LWN.net Weekly Edition for June 2, 2005
Red Hat's directory server
Managing large networks is a challenging task in a number of ways. One of those challenges is dealing with user information throughout a large institution. A single system can keep that information in /etc/passwd, and a small network can rely on tools like rsync or NIS. When the scale of the network gets large enough, however, and a sufficient number of levels of politics gets in the way, simple tools will no longer do the job in an easy or reliable manner. There comes a point where this information needs to live in a central database and be made available as needed across the network.The larger proprietary software vendors - Microsoft, Sun, Novell, etc. - have long offered directory server products aimed at large network ("enterprise") deployment. These products not only make basic user information available network-wide; they can also be used to distribute a wider array of information. Directory servers are a useful and necessary tool, and the competition in this area is fierce.
Red Hat has set itself up to compete directly with the other "enterprise" software companies. To that end, Red Hat has put together a number of valuable products and services, but, so far, it has not been able to offer a directory server as part of its solution. That gap in Red Hat's offerings has increasingly looked like a liability, especially as Novell increases its efforts to compete in the same space. So Red Hat needed a directory server. It found one, some time ago, when it acquired many of the remaining bits of Netscape from AOL. Since the acquisition, however, little has been heard about the former Netscape's offerings.
Until now. On June 1, Red Hat announced the availability of its directory server product. The (now) Red Hat Directory Server is fast, with an impressive array of capabilities; for the full list, see the product sheet [PDF]. The directory server product is sold like Red Hat Enterprise Linux: by subscription. Pricing is not yet available.
The Red Hat Directory Server also resembles RHEL in another way: it has a Fedora equivalent. The Fedora Directory Server Project is where the development work will be done; the site offers source, documentation, mailing lists, etc. It is, in other words, just another free software development project.
At the Fedora site, one can see that, in fact, not all of the directory server code has been released - yet. The server itself is available under a special GPL+Exception license. The code is generally governed by the terms of the GPL, with the exception that plugin modules can remain proprietary. Those modules, however, must restrict themselves to a carefully-specified set of interfaces; anything linking to any other part of the server can only be distributed under the GPL. Other parts of the system - the management console and admin server components - remain non-free, though they are available in binary format. Red Hat plans to free that code as well, but some work is involved; those components are written in Java, and do not play well with the free Java implementations.
The Fedora project has some ambitious goals; the best description of what they have in mind can be found in Christopher Blizzard's weblog. The project claims to want to bring in outside developers, and to make them "feel that they are equals." Given all that the directory server hackers want to do, they will almost certainly need some help from outside. Consider this:
To some readers, this vision sounds like the Windows registry - except that it's a nightmare, monster central registry for thousands of users. The "everything lives in the directory server" approach clearly will not be for everyone. But, for people wanting to create a single, integrated environment across a large organization, this vision will have some appeal. It is truly a view of the network as a single, large computer, with a minimum of boundaries. It promises to reduce the cost of administering large numbers of systems. One can see why Red Hat thinks it needs to go in this direction to remain competitive in the future.
High-end directory servers have, so far, been the domain of expensive, proprietary software. The freeing of the Netscape server, if handled well, could bring an end to that era. So this move by Red Hat is important, and deserving of support. High-quality free infrastructure is a good thing.
A survey of RSS aggregators
Over the years, the proliferation of news sites, weblogs and other sites with daily updates has made it nearly impossible for the average user to visit every site of interest in a timely fashion. For those of us who want or need to keep informed on a variety of topics, RSS, RDF and Atom feeds have become a nearly indispensable tool to skim the headlines for many sites at once without having to spend more than an hour per day clicking through bookmarks. However, this raises the question of how to manage news feeds effectively.
There are a fair number of RSS aggregator projects on Freshmeat, but we decided to limit our scope to applications that are fairly mature, have been updated recently (many RSS aggregator projects listed on Freshmeat have not been updated in years) and run on the desktop. In particular, we were looking for aggregators that handle a large number of feeds, make it easy to manage feeds and integrate well with the Linux desktop and the average user's workflow.
For some time now, this writer has used the Bloglines service to browse RSS feeds. For this article, the feed list from Bloglines, containing about 130 RSS/RDF and Atom feeds, was exported as an OPML file and imported that into each of the aggregators to see how they performed.
RSSOwl
![[RSSOwl]](https://static.lwn.net/images/ns/agg/rss-owl-sm.jpg)
The first aggregator we'll look at is RSSOwl. This aggregator is written in
Java, using the SWT graphic library. RSSOwl has a fairly flexible
interface, and opens up tabs for each new feed that the user opens from the
list of "favorites."
There are a few interesting features in RSSOwl. First, RSSOwl has an export feature, which can be used to export a feed or individual article to PDF, Rich Text (RTF) or HTML. This might be handy for saving feeds and entries for later. RSSOwl also supports AmphetaRate, a centralized ratings service for rating articles found in news feeds.
Oddly, it seems to display feeds as plain text rather than rendering the HTML. We're not sure if this is a glitch in RSSOwl or if we missed a step in setting it up. Otherwise, RSSOwl's performance was very good, and it handled a large number of feeds without any problems.
Snownews
![[Snownews]](https://static.lwn.net/images/ns/agg/rss-snownews-sm.jpg)
The Snownews
aggregator is unique in this list, because it's not a graphical
application. Snownews is a console-based feed-reader that uses ncurses, and
is a fairly straightforward application with few frills.
Snownews does not support OPML directly, but there is an "opml2snow" script that comes with Snownews to convert OPML into the format that Snownews likes. It's a little more of a hassle than the easy-import offered by other readers, but it gets the job done. Snownews displays headlines and feeds inline. To follow the feed URL, one must use an external browser. It works fairly well with GUI browsers, but works best (at least in this writer's opinion) with a text-mode browser like w3m or Lynx.
It's probably not going to be the first choice for most users, but those who prefer browsing in w3m or other text-mode browsers should definitely check it out.
Liferea
![[Liferea]](https://static.lwn.net/images/ns/agg/rss-liferea-sm.jpg)
One reader that seems to be getting a lot of attention at the moment is the
Linux Feed Reader, Liferea. This is a
nicely-designed newsreader that's easy to use. It imported our OPML file
with no problems, and gives the user the option of rendering HTML with
Mozilla or GtkHTML2. It spawns an external browser for full articles rather
than displaying them within the Liferea window. This works well if you
prefer to browse content in Firefox, Epiphany or another browser, but we
would like it if Liferea would give the option of displaying the entire
article inside Liferea itself.
One interesting feature with Liferea is the ability to create a new feed from a Feedster search. This can be quite handy if you're interested in finding feeds on a specific topic from a variety of sources.
If one wishes to be alerted, or interrupted, with updates from subscribed feeds, Liferea has a feature that will pop up a notification window at regular intervals with new headlines. We enabled this feature briefly, but turned it off after an hour or so, finding it quite distracting.
We also found Liferea to be a bit less than stable, at least the 0.9.0 release that is available in Ubuntu Hoary. Liferea crashed a few times when doing something as simple as deleting a feed. Overall, its performance was quite good, and the interface is excellent -- but it might need to stabilize a bit before being our first choice of the available aggregators.
Blam
![[Blam]](https://static.lwn.net/images/ns/agg/rss-blam-sm.jpg)
Blam is a aggregator
written in C# using Mono and GTK#. It's a little more basic than Liferea or
Snownews, but it serves well as a basic newsreader. Headlines and summaries
are displayed within Blam, but it requires an internal browser to follow
links.
At first, Blam would not import the OPML from Bloglines. We tried subscribing a few feeds manually and then exporting Blam's list to OPML to find out what was different. The difference was that Bloglines uses "title" for the name of each feed, and Blam expects "text" -- after doing a quick search and replace in Vim, changing "title" to "text," Blam imported the list of feeds just fine.
Blam is a good choice for users who want a very basic newsreader that's fast and light.
Akregator
![[akregator]](https://static.lwn.net/images/ns/agg/rss-akregator-sm.jpg)
KDE users are probably already familiar with Akregator. This reader uses
KHTML to display full articles in tabs within the Akregator interface, at
least by default. Akregator can also be configured to use an external
browser for those who prefer Firefox or another browser to
Konqueror/KHTML.
For users who prefer Konqueror for Web browsing, Akregator is an excellent choice. Konqueror auto-discovers feeds on pages, and makes it easy to add those feed subscriptions to Akregator. Akregator has fewer frills than Liferea or RSSOwl, but it integrates very well with KDE and performs well.
Firefox and Thunderbird
We should also mention Firefox and Thunderbird. While not dedicated aggregators, both applications allow users to read and manage news feeds. However, they lack a number of features that many users would want, at least natively. The advantage of using Firefox as an aggregator is that Firefox makes it very easy to create a "Live Bookmark" to subscribe to feeds, when the browser discovers the feed in a page.
If Firefox doesn't detect the feed, that complicates things greatly. Firefox supports adding a bookmark manually, but does not support adding a feed manually. The Live Bookmark also doesn't allow the user to preview the content or full text, just the headlines from a feed. Firefox doesn't support importing OPML files natively, so users with large subscription lists would have to go through a lot of work to re-subscribe to sites using Firefox.
![[Sage]](https://static.lwn.net/images/ns/agg/rss-sage-sm.jpg)
Of course, it is possible to extend Firefox's capabilities with
extensions. We tried the Sage
extension with Firefox, and were quite pleased with it. The Sage extension
adds a sidebar to Firefox much like the Bookmarks and History
sidebars. There are two panes in the sidebar, a list of subscriptions and
lower pane that lists headlines from the selected feed.
The integration with Firefox makes it a convenient aggregator for those of us who use Firefox exclusively or extensively. Sage had no problem importing the OPML list exported from Bloglines, and its performance was quite acceptable. There are a number of other news reading extensions for Firefox for those who are interested.
Thunderbird, by itself, is also limited in its abilities to import and manage feeds. For users who spend a lot of time in their e-mail client, and who have a fairly limited number of feeds, it would work well -- but this writer would not like to have to import 100 or more feeds using the "Manage Subscription" dialog for Thunderbird. The advantage to using Thunderbird for feeds is the ability to mail links from subscribed feeds.
We found the Forumzilla extension for Thunderbird, which adds OPML import and other features to Thunderbird. Unfortunately, it consistently crashed Thunderbird when trying to import the OPML exported from Bloglines.
Summary
After spending time with each of these aggregators, this writer prefers Liferea and Sage, though any of the aggregators would do in a pinch. Given the variety and maturity of the various options, Linux users should not have much trouble finding an aggregator that works well for them.
IP Software Compliance Tools -- Who Needs Them and Why?
When Black Duck Software first made available its software compliance tool, ProtextIP, about a year ago, the typical first reaction was to view it as a response to SCO's lawsuit.Now there is a second such product, Palamida's IP Amplifier, and it's clear there is a market for such products. Cisco, for one, has just signed on with Palamida. Who really needs products like this, and why? And is there a difference between them?
Who Needs Software Compliance Tools?
Now that Free and Open Source software has hit the mainstream of the enterprise, businesses need to be certain that they are not taking on legal liabilities with the code. There are many licenses, and making sure a company is abiding by them all is complex. That's one reason you are hearing so many voices calling for simplifying and settling on fewer licenses. But it goes deeper than that.
"Everyone who distributes software should know what goes into it," attorney Lawrence Rosen explains. "And almost everyone who distributes software wants to comply with the relevant licenses. Most reputable software-based businesses recognize that playing fast-and-loose with copyright claims isn't worthwhile."
While most businesses today are pleased to adopt and incorporate open source products into their products and services, they want to know what licenses apply so that they can comply with the terms.
"That's what Black Duck and Palamida make possible," Rosen adds. "A distributor or user can know what open source software is in its own software and act accordingly, early in the cycle. It's now possible to evaluate license compatibility for specific component sets and plan appropriate combinations for use in products to be developed."
Unfortunately, developers sometimes use GPL code (or other licensed FOSS code) without telling management, thinking it's public domain. It isn't. And with outsourcing, sometimes developers are in other countries that may have more relaxed views on copyright and this can cause problems. So when developers let things happen they shouldn't (such as making unauthorized copies or derivative works), companies have an automated way to catch some of that and react appropriately before much bigger problems can develop.
Software practices are also changing. Application development today is becoming more like an assembly line, more a matter of assembling bits of code from open source projects and from outsourced firms and incorporating them into proprietary products than handcrafting 100% custom software. This isn't a bad thing, because it makes it possible to avoid having to reinvent the wheel -- one of the advantages of Open Source -- but it also means that checking on license terms and making sure you are complying with them all is vital to the process.
And there is no doubt that enforcement of GPL violations is increasing, as Fortinet learned recently when a German court banned their U.K. subsidiary from further distribution of their firewall and antivirus products until they complied with the GPL, which they promptly did.
Then there is the Sarbanes-Oxley Act [PDF], and its requirements for IT audits.
"The SECs new rules on heightened corporate responsibility for public company reporting known as Sarbanes-Oxley require public companies to abide by internal procedures that are sufficient to provide reasonable assurance that the financial and non-financial information required to be disclosed in its periodic and current reports is accurate," says Karen Copenhaver, executive vice president and general counsel for Black Duck Software.
"Specifically, Sarbanes creates two new corporate governance requirements: assessment of internal controls over financial reporting (required by section 404 of the Act), and heightened corporate responsibility for financial reports (required by section 302 of the Act). It would be hard to overestimate the burden that compliance with these new rules has placed on public companies in the first few years since their enactment.
"Even before Sarbanes, public companies were required to address intellectual property matters in their current and periodic reports. A reporting company traditionally discloses the importance of its intellectual property assets to the companys business and any third-party intellectual property encumbrances on the companys ability to conduct its business. To the extent that a failure to identify or comply with third party license obligations has an effect on the accuracy of any of this information, public companies will be concerned about compliance with their obligations under Sarbanes."
Obviously, Sarbanes-Oxley has upped the ante considerably. But most businesses and developers want to do the right thing anyway, apart from outside pressures. The tools don't set policy for a company, but they surely make it easier to make sure policies are observed.
What Do the Tools Offer?
Before automated software compliance tools were available, due diligence in checking software for infringing code was done by assigning the tedious task to senior software programmers in the company, who, together with lawyers laboriously looked through the code. The problem with such a system, aside from the time it required and the drudgery, is that no one person knows all the Free and Open Source projects available by sight, let alone all the proprietary products you are not allowed to see without complex legal arrangements.
Automated systems are an obvious answer. What they provide is a Google-like collection of code. They've collected it all for you. Both tools scan for copyright infringement and can spot more than verbatim matches. But they do more than scan. Palamida says its IP Amplifier product automatically detects, manages and reports on the third party, commercial and open source components that may exist in their software code base. It consists of two key modules -- the Compliance Library and the Detector. Using an automated collection system, the Compliance Library contains billions of source code snippets and millions of files of the most commonly used open source projects found in the market.
Palamida: "The Palamida IP Amplifier uses three different types of technologies to automate detection, source code fingerprinting, file digest matching, and for Java files, namespace matching. This means the software is able to conduct both source code and binary code analysis. So for companies whose developers download whole libraries, compiled code, XML files, icons, text files, and include those resources into their code base, the software will still detect their usage even though their source code is not available and even if we do not have the components listed in our database."
Next, there is a "layer of analysis that is beyond just code matching for reduction of false positives. We call this technology CodeRank. CodeRank looks at the code matches and evaluates the results on multiple levels, including uniqueness, coverage and clustering. How unique is that match to what is in the Palamida database? How much of a customer file matches a file in Palamidas database? How dense are the matches do they look like a continuous cut and paste or does it look like two engineers coded against the same API?"
After their software evaluates the code matches, Palamida assigns a CodeRank number to the matches; the higher the CodeRank number the higher the chances of copying. In the scan results, users will see a list of all code that has matches and a list of all the third party products that they most likely came from, with the most likely on top.
Reports identify all components that include open source and list their licenses, text and license information, in addition to the CodeRank. All the information and data is exportable in XML data format, allowing users to create custom reports, as well as via HTML reports.
Black Duck too offers a great deal more than just code scanning. Black Duck's Copenhaver: "We do more than just scan code. Our product provides a full suite of services covering project planning, code analysis and detection, license analysis and management, auditing and archival capabilities for the complete life cycle of software projects.
"From an open source perspective," Coperhaver adds, "we help developers manage the origins and obligations of code that they use so they can meet the expectations of the industry and community. But everything we do works for both open source and proprietary or commercial code. Users can add code prints and licenses into the system to manage their internal proprietary code along with open source.
"Our product helps people manage the introduction of licensed materials into their code bases, understand the obligations associated with that code (and combinations of components from different sources), provide an environment for controlled remediation of issues that arise and create an archivable record of the actions that were taken by the team along the way. Our products are designed to bring together developers, lawyers and business decision makers into a collaborative environment."
Black Duck offers an analysis 'engine' that processes licenses at a detailed level and alerts users to license conflicts and obligations of both software source and binary components and their combinations. The ProtexIP Knowledgebase contains detailed breakdowns of 500+ software licenses for automated comparison of license terms and notification of collective obligations, and the data is remotely updated frequently with new licenses as they come to market. It recently added what they call Custom Code Prints, which gives ProtextIP support for proprietary source code.
Palmida claims a database of 40,000 of the most commonly used OSS projects and their associated licenses, monitoring more than 38 million open source files and billions of source code snippets. The Knowledge Base also contains all pertinent information regarding the open source projects: name, version number, project name, licensor, licensor information (when available), license, license text, and project URL, all using an automated collection toolset that incorporates information on all the new projects released on the major OSS repositories for real time updates.
The Palamida database takes up less than 10 Gb disk space, thanks to a compression algorithm, and it's all kept on a customer's own servers, behind their firewall. Its code is written in Java. IP Amplifier can be configured to search daily or weekly and has a set of configuration tools to integrate it into build systems.
Are There Any Differences?
The biggest differentiator is cost. IP Amplifier 3.0 is licensed on an annual subscription basis, for unlimited number of users, at prices that begin at $50,000 and go up to $250,000 per year, depending on the customer's development environment. There is a 30-day Free Trial offer.
Black Duck now offers two options. You can pay an annual licensing fee for its multiuser ProtextIP product, at $25,000 per year, and then add additional charges based on the amount of code you have. Or, you can use their new hosted ProtextIP/OnDemand product, an online system for a single user, single project, 90-day sessions, for which you pay based on the amount of code you wish to scan. It costs $3,000 for 10 MB of code and costs scale up to $25,000 for 100 MBs. A company thinking of acquiring another might wish to use the online tool, rather than purchase more costly version.
Both products still require human analysis, naturally. There can be false matches, if two independent developers happen to write software that is very much the same, even if there has been no copying, just because there are only so many ways of writing the same instruction. Both tools provide not only identical matches but also flag similarities in your source code to others' programs that are worth your further investigation and list issues for review. It's important to realize, however, that the tools scan and analyze copyright issues and licensing issues, not patent infringement. That is an entirely separate ballgame. But for what they are designed to do, unquestionably they have simplified, organized, and improved the due diligence process.
Security
A Look at The Onion Router (Tor)
Last week we promised a look at Tor, a system for anonymous Internet communication, primarily developed by Nick Mathewson and Roger Dingledine. Current development is supported by the Electronic Frontier Foundation (EFF), but Tor was originally developed as part of the U.S. Naval Research Laboratory's Onion Routing program.
As the Tor web page explains, Tor is a "toolset for a wide range of
organizations and people that want to improve their safety and security on
the Internet
". What does that mean? In a nutshell, Tor is a
client/server application that anonymizes traffic by routing it from the
client through a series of nodes to hide the origin of a request. It can
also be used to protect services against denial of service attacks and the like by hiding
their origin.
Tor routes traffic through nodes that "know" about the previous node and the next node -- but not the rest of the network. By routing traffic through a series of "onion routers" Tor makes it difficult for the receiver, observers and even other Tor routers to detect the source of traffic. A more complete description of Tor's design can be found in the design paper; a protocol specification is also available for those who wish to build compatible software.
Tor works as both a server and as a client. By default, Tor runs as a client only, but it can be configured to allow other users to connect to your system as a Tor node. In addition, Tor can be used to run "hidden" services that do not reveal your IP address to others at all. The "hidden wiki" maintains a list of hidden services that users can see as an example. Finally, it's possible to set up one's own Tor network that does not interact with the public Tor network, for those who want to test the protocol but may lack access to the Internet.
To achieve best results, one may need to use Tor in conjunction with other applications. For example, users who wish to browse anonymously would use Tor in conjunction with Privoxy. Other applications may require use of tsocks or ProxyChains.
To see what Tor had to offer, we installed it on a Ubuntu Hoary machine, along with Privoxy, tsocks and ProxyChains. Configuring services to work with Tor is not terribly difficult, and there is a relatively detailed HOWTO for users who wish to configure specific applications like Gaim, X-Chat, SSH or BitTorrent with Tor.
It should be noted that using Tor can have an impact on performance for client applications. Using Tor and Privoxy together for browsing, for example, introduced a notable lag. Firefox users may be interested in using the SwitchProxy Tool extension to switch Proxy use on and off, reserving Tor for specific sites rather than for all web browsing. Users should also be prepared for some odd behavior on some sites -- for example, we kept being redirected to country-specific versions of Google, rather than Google's main site, when using Tor and Privoxy. Tor itself didn't seem to have much of an impact on system performance overall.
Tor is not completely foolproof. It could be possible for someone who's running a Tor server to modify Tor or use other software to monitor traffic going through the server. Traffic coming out of the "exit node" (the last hop in the Tor "circuit") is not encrypted, so a malicious user could set up a Tor server and browse traffic coming out of their machine. (It is possible to specify your exit node in the Tor configuration.) There are also potential JavaScript issues, and there are other ways to analyze traffic that passes through Tor.
Interested users should also have a look at the EFF's legal issues page about Tor. Though Tor can be used for things like BitTorrent, it is not designed to assist copyright infringement or other illegal activity.
There is still a lot of development ahead for Tor, but it is definitely worth a look for users who are interested in anonymous communication on the Internet. Users with bandwidth to spare are also encouraged to set up and run a Tor server to help test its scalability and to help provide a larger Tor network. See the download page for Tor packages and source code.
New vulnerabilities
apache-utils: htpasswd buffer overflow
| Package(s): | apache-utils | CVE #(s): | |||||
| Created: | May 26, 2005 | Updated: | June 1, 2005 | ||||
| Description: | The htpasswd utility has a buffer overflow vulnerability. Web sites that use an unchecked public interface to htpasswd can be used to execute arbitrary code with the privileges of the user who runs htpasswd. | ||||||
| Alerts: |
| ||||||
gxine: format string vulnerability
| Package(s): | gxine | CVE #(s): | CAN-2005-1692 | ||||||||
| Created: | May 26, 2005 | Updated: | July 23, 2005 | ||||||||
| Description: | The gxine media player has a format string vulnerability in the hostname decoding function. A specially crafted file can be used to cause a user to execute arbitrary code. | ||||||||||
| Alerts: |
| ||||||||||
ImageMagick: xwd coder denial of service
| Package(s): | ImageMagick | CVE #(s): | CAN-2005-1739 | ||||||||||||||||
| Created: | May 26, 2005 | Updated: | July 19, 2005 | ||||||||||||||||
| Description: | The xwd coder in ImageMagick has a vulnerability that can be accessed by working on a maliciously created image. A denial of service can result. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
Mailutils: multiple vulnerabilities in imap4d and mail
| Package(s): | mailutils | CVE #(s): | CAN-2005-1520 CAN-2005-1521 CAN-2005-1522 CAN-2005-1523 | ||||||||
| Created: | May 27, 2005 | Updated: | June 3, 2005 | ||||||||
| Description: | infamous41d discovered several vulnerabilities in GNU Mailutils. imap4d does not correctly implement formatted printing of command tags (CAN-2005-1523), fails to validate the range sequence of the "FETCH" command (CAN-2005-1522), and contains an integer overflow in the "fetch_io" routine (CAN-2005-1521). mail contains a buffer overflow in "header_get_field_name()" (CAN-2005-1520). | ||||||||||
| Alerts: |
| ||||||||||
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current 2.6 prepatch remains 2.6.12-rc5. Linus's git repository contains 200 or so patches; these are mostly fixes, but there is also a conversion of the IDE driver code to the device model, a new Broadcom bcm5706 gigabit driver, the removal of the Philips webcam decompression code, an IPv4 "alias promotion" feature (make a secondary interface address into the primary if the previous primary is deleted), and an updated CPU frequency subsystem.The current -mm tree is 2.6.12-rc5-mm2. Recent changes to -mm include the pluggable congestion avoidance modules patch, some filesystem namespace patches, some scheduler tweaks, and lots of fixes.
The current stable 2.6 kernel is 2.6.11.11, released on May 27.
The current 2.4 kernel is 2.4.31, released by Marcelo on May 31. 2.4.31 contains quite a few fixes and some driver updates, but new features are no longer being added to 2.4.
Kernel development news
The ongoing Philips webcam driver saga
Linus has just merged a patch from Alan Cox removing some of the new decompression code from the Philips webcam driver. "The original pwc author raised some questions about the reverse engineering of the decompressor algorithms used in the pwc driver. Having done some detailed investigation it appears those concerns that clean room policy was not followed are reasonable." The hope, at this point, is to merge an improved version of the driver in 2.6.13 which will support (properly reverse-engineered) decompression modules in user space.
Time to remove LSM?
The first organized kernel summit, held in 2001, included a presentation on the NSA Security-Enhanced Linux project. Linus's response at the time was that there were several projects out there trying to find the best way to harden Linux, and that he did not want to have to choose between them. Instead, he asked for the creation of a generic framework which would allow an arbitrary security module to be plugged into the system. The result, some time later, was the Linux Security Module framework; LSM provides a long list of hooks into kernel operations which allow a security module to veto any action which violates the rules it is implementing.The LSM patch ran into some difficulties on its way into the kernel, but it is now an established part of the internal API. So some developers were surprised recently when James Morris suggested that perhaps the time has come to remove the LSM framework. His arguments are simple: there is only one serious module using the LSM framework in the intended manner, while unrelated projects are trying to use it in inappropriate ways.
It's dead code, an unnecessary abstraction layer between its one real user, SELinux, and the core kernel.
James asks: rather than forcing SELinux to conform to a general-purpose API (of which it is the sole user), why not just wire SELinux directly into the kernel, get rid of LSM, and be done with it?
SELinux is not truly the only security module out there, of course. The kernel includes a couple of other modules: a reimplementation of the capabilities mechanism and "root plug," a module which prevents processes from running as root unless a specific USB device is plugged in. There are out-of-tree modules, such as the BSD securelevels patch and Trustees Linux. The Immunix (now Novell) AppArmor product includes a module which uses the LSM framework. AppArmor is a proprietary offering, but the security module portion of it is GPL-licensed (as is necessary, since the functions for loading security modules are exported GPL-only).
There does not appear to be a groundswell of support for the idea of removing the LSM framework from the kernel at this time. That could change over time, however: increasingly, out-of-tree code is held to be irrelevant when decisions are made. If SELinux remains the only significant in-tree user of the LSM framework, LSM will look like useless baggage to more and more developers. If there are security modules out there which are reasonable alternatives to SELinux, their developers may want to think about getting them into the mainline sometime in the not-too-distant future.
Files with negative offsets
Every open file on a Linux system has an associated offset - the current read or write position within that file. The virtual filesystem code, when dealing with file positions, performs some basic checks, such as ensuring that the position is not negative. After all, what sense does it make to talk about a file position before the beginning of the file?As it turns out, there is a situation where a negative file position makes sense. Special files (such as /dev/mem and /dev/kmem) provide a window into the system's main memory. The "position" within these files corresponds to the address of the memory of interest. The interesting thing is that, on the x86_64 platform, addresses can be negative numbers.
This comes about as follows: this architecture currently uses a 48-bit address space. The hardware sign-extends the uppermost bit, however, so any address with that bit set will turn into a negative number. The x86_64 Linux port uses the upper bit to mark kernel space, so kernel addresses are, in fact, negative. A quick look at /proc/kallsyms confirms this:
ffffffff80100000 T startup_32
ffffffff80100100 T startup_64
ffffffff801001a0 T initial_code
ffffffff801001a8 T init_rsp
ffffffff801001b0 T early_idt_handler
...
The end result is that using /dev/kmem on an x86_64 system is difficult; any attempt to seek into kernel space will yield an error.
The clear fix is to modify the VFS layer to let negative file positions be passed through to the underlying filesystem or device driver. The problem with doing that in a general way, however, is that not all code (especially in drivers) is prepared to deal with a negative offset. Suddenly exposing that code to negative offsets could open up no end of bugs and security problems. So the real solution, as worked out by Al Viro and Linus Torvalds, is to add a new flag for the file structure called FMODE_ANY_OFFSET. This flag can only be set within the kernel; user space has no access to it. So the /dev/kmem driver will be able to set the flag and work with the full range of offsets, but, for the rest of the system, nothing will change.
The beginning of the realtime preemption debate
Merging Ingo Molnar's realtime preemption work was never going to be a quiet process. The noise has, in fact, begun long before Ingo has even proposed his work for inclusion. Now might be a good time to catch up with the debate as a way of seeing how the arguments might go in the future.The realtime preemption patches attempt to provide a guaranteed maximum response time for high-priority user-space processes - just like a "real" realtime operating system would. This goal is achieved by making everything in the kernel preemptible. No matter what the kernel is doing on a given processor, if a higher-priority process becomes runnable, it will be scheduled immediately. Many changes are required to make the whole kernel preemptible; the core parts are:
- New locking primitives. The spinlocks used by the kernel can cause
any number of processors to stall while waiting for a lock to become
free. Code which holds a spinlock cannot be preempted, or a
deadlocked kernel could result. The realtime preemption patches
introduce a new mutual exclusion type (the rt_mutex) which does not
spin, and, thus, will not stall a processor. The spinlocks and
semaphores currently used in the kernel are all converted over to the
new rt_mutex type, and all code which runs with spinlocks held becomes
preemptible. The rt_mutex type also implements priority inheritance,
so that a low-priority process will not block a higher-priority
process (for long, at least) by losing the processor while holding an
important lock.
- Threaded interrupt handlers. Interrupt handlers can create latencies
by monopolizing the processor for long periods of time. The realtime
preemption patch moves interrupt handling into kernel threads, which
contend for the processor with all other processes in the system. If
a certain realtime task is more important than interrupt handling, its
priority can be set accordingly.
- Various other mutual exclusion mechanisms, including read-copy-update, per-CPU variables, and seqlocks, require that preemption be disabled. All of these mechanisms are changed for the realtime preemption mode, usually by making them look more like regular spinlocks.
The realtime preemption patch set (at version -RT-2.6.12-rc5-V0.7.47-10 as of this writing) is clearly large and intrusive - it would be hard to make fundamental changes like those listed above any other way. It should be noted that Ingo has gone out of his way to minimize this intrusiveness, however: the patch is written to minimize code changes, and the kernel functions as always if realtime preemption is not selected at configuration time. The merging of this patch set would not force the new preemption model on users.
According to Lee Revell, the realtime preemption patches are already seeing some serious use:
Certainly the discussions that inevitably follow the release of a new version of the patch set indicate that there is an active user community out there. Some members of the community are starting to wonder why the realtime preemption patches have not been merged, and when (if ever) that might change. The biggest reason is that Ingo has not yet requested that the patches be included - though many small pieces and fixes from the realtime patch set have found their way into the mainline. If and when Ingo does push for inclusion, however, there will be some opposition.
To some developers, the realtime patch seems like a set of questionable and widespread changes aimed at the needs of a very small user community. Changing spinlocks into mutexes and moving interrupt handlers into threads are fundamental changes to how the kernel does things with the potential for the creation of subtle bugs and performance problems. Reworking things and adding complexity at that level is not a task that should be undertaken without a strong need - and many developers do not see a sufficiently strong need.
There are some concerns about the performance impact of these changes. Acquiring an uncontended spinlock is a very fast operation; the rt_mutex type, with its wait queues and priority inheritance mechanisms, is bound to be slower. There is some anecdotal evidence that there is a performance hit to realtime preemption, but little in the way of real benchmarking has been done. In any case, the performance penalty should only affect users who have actually enabled the realtime preemption mode.
Finally, not everybody is convinced that the realtime preemption approach can solve the real problem: providing an ironclad guarantee that a realtime process will be scheduled within a given maximum latency. Ingo believes that this guarantee can be made by eliminating all code within the kernel which can delay a reschedule; others feel that, to make a guarantee that can truly be trusted, the entire kernel must be audited and verified. They have a point: how strong a guarantee would you want before running realtime Linux in your car's braking system?
Those who want true realtime guarantees, along with developers who simply do not want to clutter the kernel with realtime mechanisms, argue that a different approach should be taken. The most commonly suggested alternative is RTAI-Fusion, which works (at its core) by interposing a "nanokernel" between Linux and the bare hardware. The nanokernel guarantees latency by taking the lowest-level scheduling decisions out of the Linux kernel's hands; it is kept small and easy to verify. Another project taking a similar approach is Iguana, which is based on the L4 microkernel.
Since the realtime preemption patch is not being proposed for merging at this time, no decisions are likely to result from the current, lengthy discussion. If Ingo has his way, there may never be one big decision; instead, pieces of the patch will be merged if and when it makes sense.
There may be some interesting realtime-related sessions at next month's Kernel Summit in Ottawa, however. Meanwhile, should anybody wish to plow through the entire thread on linux-kernel, here is the starting point.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Security-related
Page editor: Jonathan Corbet
Distributions
News and Editorials
KANOTIX - The Knoppix Improved
Is there a little-known Linux distribution consistently rated as one of the best by a large and varied spectrum of Linux users? If we were to name one, it would surely have to be KANOTIX, a Knoppix-based live and installation CD, which was, until recently, one of the best-kept secrets of the Linux distribution world. Launched in early 2004 by Joerg Schirottke, a computer science graduate from Kulmbach, Germany, the fame of the increasingly popular KANOTIX project has spread mainly due to the many time-saving improvements over its better-known parent. Here is a list of some of the more interesting features of KANOTIX:- KANOTIX has improved considerably Klaus Knopper's hardware
auto-detection and auto-configuration module. Users report that KANOTIX is
one of the very few distributions that boots into a graphical desktop with
touchpads on most notebooks working straight away. Many digital cameras,
PDAs, and storage devices are configured on the fly, while wireless
networking, both for network access and printing, is also ready for use
right after the boot. Granted, some of these modules are experimental and
might cause problems in certain hardware configurations - this is why Klaus
Knopper has been reluctant to include them in Knoppix. But for many novice
and medium-skilled Linux users such superb autoconfiguration of their
hardware is a blessing, and a welcome surprise, compared to most other
distributions.
- KANOTIX has been optimized for notebooks. We have mentioned the
automatic configuration of touchpads, but that's not the whole story. The
distribution also includes PowerNowd, a daemon
which works as a client of the CPUFreq driver and which has an ability to
adjust the speed of the CPU depending on system load.
- KANOTIX can be installed on one's hard disk with a simple graphical
installer. While this program was originally developed for Knoppix, the
KANOTIX maintainers have made a number of behind-the-scenes improvements.
As a result (and in the true spirit of the GPL), the KANOTIX installer is
now used by both KANOTIX and Knoppix, where it has been given preference
over the original installer.
- As with most live CDs nowadays, KANOTIX also provides a way to save
user's configuration and preferences to a variety of storage media,
including floppy disks, USB pen drives, and hard disks. An interesting
variation of this task is that if the settings are saved to a hard disk
partition, specifying "myconfig=scan" at boot time will make KANOTIX search
all hard disks for the settings file and load it automatically, without the
user having to remember the location. Needless to say, the ability to set a
persistent /home directory is also present in KANOTIX.
- The latest version of KANOTIX uses the Unionfs file system. While this
is also true for the more recent releases of Knoppix, the KANOTIX
developers have made a number of unusual enhancements to the concept.
Firstly, Unionfs is optional; to activate it, "unionfs" has to be added to
the boot prompt. However, if the KANOTIX hardware detection program detects
the presence of ATI or NVIDIA drivers, it will enable Unionfs automatically
- this way the users can easily install any proprietary ATI or NVIDIA
graphics drivers, if they so desire. Unionfs can also be loaded either as
read-only (unionro) to prevent files from being overwritten, or as
read-write (unionrw), and it can even be activated after the CD is fully
booted, although this will only set the Unionfs into the home
directory.
- KANOTIX comes with a selection of applications that is probably better
suited for an average home user that those included in Knoppix. Firefox has
been the default browser for several releases and many will find the
presence of the Guarddog firewall or the Skype telephony application a
pleasant surprise. Firefox also comes pre-configured with the Java plugin.
The best of all, however, is the ability to install more applications
through klik, a sophisticated
web-based interface for installing software on Knoppix and KANOTIX. New
programs can be installed either with a single mouse click while browsing
the applications on the above-mentioned web site, or by typing
"klik://program_name" in Firefox. The range of available software is
surprisingly large, including many non-free programs, such as the Flash
plugin, Real Player, Acrobat Reader, NVIDIA and ATI drivers, just to
mention the more obvious ones. Beta versions of certain popular software
packages, e.g. OpenOffice.org 2.0, are also provided for one-click download
and installation.
- The developers of KANOTIX have also written a large number of specialist
bash scripts for various tasks. These are located in /usr/local/bin and
although they are not well commented (or documented), most of them have
self-explanatory names. The scripts vary from configuring hardware drivers
to starting services, fixing problems, and installing software.
- A 64-bit edition of KANOTIX has also been released. This is one of the very few live CDs providing native support for the AMD64 and Intel EM64T processors. The live CD is based on the "pure64" branch of Debian Sid, with a compatibility layer to run certain 32-bit applications, such as OpenOffice.org.
Distribution News
Preparation of the next stable Debian GNU/Linux update (IV)
The (most probably) last revision of Debian 3.0 (Woody) is underway and may be out by the time you read this. There will be no more Woody updates once the Sarge release is finalized, which could be any day now.Debian sarge release update
An update on the Debian sarge release process has been posted. The release team is still chasing a few serious problems, so the release has been pushed back to June 6. "We're at a point now where more hands are not going to speed up the release, though, so if you aren't already involved in these tasks, you might want to just relax for a bit and start your Release Party preparations."
Cybernet Systems Sponsors the NetMAX Desktop Project
Cybernet Systems has announced that it is sponsoring the NetMAX Desktop Project, a development group that aims to produce a full-featured desktop package, licensed under the terms of the GNU GPL and based on the company's NetMAX Server distribution.Trustix Secure Linux now available via BitTorrent
Trustix has announced the availability of Trustix Secure Linux Installation ISO images for downloading via BitTorrent.
New Distributions
Two new Gentoo based Live CD distributions
Thanks to Michael Schuh we have added two new distributions to our list. Both are Gentoo-based live CD variants. Pentoo is a live CD that comes with GNOME and lots of tools for penetration testing, currently at version 2005.1. Navyn OS may be run as a live CD, or installed to hard drive. This one focuses on network security and comes with a variety of tools for port scanning, password sniffing, searching for vulnerabilities on remote systems, and more.
Distribution Newsletters
Debian Weekly News
The Debian Weekly News for May 31, 2005 looks at plans to optimize the LDAP gateway to the bugtracking system (after the Sarge release), Nokia's Debian-powered device, debian-legal summaries, preparations for Debconf5, Debian Day at LinuxTag 2005, and several other topics.Gentoo Weekly Newsletter
The Gentoo Weekly Newsletter for the week of May 30, 2005 is out. This edition covers the donation of new AMD64 hardware, a documentation status update, developer of the week Damien Krotkine, and more.DistroWatch Weekly, Issue 102
The DistroWatch Weekly for May 30, 2005 is out. "Last week, your DistroWatch staff had the extreme pleasure to meet with Dr Richard M Stallman, a truly fascinating, albeit controversial figure, dedicated to fight for our computing freedom; Robert Storey has summarised the experience. Also in this week's issue - a brief look at Libranet GNU/Linux 3.0 and a call for voting on which new packages you want to see tracked by DistroWatch from next month."
Package updates
Fedora updates
Fedora Core 3 updates: system-config-netboot-0.1.16-1_FC3 (fixes problems with generating unusable initrd.img diskless boot images, missing snapshot files, running /sbin/init at boot, and various python warnings), system-config-bind-4.0.0-16 (fix out-of-zone data reporting), netpbm-10.27-4.FC3 (fix segfault in pnmcolormap).Trustix Secure Linux updates
TSL-2005-0026 - multi addresses problems in anaconda, bittorrent, iptables, lilo, mod_perl, openldap, php, php4, pptpd, samba and squid for Trustix Secure Linux 2.1, Trustix Secure Linux 2.2 and Trustix Enterprise Server 2.
Distribution reviews
Linspire 5.0, The Linux Desktop For The Masses (LinuxElectrons)
LinuxElectrons reviews Linspire Five-0. "Linspire has chosen to eliminate some of the bloat that ships with most Distro's. Linspire doesn't have kmail, evolution, or even nine audio mixers. Most distributions ship with full versions of Gnome and KDE, plus some, that's a lot of overlap. Keven Carmony, CEO of Linspire, commented, "Linspire is Linspire because we touch pretty much every package in the OS". "We rarely just take a package and put it in our OS without polishing it up, adding features, fixing bugs, etc". Don't fret, you can still fire up CNR and download all the applications you want."
My Workstation OS: Scientific Linux (NewsForge)
NewsForge hears from a Scientific Linux fan. "Scientific Linux (SL) might seem a strange choice as a desktop operating system for someone who is retired, disabled, and elderly, and who has relatively little scientific or programming knowledge, but I get great excitement from exploring the art of Linux distributions, and with Scientific Linux, that excitement is amplified by knowing I'm using the same operating system that is being used by many of the world's leading scientists."
Review: FreeBSD 5.4 (NewsForge)
NewsForge has a short review of FreeBSD 5.4. "One of the oldest Unix-like operating systems, FreeBSD, continues its advancement with the sixth release in the FreeBSD-5 series. Its developers have added nothing major, but have made many modifications, fixing a number of problems introduced in previous releases. FreeBSD 5.4 is the best release since 5.1, but it still may not be ready for prime time."
Page editor: Rebecca Sobol
Development
Anyterm: A Terminal Anywhere
Anyterm is a terminal emulator package that runs as a local Javascript application on a web browser, it is similar in concept to the commercial application MindTerm from the company appGATE. Anyterm uses SSL encryption to prevent snooping of terminal session information. The Comparisons page looks at the differences between Anyterm and several other remote login applications. The introduction describes Anyterm:
![[Anyterm]](https://static.lwn.net/images/ns/anyterm.png)
* Some Javascript on a web page.
* An XmlHTTP channel to the web server.
* An Apache module that receives the XmlHTTP requests and feeds them
to an emulated terminal, and thence to a shell or whatever.
The how it works document sheds light on the internal operation of an Anyterm session and the deployment document describes a number of possible configuration arrangements. The documentation also addresses a number of potential security concerns when running Anyterm.
Anyterm stable version 1.0 and development version 1.1.0
were just announced:
"This week the stable branch has reached the milestone of
version 1.0, as
I think that this is now good enough for widespread use. There's also a
development branch where I'll be adding more experimental features,
starting with WAP support in version 1.1.0 which was released today. So
you can now get a shell prompt on your mobile phone. Some work is
needed to make it useable though. Future plans include merging my
QWAZERTY keyboard-layout mapping code.
"
Dependencies include version 2 of the Apache web server and the ROTE terminal emulation library. Anyterm development is Debian-based, your editor was able to get Anyterm to build on a Fedora Core 3 system by adding some file paths various lines of several include files. The installation instructions provided sufficient information for getting the software up and running.
The
configuration instructions bring one issue to light:
"If you're using a system with SE-Linux security features, such as Fedora Core 3, you may find that they prevent anygetty from invoking /bin/login. This probably just needs a slight change to a configuration file somewhere to make it work; if someone knows what is required please get in touch.
" A bit of SE-Linux configuration knowledge would
be a useful addition to the documentation.
To get a look at Anyterm in action, you can try running the Tetris clone "bastet" from the Anyterm web site.
System Applications
Mail Software
Mailman 2.1.6 Released
Version 2.1.6 of GNU Mailman, a mailing list manager application, is out. "This is a significant release, which includes three important security patches, updated Chinese (zh_TW and zh_CN) support, better compatibility with Python 2.4, a few new features, and many bug fixes."
popa3d 1.0 announced
Version 1.0 of popa3d has been announced. "For those few on the announcement list who don't know this yet, popa3d is a tiny POP3 daemon which attempts to be extremely secure, reliable, RFC compliant, and fast (in that order). Now, to the news: I've released popa3d 1.0. This means that I consider popa3d to be mature enough to enter its 1.x era."
Networking Tools
Knettools 1.0 (stable) released
Stable version 1.0 of Knettools has been announced. "Knettools' is a collection of menu-based testing tools for IPv4 networks. Tools included in the package are Finger, Name Scan, Ping, Ping Scan, Port Scan, Service Scan, and Whois. It is developed using POSIX threads and gnome libraries. This package was formerly known as 'xNetTools'."
OpenSSH 4.1 released
Version 4.1 of OpenSSH is out with several bug fixes.Twisted 2.0.1 Released
Version 2.0.1 of the Twisted networking framework has been released. "This is a minor release, only including bugfixes since 2.0.0. One of the most important fixes was a bug causing many gtk GUI apps to crash. Twisted News is now properly included in the Sumo release."
Printing
CUPS 1.2.x Weekly Snapshot, r4528
A new weekly snapshot of the CUPS printing system is out. See the release announcement for details.
VPN Software
SSL-Explorer 0.1.11 released! (SourceForge)
Version 0.1.11 of SSL-Explorer, an open-source SSL VPN solution, is available. "This release of SSL-Explorer contains a number of new features such as the ability to view the currently logged-in users and disconnect their sessions if necessary. The software can detect when new SSL-Explorer releases become available and also detect when new versions of the provided extensions are released. Version 0.1.11 also provides new features required to enable the launch of 3SP's SSL-Explorer Xtra service that brings commercial support and additional features to the product."
Web Site Development
Caravel CMS version 2.3 released (SourceForge)
Version 2.3 of Caravel, a content management system, is available. "Version 2.3 marks the transition of our source code tree to Sourceforge's CVS server, accompanied by major cleanup and reorganization of the code tree. In addition, a number of bugs have been fixed. Flash, MP3, and Quicktime file types are now supported. The publish tool has been revamped. See the CHANGELOG for details."
SchoolBell 1.1 Released
Version 1.1 of SchoolBell, a Zope 3-based calendaring server, is out. "In this release we round off and finish most of the functionality that was deferred from the last release (REST interface and proper timezone support). One important point is that we have started to import translations from the rosetta project and already have quite a large amount of translations done."
Web Services
Constructing Services with J2EE (O'ReillyNet)
Debu Panda covers the development of web services under J2EE. "Web services are a popular means of deploying service-oriented applications, and the standards in J2EE 1.4 make it easier to develop services that are portable and interoperable. Debu Panda shows you how, and takes a look at how things will get easier in J2EE 5.0."
Desktop Applications
CAD
PythonCAD release 25
The twenty-fifth development release of PythonCAD, a CAD package for open-source software users, is out. "The twenty-fifth release consists primarily of bug fixes. The compatibility code for the GTK Action and ActionGroup classes introduced in the previous release had a number of bugs which have been fixed. People running PythonCAD on PyGTK releases prior to 2.4 should find this latest release working correctly due to these fixes."
Data Visualization
Eman 1.7 Released
Version 1.7 of Eman, a scientific image processing suite with Python language bindings, has been announced. Here is the change summary: "A major overhaul of the parallelism infrastructure (runpar) was done. It now uses fileserver for both reads and writes in the cluster versions. A binary release was made for AMD64, and support for OSX was improved. A new program, refine2d.py, was added for generating reference-free class-averages from a set of particles. A new program, makeinitialmodel.py, was added for constructing 3D models from blobs. The AIRS software was greatly expanded and improved with Chimera bindings. Major improvements were done to the experimental 2D crystallography preprocessing program (qindex)."
Desktop Environments
KDE 3.4.1 released
KDE 3.4.1 is out. This is a maintenance release limited to bug fixes and some translation improvements.GNOME Software Announcements
The following new GNOME software has been announced this week:- Drivel 2.0 Beta 1 (new features)
- G-Inspector 20050529 (new features and bug fixes)
- Glom 0.8.29 (new features and translation work)
- GnomePythonExtras 2.10.2 (bug fixes)
- nautilus-python 0.4.0 (initial release)
KDE Software Announcements
The following new KDE software has been announced this week:- K3b 0.12beta2 (bug fixes)
- Kexi 0.9 Stable (new features and bug fixes)
KDE Project Offers Kolab Groupware Services to its Contributors (KDE.News)
KDE.News covers the announcement that groupware services will be available to all KDE contributors. "At the Dutch KDE-PIM meeting in Annahoeve last weekend it was announced that the KDE project will offer groupware services to all KDE contributors using the Free Software groupware server Kolab2. This means that every KDE project or contributor can get a Kolab2 account for sharing tasks, appointments, contacts and email. Every project can manage their own groupware services and decide with which users they want to share these resources. The Kolab2 server will run under the kdemail.net domain and will be administered by the KDE project."
KDE Commit Digest (KDE.News)
The May 27, 2005 edition of the KDE Commit Digest is available, here's the content summary: "Kalzium adds gradients and crystal structure data. KOffice supports loading of embedded objects from OASIS format. khtml improves XHTML handling. Kopete adds full text search of history, styles, recieving files and buzzing in Yahoo, and work continues on video device support. KDE 4 work continues with some applications able to run."
Educational Software
mnemo-0.5 released (SourceForge)
Version 0.5 of mnemo, a memory training application, is available. "Release 0.5 contains a console-mode implementation (no multi-media, yet) along with some example training files for arithmetic, the "peg system" and Esperanto vocabulary."
Electronics
Oscilloscope plugin 0.2.0 announced
Version 0.2.0 of Oscilloscope plugin, a DSSI format plugin application, is available, here is the description: "It has two audio input ports and will display the two input signals as two waves in the display. The trigger level and direction is controllable, as well as the amplification and offset for each channel and the time resolution."
Qocs 0.0.6 Released
Version 0.0.6 of Qocs is available. "Qucs is an integrated circuit simulator which means you are able to setup a circuit with a graphical user interface (GUI) and simulate the large-signal, small-signal and noise behaviour of the circuit. After that simulation has finished you can view the simulation results on a presentation page or window."
XCircuit 3.3.14 Released
Version 3.3.14 of XCircuit, an electronic schematic drawing package, is out. The CHANGES file says: "Changed behavior of netlist generation to allow (finally!) info labels on a top-level schematic. These labels are written verbatim into the output. Probably needs checks to avoid attempting to process certain embedded escapes like pins."
Games
New version of HLA Adventure for Linux/Red Hat
Version 2.80 of HLA Adventure, an adventure game that was coded in the High Level Assembly programming language, is out with these modifications: "Bug fixes, additional features, program enhancements, code modifications, clearer documentation and other changes."
Medical Applications
OpenEMR 2.7.2 Released (LinuxMedNews)
Version 2.7.2 of OpenEMR, an electronic medical record system, has been released. "Some highlights of the 2.7.2 final release are: An overhauled, faster and nicer-looking appointment calendar Support for current versions of the SQL-Ledger accounting system, deprecating the old "forked" sql-ledger sub-project of OpenEMR Partial implementation of access controls based on the phpGACL project Improved tracking of immunizations Patient problems can be associated with specific encounters and vice versa New forms for EOB entry, payment posting and adjustments Patient statements and collection letters New reports including cash receipts and cross-referencing of appointments with encounters Demographics export to a commercial laboratory system Support for some FreeB (billing system) fixes".
Music Applications
BEAST/BSE version 0.6.6 released (GnomeDesktop)
Version 0.6.6 of BEAST/BSE, the BEdevilled Audio SysTem and the Bedevilled Sound Engine, has been announced. "Major bug fixes are incorporated in this release, in particular in the BSE file saving mechanism, so updating to 0.6.6 is recommended to prevent data loss. Also the dialog messages were significantly improved and we had translation updates to Canadian English, Czech, Italian, Spanish and Basque."
Office Suites
OpenOffice.org Newsletter
The May, 2005 edition of the OpenOffice.org Newsletter is online with the latest OpenOffice.org news, events, and a guide to using special characters in OO.o documents.
Web Browsers
Mozilla Deer Park Alpha 1 released
The Mozilla Project has made Deer Park Alpha 1 available. This is an early alpha release of what will eventually be Firefox 1.1. New features include a "sanitize" operation (which quickly removes personal information), image thumbnails in tab icons, the "fast back" page caching capability, better cookie management, and more.Minutes of the mozilla.org Staff Meeting (MozillaZine)
The minutes from the April 25, 2005 mozilla.org staff meeting have been announced. "Issues discussed include releases, security releases, the Volunteer Awards, the board meeting, search, Mozilla Firefox strategy and quarterly goals."
Languages and Tools
Caml
Caml Weekly News
The May 24-31, 2005 edition of the Caml Weekly News is online with the newest Caml language developments.
Haskell
Issue Three of The Monad.Reader
Issue Three of The Monad.Reader is out with new Haskell language topics. "This month's issue has a definite introductory theme. It includes republished book reviews, notes on learning, a look at the differences between functional and object oriented programming, and distributed computation."
Lisp
SBCL 0.9.1 released
Version 0.9.1 of Steel Bank Common Lisp has been announced. "This version implements SB-POSIX:MKSTEMP, provides some optimizations, and fixes some bugs."
Perl
This Week in Perl 6 (O'Reilly)
The May 18 - 24, 2005 edition of This Week in Perl 6 is available with all of the latest Perl 6 development news.
Python
Dr. Dobb's Python-URL!
The May 31, 2005 edition of Dr. Dobb's Python-URL! is online with the latest Python language articles.
Ruby
Ruby Weekly News
The May 22nd, 2005 edition of the Ruby Weekly News has been posted. It is a summary of the ruby-talk mailing list.Ruby Weekly News
The May 29th, 2005 edition of the Ruby Weekly News has been posted, summarizing the week's activities on the ruby-talk mailing list.
Emulators
Bochs 2.2 released (SourceForge)
Version 2.2 of Bochs has been released with some new features. "Bochs is a highly portable open source IA-32 (x86) PC emulator written in C++, that runs on most popular platforms. It includes emulation of the Intel x86 CPU, common I/O devices, and a custom BIOS. Currently, Bochs can be compiled to emulate a 386, 486, Pentium, Pentium Pro or AMD64 CPU, including optional MMX, SSE, SE2 and 3DNow! instructions."
Profilers
OProfile 0.9 released
Version 0.9 of OProfile, a system profiler, is out. "New in this release is a new differential profile output, a reworked call-graph output format, and several important updates. As usual, upgrading is strongly recommended."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
How The Kernel Development Process Works (Groklaw)
Groklaw is running an article by Greg Kroah-Hartman on how the kernel development process works. "People are claiming that code can just get "slipped into" the main kernel tree without realizing where it really came from, or without any sort of review process. Obviously they have never actually tried to get a major kernel patch accepted, otherwise they would not be making these kinds of claims :)"
Underground showdown (Register)
The Register looks at an interesting phonomenon in the cracker world: web site defacers have are targeting phishing sites. "It's unlikely that many law enforcement officials will go after Web defacers who are posting warnings to potential victims of phishing fraud. Prosecutors can pick and choose the cases in which they want to invest time, and helping out bank fraudsters is not likely a high priority..."
Stallman: Nokia's announcement next to nothing (NewsForge)
NewsForge has Richard Stallman's take on Nokia's limited patent grant. "We can honestly thank IBM for agreeing not to sue us with 500 of its patents, and we can thank Nokia too for agreeing not to attack one of our community's projects. But don't be distracted from the real issue at stake. Nokia most likely intends to use this announcement as a way to put us in more danger. Nokia, along with IBM and Microsoft, is lobbying hard for software patents in Europe. Nokia will surely point to its own small gesture as 'proof' that software patents will not be devastating to free software."
Trade Shows and Conferences
India's Upcoming Free Software, Free Society Conference (Linux Journal)
Linux Journal previews an upcoming Linux conference in India. ".. the Free Software Foundation of India is organising a four-country conference to be held May 28-29, 2005. The Free Software, Free Society conference brings together hackers from an unlikely set of nations, people who don't speak the same language but who do see much in the idea that knowledge is most powerful when it is shared freely."
Linux named "platform for the future" by PalmSource keynote speaker (DesktopLinux.com)
Desktop Linux covers a keynote address by Dr. Dave Nagel at "Mobile Summit", PalmSource's annual developer event. ""Linux is our platform for the future," said Dr. Nagel, noting that CMS's (re-named PalmSource Asia) Linux-based products will make their way into PalmSource's offerings worldwide."
Big-business technologists talk up Linux (Computerworld Australia)
Computerworld.au covers the LinuxWorld Summit. "Several IT executives at the LinuxWorld Summit last week reinforced the idea that Linux now has the technical brawn and industry support to accommodate the most demanding business applications in environments such as finance, airline reservations and stock trading."
IT giants accused of exploiting open source (News.com)
News.com reports from the Holland Open Source Conference, where European Commission member Jesus Villasante made some comments about the community and business interests. "Villasante argued that open source is vital to the development of the European software industry, but that its progress has been inhibited by pressure from intellectual-property lobbyists and the traditional software industry, and by the fragmentation of the open-source community. 'Open source is a complete mess--many people do lots of different things. There's total confusion today,' Villasante said."
Companies
Cyber fixers now at PC near you! (Hindustan Times)
Hindustan Times reports that Bangalore-based DeepRoot Linux has come out with its 'DeepOfix' messaging server. ""It handles e-mail, fights spam and scans your mail. What most solutions take a week to do, our software does in 35 minutes. It has the ability to track e-mail, so that you know whether an e-mail you've sent has reached the receiver or not," Abhas Abhinav, who heads DeepRoot, said."
Novell reports loss as older business shrinks (News.com)
News.com examines the latest financial report from Novell. "Revenue rose to $297 million from $294 million, but came in below Wall Street's average estimate of $302 million. Joe Tibbetts, Novell's chief financial officer, said revenue from the company's NetWare product line declined at a slightly faster pace than expected. "Revenue grew, but we'd like to see them grow more," Tibbetts said. "Even in our Linux business, we would have liked to do better there.""
Linux Adoption
Detroit high school opens its desktops (NewsForge)
NewsForge examines a switch to Linux and OpenOffice.org at the University of Detroit Jesuit High School and Academy. "The cost analysis was compelling -- the Linux option could be implemented for around $21,000, more than $100,000 less than the Microsoft Windows alternative. The key to enabling the move to Linux, however, was the ability to provide an acceptable office application suite that would run on both Windows XP and Linux. It was impractical for the school to support more than one office application suite, nor was it cost-effective nor beneficial to remove Windows XP from the newer systems."
Interviews
The Meeks shall inherit the earth (GnomeDesktop)
GnomeDesktop.org has announced the availability of Lug Radio Episode 28. "Lug Radio interviews Michael Meeks, Novell hacker and Busiest Man Alive, who talks about OpenOffice.org, Gnome, how you can get involved, and how to get lots of work done by not spending all day reading other people's weblogs..."
Interview with KDE-PIM Hacker Daniel Molkentin (KDE.News)
KDE.News has an interview with Daniel Molkentin. "I am one of Kontact's maintainers, along with Don Sanders and Cornelius Schumacher. I mostly take care of the Kontact framework itself, the visible parts if you will. Other than that, I am the author or several fixes, features and hacks throughout KDE-PIM."
Interview with KDE PIM Hacker Cornelius Schumacher (KDE.News)
KDE.News talks with Cornelius Schumacher, KDE-PIM module project leader. "We have seen several developers in interviews and blogs talk about the KDE PIM event in the Netherlands and what they are planning to work on during the meeting. Do you have any plans or ideas for this meeting? There are two big goals I would like to achieve at the meeting. First, creating a roadmap for KDE PIM 4. Second, relaunching the KDE-PIM web pages with some fresh and rejuvenated content. But I'm sure there will also come up some new ideas at the meeting."
An evening with the Guru of Python: Guido van Rossum (TuxJournal.net)
Vincenzo Ciaglia interviews Guido Van Rossum on TuxJournal.net. "What's your role in the Python Developing Team? Are you still working on some projects or you just coordinate your guys? We're currently designing a new compound statement that lets you code resource acquisition and release pairs (such as acquiring and releasing a lock, or opening and closing a file) in a way that guarantees the release always happens without having to write a try-finally statement."
Resources
The Daemon, the GNU and the Penguin - Ch. 10 (Groklaw)
Groklaw has published chapter 10 of the book "The Daemon, the GNU and the Penguin," by Dr. Peter H. Salus. This chapter covers Sun and gcc.Developing GNOME Applications with Java (Linux Journal)
Linux Journal looks at the process of creating a GUI design in XML, writes Java code, and then plugs the whole thing in to the GNOME desktop. "With three existing Java GUI toolkits, one might ask why another alternative is necessary. GNOME's Java bindings are unique because they are tied directly to GNOME. An application written with GNOME's Java offerings looks and behaves exactly as if it had been written using GNOME's C libraries. It integrates seamlessly into the GNOME desktop and provides the same capabilities as any other GNOME application. The reason for this is GNOME's Java bindings use the Java Native Interface to delegate work directly to GNOME's C libraries."
Rexx: Power Through Simplicity (O'ReillyNet)
O'ReillyNet covers Rexx. "Rexx was the first widely used scripting language. Though IBM invented it 25 years ago, it may come as a surprise that this language is more popular today than ever. There are now nine free and open source Rexx implementations. These run under virtually any operating system on any platform. All but one meet the Rexx language standard, and each has optimizations or extensions for a specific purpose."
Programming Tools: UML Tools (Linux Journal)
The Linux Journal looks at tools (both free and proprietary) for creating UML diagrams. "At the moment, none of the open-source tools that I have tried match the richness of the commercial products. DIA is the most extensible, but it does not treat UML semantically, so logical connections and implications are not supported."
The Small Computer System Interface (SCSI) standard (IBM developerWorks)
Peter Seebach profiles the history of SCSI on IBM developerWorks. "Alan Shugart, founder of Shugart Associates and Seagate, gets most of the credit for being the visionary who realized the world needed a standard like this one. The initial protocol was called the "Shugart Associates Systems Interface," or SASI. It had a fairly limited set of protocol commands, and performance peaked out at 1.5 MBps (which sounds pretty weak, but for 1979 this was incredible)."
Linux in Government: Optimizing Desktop Performance, Part III (Linux Journal)
Linux Journal continues this series on optimizing the Linux desktop. "Some default features of Linux that seem slow to a new desktop user appear perfectly acceptable to long-time workstation users. When we begin to disable services that slow down the boot process, some Linux users might object. For instance, killing the mail transfer agent could mean that service messages meant for root or admin are not sent. Someone wanting to boot up her laptop quickly, however, might not care about that. For system administrators and developers, though, the missing chance to analyze a program flaw becomes a lost opportunity."
Miscellaneous
EU puts funds toward global research on open source (News.com)
News.com looks into a grant from the European Union for the support of open-source software around the world. "The newly approved funding--660,00 euros, or $825,594--is for the two-year FLOSSWorld project, Europe's first initiative to support international research and policy development on "free/libre/open source software." Previous FLOSS projects, starting as early as 2001, have concentrated on the use of open source in Europe alone."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
Google's summer of code
Google has announced a program called the "Summer of Code." Students interested in hacking on free software can put in an application and, working with a mentor project, earn $4500 for completing a project. The participating projects include Python, Perl, Apache, Ubuntu, Mono, GNOME, Wine, Subversion, and Google itself.
Commercial announcements
BitMover announces BitKeeper to CVS converter
For any free software projects which still have BitKeeper repositories: BitMover has announced the availability of a conversion utility which will turn those repositories into CVS repositories. Time to use it is running out: "Beginning July 1, 2005, all existing BitKeeper binaries will require license keys to enable continued use."
CAC Media Announces Digital Entertainment Devices
CAC Media, Inc. and VIA Technologies will demonstrate new Linux-based digital entertainment platforms at the VIA Technology Forum and Computex trade shows. "This combination of low cost / high performance hardware and software shows Original Design Manufacturers (ODMs) and Original Equipment Manufacturers VIA Technology's latest reference designs running CAC's MCSS platform. CAC's Media Convergence Software Suite (MCSS) is a Linux-based operating system the company licenses to consumer electronics manufacturers to drive new chip-sets available for their products. The innovative software / hardware combination enables them to combine PC, Internet, and CE functionality into "lean back" products designed to play, consume, store, and organize ALL digital media."
EarthLink and Microtel Partner to Offer $69.99 PC
EarthLink and Microtel have announced a partnership to provide discounted Linux-based PCs and laptops for new subscribers. "New dial-up subscribers can receive the special Microtel pricing from May 25, 2005 - June 25, 2005, by going to http://www.microtelpc.com and placing an order for a $69.99 PC or $399 laptop. During the ordering process buyers will be directed to the EarthLink Website to fill in subscription details. The $150 discount will be applied to the cost of the computer at the point of purchase, and requires a one-year EarthLink dial-up Internet access commitment."
Nokia Makes Donation to GNOME Foundation
Nokia has announced a developer device program at the GNOME user and Developer European Conference (GUADEC). The developer device program will donate the proceeds from the sales of 500 Nokia 770 devices to the GNOME Foundation.Novell's "Mono Kickstart" program
Novell has announced the "Mono Kickstart Program," a support offering for companies developing desktop applications with Mono. This is clearly not a service intended for free software projects: "Mono Kickstart includes 25 developer support incidents along with one server or 50 desktop licenses for $12,995. Additional developer support incidents, server licenses and desktop licenses can be purchased separately."
SCO's second quarter results
Remember SCO? That company has just announced its second quarter results: an almost $2 million loss on declining revenue. Even that figure includes almost $800,000 realized from the sale of all of SCO's stock in Trolltech last March.Win4Lin Products Available for Linspire
Win4Lin has announced "..that the company's Win4Lin 9x and Win4Lin Home products are now compatible with Linspire Five-0 and are available in the Linspire CNR Warehouse. The company also announced that their flagship Win4Lin Pro will be available in the CNR Warehouse by mid-summer 2005."
New Books
Killer Game Programming in Java - O'Reilly's Latest Release
O'Reilly has published the book Killer Game Programming in Java by Andrew Davison.
Resources
Table of analogs of Windows software in Linux
Fiodor Sorex has announced the creation of a table that lists Linux equivalents for Windows software. "One of the biggest difficulties in migrating from Windows to Linux is the lack of knowledge about comparable software. Newbies usually search for Linux analogs of Windows software, and advanced Linux-users cannot answer their questions since they often don't know too much about Windows :). This list of Linux equivalents / replacements / analogs of Windows software is based on our own experience and on the information obtained from the visitors of this page (thanks!)."
Edition 2 of MyOSS Magazine
Edition 2 of the Malaysian Online Open Source Magazine, MyOSS Magazine has been published. Topics include: Open Source Power Management, Open Source PBX/PABX, Daemon's Advocate, Virtualisation, Tip of The Month, Book Review : Free as in Freedom, and more.Open source and the commoditization of software
Ian Murdock has posted his chapter from the upcoming O'Reilly book Open Sources 2.0; it is called "Open source and the commoditization of software. "If Red Hat's business model is wrong, then what is the right business model for Linux distribution vendors? In my view, the Dell model can be taken a step further than any of the Linux distributors have thought to take it. After all, what are open-source technologies but commodity software components, and what are Linux distributions but assemblers of those components into products the end customer finds useful?"
Contests and Awards
First-Round Voting in 2005 Readers' Choice Awards (Linux Journal)
Linux Journal has announced the first round of voting for the 2005 Readers' Choice Awards. "As you know by now, the Web form is gone, and voting is taking place by e-mail this time. We require plain text e-mail for votes, so no HTML or attachments."
Upcoming Events
Debian Day at LinuxTag 2005
The Debian Day mini-conference at LinuxTag has been announced. "It will take place on Thursday, 23rd of June during this year's LinuxTag in Karlsruhe, Germany. The talks will describe certain parts of the distribution or the project and will be held in English."
Europython 2005 update
An Update notice has been sent out for the EuroPython 2005 conference. "Due to some technical problems with the registration website we have decided to extend the registration of talks until 8 May. We already have an impressive array of talks, but we do have room for some more. We are especially interested in talks focusing on the Python language and talks on Python usage in Science." The event takes place in Göteborg, Sweden on June 27-29, 2005.
Fedora Talk at USC Los Angeles, CA
A talk on the Fedora Project will be held at the University of Southern California in Los Angeles, California on June 16, 2005. "Warren will explain the Fedora Project, do Q&A, and hand out a limited amount of schwag."
Joint Call for Participation: IEEE Conference on Web Services
A Joint Call for Participants has gone out for the 2005 IEEE International Conference on Web Services. The event will take place on July 11-15, 2005 in Orlando, Florida.Embedded Technology 2005, Yokohama, Japan
The Embedded Technology 2005 Conference has been announced. The event will be held in Yokohama, Japan on November 15-18, 2005.Events: June 2 - July 28, 2005
| Date | Event | Location |
|---|---|---|
| June 2 - 3, 2005 | The Red Hat Summit 2005 | (Hilton New Orleans)New Orleans, LA |
| June 2 - 4, 2005 | Fórum Internacional Software Livre(FISL) | Porto Alegre/RS, Brazil |
| June 9 - 10, 2005 | Austrian Perl Workshop | (Kapsch CarrierCom)Vienna, Austria |
| June 9 - 10, 2005 | The French Perl Workshop | (Faculté des Sciences de Luminy)Marseille, France |
| June 11, 2005 | PHP West | Vancouver, BC, Canada |
| June 15 - 17, 2005 | AstriCon Europe 2005 | (Auditorium Madrid Hotel)Madrid, Spain |
| June 17 - 19, 2005 | RECON 2005 | Montreal, Quebec, Canada |
| June 18, 2005 | Perl Dag 2005 | Copenhagen, Denmark |
| June 19 - 22, 2005 | International Lisp Conference 2005(ILC 2005) | (Stanford University)Palo Alto, CA |
| June 20 - 21, 2005 | Linux Cluster Summit 2005 | Walldorf, Germany |
| June 22 - 25, 2005 | LinuxTag 2005 | (Kongresszentrum)Karlsruhe, Germany |
| June 23 - 24, 2005 | Italian Perl Workshop 2005 | (University of Pisa)Pisa, Italy |
| June 25, 2005 | LugRadio Live 2005 | (Molyneux Stadium)Wolverhampton, UK |
| June 25, 2005 | XML Prague 2005 | Malá Strana, Prague, Czech Republic |
| June 27 - 29, 2005 | Yet Another Perl Conference(YAPC::NA 2005) | (University of Toronto)Toronto, Ontario, Canada |
| June 27 - 29, 2005 | EuroPython 2005 | Göteborg, Sweden |
| June 29 - 30, 2005 | Where 2.0 Conference | (Westin St. Francis Hotel)San Francisco, CA |
| July 1 - 6, 2005 | Linux Desktop Development and KDevelop Developers Conference 2005 | Kiev, Ukraine |
| July 5 - 9, 2005 | LSM 2005 Libre Software Meeting for Medicine | Dijon, France |
| July 6 - 9, 2005 | IV Jornades de Programari Lliure | Campus de Vilanova i la Geltrú, Spain |
| July 10 - 18, 2005 | Debconf 5 | Helsinki, Finland |
| July 11, 2005 | Evolution of Open-Source Code Bases(EVOSC05) | Genova, Italy |
| July 11 - 15, 2005 | First International Conference on Open Source Systems(OSS2005) | Genova, Italy |
| July 11 - 14, 2005 | GOTO10 workshop | (OKNO)Brussels, Belgium |
| July 11 - 15, 2005 | IEEE International Conference on Web Services(ICWS 2005) | Orlando, Florida |
| July 17 - 19, 2005 | Desktop Developer's Conference | (Ottawa Congress Centre)Ottawa, Ontario, Canada |
| July 18 - 22, 2005 | ApacheCon Europe 2005 | Stuttgart, Germany |
| July 18 - 22, 2005 | PostgreSQL Bootcamp | (Big Nerd Ranch)Atlanta, GA |
| July 20 - 23, 2005 | Ottawa Linux Symposium(OLS 2005) | Ottawa, Canada |
| July 20 - 22, 2005 | North American Plone Symposium | (The Astro Crowne Plaza)New Orleans, Louisiana |
| July 26, 2005 | 2nd European LISP and Scheme Workshop | Glasgow, Scotland |
| July 27 - 28, 2005 | Back Hat Briefings USA 2005 | Las Vegas, NV |
Page editor: Forrest Cook
Letters to the editor
The gift of volunteering
| From: | christiaan <christiaan.theron-AT-virgin.net> | |
| To: | "letters-AT-lwn.net" <letters-AT-lwn.net> | |
| Subject: | The gift of volunteering | |
| Date: | Fri, 27 May 2005 21:04:30 +0100 |
Dear Editor
I have been using windows for a number of years and am certified in
system administration. However when I became unemployed I thought this
was an opportunity to research Linux to see what I could use it for and
gain some skills to try to re-enter the labour market.
I needed to start gently with a GUI distro and found IPCop. I was
pleasantly surprised at how useful it is and the quality of the addons
and documentation. However having never been involved in the Open Source
community I did not really know what to expect in terms of support and
contribution to the community.
I continued to explore the Open Source community through IPCop and found
something quite unexpected. By reading the docmentation manuals and
implementing the services of the distro I really began to get an
appreciation of the high standard and professionalism of the work
countless volunteers had put in and this helped me develop an
understanding of what the Open Source community is really all about.
It was at this stage I noticed that a section of the documentation had
not be written up and when I enquired with the community what was
happening with it, I was invited by the Lead Documentation volunteer to
contribute. While still a Linux novice I thought that this would be an
ideal opportunity to learn more about the VPN features.
Through this activity I was able to learn more about system
administration than I did through certification because I found it an
enjoyable form of edu-tainment. I became introduced to other projects
and their developers from different parts of europe. I now regulary
beta test new versions of TauVPN and Linsys, which are Open Source
windows IPSec clients. I enjoyed this so much that I volunteered to
write up a how-to for TauVPN.
After responding to questions on the IPCop forums I noticed that users
were posting queries related to issues arising when using more than one
firewall and were trying to find firewalling technologies that were
complimentary to their IPCop or existing Router.
I started to explore other firewall distributions and firewall
technologies. I had become a CCNA in february of this year and this gave
me an understanding of switching and bridging so I was very interested
when I came across Linux bridging firewall technology. I signed up to
the ebtables mailing list and established that a Linux bridging firewall
can be very effective against attacks when configured without an IP
address. When further combined with an Intrusion Prevention System such
as snort-inline it can detect attacks and prevent them.
Having discovered this technology and how useful it would be to
compliment an existing firewall/router. I then went about researching
an easy to use GUI distro with these features and found distros for
nearly everything but no bridging firewall IPS distro. If anyone knows
of an easy to use GUI bridging firewall distro that I can install on a
older computer then I would appreciate details on it.
If there is none I would be interested in collaborating with
other volunteers in the development of an easy to use bridging firewall.
Christiaan Theron
christiaan@wonderport.com
Letter to the Editor: Setback for Linux
| From: | Leon Brooks <leon-AT-cyberknights.com.au> | |
| To: | Forbes Letters to the Editor <readers-AT-forbes.com> | |
| Subject: | Letter to the Editor: Setback for Linux | |
| Date: | Fri, 27 May 2005 00:24:13 +0800 | |
| Cc: | Daniel Lyons <dlyons-AT-forbes.com>, letters-AT-lwn.net |
Forbes' website's feedback form gives no indication of a successful
submission, so... you all have my permission to publish this:
http://www.forbes.com/business/2005/05/25/cz_dl_0525linux...
---------------------8<-----cut-here-----8<------------------------
Daniel Lyons seems to be in the habit of being late, and dead wrong.
Here, the kernel developers (and specifically Linus) developed a
replacement tool in a matter of days or weeks, which is more closely
tailored to their way of doing things and therefore - at least in
principle - going to be even more effective than BK at maintaining
Linux's pace and security.
To the delight of many of the kernel hackers and onlookers, Linux is now
both ahead of the game and free of any proprietary encumbrances.
Daniel must have a deep-seated misunderstanding of how Open Source works
or is carrying a chip on his shoulder if he can spin that rather
excellent news to be somehow negative. And it seems to have taken him
more than a month to do it.
Perhaps he can do a story on how it took Microsoft years longer than
Linux to run reliably 64 bits wide on AMD's chips? I'd be interested to
see how long it takes him find a negative in that for Linux. It's an
odd spectator sport, I admit, but harmless and predictable.
Cheers; Leon
Perth, Western Australia
--
http://cyberknights.com.au/ Modern tools; traditional dedication
http://plug.linux.org.au/ Member, Perth Linux User Group
http://slpwa.asn.au/ Member, Linux Professionals WA
http://osia.net.au/ Member, Open Source Industry Australia
http://linux.org.au/ Member, Linux Australia
Page editor: Jonathan Corbet