LWN.net Weekly Edition for May 19, 2005
A call for an open media gadget
Your editor, recently faced with some long flights, went out and bought himself a portable media player. Despite certain, predictable marital problems caused by the acquisition of yet another expensive electronic toy, the new device has been a great success. It is Linux friendly, plays Ogg files, sounds good, and makes it possible to carry vast amounts of music in a shirt pocket. Since your editor is a fan of live music, he has been especially pleased by the combination of the player and the vast library of concert recordings which is downloadable - with the artists' permission - from archive.org.On the other hand, this device has its annoyances. It boots slowly. The user interface has clearly not been through a serious usability program. The device has a beautiful color display, but most of the space is wasted with silly decorations so that song titles must be scrolled. There are no games to keep the kids happy. And so on. Wouldn't it be nice to be able to go in and hack on the code so that this hardware, which is so full of potential, could be enjoyed fully?
Efforts like the open graphics project seek to push forward the state of free graphics through the creation of entirely open hardware. That project is worthwhile, and we wish its developers the best of luck. But here is a question worth asking: might there not be value in the creation of an open media gadget?
One could easily put together a wishlist of features: a nice display, substantial internal storage, good analog-to-digital and digital-to-analog hardware, an FM tuner, a low-power FM transmitter, an integrated camera, Bluetooth and/or WiFi networking, etc. But gadgets already exist with most or all of those capabilities. What's missing is this: the platform should be based on Linux, all of the source for the base system should be available, and it should be easy to install new software (and replace existing software) on the system. This gadget should not just tolerate having its operating software ripped out and replaced; it should be designed with that in mind from the beginning.
A solid, open platform can inspire a great deal of creativity in the wider development community. Can you imagine what sort of community might gather around a media gadget which is not only open, but which actively encourages its users to hack on it? This device would rapidly develop capabilities unimagined by its creators; if a way could be found to produce it at a reasonable price, chances are that it would be a raging commercial success. Your editor - once his credit card has been returned to him - would gladly buy one.
Thanks to over twenty years of work from the free software community, many of us can do our core computing with entirely free systems. But this freedom has not yet extended into many of the other computers that we use every day. Maybe, someday, the consumer electronics industry will realize that, while it makes great hardware, it can do better by letting its customers create much of its software for it. But, while we're waiting, perhaps there are some people with the same sort of drive and skills as shown by the Open Graphics Project who would like to show the industry how it can be done?
A turning point for shorewall
Shorewall is a front-end to the Linux netfilter system which makes it (relatively) easy to set up and maintain a firewall. It has a dedicated user community which appreciates Shorewall's flexibility and documentation, along with the ability to secure a system with a minimum of hassle. The current release is 2.2.4.Unfortunately, that may be the last release for a while; Shorewall maintainer Tom Eastep has announced that he will no longer work on the project. Shorewall, it seems, has fallen victim to a common problem with smaller projects: developer burnout. Mr. Eastep has concluded that Shorewall development takes more of his time (and health) than he can afford to give.
There appears to be a couple of problems in how Shorewall is developed. The first is that nobody has stepped up to take on a significant part of the load, leaving Mr. Eastep to do all of the work himself:
Without having followed the development process for this project, we would be ill-advised to say why things turned out this way. It could be that the Shorewall community did not feel the need to contribute to the project, or it could be that Mr. Eastep, in one way or another, discouraged that sort of involvement. But any project which is dependent on a single person in this way will always be at risk.
Mr. Eastep also notes:
He was apparently unwilling to solve this problem the way many free software developers do: simply ignore support and documentation altogether. The documentation for Shorewall is extensive, to say the least; it clearly took a lot of time. Likewise with support; a reading of the Shorewall mailing list shows Mr. Eastep doing his best to answer most of the questions that were asked. It is not surprising that he got tired of carrying that load.
Shorewall is free software, and it almost certainly will not die. There are already some signs that members of the user community are beginning to step up to help ensure that the project continues. This is, of course, one of the strengths of free software; had Shorewall been proprietary, it would now be dead. But the other side of this coin is that the user community has to take an interest in the software it depends on. If users do not come forward over time to help with programming, documentation, and support, they may find themselves having to do it in a hurry when the primary maintainer departs.
(Thanks to Matt "Cyber Dog" LaPlante for the heads-up).
Apple and KHTML
Apple's use of KHTML and KJS in WebCore, (part of Safari) was widely hailed at the time as a success story between open source and a commercial software company. That was two years ago. Recently, Apple announced that it had passed the Acid2 Test, which prompted users to start wondering when Konqueror would start being Acid2-compliant.
This, in turn, sparked a few developers to clarify that Apple's changes to KHTML and KJS were not necessarily in a form that was easily digestible by the KHTML and KJS teams -- in fact, Apple's changes in some parts, using OS X API, make the code more or less incompatible with KHTML and KJS. While Apple is complying with the license (LGPL), it would seem that Apple was not going much further than required by the LGPL.
After it became public that the relationship between KHTML and WebCore was not a symbiotic success story between open source and Apple, it quickly turned into a "vs." story in the mainstream IT media, like CNET's "Open-source divorce for Apple's Safari."
While the headline may be catchy, it seriously overstates the situation and misses some of the finer points in the relationship. In order to sort through some of the mess to present a more realistic picture, we tried to get folks from both sides to comment. Apple did not respond to a request for comment, but KDE developer Harri Porten was kind enough to respond to questions from LWN.
The first question we posed to Porten was what Apple could do in order to
make collaboration more possible. Porten told us that it would be a big
help if Apple could provide "an open JavaScript/WebCore CVS
"
to make it easier to track changes. At this point, there is no CVS
provided. Apple does provide source tarballs, but nothing to make it easier
to merge the code into KHTML or KJS.
Porten also pointed us to Zack Rusin's blog and his response to Safari developer Dave Hyatt. Hyatt asked what Apple could do better, and Rusin had plenty of suggestions. Rusin noted that, at this point, Apple and KDE developers had gone in two different directions:
Whatever solution we can come up will probably revolve around the following two: either we'll have some say in the way you develop WebCore's KHTML or you will start participating in the way we develop KDE's KHTML. It's basically doing whatever we can to somehow build a bridge between both teams.
Rusin suggested sharing a bugs database, having Apple hire someone to merge patches between the KDE and Apple source trees in sync, having Apple more involved in KHTML head development, and several other suggestions. Rusin also suggested that the two teams organize a phone conference.
While it's not clear if there's been a phone conference between the two
groups, KDE developer Allan Sandfeld reports that there has been an IRC
discussion and says that "
Porten has also said that collaboration between Apple and KDE is
"
Both parties are working hard on finding ways to cooperate more closely in
the future. We have to respect each other's needs in terms of release
cycles and policies but I'm sure we'll find a way. After all cooperation
within KDE works as well although the project is made up of hundreds small
but separate entities that all have their different background and
motivation.
We also asked Porten whether Apple, or any other company, had an ethical
responsibility to go beyond the terms of the license and actually cooperate
with development. Porten said he didn't want to get into a discussion of
ethics, but said that it "
At this point, it seems that the attention and negative publicity have
helped to open the channels of communication between Apple and KDE once
again. With any luck, the two groups will be able to find a way to
collaborate on KHTML/WebCore in a way that makes sense for Apple and KDE.
Apple is being a nice guy for the time
being, I will let them announce how things will improve once we have a
solution
", and asks for "
no more 'vs.' stories for the time
being
".
still very well possible at this time
".
often simply makes sense to get engaged
further than what the license requires
".
Security
Responding to the kernel ELF vulnerability
Paul Starzetz has discovered a vulnerability in the Linux kernel that can be used to gain root access to the system. The vulnerability, published on May 11, affects the kernel's ELF (Executable and Linking Format) loader, which could allow a local user to use a manipulated binary to gain elevated privileges.
This vulnerability affects kernels in the 2.2, 2.4 and 2.6
series. According to Starzetz report, the flaw is in the function
elf_core_dump(), in binfmt_elf.c.
This function does not correctly handle the argument area
of the ELF process, which could be abused to override the memory layout:
(1) initial ELF memory layout before starting to load program sections: ----------------EMPTY------------------[ ARGS stack region ] TASK_SIZE (2) possible memory layout after loading ELF sections: ---------[CODE][DATA]------------------[FAKE][stack region ] TASK_SIZEwhere FAKE is an ELF section mmaped into memory with PROT_NONE rights specified.
What seems odd is the amount of attention that the vulnerability is getting, or the lack thereof. While Colin Percival's report of a vulnerability in Hyper-Threading is getting attention, the ELF vulnerability has barely been a blip on the radar.
To date, only Trustix has issued an alert and fix for this issue. Red Hat has just issued a kernel update, but the ELF vulnerability is not mentioned in the release announcement. We've checked the lists for Ubuntu, Debian, Mandriva, Slackware, Fedora, Fedora Legacy, Yellow Dog -- none of these distributions have issued a update yet for what appears to be a fairly serious local exploit. As of this writing, nearly a week has passed since Starzetz made the discovery public.
At the same time, most of those vendors have released new versions of Squid to deal with a vulnerability that would allow malicious users to spoof DNS lookups. The Squid vulnerability was announced the same day as the ELF loader vulnerability.
It does seem that a patch, at least for the 2.6 series, is available. Given the potential severity of the vulnerability, we're curious to see how long it will be before updates are made available from the major distributions. With Linux under close scrutiny for security vulnerabilities and vendor response times, one hopes that it will be soon.
New vulnerabilities
bzip2: race condition and infinite loop
| Package(s): | bzip2 | CVE #(s): | CAN-2005-0953 CAN-2005-1260 | ||||||||||||||||||||||||||||||||
| Created: | May 17, 2005 | Updated: | January 10, 2007 | ||||||||||||||||||||||||||||||||
| Description: | A race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. Also specially crafted bzip2 archives may cause an infinite loop in the decompressor. | ||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||
FreeRADIUS: buffer overflow and SQL injection
| Package(s): | freeradius | CVE #(s): | CAN-2005-1454 CAN-2005-1455 | ||||||||||||
| Created: | May 17, 2005 | Updated: | June 23, 2005 | ||||||||||||
| Description: | Primoz Bratanic discovered that the sql_escape_func function of FreeRADIUS 1.0.2 and earlier may be vulnerable to a buffer overflow. He also discovered that FreeRADIUS fails to sanitize user-input before using it in a SQL query, possibly allowing SQL command injection. | ||||||||||||||
| Alerts: |
| ||||||||||||||
kernel: extended attribute denial of service
| Package(s): | kernel | CVE #(s): | CAN-2005-0757 | ||||
| Created: | May 18, 2005 | Updated: | May 18, 2005 | ||||
| Description: | The extended attribute code (at least as backported by Red Hat into the 2.4 kernel) suffers from an offset handling error which can be exploited to cause a system crash. | ||||||
| Alerts: |
| ||||||
mozilla suite/ mozilla firefox: remote compromise
| Package(s): | mozilla firefox | CVE #(s): | CAN-2005-1476 CAN-2005-1477 | ||||||||||||||||||||
| Created: | May 16, 2005 | Updated: | May 23, 2005 | ||||||||||||||||||||
| Description: | Several vulnerabilities in the Mozilla Suite (versions before 1.7.8) and Firefox (versions before 1.0.4) allow an attacker to conduct cross-site scripting attacks or to execute arbitrary code. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
nasm: buffer overflow in the ieee_putascii() function
| Package(s): | nasm | CVE #(s): | CAN-2005-1194 | ||||||||
| Created: | May 17, 2005 | Updated: | May 19, 2005 | ||||||||
| Description: | Josh Bressers discovered a buffer overflow in the ieee_putascii() function of nasm 0.98 and earlier. If an attacker tricked a user into assembling a malicious source file, they could exploit this to execute arbitrary code with the privileges of the user that runs nasm. | ||||||||||
| Alerts: |
| ||||||||||
openssh: directory traversal
| Package(s): | openssh | CVE #(s): | CAN-2004-0175 | ||||||||||||||||||||||||||||
| Created: | May 18, 2005 | Updated: | July 13, 2005 | ||||||||||||||||||||||||||||
| Description: | The OpenSSH scp client can, when connected to a hostile server, be instructed to overwrite arbitrary files. | ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||
phpBB: cross-site scripting
| Package(s): | phpbb | CVE #(s): | |||||
| Created: | May 15, 2005 | Updated: | May 17, 2005 | ||||
| Description: | Paul Laudanski reported a vulnerability in phpBB (in versions prior to 2.0.15) in the processing of BBCode. A remote user may be able to cause scripting code to be executed by the target user. | ||||||
| Alerts: |
| ||||||
phpsysinfo: cross-site-scripting
| Package(s): | phpsysinfo | CVE #(s): | CAN-2005-0870 | ||||
| Created: | May 18, 2005 | Updated: | November 15, 2005 | ||||
| Description: | The phpsysinfo program contains several cross-site scripting vulnerabilities. | ||||||
| Alerts: |
| ||||||
squid: DNS spoofing
| Package(s): | squid | CVE #(s): | CAN-2005-1519 | ||||||||||||||||||||||||
| Created: | May 18, 2005 | Updated: | July 13, 2005 | ||||||||||||||||||||||||
| Description: | The squid proxy server performs DNS lookups in a way which is susceptible to answers injected by a hostile user, and, thus, DNS spoofing attacks. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current stable 2.6 kernel is 2.6.11.10, released on May 16 in response to yet another serious security hole.The current 2.6 prepatch remains 2.6.12-rc4. Linus has returned from his vacation and has merged about 150 patches into his git repository; these patches consist almost exclusively of security fixes, architecture updates, and various other important fixes.
The current -mm tree is 2.6.12-rc4-mm2. Recent additions to -mm include the IPSec tree, some KProbes work, the fork connector patch (for process accounting), a DVB update, an ALSA update, a NUMA-aware slab allocator, and more fixes. Note that there is now a mailing list for people who would like to be notified when patches are added to -mm; see the 2.6.12-rc4-mm2 introduction for subscription information.
The current 2.4 prepatch is 2.4.31-pre2, which was released by Marcelo on May 12. It contains a fix for the ELF core dump vulnerability and a small number of other patches.
Kernel development news
Is hyperthreading dangerous?
Hyperthreading (or symmetric multi-threading) is a hardware technique used to squeeze more performance out of modern processors. A hyperthreaded processor appears, in many ways, to be a set of two independent processors. These two processors share the same hardware, however, with only the processor registers and other state-dependent information being kept separate. Only one of the two CPUs can actually be executing at one time. Hyperthreading helps performance because processors often stall, waiting for memory accesses. When one processor in a hyperthreaded set must wait, the other can be executing. Hyperthreading thus enables greater utilization of the processor hardware; the resulting performance gains are said to be anywhere from 5% to 30%, depending on the workload.One of the resources shared by hyperthreaded processor sets is the memory cache. This sharing has its advantages: if processes running on the two processors are sharing memory, that memory need only be fetched into the cache once. That kind of sharing happens often; shared libraries are one obvious example. The shared cache also makes moving processes between hyperthreaded processors an inexpensive operation, so keeping loads balanced across the system is easier.
The sharing of caches between hyperthreaded processors is also, however, the cause of a vulnerability identified in a heavily trailered report by Colin Percival. The core of the problem is that, by measuring the latency of specific memory accesses, a process can tell whether a given memory location was represented in the processor cache or not. A hostile process can load the cache with its own memory, wait a bit, then run tests to see which locations have been evicted from the cache. From that information, it can make inferences about which memory locations were accessed by the sibling processor in the hyperthreaded set.
Two cooperating processes, running at different privilege levels, could make use of the cache to set up a covert channel for communication. In a highly secured system, these two processes might not be able to talk to each other at all normally. With a covert channel in place, information can be leaked from a privileged level to one less privileged, leading to all kinds of dreadful consequences - for somebody. Most systems, however, are not overly concerned about this sort of covert channel; there are easier ways to deliberately leak information.
Mr. Percival, however, also shows how the vulnerability can be exploited to obtain information from processes which are not cooperating. In particular, he claims that it can be used to steal keys from cryptographic applications. A number of crypto algorithms have data-dependent memory access patterns; an attacker who can watch memory accesses can, for some algorithms, derive the key which was being used. The exploit discussed in the report attacks the OpenSSL key signing algorithm in this way.
The paper makes a number of recommendations on steps which can be taken to mitigate this problem. The simplest is to simply disable hyperthreading; on Linux systems, it is a simple matter of configuring out hyperthreading support or booting with the noht option. Alternatively, the kernel could take care not to schedule potentially unfriendly processes on the same hyperthreaded set. Removing access to a high-resolution clock would make the necessary timing information unavailable, thus defeating such attacks. Cryptographic algorithms could be rewritten to avoid data-dependent memory access patterns. Processors could be redesigned to not share caches between hyperthreaded siblings, or to use a cache eviction algorithm which makes it harder to determine which cache lines have been removed.
The Linux scheduler could certainly be changed to defeat attempted cache-based attacks on hyperthreaded processors, but the chances of that happening are small. There are numerous obstacles to any sort of real-world exploit of this vulnerability. The attacker must be able to run a CPU-intensive program on the target system - without being noticed - and ensure that it remains on the same hyperthreaded processor as the cryptographic process. The data channel is noisy at best, and it will be made much more so by any other processes running on the system. Timing the attack (knowing when the target process is performing cryptographic calculations, rather than doing something else) is tricky. Getting past all these roadblocks is likely to keep a would-be key thief busy for some time.
In other words, there are almost certainly more effective ways of attacking cryptographic applications. Closing this particular hole is unlikely to be worth the trouble, extra complexity in the kernel, and performance impact it would require. So this vulnerability, despite all the press it has obtained, will probably not lead to any changes to the kernel in the near future. Anybody who is truly worried about this problem will be best off simply turning off hyperthreading for now. In the longer term, authors of cryptographic code may find that they need to add avoidance of data-dependent memory access patterns to their arsenal of techniques.
A new kernel timer API
John Stultz's new core time subsystem was covered on this page back in January. This patch set, which will be submitted soon for inclusion (into -mm), replaces a mess of architecture-specific time implementations with a cleaner, central time subsystem which can take full advantage of hardware time sources. Nishanth Aravamudan would now like to take advantage of the new low-level time code by replacing the kernel timer implementation. This work, if accepted, will lead to the incorporation of a new timer API to be used by kernel code when a function must be called at some point in the future.In current Linux kernels, internal time (for most purposes) is measured in "jiffies," which are really just a counter which is incremented when each timer interrupt happens. The new time code supersedes jiffies with an absolute, monotonically increasing count of nanoseconds. References to jiffies thus become a call to:
nsec_t do_monotonic_clock(void);
Using nanoseconds allows kernel code to work with high-resolution time in real-world units. That, in turn, lets kernel developers forget about the (error-prone) conversions between jiffies and real-world time which are currently necessary.
Nishanth's add-on patch changes the timer subsystem to use nanoseconds as well. The current add_timer() and mod_timer() interfaces remain supported, but are deprecated. The new interface for setting (or modifying) a timer is:
int set_timer_nsecs(struct timer_list *timer, nsec_t expires);
void set_timer_on_nsecs(struct timer_list *timer, nsec_t expires,
int cpu);
This function will cause the given timer to be set to go off at expires, which is an absolute nanoseconds count. Usually, expires will be calculated by adding the desired delay (in nanoseconds) to whatever do_monotonic_clock() returns.
It's worth noting that this patch changes the meaning of the expires field in the timer_list structure. This field is now represented in an internal "timer intervals" unit, rather than in jiffies. If the old add_timer() and mod_timer() interfaces are used, the expires field will be silently converted to the internal format. Code which performs calculations on expires (by increasing the delay and calling mod_timer(), for example) could be in for a surprise.
This patch also deprecates schedule_timeout(), in favor of these functions:
nsec_t schedule_timeout_nsecs(nsec_t timeout);
unsigned long schedule_timeout_usecs(unsigned long usecs);
unsigned int schedule_timeout_msecs(unsigned int msecs);
All three of these functions will set a timer for the given delay (which is a relative value, not absolute), then call schedule().
Clusters and distributed lock management
The creation of tightly-connected clusters requires a great deal of supporting infrastructure. One of the necessary pieces is a lock manager - a system which can arbitrate access to resources which are shared across the cluster. The lock manager provides functions similar to those found in the locking calls on a single-user system - it can give a process read-only or write access to parts of files. The lock management task is complicated by the cluster environment, though; a lock manager must operate correctly regardless of network latencies, cope with the addition and removal of nodes, recover from the failure of nodes which hold locks, etc. It is a non-trivial problem, and Linux does not currently have a working, distributed lock manager in the mainline kernel.David Teigland (of Red Hat) recently posted a set of distributed lock manager patches (called "dlm"), with a request for inclusion into the mainline. This code, which was originally developed at Sistina, is said to be influenced primarily by the venerable VMS lock manager. An initial look at the code confirms this statement: callbacks are called "ASTs" (asynchronous system traps, in VMS-speak), and the core locking call is an eleven-parameter monster:
int dlm_lock(dlm_lockspace_t *lockspace,
int mode,
struct dlm_lksb *lksb,
uint32_t flags,
void *name,
unsigned int namelen,
uint32_t parent_lkid,
void (*lockast) (void *astarg),
void *astarg,
void (*bast) (void *astarg, int mode),
struct dlm_range *range);
Most of the discussion has not been concerned with the technical issues, however. There are some disagreements over issues like how nodes should be identified, but most of the developers who are interested in this area seem to think that this implementation is at least a reasonable starting point. The harder issue is figuring out just how a general infrastructure for cluster support can be created for the Linux kernel. At least two other projects have their own distributed lock managers and are likely to want to be a part of this discussion; an Oracle developer recently described the posting of dlm as "a preemptive strike." Lock management is a function needed by most tightly-coupled clustering and clustered filesystem projects; wouldn't it be nice if they could all use the same implementation?
The fact is that the clustering community still needs to work these issues out; Andrew Morton doesn't want to have to make these decisions for them:
The usual fallback is to identify all the stakeholders and get them to say "yes Andrew, this code is cool and we can use it", but I don't think the clustering teams have sufficent act-togetherness to be able to do that.
Clustering will be discussed at the kernel summit in July. A month prior to that, there will also be a clustering workshop held in Germany. In the hopes that these two events will help bring some clarity to this issue, Andrew has said that he will hold off on any decisions for now.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Security-related
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
FreeBSD 5.4 on AMD64
Regular readers of this column will recall our series of mini-reviews of several Linux distributions on the AMD64 platform and their readiness to function as developer workstations. Originally, this series also meant to include FreeBSD, as the most popular of the BSD operating systems, but we were somewhat discouraged by this report at NewsForge, which claimed that FreeBSD 5.3 shipped without support for 32-bit FreeBSD binary compatibility and without support for 64-bit Linux binary compatibility. This fact would almost certainly have made FreeBSD 5.3 look incomplete in comparison with most current Linux distributions, so we decided to wait for version 5.4 before attempting to install FreeBSD on our AMD64 box.Six months after FreeBSD 5.3, the second production version of FreeBSD 5.x series was released. Has it addressed the concerns in the above-mentioned review? To find out, we installed the AMD64 edition of FreeBSD 5.4 on a system with the following specifications: AMD64 3500+ processor (2.2GHz), K8N Neo2 (Socket939) mainboard from Micro-Star International, 2 GB of DDR SDRAM, 2 x 120 GB Maxtor hard disks, Plextor PX-712A DVD/CD Rewritable Drive, and NVIDIA GeForce4 Ti 4600 graphics card. First, we installed a base FreeBSD system, rebooted, then proceeded with further package installation from a local FTP mirror. To save time, we did not compile desktop applications from source, but used FreeBSD's binary packages instead; with 'pkg_add -r kde' and 'pkg_add -r gnome2', we had both the KDE and GNOME desktops set up in no time. We also added Firefox, Apache, PHP and a few other popular applications.
We started investigating the compatibility issues right after setting up our desktop environment. We checked out the default kernel configuration file, which included options for "COMPAT_IA32" and "COMPAT_LINUX32". This looked promising, but we were still curious about how complete the AMD64 port was. Looking through the FreeBSD 5.4 package trees we noted that there were a total of 10,383 packages for the i386 architecture, and 9,807 packages for the AMD64 architecture, which suggested that almost 95% of all FreeBSD packages have been ported to the AMD64 platform. This is in line with most Linux distributions. Running 'diff' on the two package sets gave us a more clear picture about what is missing from the 64-bit edition; besides the usual culprits, such as OpenOffice.org, Opera, proprietary multimedia codecs, and Java-based applications (Eclipse, Jakarta...), we also noted the absence of Azureus, Blender, TightVNC and Wine, among other packages. The 'sysinstall' interface did list a few dozens of Linux applications that could be installed under a binary compatibility mode, but it did not include anything terribly exciting.
This was disappointing. At this point we couldn't help thinking about how far Linux has evolved in providing a near-complete support for 64-bit processors. Fedora, Mandriva, SUSE and Ubuntu come pre-configured with 32-bit compatibility libraries, so that applications that do not compile under AMD64 (e.g. OpenOffice.org) can be run in a 32-bit mode. Debian provides an excellent write-up about how to set up a minimal 32-bit Debian system in a chroot-ed environment and how to integrate transparently any 32-bit applications into the main 64-bit system. Even though none of these solutions are ideal, they are certainly workable - at least until OpenOffice.org compiles under AMD64 and until makers of proprietary software, such as Opera, RealPlayer, Acrobat Reader, Flash Player, and others wake up and start building 64-bit binaries. Unfortunately, this means that the 64-bit edition of FreeBSD remains somewhat limited as a workstation. A brief search on the Internet revealed that, while it was not impossible to install the 32-bit Linux binary edition of OpenOffice.org on a 64-bit FreeBSD system, this was by no means straightforward and certainly not officially supported.
Of course, if you don't need any of the proprietary applications or OpenOffice.org, then FreeBSD 5.4 is certainly a workable system. We only spent one day testing it, but had no trouble with installing a large number of applications from the binary package pool. Some hardware, such as sound cards, still required manual setup with 'kldload', but the network card and USB mouse were detected and set up automatically. FreeBSD 5.4 comes with the very latest open source applications available today; these include X.Org 6.8.2, GNOME 2.10, KDE 3.4, Apache 2.0.54, and PHP 5.0.4, just to name a few. As a server, FreeBSD 5.4 seems to be a noticeable improvement over 5.3; as an example, we host DistroWatch.com on FreeBSD and had a few serious problems with version 5.3 (which our hosting provider confirmed to have affected a number of other FreeBSD 5.3 boxes), but these problems have yet to manifest themselves after upgrading to FreeBSD 5.4.
While talking about FreeBSD as a desktop solution, perhaps it is a good time
to mention a new project called PC-BSD.
PC-BSD is the first attempt (besides Mac OS) to create a truly
user-friendly BSD-based operating system, complete with a graphical
installer and automatic hardware configuration. Dru Lavigne, a well-known
BSD advocate and author of several BSD books, concluded in her recent review of PC-BSD that
"this is one CD I'll definitely be passing out and I look forward to
watching this project mature and achieve its goals.
" Although still
in early beta, there is little doubt that, in terms of user-friendliness,
PC-BSD has come close to matching some of the top Linux distributions on
the market. The installation is a breeze and the first reboot takes users
straight into a pre-configured KDE desktop. The upcoming release will even
include a graphical FreeBSD package manager!
So how did the AMD64 edition of FreeBSD 5.4 fare in our brief test? As a server, it is an excellent operating system. As a workstation, we won't use it and won't recommend it. It lags behind both the i386 edition of FreeBSD, and the AMD64 editions of all major Linux distributions, mainly due to the limited support for 32-bit applications. Without it, the overall experience of running the 64-bit edition of FreeBSD on the desktop is simply not on par with any of the current 64-bit Linux distributions.
New Releases
cAos-2 Linux Released for ia32 & x86_64
The cAos Foundation and the cAos Linux development team have announced the public release of cAos Linux version 2. "cAos Linux 2 is scheduled to be maintained for the next 3-5 years. During that time, it will maintain a stable core OS ABI as well as receive prompt security updates. We are very open to receiving donations not only the form of money, but also code, testing, development, and package maintainers. If you want to join in an uprising open source project, then we encourage you to take a look at cAos."
MontaVista Announces Carrier Grade Edition 4.0
MontaVista Software has announced MontaVista Linux Carrier Grade Edition 4.0 (CGE). "CGE 4.0 integrates the latest Linux 2.6 kernel with the most advanced hard real-time capabilities, new and unique clustering services, and the broadest AdvancedTCA hardware support available in the market."
Ubuntu "Breezy Badger" Colony CD 1
The first pre-release of Ubuntu 5.10 for testing. So far there's only the install CD, no live CD yet. "There aren't many visible installer changes beyond Hoary yet, as we've been concentrating on merging work from Debian unstable, on getting things up and running at all, and on design work for this development cycle. To date, there have been 4741 uploads to Breezy, of which most (4092) have been automatic syncs from Debian unstable. Many of the remainder have been improvements to the rest of the distribution, including a good deal of work on the compiler toolchain."
Distribution News
Debian release update
Debian release manager Steve Langasek has sent out an update on progress toward a sarge release. Despite some departures from the previous schedule, the project is still aiming for an end-of-month release. "Right now, this schedule is looking more ambitious than when we cooked it up, but it's not completely out of the question -- we just need to pick up the pace a bit."
Debian call for upgrade testing
One area that needs lots of testing still is the upgrade process from Woody to Sarge. Interested should read the release and use the upgrade report template to report your problems.
New Distributions
Symphony OS
Symphony OS is based on Debian and KNOPPIX. It uses a lightweight window manager, includes its own package management system that can install deb packages, source packages and Symphony binary packages, and includes the Orchestra application development environment. The distribution is still in Alpha development. Read more in this Tuxmachines review.
Distribution Newsletters
Debian Weekly News
The Debian Weekly News for May 17, 2005 is out. This issue covers a paper from MIT on the development process of Free Software, Sarge soon, mixing GNU GPL and FDL content, Alioth on the move, upgrade testers needed, and several other topics.DistroWatch Weekly, Issue 100
The DistroWatch Weekly for May 16, 2005 is out. "Read our brief roundup of interesting news bits with a quick look at the upcoming Debian Sarge release, new features in Ubuntu's "Breezy Badger", a fantastic resource for SUSE users and administrators, and an unofficial Alpha port of Fedora Core. Also in this issue - choose that perfect distribution with the Linux Distribution Chooser. Our featured distribution of the week is QiLinux, while the Tips and Tricks section investigates GRAMPS, a powerful genealogical application."
Package updates
Fedora updates
Fedora Core 3 updates: pygtk2-2.4.1-fc3.1 (bug fix), fonts-xorg-6.8.2-0.FC3.1 (minor glitches).Mandriva updates
Mandriva updates for ML 10.2: drakxtools (bug fixes in drakfirewall, drakconnect and drakroam), drakxtools (hardware related bugs), kdebase (various bug fixes).Slackware updates
This week's updates include an upgrade to Slackware's glibc to include support for NPTL (the Native POSIX Thread Library) and shiny new linux-2.6.11.9 in testing to go with. A security update to NcFTP was issued, following by a retraction. Slackware is NOT vulnerable to this particular issue. Also xfce has been upgraded to 4.2.2. See the complete slackware-current change log for the gory details.Trustix Secure Linux updates
TSL-2005-0023 provides notice of bug fixes and updates to postgresql and sqlgrey.
Distribution reviews
SUSE 9.3: More, Better, Faster, Now! (Linux Planet)
Linux Planet reviews SUSE Linux 9.3. "Novell's latest release of SUSE Linux, SUSE 9.3, demonstrates Novell's continuing commitment to delivering polished, off-the-shelf Linux distributions for the desktop and professional markets. October 2004, which is when the previous version of SUSE Linux was released, seems like only yesterday. So what's new--and, perhaps, why should people care?"
Getting to know Puppy Linux (Desktop Linux)
Desktop Linux reviews Puppy Linux. "For a distribution that provides the typical tools that a user might need to do their work, Puppy Linux is the superior small Linux distribution. Puppy Linux has two other very strong points that make it the small Linux distribution of choice. The first is the ease with which Puppy Linux can generate a bootable USB thumb drive version of itself."
My Desktop OS: VectorLinux (NewsForge)
Here's an article on NewsForge from a Vectorlinux fan. "I became acquainted with VectorLinux a year ago when I was testing several distros for an old Pentium II I had. It was running Slackware fine, but I was searching for something more complete. VectorLinux not only proved faster than the original Slackware but was also packed with a lot of goodies that Slackware lacks: Flash support, Java, Firefox extensions, and many more."
Page editor: Rebecca Sobol
Development
Fish - The friendly interactive shell
A User-Friendly Shell
Introduction
A great deal of effort has been spent in the last decade trying to make computers more user friendly. While much progress has been made on making graphical user interfaces more user friendly, much less has happened with non-graphical programs such as shells. This is unfortunate, since there are still many things that are inherently easier to do using a shell. The concept of commands, pipelines and environment variables are somewhat complex, but I believe modern shells are harder to use than they have to be, both for the beginner and for the seasoned shell hacker. I have written a new shell called fish, or the friendly interactive shell, that tries to solve several issues that I have found with other shells.fish features syntax highlighting, advanced tab completion features, discoverable help, a revised shell syntax and many other features. In this article, I will describe some of the features found in fish, and explain why I think they are useful.
(Click here for the full article.)
System Applications
Database Software
db.* 2.0 Announced
Version 2.0 of db.*, a small-footprint database for mobile and embedded systems, is available. "Probably the biggest change (from a Linux-users perspective) was ur switch to a standard GNU build system, putting us on the same page s almost every other open-source project."
Mail Software
Bogofilter 0.94.12 (stable) Released
Stable version 0.94.12 of Bogofilter, a Bayesian spam filter, is out. "The biggest change in bogofilter (since the last stable release in October 2004) is support for Berkeley DB's transaction capability and the SQLite3 database. Lesser changes include a change in classification defaults (from bi-state to tri-state classification), documentation updates (esp man page and FAQ), internal code cleanups (including how long options are processed)."
Networking Tools
FreeNX 0.4.0 released
Version 0.4.0 of FreeNX is out. "FreeNX is a free server implementation of NoMachine.com OSS NX components. NX allows usage of X-connections over real slow links like a Modem or ISDN." The Samba news states: "
this version utilizes for the first time Samba to support file sharing between NX client and FreeNX server."
Security
Metasploit Framework v2.4 released
Version 2.4 of the Metasploit Framework, an open-source exploit development platform, is out for your exploit testing pleasure. "The 2.4 release includes three user interfaces, 72 exploits and 75 payloads."
VPN Software
SSL-Explorer v0.1.10 released (SourceForge)
Version 0.1.10 of SSL-Explorer, a SSL VPN solution, has been announced. "This release of SSL-Explorer is a consolidation effort that includes many bugfixes, functional and GUI enhancements. Amongst other things, warnings have now been implemented to provide more feedback to the VPN administrator when performing maintenance tasks. The behaviour of global and personal user profiles has been changed in this release to prevent users from editing profiles."
Miscellaneous
Crash Recovery Kit for Linux 2.6.11.10 (i586) released
Robert M. Stockmann has announced a new crash recovery kit. "I want to announce here the availability of the Crash Recovery Kit for Linux 2.6.11.10 (i586) with S.M.A.R.T. monitoring support using smartmontools 5.33 which also can monitor SATA drives using kernel 2.6.11.10."
Desktop Applications
CAD
BRL-CAD 7.2.4 Released (SourceForge)
Version 7.4.2 of BRL-CAD, a constructive solid geometry solid modeling system, has been announced. "This release of BRL-CAD also includes many build and bug fixes for several platforms including those listed below as well as a few feature enhancements requested by users for the vrml exporter and the numerical root solver."
Sailcut CAD 1.1 (SourceForge)
Version 1.1 of Sailcut CAD has been announced. "The Sailcut CAD project is pleased to announce release 1.1 of its sail plotting package. This release features several new languages including Russian (thanks to all helpers of the sailing community) and a Wing option for designing kites. The limits checker has been modified to take into account feedback from users, allowing a wider range of sail shapes to be designed. The sail mould screen has been re-designed to provide additional facility like controlling the foot shape which is the central seam of a kite wing, and allowing the use of negative camber in the leech area mostly for fully battened sails or kite wing."
Data Visualization
PLplot Development Release 5.5.3
Development Release 5.5.3 of PLplot, a library of functions for making scientific plots, has been announced. "This is a routine development release of PLplot, and represents the ongoing efforts of the community to improve the PLplot plotting package. Development releases represent a "work in progress", and we expect to provide installments in the 5.5.x series every few weeks."
Desktop Environments
GNOME Software Announcements
The following new GNOME software has been announced this week:- anjuta 1.2.3 (bug fixes and other improvements)
- anjuta 2.0.0 (new unstable release)
- Evolution 2.3.2 (new features and bug fixes)
- gcalctool 5.6.14 (bug fixes)
- gdl 0.5.0 (new features, bug fixes, and translation work)
- gnome-build 0.1.1 (new features, bug fixes, and translation work)
- gnome-mud 0.10.6 (bug fixes and translation work)
- GnomePython 2.9.5 (unstable testing release)
- GnomePythonExtras 2.11.2 (unstable testing release)
- GTetrinet 0.7.9 (bug fixes)
- Liferea 0.9.2 (new features and translation work)
- Tomboy 0.3.2 (bug fixes)
KDE Software Announcements
The following new KDE software has been announced this week:- G System 0.5.0 (multi-user capability)
KDE Commit Digest
The May 13, 2005 edition of the KDE Commit Digest is available, here's the content summary: "DigiKam adds an image refocus plugin. DjVu support added to KViewShell. Konqueror file manager can view Subversion repositories. Konqueror supports AdBlock. Zeroconf support for shoutcast, and initial work on multi-engine service discovery. K-menu now has a search field."
Dutch KDE Team Co-Releases Localized KDE-Live CD (KDE.News)
KDE.News covers a Dutch localized live-CD that was put together by the Dutch KDE team. "The live-CD allows you to try out KDE without installing anything and loads in Dutch by default, making it useful to demo to all those parents and business people. The CD comes shipped with a full KDE 3.3.2 release plus it includes extra applications like KMplayer. Where the CD really shines is that it includes the full set of HOWTOs and tips from the KDE Dutch documentation website."
Xfce 4.2.2 released
Version 4.2.2 of the Xfce lightweight desktop environment has been released, it features bug fixes, translation work, and more. See the change log for details.
Financial Applications
Eclipse Trader 0.14 Released (SourceForge)
Version 0.14 of Eclipse Trader has been released. "Eclipse Trader is a set of plugins for the Eclipse RCP (Rich Client Platform) dedicated to the building of an online stock trading system, featuring shares pricing watch, intraday and history charts with technical analysis indicators, level II/market depth view, news watching, and integrated trading. This release was focused on enhancements to the charts section."
Games
Allegro 4.2.0 beta 3 released
Version 4.2.0 beta 3 of Allegro, a cross-platform game programming library for C/C++, is out. "This release is a Work-In-Progress that adds features and corrects problems with regard to the 4.0 codebase. It is API (source) compatible with 4.0.0 on every platform, except for a few minor changes".
Cyphesis 0.3.10 Released
Cyphesis 0.3.10 has been announced. "Cyphesis is a small to medium scale server for WorldForge games, with builtin AI. This version includes the demo game Mason which is currently in development. This release is intended for server administrators wishing to run a Mason server or anyone wishing to work on serverside game development."
StepMania 3.9 rc3 Released (SourceForge)
Version 3.9 rc3 of StepMania has been announced. "StepMania is a music/rhythm game. The player presses different buttons in time to the music and to note patterns that scroll across the screen. Features 3D graphics, visualizations, support for gamepads/dance pads, a step recording mode, and more! This release was done under totally different management and with different Windows and Linux builders, so let us know how it went."
Graphics
GIMP 2.3.0 Development Release (GnomeDesktop)
GnomeDesktop.org has the GIMP 2.3.0 announcement. 2.3.0 is the beginning of a new development series; this is an unstable release. See the NEWS file for a list of new features.
Music Applications
libgig 2.0.0 announced
Version 2.0.0 of libgig, a C++ cross-platform file loader library for Gigasampler and DLS files, has been announced. "Beside a batch of fixes, major changes since the last release are experimental support for the new Gigasampler v3 format. Thanks again to Andreas Persson for his great work on this!"
mma - Musical MIDI Accompaniment Beta 0.14
The beta 0.14 release of Musical MIDI Accompaniment (mma) is out. "MMA is a accompaniment generator -- it creates midi tracks for a soloist to perform with. User supplied files contain pattern selections, chords, and MMA directives."
Om 0.1.0 Released
Version 0.1.0 of Om is out. "Om is a modular synthesizer that runs under Jack and uses LADSPA and/or DSSI plugins for processing. The engine is an independant process entirely controlled via OSC, is polyphonic, and supports subpatches."
Smack 0.1.0 Released
Initial version 0.1.0 of Smack, a sample-free drum synthesizer, is out. "In this release there are TR808 bass, snare, hihats, cowbell and clave, TR909 bass and snare, a frequency shifter based snare and some FM hihats. It's built with LADSPA plugins and the Om modular synth."
Office Applications
Gnumeric 1.5.1 Released (GnomeDesktop)
Version 1.5.1 of Gnumeric, a spread sheet application, has been announced. It features bug fixes.
Office Suites
OpenOffice.org 2.0 and GCJ 4
An effort is underway to build free OpenOffice 2.0 under GCJ. "The FSF is looking for volunteers to build, test and package fully free versions of OpenOffice 2.0 that use GCJ as a replacement for the non-free Java platform. OpenOffice and GCJ hackers have worked hard to make sure that all the new features of the next version of OpenOffice 2.0 written in the java programming language will build and run with GCJ, the GNU Compiler for java part of GCC 4.0."
Web Browsers
Mozilla Links Special: Firefox 1.0.4 is out
The May 11, 2005 edition of Mozilla Links is online with an announcement for Firefox 1.0.4. "Mozilla Firefox 1.0.4 has just been released featuring fixes for a couple of critical security vulnerabilities announced on last Monday. You are strongly encouraged to upgrade as soon as possible."
Mozilla 1.7.8 Released (MozillaZine)
Version 1.7.8 pf Mozilla has been released. "Mozilla 1.7.8 has been released to fix some known security vulnerabilities (MFSA 2005-42, MSFA 2005-43 and MSFA 2005-44). As we've stated before, although the Mozilla Foundation is not planning any further milestone releases of the Mozilla Application Suite, they are committed to supplying critical updates for the 1.7.x line as appropriate."
Mozilla Firefox Viral Marketing Videos (MozillaZine)
MozillaZine mentions some amusing new Flash animations that were created for the promotion of Firefox. "Mozilla Europe has considered for some time the opportunity of spreading Firefox with innovative means, including viral marketing. While Flash animations were an obvious choice, we have met with a French advertising agency, which has made three short videos located on http://funnyfox.org/ while meeting our goals in terms of (very small) budget and ability to be understood by the vast majority of Europeans who have trouble understanding English (hence the lack of dialog in the three movies)."
Independent Status Reports (MozillaZine)
The May 12, 2005 independent status reports for Mozilla have been announced. "The latest set of independent status reports includes updates from openwebfolder, Orkut Toolbar, signature, MenuX, Calendar Help, Russ Key, PasswordMaker, Deepest Sender, fireFTP, AIMfire, Googlebar and XulApp."
Miscellaneous
Xastir 1.5.0 released (SourceForge)
Stable version 1.5.0 of Xastir, a mapping and amateur radio APRS client, has been announced. "This version incorporates enhancements and bug-fixes which have accumulated in the 1.4.x development releases."
Languages and Tools
Caml
Caml Weekly News
The May 17, 2005 edition of the Caml Weekly News is online with the weekly collection of Caml language articles.
Haskell
Haskell Communities and Activities Report
The May, 2005 edition of the Haskell Communities and Activities Report is available with the latest Haskell language development news.
Java
Project Harmony proposal adopted
It's now official: the Apache Incubator has approved the Harmony Project proposal with no dissenting votes. This result may seem irrelevant to the workers already pushing forward with Harmony, but it is an important formality.Meanwhile, the Incubator is now considering a proposal for a new C++ standard library which would be run by Apache. This proposal is being pushed by Rogue Wave, which has offered to contribute its commercial C++ library.
Lisp
CL-PPCRE 1.2.7 released
Version 1.2.7 of CL-PPCRE has been released. "This version adds LispWorks defsystem support and fixes a bug. CL-PPCRE is a Perl-compatible, fast, portable regular expression library written in Common Lisp. The library also supports a sexp-based syntax for specifying regular expressions."
Pascal
Free Pascal version 2.0.0 released
Version 2.0.0 of Free Pascal has been announced. "This is the new stable version of the compiler and is the first stable release of the development branch of the compiler started back in 2000."
Python
Dr. Dobb's Python-URL!
The May 16, 2005 edition of Dr. Dobb's Python-URL! is online with a new set of Python language articles.
Ruby
Ruby Weekly News
The May 15th, 2005 edition of the Ruby Weekly News has been posted. It is a summary of the ruby-talk mailing list.
Tcl/Tk
Dr. Dobb's Tcl-URL!
The May 18, 2005 edition of Dr. Dobb's Tcl-URL! is online with the latest Tcl/Tk news and resources.
Cross Compilers
SDCC 2.5.0 released
Version 2.5.0 of SDCC is out with bug fixes and other improvements. "SDCC is a Freeware, retargettable, optimizing ANSI - C compiler that targets the Intel 8051, Maxim 80DS390 and the Zilog Z80 based MCUs. Work is in progress on supporting the Motorola 68HC08 as well as Microchip PIC16 and PIC18 series. The entire source code for the compiler is distributed under GPL."
IDEs
Anjuta 2.0.0 (alpha) and 1.2.3 (stable) released (GnomeDesktop)
Two new versions of Anjuta, a GNOME IDE for C and C++, have been announced. "After much waiting we are please to announce Anjuta 2.0.0 (alpha), the first release of Anjuta 2.x series and Anjuta 1.2.3 (stable). Anjuta 2.0.0 is an alpha & unstable release and may not be suitable for production use. However, we encourage to use it and help us with bug reports."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Open-source divorce for Apple's Safari? (ZDNet)
ZDNet covers the disconnect between Apple and the KHTML developers. "The suggestion, which KHTML developers said they were unlikely to accept, comes as Apple tries to quell rising dissatisfaction among the original architects of KHTML. Two years after hailing Apple as a white knight, those developers are calling the relationship between their group and the computer maker a 'bitter failure.' In a conflict some call emblematic of what can go wrong when corporations embrace open-source projects, developers are airing longstanding gripes against Apple, accusing the computer maker of taking more than it gives back to the open-source group."
A Prior Art How To (Groklaw)
Groklaw covers the Patent Law How To on finding prior art. "Patent law is a legal speciality, and it's not my speciality, so I've been asking lawyers in the field to help us. The help is now here, and there will be more coming. The important point is this: searching for prior art isn't quite as simple as you might think. PubPat's Executive Director Dan Ravicher explains the difference: "To be worthwhile, the prior art has to be exactly the same or any differences between it and the targeted patent have to fall within the judicially narrowed concept of obviousness that exists in patent law today, which is much, much less than what most reasonable technologists would consider obvious.""
Companies
Dell founder dons Red Hat (Vnunet)
Vnunet looks into a 2004 investment by Michael Dell in Red Hat. "Billionaire Michael Dell, founder of the world's largest computer manufacturer, and a stalwart of the Windows/Intel alliance, has made a $99.5m investment in Linux vendor Red Hat. The investment was made in January 2004 through Michael Dell's investment company MSD Capital, according to an SEC filing."
Legal
EU plans for software patents hit fresh obstacle (FT)
The Financial Times catches up with the European patent directive as it goes back to the Parliament for consideration. "The latest attempt to introduce a more restrictive regime comes from Michel Rocard, a Socialist member of the European parliament. The former French prime minister has been charged with steering the law through parliament. According to his draft amendments, which have been seen by the Financial Times, patents should not be granted for 'the treatment, the manipulation, the representation and the presentation of information through software'." (Thanks to Philip Webb).
A Modest Proposal (law.com)
Here's a Law.com article discussing a patent reform proposal which is expected to be submitted to the U.S. Congress in the near future. This reform does not come close to solving the patent problem, but it could make life harder for litigation companies. "The most contentious proposal -- intended to undercut the power of patent-holding companies -- would limit the ability of a patentee to get an injunction against an alleged infringer. Courts would have to consider whether the patentee is likely to suffer irreparable harm in deciding whether to grant an injunction. Specifically, courts would look at whether the patent holder is commercializing his or her invention."
Who Will Own Ideas? (Technology Review)
The June issue of the Technology Review is concerned with intellectual property issues. Among others, there is an article by Lawrence Lessig inspired by what he has seen in Brazil. "So the U.S. calls them pirates, and they reform their ways--not by more faithfully buying our products, but by finding ways to remain creative without infringing our rights. This is free software 'ported'--as software engineers say--to free culture, and it inspires all the hype typical of such movements. 'We're hoping,' the leader of the free-software lab explained, 'everybody is going to start producing their own media content and then they won't have to watch TV anymore.'"
There is also a
Linux v. Microsoft story in this issue: "This because for all its
flaws, the open-source model has powerful advantages. The deepest and also
most interesting of these advantages is that, to put it grossly, open
source takes the bullshit out of software.
"
Interviews
Sun's Gosling: Already Plenty of Java 'Harmony' Under the Sun (DevX)
DevX talks with James Gosling about the Harmony project and other Java topics. "The 'clear need' that [Geir] Magnusson cites is anything but clear to Gosling, who says Sun has received negative response from the enterprise development community regarding the idea of open-source Java. 'We've got several thousand man-years of engineering in Java, and we hear very strongly that if this thing turned into an open source project--where just any old person could check in stuff--they'd all freak. They'd all go screaming into the hills.'"
MusE: MIDI Sequencing for Linux (O'ReillyNet)
O'ReillyNet talks with the developers of MusE, a MIDI and audio sequencer intended to be a complete multi-track virtual studio. "Frank Neumann, a 36-year-old computer scientist from Karlsruhe, Germany, and one of the developers of MusE, sums up the current state of music production applications for Linux: "It's always a nice warm feeling when you show an application like MusE to people and they just go, 'Whoa--I didn't know Linux audio stuff was already this far!'""
Wind River's Linux transformation (ZDNet)
ZDNet interviews Ken Klein, CEO of Wind River Systems. "Q: What has Wind River been, and what is it becoming? Klein:We were closed and narrow in terms of our partnerships. We were taking a very adversarial approach toward Linux. We've turned 180 degrees. We're viewing Linux as incremental to our business. In set-top boxes, Linux is a great fit."
Inside YAPC::NA 2005 (O'Reilly)
chromatic interviews Richard Dice on O'Reilly. "The Perl Foundation organizes and holds several community-based Perl conferences each year. This year's North American conference, YAPC::NA 2005 is in Toronto, Canada, June 27-29. chromatic recently interviewed Richard Dice, organizer of the conference this year, to discuss his plans and experiences."
Resources
The Daemon, the GNU and the Penguin, Ch. 8 (Groklaw)
Groklaw has published chapter 8 of the online book "The Daemon, the GNU and the Penguin" by Peter Salus. This chapter looks at Richard Stallman's early history. "I have quoted Richard at length, because I think that his "voice" should be heard. He has frequently said that "Software wants to be free." But in 1982 and 1983 his was a single, lonely voice."
The Daemon, the GNU and the Penguin, by Dr. Peter H. Salus - Errata (Groklaw)
Peter H. Salus provides some errata on the Groklaw series The Daemon, the GNU and the Penguin. "One of the "problems" of writing is that your readership can be quite notable. I have received clarifying comments from two of the major "participants.""
Linux in Government: Optimizing Desktop Performance, Part I (Linux Journal)
Tom Adelstein offers tips and tweaks for Linux desktop optimization. "In this article, we look at the Linux desktop in a slightly different light. We think of it as a computer system that maximizes its strength as a consumer product. When we optimize Linux for the consumer, it becomes a fast interface. If you have complained about the speed of OpenOffice.org or Firefox or about the amount of time Linux takes to boot up, this set of optimizations should change your perception. Linux can boot up quickly, the word processor can spring open and the browser can fly. So, let's make these adjustments so your computer can fly."
Researchers speed, optimize code with new open source tools (NewsForge)
NewsForge covers automatic code generation with SPIRAL. "[Blue Gene Systems Architect Jose] Moreira said SPIRAL does, in fact, represent a new generation of self-optimizing scientific libraries, also emphasizing the importance that it be open source. "The fact that SPIRAL uses an automated approach to code optimization results in scientific libraries that can be highly optimized to each specific architecture, including Blue Gene/L," he said. "It is very important to us that all potential IBM customers can have access to SPIRAL and the generated scientific libraries.""
Reviews
At the Sounding Edge: Introducing seq24 (Linux Journal)
Dave Phillips reviews seq24 on Linux Journal. "In this month's column, we look at the seq24 MIDI sequencer to see how you can use it in a Linux-based MIDI music production system. Given working ALSA and JACK installations, this system is easy to set up and use, great fun and a valuable production tool."
Miscellaneous
Linux Community Implodes (PC Magazine)
We'll get grief for this but...here's the latest bizarre Dvorak piece in PC Magazine. "I can tell you this much: Normal people do not like being associated with fanatics and lunatics. Once Linux gets the image as the OS for the criminally insane, it's a dead duck. Unless the community gets a handle on this, grows up, and rebukes the extremists, the trash heap of history is where this is all headed." The weirdest part is that he is talking about the response to Maureen O'Gara.
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
FreeBSD Unveils FreeBSD 5.4
The FreeBSD Project has announced the release of version 5.4 of the FreeBSD operating system. "This new release offers new features, new tools, and numerous improvements in security, hardware and networking support for the UNIX-like operating system."
KDE Turkey Extends Vision (KDE.News)
KDE.News covers the latest news from KDE Turkey. "Free software developers in Turkey aim more success in the forthcoming months by enlarging its member base. KDE Turkey (in Turkish) was founded 6 months ago with the aim to raise KDE usage, consciousness and also to be a central point for KDE endeavour in Turkey. Today KDE Turkey is responsible for Turkish localization of KDE. Besides localization efforts, KDE group members also create awareness with talks, IRC meetings, mailing lists, merchandise (in Turkish) and with the attendance to various local organizations."
Commercial announcements
IBM and Red Hat Launch New Solaris-to-Linux Customer Migration Initiatives
IBM in conjunction with Red Hat has announced the introduction of a Solaris-to-Linux server migration program that includes a "Solaris to Linux Migration Factory," and additional solutions and support offerings designed to help customers migrate from Solaris to multi-platform Linux servers.IHL Consulting Group releases report on POS Terminals
The IHL Consulting Group has announced the results of a study about Point of Sale terminals in the restaurant and hotel business. "Shipments of Linux-based POS units increased 73 percent year to year but still represent only 4 percent of the overall market. This is expected to rise dramatically in future years."
Kaspersky Lab Launches SMTP-Gateway 5.5
Kaspersky Lab has launched their SMTP-Gateway 5.5 product. "The program package offers antivirus functionality, blocks unsanctioned attempts to access the system, and also provides content filtration. It also serves as a fully-functional mail router for Linux / FreeBSD and OpenBSD systems."
Koders Unveils Search Engine for Open Source Code
Koders, Inc. has announced the availability of Koders.com, a new search tool for identifying and accessing open source code on the Internet. "The first free search engine of its kind, Koders.com provides developers with an easy-to-use interface to find existing solutions to complex software development problems and discover new OSS (Open Source Software) projects. Developers can learn by example reviewing code written by the world's best developers, working on the most successful projects."
Korean Software Leader Haansoft Joins OSDL
Open Source Development Labs has announced its latest member, Haansoft. "Haansoft, a Korean IT leader guiding the rapid rise of Linux in Asia, dominates the market for Korean-language office software, enjoying a 70 percent share for its word processor. Along with Red Flag Software in China and Miracle Linux in Japan, Haansoft jointly develops the Asianux Linux server operating system that aims to become the common enterprise Linux platform in Asia."
Mandriva reports first half year results
Mandriva reports its half year results for October 2004 to March 2005. "For the first half year of fiscal year 2004-2005, Mandriva reported consolidated revenue of 2.76 MEUR, and operating revenue of 3.43 MEUR, a respective increase of 9.5% and 22.5% compared with the same period of the previous fiscal year. The increase of operating revenue is due primarily to R&D grants realized, amounting to 0.61 MEUR. For the half-year period, the company reported an operating income of 0.21 MEUR compared to 0.16 MEUR one year prior."
NetBeans Integrated Development Environment Offers Java Platform Support
Sun Microsystems, Inc. has announced the availability of the NetBeans 4.1 Integrated Development Environment, an open source Java IDE that supports Java 2 Standard Edition (J2SE(TM)) 5.0, full Java 2 Enterprise Edition (J2EE(TM) 1.4 and Java 2 Micro Edition (J2ME(TM)) 2.0 application development support.Permeo Selects a Custom Linux Platform From Progeny
Progeny has announced that it has provided a hardened high-performance Linux platform optimized for Permeo's new Base5 SSL VPN solution. Base5 is an integrated software platform delivering "zero touch" SSL VPN, endpoint security services, and advanced information controls.Scalix Named Red Herring 100 Company
Scalix Corporation has announced its naming as one of the Red Herring 100 Private Companies of North America. "Red Herring's lists of private companies are an important part of the magazine's tradition of identifying new and innovative technology companies and entrepreneurs. Companies like Google and eBay were spotted in their early days by Red Herring editors as those that would change the way we live and work."
Xandros SurfSide Now Shipping
Xandros has announced the availability of Xandros SurfSide Linux. "The new desktop product comes with free Skype-to-Skype calling worldwide, and a Plantronics USB headset combo, "ready to plug in and call". Xandros SurfSide Linux is available for purchase in retail stores and from the Xandros web site for a list price of USD $99.95."
New Books
MySQL in a Nutshell - O'Reilly's Latest Release
O'Reilly has published the book MySQL in a Nutshell by Russell J.T. Dyer.New No Nonsense Guide to Linspire Every Book
Linspire, Inc. has published the book No Nonsense Guide to Linspire by Eric Grebler. A free trial version of Linspire OS is included.
Resources
The LDP Weekly News
The May 18, 2005 edition of the Linux Documentation Project Weekly News is online with the latest new documentation releases.
Contests and Awards
KStars Donates Prize Money to KDE (KDE.News)
The KStars developers have donated the award from a recent contest to the KDE project. "Earlier this year KStars won the QtForum.org programming contest. Well the KStars developers decided the best thing to do with their money was to donate it to KDE. The US$1500 prize money is one of the largest donations to KDE e.V. to date."
Upcoming Events
AGNULA seminar at Bocconi University
Andrea Glorioso will discuss the AGNULA/DeMuDi and the AGNULA Libre Music projects in a seminar on May 19, 2005 in Milan, Italy.Big Nerd Ranch Announces PostgreSQL Bootcamp
Big Nerd Ranch will be holding another PostgreSQL Bootcamp on July 18-22, 2005 in the vicinity of Atlanta, GA.O'Reilly EuroOSCON Call for Participation Opens
A Call for Participation has gone out for the O'Reilly EuroOSCON. "The call for participation is now open and speaker proposals are being accepted until May 23. EuroOSCON will be held at the Hotel Krasnapolsky in Amsterdam, The Netherlands on October 17-20, 2005."
ISPCON Spring 2005 Baltimore
ISPCON Spring 2005 has been announced. The event will take place on May 24-26, 2005 at the Baltimore Convention Center in Baltimore, MD. "A number of new speakers and intensive educational sessions were announced today which delve deeply into leveraging Open Source solutions for voice over IP (VoIP), IP-PBX systems such as Asterisk, SOHO and SME systems and services, security and routing tools, anti-Spam and email concerns, web hosting virtualization infrastructure and more."
ITU 2005 Call For Papers
A Call For Papers has gone out for the ITU 2005 conference. The event will take place in Warsaw, Poland on October 12 and 13, 2005. "IT UNDERGROUND 2005 is a third edition of conference dedicated to IT security issues, where remarkable authorities will share their knowledge and experience with IT specialists."
Linux Cluster Summit 2005
The 2005 Linux Cluster Summit has been announced for June 20 and 21 in Walldorf, Germany. "The goal of the two-day Linux Cluster Summit workshop is to bring together the key individuals who can realize a general purpose clustering API for Linux, including, kernel components, userspace libraries and internal and external interfaces."
Linux Installfest workshops in Davis, CA
The Linux Users' Group of Davis has announced the next Linux Installfest. The event will be held in Davis, CA on May 21, 2005.Keynotes for New York LinuxWorld Summit Announced
LinuxWorld Conference & Expo has announced the keynote speakers for the LinuxWorld Summit. The event will take place in New York, NY on May 25-26, 2005. "The first-day keynote is a CIO Magazine panel with panelists from CitiGroup, E*TRADE FINANCIAL and Cendant TDS. The second-day keynote has panelists from Nokia and Columbia University Law School and will explore the evolving world of Linux and Open Source."
LinuxWorld San Francisco Keynotes Announced
IDG World Expo has announced the keynotes for the August 8-11, 2005 LinuxWorld Conference & Expo in San Francisco, CA. "During their keynote addresses, senior executives from FedEx, IBM, Oracle, HP and E*TRADE will discuss new opportunities for innovation, cost savings and productivity gains using Linux and Open Source technology."
Mozilla Foundation to Co-Host XTech 2005 (MozillaZine)
MozillaZine has announced the co-hosting of the XTech 2005 conference by the Mozilla Foundation. "Known in previous years as the XML Europe conference, XTech 2005 is the "premier European conference for developers and managers working with XML and Web technologies, bringing together the worlds of web development, open source, semantic web and open standards". Presented by IDEAlliance, XTech 2005 will take place at the Amsterdam RAI Centre in the Netherlands next week."
YAPC::EU::2005 Registration opened (use Perl)
Registration for the YAPC::EU::2005 Perl conference has been announced. "Registration for YAPC::EU::2005 has now opened. Hotels for the conference will be announced in the next following hours and the final CFP shall be out during this week (deadline is 22nd May)."
Call for Lightning Talks (use Perl)
A call for lightning talks has been posted for three Perl events. "Going to YAPC::America in Toronto, OSCON in Portland, or YAPC::Europe in Braga this conference season? Do you want one third of your "15 minutes of fame"? Then give a Lightning Talk on some topic that speaks to you."
Call for Venue for YAPC::Europe::2006 Conference (use Perl)
A Call for Venue has gone out for the YAPC::Europe::2006 Conference. "While the Braga Perl Mongers are organizing the YAPC::Europe::2005 conference in Portugal, with exceptional enthusiasm and much feedback, the YAPC::Europe Foundation is already looking for the candidates for the following year. If possible, the committee would like to announce the host city and country for 2006 at the end of the current (2005-Braga) conference."
Events: May 19 - July 14, 2005
| Date | Event | Location |
|---|---|---|
| May 19 - 21, 2005 | GUADEC-es 2005 | A Coruña, Spain |
| May 22 - 25, 2005 | Gelato Federation Meeting | (HP's Palo Alto and Cupertino campuses)San Jose, CA |
| May 23 - 26, 2005 | PalmSource Worldwide Mobile Summit and DevCon | (Fairmont Hotel)San Jose, California |
| May 24 - 27, 2005 | XTech 2005 Conference | (Amsterdam RAI Center)Amsterdam, the Netherlands |
| May 24 - 26, 2005 | ISPCON Spring 2005 | (Baltimore Convention Center)Baltimore, MD |
| May 25 - 26, 2005 | Linux World New York Summit 2005 | (New York City Marriott Marquis)New York, NY |
| May 28 - 29, 2005 | Linux User Group of Bulgaria Seminar | Stara Zagora, Bulgaria |
| May 29 - 31, 2005 | GNOME Users and Developers European Conference(GUADEC 2005) | Stuttgart, Germany |
| June 1 - 3, 2005 | The Red Hat Summit 2005 | (Hilton New Orleans)New Orleans, LA |
| June 1 - 4, 2005 | Fórum Internacional Software Livre(FISL) | Porto Alegre/RS, Brazil |
| June 9 - 10, 2005 | Austrian Perl Workshop | (Kapsch CarrierCom)Vienna, Austria |
| June 9 - 10, 2005 | The French Perl Workshop | (Faculté des Sciences de Luminy)Marseille, France |
| June 11, 2005 | PHP West | Vancouver, BC, Canada |
| June 15 - 17, 2005 | AstriCon Europe 2005 | (Auditorium Madrid Hotel)Madrid, Spain |
| June 17 - 19, 2005 | RECON 2005 | Montreal, Quebec, Canada |
| June 19 - 22, 2005 | International Lisp Conference 2005(ILC 2005) | (Stanford University)Palo Alto, CA |
| June 22 - 25, 2005 | LinuxTag 2005 | (Kongresszentrum)Karlsruhe, Germany |
| June 23 - 24, 2005 | Italian Perl Workshop 2005 | (University of Pisa)Pisa, Italy |
| June 25, 2005 | LugRadio Live 2005 | (Molyneux Stadium)Wolverhampton, UK |
| June 25, 2005 | XML Prague 2005 | Malá Strana, Prague, Czech Republic |
| June 27 - 29, 2005 | Yet Another Perl Conference(YAPC::NA 2005) | (University of Toronto)Toronto, Ontario, Canada |
| June 29 - 30, 2005 | Where 2.0 Conference | (Westin St. Francis Hotel)San Francisco, CA |
| July 1 - 6, 2005 | Linux Desktop Development and KDevelop Developers Conference 2005 | Kiev, Ukraine |
| July 5 - 9, 2005 | LSM 2005 Libre Software Meeting for Medicine | Dijon, France |
| July 10 - 18, 2005 | Debconf 5 | Helsinki, Finland |
| July 11, 2005 | Evolution of Open-Source Code Bases(EVOSC05) | Genova, Italy |
| July 11 - 15, 2005 | First International Conference on Open Source Systems(OSS2005) | Genova, Italy |
Web sites
KDE-Files.org Launched (KDE.News)
KDE.News has announced the launch of the KDE-Files.org site. "KDE's latest community website KDE-Files.org has gone online. The site is a central exchange platform for all sorts of documents and document templates. Users can collaborate, discuss, vote and share documents. Some examples of files you could share are your jogging result spreadsheets, OpenOffice.org presentation templates or Kexi DVD Databases."
QtForum.org Opens Wiki Again (KDE.News)
KDE.News has announced the re-opening of the QtForum.org wiki. "After a long period of downtime because of spam, the QtForum.org team decided to switch to more robust wiki software. The result is that the wiki is now based on a modified version of Mediawiki."
Page editor: Forrest Cook