblity
".
The KDE team, on the other hand, has made accessibility a major priority in
3.4. One major new feature that users will find in 3.4 is the text to
speech system in 3.4, which would be available in many applications. Rusin
said there is also a new "mono" theme for 3.4 that would be better for
users who had difficulty with the high-color styles used in KDE. Rusin
noted that working on accessibility was difficult because it is "
Multimedia has also gotten a boost in GNOME 2.10. According to Villa, the
Gstreamer integration is greatly improved in GNOME 2.10. This is the first
release where Totem has been integrated into the GNOME release process, and
Villa also said it was the first release where the Totem team had worked
more closely with the Gstreamer team. Totem had previously worked with
Xine, but Villa said that Xine had "
Both KDE and GNOME teams have been beefing up their groupware
offerings. Rusin told LWN that KDE PIM
had been "
Evolution's latest release includes eplugin, a plugin architecture to allow
developers to extend Evolution with new features. Some of the plugins
available now include an inline audio player for Evolution, an Exchange
account setup plugin and an "automatic contacts" plugin that creates
address book entries when a user replies to e-mails. Evolution already
includes the Exchange plugin, and Villa said that Evolution was also
getting a lot of work to be compatible with Novell GroupWise.
KDE 3.4 marks the first inclusion of aKregator, a feed aggregator for
KDE. This writer found aKregator very easy to use, and its integration with
Konqueror and Kontact makes it a great choice for KDE users. The KDE team
has also beefed up KPDF to include support for the text-to-speech features.
From talking to developers on both teams, it's clear that both
desktops are trying to move towards better "enterprise" capability, and
making it easier for others to develop applications for the respective
desktops. From using both, it's clear to this writer that GNOME and
KDE view users differently. GNOME continues to move towards a simple
end-user interface, while KDE is more about adding features that users want
-- even if it increases complexity.
Users who want to try out GNOME 2.10, without the hassle of compiling GNOME
or installing it, should look to the Ubuntu Live CD
for the upcoming Hoary Hedgehog release. Rusin said he wasn't aware of any
Live CDs with KDE 3.4 beta just yet, but something might pop up on the
Knoppix lists.
There is a lot more at stake than just the fate of a couple of peer-to-peer file
sharing services. What's at stake, to quote from one of the many
amici briefs filed in this high-profile case (this
one by the Computer & Communications Industry Association and
NetCoalition) is nothing less than this: it's a push to overturn the
court's ruling in
Sony Corp. of America v. Universal City Studios, 464 U.S. 417
(1984) (the "Betamax case") and replace it "
[Editor's note: due to the length of this article, we have not put the
whole thing inline in the Weekly Edition. The
full text of PJ's Grokster article may be found on its own page.]
Restart the process?
Under the co-decision rules for European lawmaking, the European
Parliament, Commission and the Council all have to agree to the text of the
directive before it can come into force. However at this stage in the
legislative process (it is now at its second reading), if the European
Council continues to ignore the Parliament's amendments, it will be
extremely difficult for the European Parliament to keep them.
An absolute majority (two thirds of all MEPs, or at least 367 votes) is
required in a second reading for each Council amendment the Parliament
wishes to reject. Every MEP absent in the plenary chamber that day and
every abstention vote would count in favor of the Council proposal. In
2004, the University of Duisburg-Essen released a study which showed that
on average only 56.2% of Italian MEPs took part in the 4,437 roll call
votes held in European Parliament between 1999 and 2003. The most diligent
MEPs are from Luxembourg with a presence of 85.2%. We would, in other
words, have to encourage an abnormally high turnout of MEPs for an issue
that struggles to capture their imaginations.
This is even more worrying when you consider that a majority of the MEPs
currently in parliament were elected in 2004 and did not even participate
in the first reading of the directive. Ten new countries, with no previous
say in the directive, also joined the EU in 2004. If the council position
is officially announced, the Parliament will be forced to vote on the
second reading within three to four months. This would give a relatively
new Parliament little opportunity for discussion and consultation, and
could lead to software patent loopholes if critical amendments were left
out.
On the 2nd of February, JURI is set to decide whether or not to restart the
procedure. This decision has only been possible because of a motion, signed by 61
members of the European Parliament, calling for a new first reading of the
software patent directive. Poland has also helped significantly by
repeatedly postponing the adoption of the Council's software patent
agreement, but can only do this for so long before other states pressure
them on issues more important to the Polish economy.
A complete restart is one of the best (and only) feasible solutions
left. As there are no absolute majority requirements in first readings, it
would be easier for European Parliament to pass amendments. The Council
would have to have a new first reading, canceling their current
pro-software patent position and putting pressure on them to avoid adopting
a similar stance so contrary to the will of Parliament. A restart would
also enable new member states to have their say from the beginning, making
it a more democratic directive.
What can you do?
The only reason we don't have software patents in Europe is because of
the efforts of activists protesting and lobbying against them. In Europe,
according to the European Patent Office, already 7% of applicants hold more
than 50% of patents. If we don't want to go down a path whereby a start-up
or open source company with no patents will be forced to pay whatever price
larger corporations choose to impose, we must get out there and fight to
stop it happening. Here are a few ideas to get you started:
(Edward Griffith-Jones contributed to the writing of this article).
such
a hugely complicated area
", and that the KDE team will continue to
add functionality in future releases.
legal encumbrances
" that
made it more difficult for vendors to distribute. There is also a new and
improved mixer applet in GNOME 2.10 that hides some of the complexity from
the user, at least at first. Villa said users would still be able to get to
all of the functionality of their sound card with the mixer, but wouldn't
be presented with it at first glance.
hugely improved
" for 3.4. Kontact has expanded its
support of GroupWare servers with support for Novell GroupWise and
OpenGroupware.org, and partial support for Microsoft Exchange Server
2000. Kontact also supports OpenExchange Server, eGroupWare and Kolab.
Grokster, the Little Engine that Could, Chugs Up One Last Hill
Grokster is the Little Engine That Could. So far, against
overwhelming odds, it has successfully dodged every legal bullet a massive
horde of entertainment companies - some 28 of them, representing the
interests of the music recording and movie industry - have thrown at
it. Now, there is one more hill, and it's the steepest of them all, a
hearing before the US Supreme Court in March. February 2, 2005 By Pamela Jones, Editor of Groklaw with new standards that
would as a practical matter
give the entertainment industry a veto power over the development of
innovative products and services.
"
European software patent update
On 24 September 2003, after 19 months of consideration, the European
Parliament voted on the software patent directive, and made substantial
amendments to exclude patents on pure software and business
methods. However, regular rows between the European Council and Parliament;
the Council ignoring many of the Parliaments amendments; and the Committee
for Legal Affairs of the European Parliament's (JURI) subterfuge tactics to
try and push it through, mean that pure software patents in Europe are
still a scary possibility
Security
Address space randomization in 2.6
Arjan van de Ven has posted a series of patches which add some address space randomization to the 2.6 kernel. With these patches applied, each process's stack will begin at a random location, and the beginning of the memory area used for mmap() (which is where shared libraries go, among other things) will be randomized as well. These patches represent an improvement in the kernel's security infrastructure, but the reception on the public lists has been surprisingly hostile.Many buffer overflow exploits, especially those used in large-scale attacks, contain hardcoded addresses. An exploit which overflows a stack variable will place some executable code on the stack; it then overwrites the return pointer so that the broken function "returns" into the exploit code. If you look at a given distribution's shipped version of a vulnerable program, an exploit will always be able to place its payload at the same address on the stack, so it can contain that address directly. If, instead, the exploit author does not know ahead of time where the payload will end up, actually getting the computer to execute that code will be much harder.
That is why the stack randomization patch helps. When the stack location is deterministic, a relatively simple exploit can be made to work on all systems running the vulnerable distribution. If the stack moves, instead, hardcoded addresses no longer work.
Moving the mmap() area has similar benefits. One popular type of exploit prepares the stack and then "returns" into a shared library somewhere. That return can, for example, cause the application to behave as if it had intentionally called system() or a similar library function. Moving the libraries around makes these attacks harder.
One of the biggest complaints that has been raised is that the amount of randomization is insufficient. The patches, as posted, vary the stack base within a 64KB area and the mmap() base within a 1MB range. Alignment requirements prevent just any address from being used with the result that only a relatively small number of possible base addresses exists. So a determined attacker could repeatedly run a hardcoded exploit with some assurance that, within a reasonable amount of time, the stack would land at the right place and the exploit would work. Placing a long series of no-op instructions at the beginning of the payload can also make an exploit more robust when faced with randomization.
Arjan responds that the amount of randomization is not the issue at the moment. He is trying to get the infrastructure into the kernel and tested in a minimally disruptive way; the degree of randomization can be tweaked upward later on. That amount may never get as high as some people would like, at least on 32-bit systems, because it cuts back on the available virtual address space. But it is likely to go up once the developers are convinced that things are working.
In any case, a larger randomness makes the problem harder, but does not change its fundamental nature. With the ability to keep trying, an attacker will eventually get around any degree of randomization possible on 32-bit systems (64-bit systems are a different story). Thus, says Ingo Molnar:
Randomization is not a magic bullet which solves a wide range of security problems. It does make an attack harder, however, and that can only be a good thing.
New vulnerabilities
bind: validator function denial of service
| Package(s): | bind | CVE #(s): | CAN-2005-0034 | ||||
| Created: | January 27, 2005 | Updated: | February 1, 2005 | ||||
| Description: | A vulnerability was discovered in BIND version 9.3.0, an incorrect assumption in the validator function can be exploited by a remote attacker to cause named to exit prematurely. | ||||||
| Alerts: |
| ||||||
ClamAV: multiple issues
| Package(s): | clamav | CVE #(s): | CAN-2005-0133 | ||||||||||||
| Created: | January 31, 2005 | Updated: | March 3, 2005 | ||||||||||||
| Description: | ClamAV fails to properly scan ZIP files with special headers and base64 encoded images in URLs. | ||||||||||||||
| Alerts: |
| ||||||||||||||
cpio - file permissions error
| Package(s): | cpio | CVE #(s): | CAN-1999-1572 | ||||||||||||||||||||||||||||
| Created: | February 2, 2005 | Updated: | July 19, 2005 | ||||||||||||||||||||||||||||
| Description: | Some versions of cpio contain an ancient vulnerability where files created by that utility have overly generous access permissions. | ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||
f2c: insecure temp files
| Package(s): | f2c | CVE #(s): | CAN-2005-0017 CAN-2005-0018 | ||||||||||||
| Created: | January 27, 2005 | Updated: | April 20, 2005 | ||||||||||||
| Description: | The f2c fortran to C translator has a vulnerability due to insecure opening of temporary files. A local attacker can use this to launch a symlink attack. | ||||||||||||||
| Alerts: |
| ||||||||||||||
FireHOL: insecure temporary file creation
| Package(s): | FireHOL | CVE #(s): | |||||
| Created: | February 1, 2005 | Updated: | February 1, 2005 | ||||
| Description: | FireHOL insecurely creates temporary files with predictable names. A local attacker could create malicious symbolic links to arbitrary system files. When FireHOL is executed, this could lead to these files being overwritten with the rights of the user launching FireHOL, usually the root user. | ||||||
| Alerts: |
| ||||||
Gallery: cross-site scripting vulnerability
| Package(s): | gallery | CVE #(s): | |||||||||
| Created: | January 31, 2005 | Updated: | February 10, 2005 | ||||||||
| Description: | Rafel Ivgi has discovered a cross-site scripting vulnerability where the 'username' parameter is not properly sanitized in 'login.php'. See this Gallery announcement for the release of 1.4.4-pl5 for more information. | ||||||||||
| Alerts: |
| ||||||||||
ncpfs: multiple vulnerabilities
| Package(s): | ncpfs | CVE #(s): | CAN-2005-0013 CAN-2005-0014 | ||||||||||||||||||||
| Created: | January 31, 2005 | Updated: | May 15, 2006 | ||||||||||||||||||||
| Description: | Erik Sjolund discovered two vulnerabilities in the programs bundled with ncpfs: there is a potentially exploitable buffer overflow in ncplogin (CAN-2005-0014), and due to a flaw in nwclient.c, utilities using the NetWare client functions insecurely access files with elevated privileges (CAN-2005-0013). | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
ngIRCd: buffer overflow
| Package(s): | ngIRCd | CVE #(s): | |||||
| Created: | January 28, 2005 | Updated: | February 1, 2005 | ||||
| Description: | Florian Westphal discovered a buffer overflow caused by an integer underflow in the Lists_MakeMask() function of lists.c. See the ngIRCd 0.8.2 release announcement for more information. | ||||||
| Alerts: |
| ||||||
openswan: stack based buffer overflow
| Package(s): | openswan | CVE #(s): | CAN-2005-0162 | ||||
| Created: | January 28, 2005 | Updated: | February 1, 2005 | ||||
| Description: | A stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code. | ||||||
| Alerts: |
| ||||||
perl: setuid vulnerabilities
| Package(s): | perl | CVE #(s): | CAN-2005-0155 CAN-2005-0156 | ||||||||||||||||||||||||||||||||
| Created: | February 2, 2005 | Updated: | August 11, 2006 | ||||||||||||||||||||||||||||||||
| Description: | There are two vulnerabilities with perl when it is used in a setuid mode. The PERLIO_DEBUG environment variable can be used to overwrite arbitrary files; there is also an associated buffer overflow which can be exploited to gain root access. | ||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||
postgresql: privilege escalation via LOAD
| Package(s): | postgresql | CVE #(s): | CAN-2005-0227 | ||||||||||||||||
| Created: | February 1, 2005 | Updated: | February 7, 2005 | ||||||||||||||||
| Description: | John Heasman has discovered a local privilege escalation in the PostgreSQL server. Any user could use the LOAD extension to load any shared library into the PostgreSQL server; the library's initialization function was then executed with the permissions of the server. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
SquirrelMail: multiple vulnerabilities
| Package(s): | squirrelmail | CVE #(s): | CAN-2005-0075 CAN-2005-0103 CAN-2005-0104 | ||||||||||||||||||||||||||||||||
| Created: | January 28, 2005 | Updated: | July 19, 2005 | ||||||||||||||||||||||||||||||||
| Description: | SquirrelMail 1.4.4 has been released, fixing a number of security issues that have been resolved since 1.4.3a. | ||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||
uw-imap: authentication bypass
| Package(s): | uw-imap imap | CVE #(s): | CAN-2005-0198 | ||||||||||||||||
| Created: | February 2, 2005 | Updated: | March 1, 2005 | ||||||||||||||||
| Description: | The uw-imap package, prior to version 2004b, contains a vulnerability which can enable a remote attacker to bypass the authentication mechanism. This bug only affects CRAM-MD5 authentication, which is not enabled on all distributions. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current 2.6 prepatch remains 2.6.11-rc2.Linus's BitKeeper repository, which looks like it is heading for a 2.6.11-rc3 release before too long, contains an XFS update, a set of out-of-memory killer fixes, a generic transport class mechanism (which replaces the SCSI transport code), some architecture updates, the removal of bcopy(), a fix for writable module parameters in sysfs (it never actually worked before), and various fixes.
The current -mm release is 2.6.11-rc2-mm2. Recent changes to -mm include the unexporting of register_cpu() and unregister_cpu(), an InfiniBand update, a tool for tracking page-level memory leaks (see below), the addition of the unprivileged realtime scheduling rlimit code (covered here last week; this code replaces the SCHED_ISO patch), and a fair number of fixes.
The current 2.4 kernel remains 2.4.29; the 2.4.30 process has not yet begun.
Kernel development news
Quotes of the week
NETIF_F_LLTX and race conditions
Network drivers must provide a function (hard_start_xmit()) for the networking layer to call whenever it decides the time has come to send out a packet. Normally, calls to hard_start_xmit() are serialized with a spinlock (xmit_lock) in the net_device structure. In this way, the networking subsystem guarantees that it will not attempt to send multiple packets simultaneously on the same interface.This method works, but it is not quite ideal, especially for high-performance network adaptors. Most drivers already implement their own internal locking, rendering xmit_lock redundant. The xmit_lock can also cause a certain amount of cache line bouncing on SMP systems with a lot of networking traffic. To work around these problems, the NETIF_F_LLTX "feature" flag was added in 2.6.9. If a driver sets NETIF_F_LLTX on its interface, it is declaring that it performs its own locking, and its hard_start_xmit() function will be called without the xmit_lock held.
All seemed well for a while, but, back in December, Roland Dreier noticed a problem. When a network driver notices that an interface's transmit buffers are too full to accept any more packets, it calls netif_stop_queue() to inform the networking layer. Its hard_start_xmit() method should then not be called until the driver (with a call to netif_wake_queue()) indicates that new packets can, once again be accepted. Network drivers thus can count on not being asked to transmit packets when they have stopped the queue.
Unless, as it turns out, they have set NETIF_F_LLTX. The lack of transmit locking in the networking layer itself leads to a situation where hard_start_xmit() can be called simultaneously on multiple processors; hard_start_xmit() is supposed to handle that situation with its own locking. But, if one hard_start_xmit() call fills the transmit buffer and stops the queue, the second call will proceed in a state it had not expected: it has a packet to transmit but no place to put it. In most cases, this race leads to a strange error message in the system logs. In a poorly-written driver, worse things could happen.
Roland's initial problem report included a patch which silenced the log message. The networking hackers did not like that solution, however; they feared that it could hide serious (unrelated) bugs. So they set out to come up with a better solution. The result was a lengthy patch which made some significant changes to how network driver locking works. Uses of xmit_lock were changed to disable interrupts, so that lock could be used in interrupt handlers as well. Drivers could then use xmit_lock (rather than their own lock) for internal locking. The NETIF_F_LLTX flag was redefined to indicate that the transmit routine was completely lockless, a condition which only applies to certain types of software device. The end result was most of the advantages of NETIF_F_LLTX but with the race condition solved. A version of this patch was merged as part of 2.6.11-rc2.
Unfortunately, there were some difficulties. The locking changes led to deadlocks in certain situations where the driver would try to grab a lock already held by the networking code which called it. Network drivers had to be careful not to do anything (such as spin_unlock_irq()) which would enable interrupts while xmit_lock was held. dev_kfree_skb() could no longer be called in any place where xmit_lock was held, since its use is not legal when interrupts are disabled. Overall, there were enough problems with this approach that the patch was backed out after the -rc2 release, and the developers started over.
The current approach, as proposed by David Miller, is to leave things as they are and silence the log message. The patch has been tweaked a bit since first proposed by Roland in December; it now tries to distinguish the NETIF_F_LLTX race from other (more serious) calls to hard_start_xmit() with the transmit buffer full. This is done by checking to see if the queue has been stopped; if so, it is a harmless race and transmission of the packet is silently deferred. If the queue is still running, however, then something has gone wrong somewhere. This change must be made in all drivers which use NETIF_F_LLTX - a relatively small set. It's a small change, but it is a change in the rules for network drivers and worth being aware of.
Yet another approach to memory fragmentation
A number of developers have taken a stab at the problem of memory fragmentation and the allocation of large, contiguous blocks of memory in the kernel. Approaches covered on this page recently include Marcelo Tosatti's active defragmentation patch and Nick Piggin's kswapd improvements. Now Mel Gorman has jumped into the fray with a different take on the problem.At a very high level, the kernel organizes free pages as shown in the diagram below.
![[cheesy memory diagram]](https://static.lwn.net/images/ns/kernel/mmzone1.png)
The system's physical memory is split into zones; on an x86 systems, the zones include the small space reachable by ISA devices (ZONE_DMA), the regular memory zone (ZONE_NORMAL), and memory not directly accessible by the kernel (ZONE_HIGHMEM). NUMA systems divide things further by creating zones for each node. Within each node, memory is split into chunks and sorted depending on its "order" - the base-2 logarithm of the size of each block. For each order, there is a linked list of available blocks of that size. So, at the bottom of the array, the order-0 list contains individual pages; the order-1 list has pairs of pages, etc., up to the maximum order handled by the system. When a request for an allocation of a given order arrives, a block is taken off the appropriate list. If no blocks of that size are available, a larger block is split. When blocks are freed, the buddy allocator tries to coalesce them with neighboring blocks to recreate higher-order chunks.
In real-life Linux systems, over time, the larger blocks tend to get split up, to the point that larger allocations can become difficult. A look at /proc/buddyinfo on a running system will tend to show quite a few zero-order pages available (one hopes), but relatively few larger blocks. For this reason, high-order allocations have a high probability of failure on a system which has been up for a while.
Mel's approach is to split memory allocations into three types, as indicated by a new set of GFP_ flags which can be provided when memory is requested. Memory allocations marked by __GFP_USERRCLM are understood to be for user space, and to be easily reclaimable. In general, all that's required to reclaim a user-space page is to write it to backing store (if it has been modified). The __GFP_KERNRCLM flag marks reclaimable kernel memory, such as that obtained from slabs and used in caches which can, when needed, be dropped. Finally, allocations not otherwise marked are considered to not be reclaimable in any easy way.
Then, the buddy allocator's data structures are expanded to look something like this:
![[The Gorman approach to buddy allocators]](https://static.lwn.net/images/ns/kernel/mmzone-mg.png)
When the allocator is initialized, and all that nice, virgin memory is still unfragmented, the free_area_global field points to a long list of maximally-sized blocks of memory. The three free_area arrays - one for each type of allocation - are initially empty. Each allocation request, when it arrives, will be satisfied from the associated free_area array if possible; otherwise, one of the MAX_ORDER blocks from free_area_global will be split up. The portion of that block which is not allocated will be placed in the array associated with the current memory allocation type.
When memory is freed and blocks are coalesced, they remain within the type-specific array until they reach the largest size, at which point they go back onto the global array.
One immediate benefit from this organization is that the pages which are hardest to get back - those in the "kernel non-reclaimable" category - are grouped together into their own blocks. A single pinned page can prevent the coalescing of a large block, so segregating the difficult kernel pages makes the management of the rest of memory easier. Beyond that, this organization makes it possible to perform active page freeing. If a high-order request cannot be satisfied, simply start with a smaller block and free up the neighboring pages. Active freeing is not yet implemented in Mel's current patch, however.
Even without the active component, this patch helps the kernel to satisfy large allocations. Mel gives results from a memory-thrashing test he ran; with a vanilla kernel, only three out of 160 attempted order-10 allocations were successful. With a patched kernel, instead, 81 attempts succeeded. So the new allocation technique and data structures do help the situation. What happens next remains to be seen, however; there seems to be a big hurdle to overcome when trying to get high-order allocation patches merged.
Useful gadget: /proc/page_owner
If you look far enough into the 2.6.11-rc2-mm2 announcement, you'll find a mention of a "page owner tracking leak detector" patch. The addition of this patch was almost certainly motivated by the series of memory leak problems which have afflicted the 2.6.11 prepatches. It is a heavy-handed tool, but, for some situations, it might make the problem of finding memory leaks far easier.Essentially, this patch causes the kernel to keep track of the call chain that leads to the allocation of every page. This information is made available via /proc/page_owner; it looks something like this:
Page allocated via order 0 [0xc0146f01] kmem_getpages+49 [0xc014846d] cache_grow+173 [0xc0148aac] cache_alloc_refill+460 [0xc0118a8f] copy_files+431 [0xc0148ff5] kmem_cache_alloc+149 [0xc011986b] copy_process+3051 [0xc01199d1] fork_idle+65 [0xc041824a] do_boot_cpu+42
Your editor's 256MB sacrificial kernel box has, after a short period of run time, over 13,000 such entries. So plowing through the raw data is probably not what most people want to do. To help out, a small program (page_owner.c) has been put into the Documentation directory (though one might argue that it should be in scripts instead). This program boils down the contents of /proc/page_owner to something which looks like this:
856 times: Page allocated via order 0 [0xc0146572] __do_page_cache_readahead+290 [0xc0146a70] max_sane_readahead+48 [0xc0140166] filemap_nopage+790 [0xc013fe50] filemap_nopage+0 [0xc0150861] do_no_page+193 [0xc0150cc6] handle_mm_fault+246 [0xc01126cc] do_page_fault+492 [0xc0151b3c] remove_vm_struct+140 839 times: Page allocated via order 0 [0xc0146572] __do_page_cache_readahead+290 [0xc0146a70] max_sane_readahead+48 [0xc0140166] filemap_nopage+790 [0xc013fe50] filemap_nopage+0 [0xc0150861] do_no_page+193 [0xc0150cc6] handle_mm_fault+246 [0xc01126cc] do_page_fault+492 [0xc013c207] ltt_log_event+71
With this output, finding the source of a major memory leak should be relatively straightforward. It's worth noting that this program fails if told to read directly from /proc/page_owner (it does a stat() to determine the size of its input), so you must copy the data to a regular file first. This patch is also a major memory consumer in its own right, since it must store the call chain information for every allocated page. It's thus not something most people would put onto a production system - or even on most development systems. But it can be a useful thing to have around when a page-level memory leak bites.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Security-related
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
Arch Linux for Power Users
Since its humble beginnings in early 2002 Arch Linux has been growing in popularity, occasionally even winning over users of more popular power distributions, such as Slackware or Gentoo. What are the reasons behind its success? We installed the recently released Arch Linux 0.7 on a Pentium 4 test machine to find out.The first point where Arch Linux is ahead of both Slackware and Gentoo is the system installer. Although similar to Slackware's own installer in that it is a curses-based, menu-driven installation program with several sub-screens for fine tuning of various installation options, we were pleasantly surprised by the number of choices the installer provided. As an example, it let us choose a preferred kernel (2.4 or 2.6), X window system (XFree86 or X.Org), boot loader (GRUB or LILO), text editor (nano or vim), and it even went as far as to provide an option to compile a custom kernel prior to completing the installation. For configuring the basic system, we were dropped right into well commented configuration files in /etc/ to make any changes (e.g. to enable networking with DHCP). The availability of choice was what made an excellent first impression; contrast that to the Slackware installer where the only available bootloader is LILO, or to Gentoo, which forces you to edit text files in nano (at least until you get to the point where you can install alternative text editors).
The recommended way of installing Arch Linux is to select a base system only for initial installation, configure it, then reboot. Additional packages can be installed later - either from the installation CD (note, however, that in terms of desktop environments, the Arch Linux installation CD only provides IceWM, WindowMaker and XFce, but no GNOME or KDE), or over the network. The tool to install packages on Arch Linux is called "pacman", written in C++.
After spending some time perusing the fairly comprehensive Arch Linux Installation Guide, we concluded that pacman, in its basic form, resembles Debian's apt-get in more than one way. With a simple 'pacman -Sy' (equivalent to 'apt-get update') we retrieved the current list of available packages from the master repository, then proceeded with installation of X.Org, followed by KDE and GNOME. If the '-S' switch (short for '--sync') is specified, pacman is capable of resolving any dependencies required by the given package(s). Therefore a simple command like 'pacman -S xorg kde gnome' was all that was needed to turn a very basic Arch Linux system into a powerful workstation with both KDE and GNOME.
Next, we went on to create an xorg.conf file with 'X -configure', then updated the ~/.xinitrc file to start KDE instead of the default WindowMaker, before we found ourselves in a pristine KDE desktop. Unlike Slackware or Gentoo, Arch Linux does include some branding on the KDE splash screen and on the default wallpaper, but the KDE theme, menu items and desktop icons are left in their default states. We noticed the absence of Firefox, so we fired up a terminal and went back to pacman (there is no graphical edition of the package installation tool). Here we used pacman's search capabilities to locate available files with commands like 'pacman -Ss firefox', then installed the packages that we wanted. Besides the usual open source software applications, we also noticed the availability of some non-free packages, such as MS TrueType fonts, NVIDIA driver, Opera and Acrobat Reader. Altogether, there are over 1,800 binary packages available in the current and extra directories on Arch Linux mirrors.
Those of you who read the Ubuntu Hoary story last week will recall our disappointment on not being able to install the beta version of OpenOffice.org 2.0. Luckily, we found this package (version 1.9.74) in the Arch's unstable directory, so we invoked pacman one more time to take a look at this preview of the much anticipated release. It installed and downloaded as expected and we were soon greeted with the OpenOffice.org 2.0 splash screen. At first glance, there are no visible changes in the user interface, but this list of new features leaves little doubt about the extent of the improvements in the open source office suite. We found the package very stable, although not much speedier than the 1.1 series. The developers of Arch Linux tend to provide other experimental packages for interested users - besides OpenOffice.org 2.0, Arch binary packages of the first beta of KDE 3.4 are now also available in a third-party repository.
Comparing this distribution to Gentoo, there is another aspect of Arch Linux that will appeal to power users - the Arch Build System (ABS). ABS was designed to fulfill a role of building Arch binary packages from source code with relative ease - either for packages that do not exist in the official Arch repositories, or to rebuild packages with custom options. This is done by modifying a pre-built template in /var/abs/PKGBUILD.proto, then executing the 'makepkg' command to build an Arch Linux binary package. The resulting file can be installed with pacman. Unlike Gentoo, however, there is no easy way to rebuild the entire system or to optimize it for the processor at hand, and currently there are no plans to support architectures other than the i686.
Arch Linux is a clean, powerful distribution. Apart from the two package management utilities of pacman and pkgbuild, the developers have resisted any temptation to implement package customizations or add new utilities. As such, the system requires a fair amount of post-install tweaking to bring it to a usable level. Security updates are handled in a style of FreeBSD's ports of constantly updating packages to their latest versions. This may occasionally break the system, but problems are usually fixed in a reasonably short time. One area where Arch Linux trails behind Gentoo is documentation; except for the two man pages for pacman and pkgbuild, the installation manual and a sparse wiki, there is little else to guide novice users to configure their Arch Linux system. On the other hand, the distribution has active user forums and mailing lists, as well as several international community sites in German, Italian and Polish.
Next time you find yourself at home during a rainy weekend, give Arch Linux a try - it is one of the more interesting and powerful dark horses among Linux distributions.
Distribution News
Ubuntu Linux
Ubuntu has announced the creation of Local Community Teams (LoCo Teams), to promote the use, adoption, and localization of Ubuntu.
The Ubuntu development team has reached its
first milestone in the production of the Live CD version of the
upcoming release of Ubuntu codenamed "Hoary Hedgehog." This edition
features a completely redesigned system for creating Live CDs.
"While some people have tried rough previews, this is the first
proper milestone for the live CD version. Anyone, especially folks who are
using our previous release (4.10 "Warty Warthog"), are encouraged to try
this out.
"
Ubuntu has issued a call for help for a new
kernel team. "The Linux kernel in Ubuntu has, up until this point,
been primarily maintained by a series of different individuals. As Ubuntu
takes on more architectures and more users, its *needs* a solid team to help
maintain this essential piece of infrastructure. Ubuntu will not be able to
do this without the community's support.
"
Fedora Extras available for download
The Fedora Project has announced, with apologies for the delay, that the Fedora Extras repository is now available with over 500 packages. Click below for the details.Debian GNU/Linux
The debconf5 organization team has declared that registrations for the sixth annual Debian Conference are now open.Another Bug Squashing Party has been proposed for February 4 - 6, 2005.
LBA Reveals Plans For Next Linux Release
SOT Finnish Engineering Ltd has revealed plans for the next version of the Linux Business Alliance's flagship product, LBA-Linux R3. The upcoming release will include new features that focus on security and improved usability. Click below for more information.LACommunity goes gentoo...
Gentoo users looking for audio applications may be interested in Arnold Krille's gentoo-portage overlay. "Today I decided to make my little but constant gentoo-portage overlay available for the public. It contains only some apps not in already in portage. Currently available are aeolus-0.3.1 with aeolus-stops-0.1.1, fmit-0.9.[89], museseq-0.7.0, tuneroid-0.9.4 and (not an linux-audio-app) ktechlab-0.1.2." Click below for more information.
LNA: Linux Netwosix Virtual World Community
The first Linux Netwosix Virtual World Community is born! All Netwosix users are invited to join the community. "If you have a problem with Netwosix or you just want to talk about Linux, if you want to improve our work or if you just want to help us to grew up, join the first Linux Netwosix Virtual Community at : http://www.netwosix.org/community". Click below for additional details.
The Live CD List
Looking for a Live CD? The Live CD List provides a comprehensive, easy-to-search list of Linux-based Live CDs.*click a name to be taken to the project homepage
*click a header to sort
*click a Primary Function to show only Live CDs with that Primary Function
Announcing The Slackware Handbook Project (MadPenguin)
MadPenguin has announced the Slackware Handbook Project. "The Slackware Handbook is a project co-ordinated and hosted by Mad Penguin in an effort to keep Slackware documentation as up-to-date as possible. This is accomplished by creating a format in which the entire Slackware community can take part in the process by being capable of adding/editing content as they see fit. All of this content is also moderated by peer review system, keeping it as accurate as possible."
Distribution Newsletters
Debian Weekly News
The Debian Weekly News for February 1, 2005 looks at DebConf registration, Debian installation in expert mode, Debian at FOSDEM, dealing with missing dependencies, library packaging guideline, the transition of MySQL related packages, how to upgrade Woody to Sarge, the new 2005 Debian archive key, and several other topics.Gentoo Weekly Newsletter
The Gentoo Weekly Newsletter for the week of January 31, 2005 is out. Topics in this edition include Trusted Gentoo, a request for EM64T developers, the release of a Gentoo/PPC GameCD, and more.Ubuntu Traffic
Two new issues of Ubuntu Traffic, a newsletter summarizing the goings-on in the Ubuntu community, are out. The Ubuntu Traffic #18 covers the week after the conference in Mataró. Ubuntu Traffic #19 covers the last week of 2004.DistroWatch Weekly, Issue 85
Here's the DistroWatch Weekly for January 31, 2005. "Welcome to this year's 5th issue of DistroWatch Weekly! In this issue we will bring you a couple of resources that can help with building a custom live CD, introduce the Debian Volatile project, and present Xandros Desktop OS 3 as our featured distribution of the week. Happy reading!"
Package updates
Fedora Core updates
FC3: selinux-policy-targeted-1.17.30-2.73 (allow dhcpd to read random devices), procps-3.2.3-5.1 (add support for /proc/slabinfo 2.1), system-config-kickstart-2.5.19-1.fc3 (bug fixes and improvements), elinks-0.9.2-2.1 (bug fixes prevents crashes), NetworkManager-0.3.3-1.cvs20050119.2.fc3 (bug fixes), gaim-1.1.2-0.FC3 (corrects update id), openssl096b-0.9.6b-21 (adds missing fix for CAN-2004-0081), curl-7.12.3-2 (upgrade to 7.12.3), system-config-printer-0.6.116.1-1 (bug fixes), ruby-1.8.2-1.FC3.1 (backported changes from devel), rhgb-0.16.2-1.FC3 (fixes various errors), file-4.12-1.FC3.1 (upgrade and bug fixes), net-tools-1.60-37.FC3.1 (bug fixes), gimp-2.2.3-0.fc3.2 (make desktop icon theme-able), system-config-services-0.8.18-0.fc3.1 (fix off-by-one bug), mc-4.6.1-0.12.FC3 (upgrade to mc-4.6.1-pre3 and many bug fixes), dump-0.4b39-1.FC3 (fixes for unintentional writes to target partition and other bug fixes), selinux-policy-targeted-1.17.30-2.75 (contains the SELinux example policy configuration), policycoreutils-1.18.1-2.6 (merge upstream changes), dbus-0.22-10.FC3.2 (fix for CAN-2005-0201).FC2: procps (add support for /proc/slabinfo 2.1), elinks-0.9.1-1.1 (bug fixes prevents crashes), zlib-1.2.1.2-0.fc2 (fixes 2 DoS issues), gaim-1.1.2-0.FC2 (corrects update id), openssl096b-0.9.6b-20 (adds missing fix for CAN-2004-0081), dump-0.4b39-1.FC2 (fixes related to possible data corruption, other bug fixes).
Mandrakelinux updates
Mandrakelinux 10.1 updates: kde (bug fixes), kdebase (fix a problem with the previous update)Mandrakelinux 10.0, 10.1, Corporate Server 3.0 updates: nut (fixes a bug in the upsd initscript), mdkonline (fixes a permissions flaw), clamav (upgrade to clamav 0.81)
Slackware updates
Slackware has gotten many updates, upgrades and fixes in slackware-current this week. Click below for this week's slice of the changelog.
Distribution reviews
A Week in the Life of an Arch Linux Newbie (OSNews)
OS News has published a review of ArchLinux. "ArchLinux quotes itself as being "an i686-optimized linux distribution targeted at competent linux users." Part of its philosophy is that by not providing you with lots of configuration utilities, you are forced to "learn the ropes" and you will benefit from the additional knowledge acquired. A sensible approach you may think, and is fine for experienced and/or fearless techies. You know that this isn't going to be the distro to recommend to your mother! But, I wouldn't say ArchLinux is elitist as some readers may fear. Sure, you will be frowned upon (to put it mildly) if you ask questions in the forums that are blatantly answered in the main documentation. However, expecting users to actually edit the appropriate config files manually isn't a bad thing in my opinion."
Ubuntu Linux--Would You Like Some Community With That? (LinuxPlanet)
LinuxPlanet reviews Ubuntu Linux. "This review discusses both Ubuntu 4.10 (AKA "Warty Warthog") and the upcoming 5.04 (AKA "Hoary Hedgehog") release, the latter of which is currently only available in live CD form as a preview but is slated for full release in April 2005 (hence the numbering convention--2005, fourth month). I'd suggest losing the cutesy names, but no one is asking me. Both of these are available and actively supported on the x86, AMD64, and G4 and G5 PowerPC platforms."
Page editor: Rebecca Sobol
Development
The Open Clip Art Library
The Open Clip Art Library is An Online Massive Open Source 2d Graphics Repository according to the project FAQ. The project was started in early 2004, it now boasts over 3,000 images. The goal of the project is simple and clear:
![[Open Clip Art Library]](https://static.lwn.net/images/ns/openclipart.png)
Version 0.10 of the library was just released:
Images are stored as SVG (Scalable Vector Graphics) and PNG (Portable Network Graphics) files in a multi-level directory tree. To get an idea of the available images, the library's top level directories include:
animals, buildings, computer, decorations, education food, geography, logos, office, people, plants, recreation, shapes, signs_and_symbols, special, transportation, unsorted
See the online clip art browser for examples.
New clip art images may be created with applications such as Inkscape and Sodipodi, typical office users can then import the images into OpenOffice.org, KWord, and AbiWord, or any other application that supports the SVG or PNG formats.
The project releases are being synchronized with timely events:
![[ocal-hearts]](https://static.lwn.net/images/ns/ocal-hearts.png)
"Our community focused on submitting Valentines Day clip art to help everyone with the upcoming holiday. For the month of February we are trying to collect images related to 'black history month'.
"
The
project roadmap gives a good indication of where the work is
being focused for future releases.
The complete version 0.10 library is available for download here (23 MB). Also, a set of Perl language tools (zip file) are available for working with the clip art archive.
If you need a selection of images for creating web pages, holiday cards, or presentations, the Open Clip Art Library is the first place to look. If you have an artistic ability, the project could surely make use of your contributions.
System Applications
Audio Projects
Planet CCRMA Changes
The latest changes from the Planet CCRMA audio utility packaging project include a cleanup of the Fedora Core repository, new kernels, and new versions of ALSA, and the CMT LADSPA Plugins.
Database Software
PostgreSQL Weekly News
The January 28, 2005 edition of the PostgreSQL Weekly News is out with a collection of the latest PostgreSQL database articles.
Interoperability
Samba 3.0.11rc1 Available for Download
Version 3.0.11rc1 of Samba has been announced. "This is a release candidate of the Samba 3.0.11 code base and is provided for testing only. While close to the final stable release, this snapshot is *not* intended for production servers. If all goes well, this this version will become the final 3.0.11 stable release (with possible minor changes)."
Libraries
ObjectHandler 0.1.0 released (SourceForge)
Version 0.1.0 of ObjectHandler, part of the QuantLib library for quantitative finance, has been announced. Here is the change explanation: "QuantLib (or any generic C++ library) integration into spreadsheets and other end user tools requires a standalone ObjectHandler component, a repository allowing objects to be stored, shared, updated, interrogated, and destroyed."
Networking Tools
Release of iptables-1.3.0rc1
Release 1.3.0rc1 of iptables, a packet filtering framework, is available. "1.3.0rc1 is the first release candidate of the iptables-1.3.x branch, featuring a libiptc rewrite for major performance improvements at rule loading time. Apart from that, a surprisingly big number of small bug fixes have accumulated since the 1.2.11 release in June 2004."
SSL-Explorer v0.1.7 released! (SourceForge)
Version 0.1.7 of SSL-Explorer, an open-source SSL VPN solution, has been announced. "This release includes many new features, the most important of which being the automatic installation of Java applications from our online application store as well as client-side native application execution. Also HTML-based application content may now be launched in a similar manner to provide support for Java Applets and ActiveX controls through the VPN."
Desktop Applications
Audio Applications
Aqualung 0.9beta4 released
Version 0.9beta4 of Aqualung, a music player with gapless track changes, is available. "This new release adds many new features, including file metadata (FLAC/Vorbis/ID3) display & importing, volume calculation and playback RVA (relative volume adjustment) support."
ccAudio2 Version 0.2.1 (beta) released
Beta version 0.2.1 of ccAudio2 has been announced. "'ccaudio2' is a simple, highly portable, stand-alone, C++-based framework for manipulation of audio data. It is meant to be a C++ framework that is as useful as "audiofile" or "sndfile" is for C programming, and to cover various generic and useful manipulations of audio data as well as audio file access. The package includes a stand-alone audio processing command line tool to demonstrate library functionality." See the Change Log for a description of changes in this version.
QjackCtl 0.2.14 released!
Version 0.2.14 of QjackCtl, Qt application for controlling the JACK sound server daemon, has been released. "No big features, only a bunch of optimizations and cleanups."
jack_convolve 0.0.4 announced
Version 0.0.4 of jack_convolve, a convolution engine for jackd, has been announced. Here are the change notes: "new version. the executable is called jack_convolve again. I added libsamplerate support and support for multiple response files."
CAD
Twenty-second release of PythonCAD now available
Release 22 of PythonCAD is available. "The twenty-second release contains primarily internal code enhancements in regards to the Python language. PythonCAD running under PyGTK releases after the 2.4.0 release will now utilize the gtk.ComboBox and the gtk.ColorButton widgets, while PythonCAD running under older releases will still utilize the same widgets as before. This change removes the DeprecatationWarning users with the newer PyGTK release would see. A problem where restoring a deleted TextBlock entity was fixed, and a variety of other fixes and improvements are also included in this release."
Desktop Environments
GNOME Software Announcements
The following new GNOME software has been announced in the last week:- Epiphany 1.5.5 (interface improvements, bug fixes)
- Epiphany Extensions 1.5.6 (new extensions, bug fixes)
- Pyphany 0.1 (initial release)
- gtkmm 2.5.6 and glibmm 2.5.5 (support for more compilers)
- gtkmm 2.4.10 and glibmm 2.4.6 (support for more compilers)
- Gazpacho 0.4.0 (bug fixes and other improvements)
- Coaster 0.1.4.1 (bug fixes)
- Gnome OSD 0.7.0 (new features)
- mCatalog 0.1 (first beta release)
- GtkHTML 3.5.5 (bug fixes and translation work)
KDE Software Announcements
The following new KDE software has been announced in the last week:- amaroK 1.2-beta4 (bug fixes and other improvements)
KDE CVS-Digest (KDE.News)
The January 28, 2005 edition of the KDE CVS-Digest is online. Here's the content summary: "Digikam adds an image border tool. Kopete oscar_rewrite merged into HEAD. Plus many bugfixes and improvements in Quanta and Kopete."
Electronics
Games
Eris 1.3.3 Released
Version 1.3.3 of Eris, a client-side session layer for the WorldForge game project, has been released. "This is the third unstable release of the current development work that will become Eris 1.4, and is being made to coincide with the release of Ember. Minor API changes have taken place since the previous release, related to how Eris::Connection reports time-outs (they are now handled by the existing Failure signal). Various crashes related to time-outs and the meta-server query code have been resolved."
GUI Packages
Linux GUI Testing tool - release 0.1.0
Initial release 0.1.0 of the Linux GUI Testing tool is out. "This is the first release of a testing framework for GNOME, Open Office, Firefox, and QT4 (though at this point only tested against GNOME.) Ideally it'll allow for regular automated testing of complete desktops, just like LTP allows the kernel to do. The main development so far has been done by a Novell group in bangalore, but they'd love to have more involvement from outside."
FLTK News
The latest news from the FLTK project (Fast, Light ToolKit) include the release of version 1.0 of the FLTK training videos, fldiff 0.3, and a home site update.
Interoperability
Wine Traffic
The January 28, 2005 edition of Wine Traffic is available with all of the latest Wine project discussions.
Medical Applications
Future of FreeB (LinuxMedNews)
Fred Trotter posted an article on LinuxMedNews concerning the future of the FreeB medical billing system. "Yesterday I spent several hours talking to David Uhlman about a new approach to medical billing. As a result of this discussion I have decided to hand over the reigns of FreeB development to him and his new company, Uversa For a good few of you, that is really all you will care to know about this issue. FreeB development will continue, and its main goals, to be a separate biller useful to several projects will continue. Some of you will be curious as to why... so that rather lengthy technical monologue follows."
Music Applications
liblo 0.16 announced
Version 0.16 of liblo, the Lite OSC library, is available with bug fixes. "Liblo, the Lite OSC library, is an implementation of the Open Sound Control [1] protocol for POSIX systems. It is written in ANSI C and released under the GNU General Public Licence. It is designed to make developing OSC applictions as easy as possible."
MIDI to CSV Utilities 1.0
Version 1.0 of the MIDI to CSV (comma separated values) Utilities have been announced. "Not a long time ago, somebody asked in Linux-audio-users mailing list for a commandline utility allowing MIDI to text conversion. I'm proud to introduce you a set of tools from John Walker, who wrote and released it into the public domain."
Office Suites
ooo-build 1.3.8 Announced
Build 1.3.8 of OpenOffice.org has been announced. This version adds several new features, GCC 3.4 support, and lots of bug fixes.OpenOffice.org Newsletter - Volume 02 - Issue 7 - 01/2005
The January, 2005 edition of the OpenOffice.org Newsletter is online with a number of new articles.Hacking Open Office (O'Reilly)
Peter Sefton works with OpenOffice.org internals on O'Reilly. "In this article, I'm going to explore some of the ways that OpenOffice.org's Writer application (I'm using version 1.1.2 on Linux and 1.1.3 on Windows XP) is open to customization and configuration. I'll walk through some of the techniques I used to set up the first templates I built with the application in my quest for an interoperable, XHTML-ready system of templates and styles which will work across Microsoft Word and Writer."
Video Applications
gephex 0.4.2 released
Version 0.4.2 of gephex, a real-time video effects platform, is available. "0.4.2 is a bugfix and stabilization release of the 0.4 branch. It also introduces minor feature enhancements."
Web Browsers
Updated Schedule for Mozilla Firefox 1.1 (MozillaZine)
MozillaZine covers the latest release schedule for version 1.1 of the Firefox browser. "The final version of 1.1, previously scheduled for March, will now be released a little later than originally planned (an exact date isn't given). In addition, there will be a series of test builds issued before 1.1 final: a Developer Preview, a Preview Release and one or more release candidates. Mozilla Firefox 1.1 isn't expected to contain any major new features but will include updated versions of core components such as Gecko, which has received many improvements over the last few months."
Firefox Roadmap Update (MozillaZine)
MozillaZine covers the latest Firefox 2.0 Roadmap. "The update calls for a Developer Preview (Alpha) in March, a Preview Release (Beta) in April and Firefox 1.1 final release in June 2005."
Pyphany: Epiphany Python Bindings (GnomeDesktop)
GnomeDesktop looks at the Pyphany project. "Yesterday marks the first Pyphany release. Pyphany is a set of Python bindings for Epiphany and a Python extension loader for Epiphany. You can use Pyphany to write Python extensions for the Epiphany web browser."
Languages and Tools
Caml
Caml Weekly News
The Caml Weekly News for January 25 - February 1, 2005 is out with the latest Caml language articles.
HTML
Nvu 0.80 Released (MozillaZine)
Version 0.80 of the Nvu web authoring system has been announced. "Also known as Nvu 1.0 Beta pre-Release 3, this latest version has experimental XHTML support, line numbers in the HTML Source view, support for editing PHP code and HTML comments and fixes for many bugs."
Java
Internals of Java Class Loading (O'ReillyNet)
Binildas Christudas discusses Java class loading issues on O'Reilly. "When are two classes not the same? When they're loaded by different class loaders. This is just one of many curious side effects of Java's class-loading system. Binildas Christudas shows how different class loaders relate to one another and how (and why) to build your own custom class loader."
Advanced Synth (IBM developerWorks)
Michael Abernethy looks at Synth on IBM developerWorks. "Take an in-depth look at the Synth look and feel, the newest addition to Swing introduced in Java 5.0. Synth lets developers rapidly create and deploy custom looks for an application by introducing the concept of a "skin" to Java UI programming. Software Engineer Michael Abernethy takes you through Synth concepts step-by-step to build an application with a Synth look from scratch. After reading this article, you should be able to create professional-looking UIs in no time."
An Introduction to Service-Oriented Architecture from a Java Developer Perspective
Debu Panda works with SOA architecture applications under Java on O'Reilly. "The use of heterogeneous technologies and applications in corporations is a reality. At a time when resources are scarce, IT shops cannot just throw away their existing applications; rather, they must leverage their existing investments. service-oriented architecture (SOA) is popular because it lets you reuse applications and it promises interoperability between heterogeneous applications and technologies. In this article, I will introduce SOA from a Java developer perspective and examine the technologies available in the Java space to build service-oriented applications."
Lisp
CL-PPCRE 1.2.1 released
Version 1.2.1 of CL-PPCRE, a Perl-compatible, fast, portable regular expression library written in Common Lisp, is out. "These versions provide a cleaned-up build procedure, performance improvements, better Allegro CL compatibility, and a few bug fixes."
SBCL 0.8.19 released
Version 0.8.19 of Steel Bank Common Lisp has been released. "This version features improvements to foreign library loading, debugging and profiling. SBCL has also been ported to native 64-bit mode on x86-64/Linux."
PHP
Active Calendar 1.0.1 Released
Stable version 1.0.1 of Active Calendar, a PHP class that generates calendars as HTML tables, has been announced. "It generates calendar for 1971-2037 and can produce static calendars without any links or calendars with navigation controls, a date picker control, and linked days. User confige the layout through CSS; JavaScript is not required."
IBT PHP Library Release 0.9.2 Stable (SourceForge)
Stable release 0.9.2 of the IBT PHP Library, a shell of high-level PHP functionality that encases PHP content and logic, has been announced. "The 0.9.2 release of the IPL is our second release. It has been thoroughly tested and is stable. This release comes earlier than expected and has, so far, outperformed expectations. 0.9.2 holds many exciting new features such as an entire workflow engine, the ability to create action scripts, a workflow class for building cusom workflow engines, a new email class to ease the tasks involved in sending email, and some added header and data manipulation functions."
Programming eBay Web Services with PHP 5 and Services_Ebay (O'Reilly)
Adam Trachtenberg uses PHP to work with eBay web services on O'Reilly. "By using eBay's web services APIs, members of the eBay Developers Program can hook into the eBay platform using XML to integrate eBay into their own applications."
Python
Dr. Dobb's Python-URL!
The January 28, 2005 edition of Dr. Dobb's Python-URL! is online with another week's collection of Python articles and resources.Dr. Dobb's Python-URL!
The February 1, 2005 edition of Dr. Dobb's Python-URL! is out with new Python language articles and resources.Enhanced Interactive Python with IPython (O'ReillyNet)
Jeremy Jones looks at IPython on O'Reilly. "An interactive programming environment can be a powerful tool to assist in writing programs. Python has one as part of its standard distribution. Yet IPython, "an enhanced Interactive Python shell," is a far superior replacement."
Ruby
Ruby Weekly News
The January 24, 2005 edition of the Ruby Weekly News is available with the latest Ruby language articles.
Tcl/Tk
Dr. Dobb's Tcl-URL!
The December 27, 2005 edition of Dr. Dobb's Tcl-URL! is online with the week's Tcl/Tk articles.Dr. Dobb's Tcl-URL
The February 1, 2005 edition of Dr. Dobb's Tcl-URL is online, take a look for the latest Tcl/Tk articles.Scripting a Binary Tree Using Tcl (O'ReillyNet)
Michael Norton puts Tcl to work on binary trees. "I tend to use Tcl extensively because I look at this scripting language as a big tub of Lego bricks. Who doesn't like to play with Legos? To me, Tcl is Legos for the computer programmer. It comes with lots of bricks that snap together, enabling you to build something incredible. But here's a thought that will surely make the pragmatic C programmer's head spin. I'm going to put the Tcl language to work with managing binary trees."
XML
Formal Taxonomies for the U.S. Government (O'Reilly)
Michael Daconta explains XML taxonomies on O'Reilly. "The FEA DRM specifies three abstract layers of an organization's information: business context, information exchange, and data element description. Business context specifies the use of a taxonomy to categorize government information. One definition of a taxonomy is "a scheme that partitions a body of knowledge and defines the relationships among the pieces. It is used for classifying and understanding the body of knowledge.""
Cross Compilers
GNU Development Chain Release 3.0
Release 3.0 of the GNU Development Chain, a set cross compiler, debugger, and other utilities for the Motorola 68HC11/68HC12 microprocessor family, is out. "It is based on Binutils 2.15, Gcc 3.3.5, Gdb 6.2 and Newlib 1.12.0."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
The Future Is Open: What OpenDocument Is And Why You Should Care ~ by Daniel Carrera (Groklaw)
Groklaw looks at the OpenDocument format. "I asked Daniel Carrera, an OpenOffice.org volunteer, if he'd please explain to us the OpenDocument format. How does a format get chosen? And is OpenDocument on the list when governments like the State of Massachusetts make up such lists of acceptable formats for governmental use? If not, what can be done to change that? He graciously agreed. Because we are all concerned about proprietary formats and standards, and more and more governments are adopting policies requiring open standards, it's a very important subject."
Group to Divide Linux Standards Base (eWeek)
eWeek covers a Free Standards Group decision to break the LSB into modules. ""We decided that rather than add everything to the LSB core, it would be better to break this up into separate parts, the first of which is on the server side. We are thus looking at making the current, ongoing server work a branch of the LSB core," Chris Maresca, a senior partner at Olliance Group, an open-source consulting company that is working with the FSG, told attendees at the OSDL (Open Source Development Labs) Enterprise Linux Summit here on Monday."
Rewriting GPL No Easy Task (eWeek)
eWeek covers a talk by Eben Moglen on version 3 of the GPL. "Another change to the technical paradigm that the license must address is the issue of trusted computing and the threat it poses. 'If I knew what the solution to the problem of trusted computing was, we would have a draft version of it in circulation by now,' Moglen said."
Trade Shows and Conferences
Hawaii now has its own open source conference (NewsForge)
NewsForge covers the Trans-Pacific Open Source Software Conference. "The first-ever Trans-Pacific Open Source Software Conference (TPOSSCON) was held at the Hawaii Convention Center January 17 - 21, 2005. In many ways, it was a "pilot project" meant to gain credibility for what organizer Scott Belford of the Hawaii Open Source Education Foundation (HOSEF) hopes will become a yearly event that attracts people not only from Pacific Islands but also from "mainland" countries on both sides of the world's largest ocean."
13-year old to address Linux conference (ZDNet)
ZDNet Australia looks forward to Linux.Conf.Au, where Bdale Garbee's daughter is on the program. "Elizabeth will be speaking on 'Extending Tuxracer - Learning by Playing', a seminar which Chair of the 2005 organising committee Steven Handley has said will revolve around making modifications to Tuxracer (a popular open source game involving Linux's cuddly mascot) with the aim of making the game more fun. Ex-Debian Project Leader and dad Bdale will also present at the conference."
The SCO Problem
Bitter struggle to control company (Salt Lake Tribune)
The Salt Lake Tribune reports that things are getting ugly at Canopy. "On one side is Ralph Yarro, ousted chairman, president and chief executive of the Lindon-based Canopy, an investment firm whose extensive holdings include SCO Group, a company now widely known for its Linux-related lawsuits against IBM and others. Yarro is joined by ex-chief financial officer Darcy Mott and former corporate counsel Brent Christensen. The three are suing for at least $100 million, alleging they were illegally ousted in December by a group led by Noorda's daughter, Val Noorda Kriedel of Orange County, Calif.; longtime Canopy investment adviser Terry Peterson, and William Mustard, an independent senior executive consultant appointed CEO in Yarro's place." (As seen on Groklaw).
Companies
Are Microsoft's licences unfair to open-sourcerers? (Register)
The Register examines the effects of Microsoft's protocol licensing scheme on open-source development. "Carlo Piana, a partner at Milan law firm Tamos Piana & Partners, which represents FSF Europe, told eWeek:"Microsoft has proposed a licencing agreement blatantly tailored to exclude free software from accessing it." The terms of the Microsoft licence require that the holder does not distribute the source code of their implementation of the protocol, except to other licence holders." Thanks to Nigel Arnot.
Red Hat unveils government business unit (News.com)
Here's a brief News.com article on Red Hat's new government sales group. "Red Hat also said that it has landed a new government customer: the U.S. Department of Energy's national laboratories and technology centers. Under the seven-year agreement, Red Hat Enterprise Linux will be broadly deployed at the labs and tech centers."
Open-Source Foes (ComputerWorld)
Here's a ComputerWorld article on the differences between the Linux and Solaris approaches to open source. "Linux has propeller-head cachet and market credibility, along with billions of dollars in technical and marketing investment from companies such as IBM, Red Hat and Novell. OpenSolaris has one company behind it and Scott McNealy at its press conferences."
Sun: Patent use OK beyond Solaris project (News.com)
In this News.com article Sun claims that its recently released patents may be used for all open source projects. "The server and software company clarified its position somewhat on Monday. "Clearly we have no intention of suing open-source developers," said Tom Goguen, head of Solaris marketing. However, he added, "We haven't put together a fancy pledge on our Web site" to that effect."
Linux at Work
IT Powerhouse Strikes Back (IPSnews)
Here's an article on the IPS site about embedded Linux uses in India. "It is unlikely that Linus Torvalds, creator of Linux, ever intended this open-source operating system to be put to military use. But it is a mark of the robustness of this revolutionary operating system that the Indian army is reposing faith on it -- and indeed, has now completed user trials on the device. Called SATHI (short for Situational Awareness and Tactical Handheld Information and Hindi for buddy), the 875-gramme device helps soldiers coordinate with one another on the battlefield."
Legal
The open-source patent conundrum (News.com)
Bruce Perens examines software patents, on News.com. "The latest tactic in the software-patenting battle is the granting of patent rights to open-source developers. But are the grants really the equivalent of wolves in sheep's clothing?"
JURI Votes: It's Restart (Groklaw)
Groklaw carries the news that the European software patent process will be restarted from the beginning. This is good news, but it means that the lobbying effort will have to start over as well.
Interviews
The Big Kolab Kontact Interview - Part I (KDE.News)
KDE.News talks with some people from the Kontact and Kolab projects. "Steffen Hansen: Kolab is a Free software groupware solution. The components are the Kolab server and Kontact, which is the KDE Kolab client. There is also a Kolab web client in the works."
The social structure of open source development (NewsForge)
Tom Chance talks with Andreas Brand about KDE's social structure, on NewsForge. "Andreas Brand is a sociologist researching ways of recruiting and organising teams of volunteers on the Internet. He has been studying KDE as an example of an open source project based upon collaboration without hierarchies. As part of his work he has conducted interviews with KDE developers, participated in several open source conferences, analysed the KDE home page, and distributed a questionnaire among volunteers. We asked him about his thoughts on the KDE development model."
Resources
KDE tips and tricks (NewsForge)
NewsForge explores KDE tips and tricks. "The K Desktop Environment (KDE) is incredibly popular in the world of GNU/Linux. Distributions such as SUSE and Mandrakelinux use it by default. KDE has some useful features that, while easily accessible, are less prominent. Just as a camera inexplicably makes a cell phone more fun to use, KDE's cool but unnoticed details may make it more attractive to prospective users. Read on to learn about a few such features may help you every day."
Reviews
Pentium-based ETX module supports Linux (Linux Devices)
Linux Devices looks at a new Linux-compatible single-board computer from Adlink. "Adlink has released an ETX form-factor single-board computer (SBC) that supports embedded Linux on Celeron and Pentium processors. Target markets for the ETX-IM333 include medical automation, instrumentation, gaming, POS, mobile computing, and transportation, according to the company. The ETX-IM333 is based on an Intel 855GME chipset and supports Pentium M processors from 1.1 GHz to 2.0 GHz, as well as Celeron M processors from 600 MHz to 1.3 GHz."
Freevo: Freedom For Your TV (O'ReillyNet)
O'ReillyNet covers the Freevo Project. "Freevo is a media platform that brings together various applications for video recording and playback. Under its open format, the user can fully customize Freevo to suit his media viewing needs. Its main feature is its ability to schedule and record television broadcasts."
Hacking Google (O'ReillyNet)
O'ReillyNet presents excerpts from Google Hacks, 2nd Edition. "With access to more than three million documents in over 30 languages, Google is a researcher's dream. But like any invaluable tool, knowing the insider tricks of the trade is a must to save time and needless effort. Tara Calishain and Rael Dornfest, authors of Google Hacks, 2nd Edition, have set out to educate the masses to the ins and outs of Google. In today's excerpt, they offer the inside scoop on scattersearching, cartography, Google on the go, gmail-lite, and AdSense. With over 150 million Google searches conducted every day, why be just a number?"
GRAMPS got roots (NewsForge)
NewsForge has a review of the GRAMPS genealogical application. "GRAMPS is easy to use, produces a variety of reports, handles GED files with ease, and allows you to add notes, photos, and other data to individuals in your database. Citing its web site, "GRAMPS is a genealogical application, the name being an acronym for Genealogical Research and Analysis Management Programming System. It allows you to store, edit, and research genealogical data, with similar functionality to other genealogical programs.""
How Beaverton, Ore. is boosting budding open source businesses (NewsForge)
NewsForge takes a look at OSDL's new Open Technology Center. "[Executive director LaVonne] Reimer called the center the first and only place bringing together the best minds in the business to explore the benefits of open technology. She indicated the Beaverton business center would focus on and fund different aspects of business and provide space for startups, technology with which to experiment, and an executive program for open tech entrepreneurs and those who surround them."
Miscellaneous
Steal This Show (New York Times)
The New York Times (registration required) looks at the television business model, BitTorrent, MythTV, the broadcast flag, and more. "Cecil Watson, a 32-year-old software expert in Fontana, Calif., created KnoppMyth to make the installation of MythTV as simple as possible. The MythTV movement is 'picking up steam,' Mr. Watson said, because it satisfies the way he wants to watch television today - and he doesn't have to pay rental fees for a cable box or a DVR if he chooses not to. 'It records the shows I want to watch and I now have the choice to spend the time the way I want,' he said."
Where is the spirit of Linux? (LinuxFocus)
LinuxFocus has an editorial on the spirit of Linux. "Linux really used to have a spirit and a small but very active community. It was almost like a little garage. Everybody was working on some part of the car. Adding tires, polishing and tuning the motor.... New people came and were amazed. Hey, this is a cool idea! How can I help? Give me that screw driver. I will fix the mirror. Next Linuxfocus came into the garage. The Linux "car" is a nice one! It is a bit difficult to drive but we like it so we will contribute by documenting how to use it. Everybody who was using the Linux "car" was also contributing to it in some way. It was very exciting." (Thanks to Mats Schneider)
Running Windows viruses with Wine (NewsForge)
Matt Moen has some fun playing with Windows viruses on Linux under Wine. "Out of the five Windows viruses I ran under Wine, not a single one was able to send email and propagate itself. When I went out of my way to be part of the Windows community by doing my part to propagate Windows viruses (lots of Windows users seem to think this is important, seeing as how they run random executables and use Microsoft Outlook and Internet Explorer) I discovered that it couldn't easily be done with GNU/Linux tools." Thanks to Tres Melton.
The Real Price of Linux Software (law.com)
Law.com has run a low-clue article on how businesses can protect themselves from the (perceived) threats of free software. "Open-source software's potential risks for intellectual property infringement litigation and the lack of warranties, indemnities and other protections mean businesses should be clamping down on open-source software. Despite the possibility of legal action by SCO, most companies have little understanding of how much open-source software they are using because they don't manage it properly and don't understand how many commercial applications have embedded open-source software."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
A reorganization at the Open Source Initiative
The Open Source Initiative has put out a press release describing a fairly major organizational thrashup. Eric Raymond leaves as president, to be replaced by Russell Nelson. A number of new initiatives are in the works, including "the establishment of principles of Open Source development and best practices" and the maintenance of a registry of projects which are deemed to follow those principles.Organizations ask for renegotiation of the software patent directive
CCOO, Proinnova, Hispalinux, AI, Libro Blanco and Caliu have asked for renegotiation of the software patents directive in the Council and expressed their solidarity with ThankPoland.info. "In the 40 days between 2004-12-21 and today, over 40 000 citizens (over 28 000 verified signatures [1]) thanked the Polish Information Minister for his position at the Council of the EU. The signatures may be handed to the authorities this week. Poland twice delayed the formal adoption of a document for the software patents directive [2] that, without defining restrictive criteria, left the door open for software patents in the EU. In recent years, Eurolinux has gathered more than 380.000 signatures against software patents [3]." (Thanks to Xavi Drudis Ferran)
PDPC 2005 Fundraiser
The PDPC 2005 Fundraiser has been announced. "Peer-Directed Projects Center, the IRS 501(c)(03) not-for-profit org which runs the Freenode network, has begun its 2005 fundraiser. We're soliciting funds for PDPC's 2005-2006 fiscal year, which begins July 1."
The PHP Security Consortium Announced
A new organization called the PHP Security Consortium has been launched. "The PHP Security Consortium (PHPSC) is an international group of PHP experts dedicated to promoting secure programming practices within the PHP community."
Software Freedom Law Center founded
The Software Freedom Law Center has announced its existence. This center, headed by Eben Moglen, will provide pro-bono legal services to non-profit developers of free software. "The Law Center will initially have two full-time intellectual property attorneys on staff and expects to expand to four attorneys later this year. Initial clients for the Law Center include the Free Software Foundation and the Samba Project." OSDL is putting up some of the initial cash to get it going; click below for the press release.
Commercial announcements
ActiveGrid joins OSDL
The Open Source Development Labs (OSDL) has announced that ActiveGrid, Inc. has joined OSDL and will participate in the lab's Data Center Linux (DCL) working group.Appgen releases MyBooks Professional for Linux
Appgen's accounting solutions has announced availability of MyBooks Professional. "Appgen general business and accounting applications are Linux-native, and have been since 1997."
EMS PostgreSQL Manager 2.8 Released
Version 2.8 of the EMS PostgreSQL Manager, a commercial PostgreSQL database administration and development tool has been announced. A freeware version is available for download.Hyundai Deploys SGI Altix Supercomputers running Linux
SGI has announced a deployment of their Altix Supercomputers by the Hyundai Motor Company. "A subsidiary of Silicon Graphics, Inc. (NYSE: SGI), SGI Korea has delivered four SGI(R) Altix(R) servers and an SGI(R) InfiniteStorage solution. These new servers, powered by a total of 148 Intel(R) Itanium(R) 2 processors and running Red Hat(R) Enterprise Linux(R) operating system, were installed in November and will be used for full car analysis, engine analysis, drag test and the prediction of airborne noise."
IRMA to Deliver Complete Translations of Linux in 78 Languages by 2006
Linspire has announced its online IRMA translation site. "Linspire, Inc. today announced the release of a new Web-based translating application that will allow volunteers to easily translate leading Linux applications into nearly 80 different languages. Dubbed the International Resource Management Application, or IRMA, the project calls on users who speak English and another language to volunteer to translate parts of the operating system. Currently, 24 languages are supported through the system, with 54 additional languages to be added over the next few weeks."
Jybe Beta Released (MozillaZine)
MozillaZine covers Jybe, a Firefox extension. "Jack Mott writes: "Our company, Advanced Reality, recently released a new product as an open beta. Jybe is an extension for Firefox that allows you to link your browser together to one or more friends' browsers and allows you to chat and browse the web together. Initial features included full frames support, chat, and a powerpoint presentation system, with more to come."
Levanta Joins Open Source Development Labs
Open Source Development Labs has announced the latest new member, Levanta. "The Open Source Development Labs (OSDL), a global consortium dedicated to accelerating the adoption of Linux in the enterprise, today announced that Levanta, Inc., a leader in Linux configuration management, systems provisioning and software deployment, has joined OSDL and will participate in the Lab's Data Center Linux and Desktop Linux working groups."
Maguma Workbench PHP IDE 2.2
Release 2.2 of Maguma Workbench, an IDE for PHP, has been released. "Maguma has published the newest version of Maguma Workbench. Maguma Workbench 2.2 has new features, more stability and a new pricing concept. During the same period Maguma will also publish the Maguma Workbench SDK, for more independence to create new modules for your "Workbench". For this reason Maguma has created a competition for developers, to create new plugins."
Hack your Nokia phone in Python
Nokia has announced the availability of a development kit enabling applications to be written for its Series 60 phones in Python.PatentCafe Launches New Open Source Software Patent Search Engine
PatentCafe has announced the opening of its Open Source Software (OSS) Patent Search Engine devoted entirely to worldwide search access to OSS patents. Click below to see the press release.Skype 1.0 available
Skype Technologies has announced that version 1.0 of its voice-over-IP application for Linux is available for free (beer) download. "Skype for Linux 1.0 has been successfully been tested on many recent distributions, including, but not limited to: SuSE 9, Gentoo 1.4, Debian 'unstable', Fedora Core 2, Sun Java Desktop System Release 2 and Xandros."
New TiVo Application Platform Opens Its Doors to Third Party Developers
TiVo Inc. has announced the availability of an early-access software development kit (SDK) that allows third parties to create entertainment and information applications that extend the TiVo service. "As part of the launch of the early-access SDK, TiVo is also announcing a developers contest. Developers are encouraged to submit their applications to be judged by a panel of industry luminaries that includes James Gosling, CTO of Sun Microsystems' developer products group, and Chris Anderson, Editor-in-Chief of WIRED magazine. Complete contest rules and prizes can be found online at http://www.tivo.com/challenge."
New Books
"Buffer Overflow Attacks: Detect, Exploit, Prevent" Released by Syngress
Syngress has published the book Buffer Overflow Attacks: Detect, Exploit, Prevent by James C. Foster.ThoughtWorks publishes Pragmatic Version Control Using Subversion
ThoughtWorks has announced the publication of the book Pragmatic Version Control Using Subversion by Mike Mason."Linux Server Security" Released by O'Reilly
O'Reilly has published the book Linux Server Security by Michael D. Bauer.
Resources
openEHR Foundation News (LinuxMedNews)
LinuxMedNews has published the latest openEHR Foundation News. "Thomas Beale, Chair of the openEHR ARB posts an openEHR status review and progress outlook for 2005 to the openEHR mailing lists."
User Documentation for OpenEMR (LinuxMedNews)
LinuxMedNews mentions the availability of new documentation for OpenEMR, an open-source electronic medical records system. "The OpenEMR community received a 25 page User Documentation Manual for OpenEMR. The OpenEMR community thanks Dr. Bowen for his gracious contribution of a 25 page user manual for OpenEMR version 2.6."
Contests and Awards
KDE Edu Applications Strike in Qt Contest (KDE.News)
KDE.News covers the QtForum.org programming contest award winners. "Today QtForum.org, a site dedicated to Qt development discussions, presented the winners of the QtForum.org programming contest award, sponsored by Trolltech. The contest selected the best educational software written with the Qt libraries, and these two programs from the KDE Edutainment Project took first and second prize, while third place was shared among two also KDE-based applications."
OO.o Splashscreen Vote - take two
The OpenOffice.org spashscreen contest is again underway. "Voting is once again open for the OpenOffice.org 2.0 splashscreen. This screen will be seen by tens of millions. If you voted last month, please vote again; all votes cast that time were thrown out as invalid."
Upcoming Events
O'Reilly Open Source Convention CFP
O'Reilly has sent out a call for participation for the 2005 Open Source Convention (OSCON). The event will be held in Portland, Oregon on August 1-5, 2005, proposals are due by February 13.Free Linux Certification at 2005 LinuxWorld Conference and Expo
IDG World Expo has announced a free LPI certification testing program at the Boston Linux World Conference & Expo event. "Each day of the conference at 1:00 p.m., LPI will be conducting the LPI 101 exam in Room 205. The proctored exams are free to all conference delegates, and a special discounted price of $25 is also offered to all exhibitors and exhibit hall attendees."
6th Annual Libre Software Meeting CFP (LinuxMedNews)
The 6th annual LSM 2005 Libre Software Meeting for Medicine has been announced. The event will be held on July 5-9, 2005 in Dijon, France. "LSM is the annual international meeting of experts (prividers and users) on new developments in free software medical systems (open source) and their applications. An important objective of the LSM/2005 is to open contacts between people from different domains mainly IT (Information Technology) and Medicine."
Golden Penguin Bowl at LinuxWorld Conference and Expo
IDG World Expo has announced the next Golden Penguin Bowl, an event that pits media agains analysts. The bowl will take place on February 15 at 4:30 PM as part of the World Conference & Expo 2005 in Boston.Malaga Named as Location for 2005 KDE Conference (KDE.News)
KDE.News has announced the location selection for the 2005 KDE Conference. "After an evaluation process of several possible locations, Malaga in southern Spain has been chosen as the location of the 2005 KDE conference by the KDE e.V. membership in a recent vote. The conference will be held by KDE e.V. in cooperation with different sponsors."
WFS 2005 - Call for Papers
The 6th International Workshop on Free Software will be held on June 1-4, 2005 in Rio Grande do Su, Brazil. Papers are due by March 14.Events: February 3 - March 31, 2005
| Date | Event | Location |
|---|---|---|
| February 3, 2005 | Solutions Linux 2004 | (CNIT, Paris la Défense)Paris, France |
| February 3 - 4, 2005 | Asia Source | (Visthar training venue)Bangalore, India |
| February 4 - 6, 2005 | ShmooCon 2005 | (Wardman Park Marriott Hotel)Washington, DC |
| February 7 - 11, 2005 | GlobusWORLD | (Sheraton Boston Hotel)Boston, MA |
| February 9 - 11, 2005 | German Perl-Workshop 2005 | Dresden, Germany |
| February 9 - 11, 2005 | Third-Annual Desktop Linux Summit | (Del Mar Fairgrounds)San Diego, CA |
| February 9, 2005 | OOo RegiCon North America | (Del Mar Fairgrounds)San Diego, CA |
| February 11 - 13, 2005 | CodeCon 2005 | San Francisco, CA |
| February 12 - 13, 2005 | Southern California Linux Expo 2005(SCALE) | (Los Angeles Convention Center)Los Angeles, CA |
| February 14 - 17, 2005 | Linux World Conference and Expo | (Hynes Convention Center)Boston, MA |
| February 18, 2005 | Fedora Users and Developers Conference(FUDcon1) | (Massachusetts Institute of Technology)Boston, Massachusetts |
| February 24 - 25, 2005 | UKUUG LISA/Winter Conference | Birmingham, UK |
| February 25, 2005 | Dutch Perl Workshop | Amsterdam, the Netherlands |
| February 26 - 27, 2005 | Free and Open Source Developers' European Meeting(FOSDEM 2005) | Brussels, Belgium |
| February 28 - March 3, 2005 | EclipseCon 2005 | (Hyatt Regency)Burlingame, CA |
| February 28 - March 1, 2005 | Asia Debian Mini-Conf 2005 | Beijing, China |
| March 1 - 2, 2005 | JBoss World 2005 User Conference | (Omni/CNN Center)Atlanta, GA |
| March 2 - 4, 2005 | Security-Enhanced Linux Symposium | Silver Spring, Maryland |
| March 2 - 3, 2005 | Asia CodeFest 2005 | Beijing, China |
| March 2 - 4, 2005 | The 5th Asia Open Source Software Symposium | Beijing, China |
| March 2 - 4, 2005 | The Free and Open Source Software Workshop | (Al Assad National Library)Damascus, Syria |
| March 10 - 16, 2005 | CeBIT 2005 | Hannover, Germany |
| March 12, 2005 | Gentoo UK 2005 | (University of Salford)Manchester, UK |
| March 12, 2005 | Third Hungarian PHP Conference | Budapest, Hungary |
| March 14 - 17, 2005 | Emerging Technology Conference(ETech) | (Westin Horton Plaza)San Diego, CA |
| March 21 - 24, 2005 | Bellua Cyber Security Asia 2005 | (Hotel Borobudur)Jakarta, Indonesia |
| March 21 - 24, 2005 | Open Source Modeling and IDEs Workshop | (Caribe Royale All Suites Resort & Convention Center)Orlando, FL |
| March 23 - 25, 2005 | PyCon DC 2005 | (GWU Cafritz Conference Center)Washington, DC |
| March 26 - 27, 2005 | YAPC::Taipei 2005 | Taipei |
| March 30 - April 1, 2005 | PHP Quebec | (Crowne Plaza Hotel)Montreal, Canada |
| March 31 - April 1, 2005 | Black Hat Briefings Europe 2005 | Amsterdam, the Netherlands |
Web sites
The GCC Wiki
A new Wiki Site has been launched for discussion of GCC, the GNU Compiler Collection.The Open Skills Site
OpenSkills 2 is a new site for the discussion of various Linux issues: "Welcome to OpenSkills 2 (Beta 2), a Collaborative Knowledge Portal, an Insane Experiment of System Exposure Just Another Linux-and-More WebSite for SysAdmin". The site is also available in Italian.
Page editor: Forrest Cook
Letters to the editor
Comments re: An Early Look at Ubuntu Hoary
| From: | Jeff Waugh <jeff.waugh-AT-ubuntu.com> | |
| To: | Ladislav Bodnar <ladislav-AT-linuxfreemail.com>, LWN <lwn-AT-lwn.net> | |
| Subject: | Comments re: An Early Look at Ubuntu Hoary | |
| Date: | Thu, 27 Jan 2005 16:22:02 +1100 |
Hi Ladislav!
Another great article about Ubuntu - thank you. :) One minor correction for
you:
"We have already mentioned the Ubuntu live CDs, which represent another
interesting aspect of this distribution. These live CDs are now built by
the maintainers of Gnoppix, a project that was originally an attempt to
develop a Knoppix-like distribution for GNOME users."
It turns out that the reverse is true: Gnoppix is now based on Ubuntu.
Our new LiveCD infrastructure uses 'Casper', a fully cross-platform LiveCD
bootstrap system that runs on top of Ubuntu's standard installer code, and
exactly the same kernel as installed Ubuntu systems. To do this, we've
swapped out some of the common, ugly LiveCD kernel extensions and used
better technologies in the standard Linux kernel, such as the devicemapper
copy-on-write overlay.
These features, in addition to much needed documentation, have granted
third parties much greater ability to make minor modifications or entirely
new LiveCDs. Gnoppix is now an Ubuntu derivative, Kubuntu will soon be
producing installer and LiveCDs, and there are plans afoot in the GNOME
Project to use a 'debranded' and customised Ubuntu LiveCD as a GNOME
marketing tool.
All this talk about LiveCDs papers over one important issue - Casper can be
used to create any kind of bootable media... DVD, USB, firewire,
holographic storage... Well, ok, so that one's still "coming soon". ;-)
Thanks,
- Jeff
--
GUADEC 2005: Stuttgart, Germany http://2005.guadec.org/
"I guess there's part of me that's always resented it... to be an
actor, you have to have someone else say yes to you." - Edward Norton
eWEEK, I think you've missed the point of the GPL
| From: | Leon Brooks <leon-AT-cyberknights.com.au> | |
| To: | eWEEK-AT-ziffdavis.com | |
| Subject: | eWEEK, I think you've missed the point of the GPL | |
| Date: | Tue, 1 Feb 2005 16:36:14 +0800 | |
| Cc: | letters-AT-lwn.net |
Quoting http://www.eweek.com/article2/0,1759,1754298,00.asp -
> We agree with Gates' argument that the case for "free" should not
> be oversimplified. Software costs only begin with the acquisition
> of a license, free or otherwise.
The reason so many South American, African and Asian countries are
falling over themselves to adopt FOSS is very simple: it gives them
back control of their countries, and their economies.
Anyone paying any attention to the South Americans would have noticed
how often they mention that one copy of MS-Office equals so many bags
of this or that export product. This is something that I wish my own
country (Australia) would do.
Simple issues like outright cost are overwhelmed by the sheer ability
FOSS grants the locals. Linux, GNOME, KDE and other major items have
already been internationalised for communities with less than one tenth
of the population of the smallest language group ever internationalised
in MS-Windows or MS-Office. Security agencies, the military and so on
can examine and change every byte of the software that their systems
run, without going cap-in-hand to a foreign business and signing their
life away. Locals can work on local projects with rudimentary equipment
and without shelling out several years' wages for any development kits
or distribution rights.
These advantages are only representative of the huge number of
advantages to FOSS. Microsoft can never foreseeably be "agile" enough
to meet more than a small number of these needs, or even to publicly
admit that they exist.
With a very few showcase exceptions, Microsoft and their customers
assume adversarial positions; with FOSS, the customers _are_ the
developers, the management and the marketing department. They don't
need anyone to ask them where they want to go today, they just go.
Cheers; Leon
--
http://cyberknights.com.au/ Modern tools; traditional dedication
http://plug.linux.org.au/ Member, Perth Linux User Group
http://osia.net.au/ Member, Open Source Industry Australia
http://slpwa.asn.au/ Member, Linux Professionals WA
http://linux.org.au/ Member, Linux Australia
Misquote/misattribution in your Mercury article?
| From: | Leon Brooks <leon-AT-cyberknights.com.au> | |
| To: | John Boudreau <jboudreau-AT-mercurynews.com> | |
| Subject: | Misquote/misattribution in your Mercury article? | |
| Date: | Wed, 2 Feb 2005 11:19:34 +0800 | |
| Cc: | letters-AT-lwn.net |
> The SCO Group says that IBM and other companies inserted its Unix
> code into versions of Linux.
Not exactly true. In fact, just far enough from true to get you into
legal trouble. If you'd written it in quotes it would be Mr Moglen's
problem, presuming that such an attribution is correct, but as it
stands it reads more like a misplaced rephrase of something Mr
Kusnetzky is likely to have said.
The SCO group does not say that any more - at least, not in any legally
binding forum.
What they are actually claiming in court is that IBM dealt unfairly with
them in a contract centring on Monterey. The substance of the claim is
that IBM inserted code _which_IBM_developed_ into all of TSG-owned
UNIX(R), OS/2 and later Linux. The logic to the claim is that because
the code was originally developed for TSG's UNIX(R) codebase (not
actually true), it falls under the same _contractual_ terms as UNIX(R)
proper and therefore could not have been published elsewhere by IBM.
It turns out that practically all of their premises are wrong, that
their predecessors-in-interest-once-removed in the contract (AT&T)
clearly didn't intend a remotely similar interpretation of the
contract, that much of their UNIX(R) code is public domain anyway so
they'd be hard pressed to claim legitimate ownership, that they
published the supposedly tainted code themselves for more than a year,
that no copyrights or patents relating to UNIX(R) were ever transferred
to them, that no UNIX(R) code exists in Linux and to cut a long list
short that they don't appear to even be able to find their own
backsides with both hands, a map, a mirror and someone coaching them.
The SCO Group are not pressing any copyright or patent claims against
IBM. IBM is counterclaiming (so far) seven patent violations against
The SCO Group. TSG don't even own the trademark on UNIX(R), The Open
Group does. Worse, The SCO Group appear to have included GPLed driver
code from Linux wholesale into UNIXWARE(R) without so much as an
attribution.
In short, Open Source generally doesn't need protection from idiots.
Idiots will attack monied interests for the very simple reason that
there's no profit in attacking individual developers, and said monied
interests will typically respond by smacking down said idiots.
What Open Source does need legal protection from are short-sighted,
powerful and greedy monopolists like the RIAA and Microsoft, who appear
to be willing to sacrifice almost any principle in the pursuit of
control and the ensuing profits. Open Source generally doesn't have the
concentrations of money needed to go toe-to-toe in courts and
legislatures and under tables with these organisations.
Cheers; Leon
--
http://cyberknights.com.au/ Modern tools; traditional dedication
http://plug.linux.org.au/ Member, Perth Linux User Group
http://osia.net.au/ Member, Open Source Industry Australia
http://slpwa.asn.au/ Member, Linux Professionals WA
http://linux.org.au/ Member, Linux Australia
Page editor: Jonathan Corbet