The Open Software License, Version 3.0

In December, 2004, a committee tasked by the European Commission issued a report [PDF] on open source licensing. This report concluded that, while the existing open source licenses achieved a number of important goals, none was 100% suited to the task of licensing software in Europe. The shortcomings they found led the committee to suggest that the EU should adopt either a modified version of the Open Software License or a completely new license drafted with European requirements in mind.

Most of the problems found by this committee were related to terminology. Most open source licenses, for example, allow the licensed software to be redistributed. Under the European interpretation, however, "redistribute" has a narrower meaning; in particular, it does not include acts like making the software available for general download on the net. The essential right for this sort of redistribution is "communicate to the public." Without an explicit grant of the right to communicate the licensed code to the public, the possibility remains that some court, somewhere, could conclude that putting a tarball on a web site is a violation of the license.

"Virality" is another concern of the authors, who see the GPL is being rather more "viral" than the alternative licenses. In particular, the authors see dynamic linkage as a barrier over which the concept of a "derived work" cannot cross:

The Free Software Foundation, instead, does not feel that the type of linking used affects the copyright status of the resulting program. This distinction is important; it could, for example, affect the status of proprietary kernel modules. Because they disagree with the FSF's interpretation, the report's authors shy away from the GPL, even though other "copyleft" licenses contain similar language - and copyleft is what the authors say they want.

A few other details caught their attention. Licenses in Europe, for example, are generally not allowed to outlast the corresponding intellectual property protection period. The terms of a copyright license thus cannot be imposed after the covered work has gone out of copyright, should that ever be allowed to happen again. Some details in warranty disclaimers are different, and there are certain types of warranty which cannot be disclaimed.

In response to this report, Lawrence Rosen, the author of the Open Software License, has announced a draft version 3.0 of the OSL [PDF] for review. The draft is annotated so that it is easy to see what has changed from the current version (2.1). Most of the changes are fairly obvious given the discussion above: the OSL now explicitly grants the right to "communicate" the software, for example. The license is no longer "perpetual"; instead, the copyright and patent grants are for the copyright and patent protection periods, respectively.

There are a couple of new terms which might not be popular with all users of this license, however. The "acceptance" clause now includes the following text:

This language is a response to concerns about whether a license can truly be binding in Europe if the licensee has not explicitly accepted it. The "reasonable effort under the circumstances" might include an active copyright acceptance step required at download time or when the software is installed. It is unclear what might be expected of a distributor shipping OSL-licensed software mixed in with thousands of other packages.

The new license also adds:

This looks like the return of the unlamented BSD advertising clause. It is less onerous, however, in that it only requires attribution in places where the redistributor is asserting copyright claims. Still, a splash screen for an application built from several OSL-licensed libraries could get unwieldy. Mr. Rosen states:

It is not clear how much of a problem this has been in the real world, and whether it truly needs fixing.

The OSL is not a hugely popular license; Freshmeat claims that the OSL applies to 0.15% of the projects listed there. There are some important projects using the OSL, however, including Rails, Globus, ImageMagick, and sparse. This license is well respected and carries a certain influence. Its importance could grow if it comes to be seen as the license to use for those who are especially concerned about adherence to European law. So this proposed update is significant. For those who are interested, the discussion is happening now on the Open Source Initiative's license-discuss mailing list.

Comments (30 posted)

GNOME and the way forward

It is not often that a straightforward software release announcement generates over 100 comments on LWN, so the recent GTK+ 2.8.0 announcement is special. One might think that the commenters were excited about the new GTK+ features, including Cairo graphics, composite extension support, or that sexy new file browser widget. But no such luck. It would seem that what people really want to talk about is key bindings, which are unchanged in 2.8.0. Certain users see GNOME as moving steadily away from its initial user base, and away from the traditions of Unix as a whole, and they are vocal about their discontent with this state of affairs.

Certainly, the GNOME desktop offers enough annoyances to make just about any user grumpy. Your editor is burned daily by the metacity "a new window gets the keyboard focus regardless of the pointer position" policy; having the focus yanked away in the middle of a sentence does not seem like the most user-friendly policy. Why can't gthumb's forms do the right thing when the user hits "enter," rather than forcing another trip back to the mouse? Where, exactly, is the little option to get emacs key bindings? Clicking on a window does not mean the window should be raised; there is a separate combination for that. The new, "electron cloud" busy-cursor behavior in the Rawhide version of GNOME 2.12 is distracting and annoying, requiring a trip to an external site for a new cursor theme. Dia's aggressive use of "tool tips" makes a nice drawing application almost unusable. Why is there no easy way to move settings from one system to another? And so on.

Annoyances are part of using a computer, however. It is hard to imagine that a desktop as complex and featureful as GNOME would be free of glitches. These things can be smoothed out over time to make room for new bits of obnoxious behavior. The GNOME debate goes beyond the current set of misfeatures, however, and into a couple of fundamental issues which are worth a look.

One of these is: to what extent is GNOME a "Unix" desktop, and to what extent should it preserve the traditional Unix way of doing things, whatever that might be? At the 2000 Ottawa Linux Symposium, Miguel de Icaza delivered his famous "Unix sucks" talk. Unix, he said, had gone stale and had not been the source of any significant innovation for quite some time. The GNOME project intended to move beyond hidebound Unix ways and deliver something new. Miguel's vision, which seemed to involve switching over to hidebound Microsoft ways, does not appear to be driving the GNOME project at this time, but the project does appear willing to break from the past - even its own past - if that offers hope of a better desktop.

And that is how it should be. The Unix way of doing things worked well in a different era, when users were clueful, systems were small (in capability, if not in actual size), and an ADM 3 terminal in one's office seemed like a major step up. How do many of the fundamental Unix ideas - writing programs as small, text-oriented filters, for example - fit into the creation of a modern, graphical desktop? Clearly, developers wishing to pull Linux forward into a larger world with a broader user community have to be willing to do some things differently. One may not agree with everything that the GNOME project has done, but the GNOME hackers are (like their counterparts at KDE and elsewhere) trying to change the world for the better.

It would be surprising indeed if there were a consensus on what "better" is, especially before it has been implemented and pounded on. The GNOME idea of "better" may or may not win out in the end, but, because the developers are working at it, we will have the opportunity find out. And that is a good thing.

The other issue which comes up with some regularity is a perceived arrogance from some in the GNOME camp. Experimentation with the desktop will go best when accompanied by careful attention to the resulting cries of agony from the user community. Users have often been heard to complain, however, that the GNOME hackers Know Too Much to listen to those cries as they follow the One True Course. A tendency by some developers to describe user requests as "crack" probably has not helped in this regard. Recent posters have complained about the refusal by the Evolution maintainers to accept a patch enabling the use of external editors.

There is a hard line to follow here; the maintainer of any successful free software project must learn to say "no" to features and requests much of the time, or that project will likely collapse under its own weight. Say "no" too often, however, and both users and developers will leave for a more accommodating environment. The GNOME developers may well be guilty of occasionally erring on the "no" side of that line, however. The project probably hit its low point early in the 2.x series, when configuration options were being jettisoned in a seemingly indiscriminate manner and few apologies were forthcoming. The situation seems to have improved, however, even if work remains to be done; chances are that 2.12 will be the best GNOME release yet.

The nice thing about all this is that we are dealing with free software. Using GNOME is not required to get the most out of Linux. The KDE project is out there, and several other desktops as well; it should not be hard to find one to suit the needs of any particular user. One can even still operate a Linux system via an ADM 3 terminal, using the traditional key bindings. The GNOME hackers are doing the right thing in a general sense by pushing toward their vision of a better desktop. If they fail to meet the needs of the user community - or to listen to that community's feedback - there are plenty of alternatives to choose from. Or even the option of forking the project, should that seem like the best course. For the time being, however, this project has made major progress in the creation of a powerful Linux desktop, and the whole thing is free software. There are limits to how much one should complain about that.

[As a footnote, it's worth noting that long-time GNOME release manager Jeff Waugh is stepping down; his replacement will likely be Elijah Newren. Congratulations are due to Jeff for heading up several smooth, on-time GNOME releases.]

Comments (116 posted)

Wiretapping and email

The legal protection for email has been expanded, just slightly. The full First Circuit Court of Appeals has overturned a First Circuit panel decision that allowed Bradford Councilman to monitor the content of his users' incoming email.

Councilman was vice president of Interloc, a company that ran an online service that listed rare and out-of-print books, and offered its customers an email at "interloc.com." (Interloc has become Albris.) In January 1998, Councilman directed employees to copy incoming email from Amazon.com to subscribers. A procmail script was used to copy those messages, without any notice to Interloc's users, into a mailbox that Councilman could read in an attempt to gain a commercial advantage.

In 2001, a grand jury charged Councilman with conspiracy to violate the Wiretap Act. This count was dismissed by district court, and the dismissal was affirmed by a panel hearing of the First Circuit Court last year, but the full court granted an en banc hearing which overturned the panel decision. The judgment has been vacated and the case has been remanded to the district court.

The case centers on whether email is an "electronic communication," or whether Congress meant to -- by exclusion -- exempt "communications in transient storage" from the Wiretap Act. The Electronic Communications Privacy Act (ECPA) of 1986 updated title 18 of the United States Code (the Wiretap Act), making it an offense to "intentionally intercept, endeavor to intercept, or procure any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication".

If email is considered an electronic communication, then it is considered protected under the ECPA. However, Councilman argued that email was not "electronic communication" when it was copied because it was "in storage" at the time.

The court has decided that Councilman's interpretation "is inconsistent with Congress's intent".

It's also worthwhile to note the court's comments on the Stored Communications Act, saying that "Councilman's conduct may appear to fall under the Stored Communications Act's main criminal provision", but that he would also fall under the provider exception, which says the Act "does not apply with respect to conduct authorized by the person or entity providing a wire or electronic communications service". The Stored Communications Act, according to the Court's decision, appears to establish "virtually complete immunity" for service providers in handling email on their systems.

However, the Stored Communications Act does not provide a "safe harbor" for Councilman, since the Wiretap Act has a much narrower service provider exception, which only allows interception as "necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service". Obviously, Councilman's actions do not fall within this definition.

The court concluded that "electronic communication" includes "transient electronic storage that is intrinsic to the communication process for such communications" and that "interception of an email message in such storage is an offense under the Wiretap Act".

Assuming this decision holds, the Councilman decision is a victory for users and protects email in transit -- whether that is "on the wire" or in temporary storage on a server awaiting delivery to its final destination -- granting email the same protection from interception and monitoring that is given to phone calls.

Comments (2 posted)

An overview of multilevel security

One of the many features added to the 2.6.12 kernel is multilevel security support for SELinux. The only problem is that few people actually understand what MLS is. James Morris has posted a multilevel security overview which makes a good starting point. "The reason why we have categories as well as sensitivities is so that sensitivities can be further compartmented on a need to know basis. For example, while a user may be cleared to Secret, they may not need to know anything about project WarpDrive (which could be the name of a category)."

Comments (14 posted)

The Hidden Boot Code of the Xbox

The Xbox Linux Project site has posted a detailed article on how the Xbox was designed to prevent the booting of "unauthorized" software, and how that scheme was defeated. It is an interesting look at the design of non-free hardware. (By way of Bruce Schneier).

Comments (5 posted)

Adobe Acrobat Reader: arbitrary code execution

Package(s):	Adobe Acrobat Reader	CVE #(s):	CAN-2005-2470
Created:	August 16, 2005	Updated:	August 22, 2005
Description:	A buffer overflow bug has been found in Adobe Acrobat Reader. It is possible to execute arbitrary code on a victim's machine if the victim opens a malicious PDF file.
Alerts:	SuSE SUSE-SA:2005:047 acroread 2005-08-22 Gentoo 200508-11 acroread 2005-08-19 Red Hat RHSA-2005:750-01 acroread 2005-08-16

Comments (none posted)

awstats: command injection vulnerability

Package(s):	awstats	CVE #(s):	CAN-2005-1527
Created:	August 11, 2005	Updated:	November 10, 2005
Description:	AWStats has a command injection vulnerability that can be exploited by specially crafting referrer URLs that contain Perl code. The code can then be executed with the privileges of the web server.
Alerts:	Debian DSA-892-1 awstats 2005-11-10 Gentoo 200508-07 awstats 2005-08-16 Ubuntu USN-167-1 awstats 2005-08-11

Comments (2 posted)

bluez: command execution

Package(s):	bluez-utils	CVE #(s):	CAN-2005-2547
Created:	August 17, 2005	Updated:	August 26, 2005
Description:	The bluez-utils package (through version 2.19) fails to properly validate device names. As a result, pairing the system with a device containing a maliciously-crafted name could result in the execution of arbitrary commands as root.
Alerts:	Mandriva MDKSA-2005:150 bluez-utils 2005-08-25 Debian DSA-782-1 bluez-utils 2005-08-23 Gentoo 200508-09 bluez-utils 2005-08-17

Comments (none posted)

evolution: format string issues

Package(s):	evolution	CVE #(s):	CAN-2005-2549 CAN-2005-2550
Created:	August 15, 2005	Updated:	March 23, 2006
Description:	Evolution has format string issues. SITIC advisory SA05-001 contains more information.
Alerts:	Debian DSA-1016-1 evolution 2006-03-23 SuSE SUSE-SA:2005:054 evolution 2005-09-16 Red Hat RHSA-2005:267-01 evolution 2005-08-29 Gentoo 200508-12 evolution 2005-08-23 Mandriva MDKSA-2005:141 evolution 2005-08-17 Fedora FEDORA-2005-742 evolution 2005-08-11 Fedora FEDORA-2005-743 evolution 2005-08-11

Comments (2 posted)

kdeedu: tempfile handling vulnerabilities

Package(s):	kdeedu	CVE #(s):	CAN-2005-2101
Created:	August 15, 2005	Updated:	September 22, 2005
Description:	Ben Burton notified the KDE security team about several tempfile handling related vulnerabilities in langen2kvtml, a conversion script for kvoctrain. The script must be manually invoked. The script uses known filenames in /tmp which allow an local attacker to overwrite files writeable by the user invoking the conversion script.
Alerts:	Debian DSA-818-1 kdeedu 2005-09-22 Mandriva MDKSA-2005:159 kdeedu 2005-09-06 Fedora FEDORA-2005-744 kdeedu 2005-08-16 Fedora FEDORA-2005-745 kdeedu 2005-08-15

Comments (none posted)

Mozilla: frame injection spoofing

Package(s):	mozilla firefox	CVE #(s):	CAN-2004-0718 CAN-2005-1937
Created:	August 15, 2005	Updated:	September 19, 2005
Description:	A vulnerability has been discovered in Mozilla and Mozilla Firefox that allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site. Thunderbird is not affected by this.
Alerts:	Debian-Testing DTSA-14-1 mozilla 2005-09-13 Fedora-Legacy FLSA:160202 mozilla 2005-09-14 Debian DSA-810-1 mozilla 2005-09-13 Debian DSA-777-1 mozilla 2005-08-17 Debian DSA-775-1 mozilla 2005-08-15

Comments (none posted)

(IN)SECURE Magazine issue 3

The third issue of (IN)SECURE magazine is out; covered topics include PDA attacks, adding signatures to nmap, SQL injection, and an interview with Michal Zalewski.

Full Story (comments: none)

Kernel release status

The current stable 2.6 release is 2.6.12.5, which was announced on August 14. Among other things, this update contains fixes for a few security problems.

The current 2.6 prepatch remains 2.6.13-rc6. There has been a slow but steady stream of fixes trickling into Linus's git repository. It is unclear, as of this writing, whether the quantity of patches is sufficient to force another -rc release before 2.6.13 comes out.

The current -mm release remains 2.6.13-rc5-mm1; there have been no -mm releases since August 7.

Comments (none posted)

A CLOCK-Pro page replacement implementation

Virtual memory management appears to be a perennially unsolved operating systems problem. Nobody has yet figured out how to perform page replacement in such a way as to ensure that the pages that will be needed in the future may be found in main memory. Crystal balls, it seems, remain fiendishly difficult to implement.

The reigning algorithm used in most systems is a variant of the least-recently-used (LRU) scheme. If a page has not been used in a long time, the reasoning goes, it probably will not be needed again in the near future; pages which have not been used for a while are thus candidates for eviction from main memory. In practice, tracking the usage of every page would impose an unacceptable amount of overhead, and is not done. Instead, the VM subsystem scans sequentially through the "active list" of pages in use, marking them as "inactive." Pages on the inactive list are candidates for eviction. Some of those pages will certainly be needed soon, however, with the result that they will be referenced before that eviction takes place. When this happens, the affected pages are put back on the active list at the "recently used" end. As long as pages stay in the inactive list for a reasonable time before eviction, this algorithm approximates a true LRU scheme.

This mechanism tends to fall apart with certain types of workloads, however. Actions like initializing a huge array, reading a large file (for streaming media playback, for example), starting OpenOffice, or walking through a large part of the filesystem can fill main memory with pages which are unlikely to be used again anytime soon - at the expense of the pages the system actually needs. Pages from files start in the inactive list and may, at least, be shoved back out relatively quickly, but anonymous memory pages go straight to the active list. Many Linux users are familiar with the occasional sluggish response which can come after the active list has been flushed in this way; with some workloads, this behavior can be a constant thing, and the system will consistently perform poorly.

Rik van Riel has recently posted a set of patches aimed at improving the performance of the VM subsystem under contemporary loads. The algorithm implemented is based on CLOCK-Pro, developed by Song Jiang, Feng Chen, and Xiaodong Zhang. CLOCK-Pro attempts to move beyond the LRU approach by tracking how often pages are accessed and tweaking the behavior of the VM code to match. At its core, CLOCK-Pro tries to ensure that pages in the inactive list are referenced less frequently than those on the active list. It thus differs from LRU schemes, which prioritize the most recently accessed pages even if those particular pages are almost never used by the application. Consider, as an example, the diagram to the right showing access patterns for two pages. At the time t1 marked by the red line, an LRU algorithm would prefer page 2 over page 1, even though the latter is more likely to be used again in the near future.

Implementing CLOCK-Pro requires that the kernel keep track of pages which have recently been evicted from main memory. To this end, Rik's patches create a new data structure which tries to perform this tracking without adding much extra overhead. There is a new kernel function:

    int do_remember_page(struct address_space *mapping, unsigned long index);

The VM code will, when moving a page out of main memory, first call remember_page() with the relevant information. This function implements a data structure which looks a little like the following:

When a page is to be remembered, a hash value is generated from the mapping and index parameters; this value will be used as an index into the nonres_table array. Each hash bucket contains a fixed number of entries for nonresident pages. do_remember_page() treats the hash bucket like a circular buffer; it will use the hand index to store a cookie representing the page (a separate hash, essentially) in the next available slot, possibly overwriting information which was there before. The size of the entire data structure is chosen so that it can remember approximately as many evicted pages as there are pages of real memory in the system. The cost of the structure is one 32-bit word for each remembered page.

At some point in the future, the kernel will find itself faulting a page into memory. It can then see if it has seen that page before with a call to:

    int recently_evicted(struct address_space *mapping, unsigned long index);

A non-negative return value indicates that the given page was found in the nonresident page cache, and had, indeed, been evicted not all that long ago. The return value is actually an estimate of the page's "distance" - a value which is taken by seeing how far the page's entry is from the current value of the hand index (in a circular buffer sense) and scaling it by the size of the array. In a rough sense, the distance is the number of pages which have been evicted since the page of interest was pushed out.

Whenever a page is faulted in, the kernel computes a distance for the oldest page in the active list; this distance is an estimate taken from how long ago the oldest page would have been scanned (at the current rate). This distance is compared to the distance of the newly-faulted page (which is scaled relative to the total number of recently evicted pages) to get a sense for whether this page (which had been evicted) has been accessed more frequently than the oldest in-memory page. If so, the kernel concludes that the wrong pages are in memory; in response, it will decrease the maximum desired size of the active list to make room for the more-frequently accessed pages which are languishing in secondary storage. The kernel will also, in this case, add the just-faulted page directly to the active list, on the theory that it will be useful for a while.

If, instead, pages being faulted in are more "distant" than in-core pages, the VM subsystem concludes that it is doing the right thing. In this situation, the size of the active list will be slowly increased (up to a maximum limit). More distant pages are faulted in to the inactive list, meaning that they are more likely to be evicted again in the near future.

Your editor applied the patch to a vanilla 2.6.12 kernel and ran some highly scientific tests: a highly parallel kernel make while simultaneously running a large "grep -r to read large amounts of file data into the page cache. The patched kernel adds a file (/proc/refaults) which summarizes the results from the nonresident page cache; after this experiment it looked like this:

     Refault distance          Hits
        0 -      4096           138
     4096 -      8192           108
     8192 -     12288            93
    12288 -     16384            88
    16384 -     20480            86
    20480 -     24576            84
    24576 -     28672            59
    28672 -     32768            48
    32768 -     36864            53
    36864 -     40960            46
    40960 -     45056            43
    45056 -     49152            46
    49152 -     53248            39
    53248 -     57344            39
    57344 -     61440            39
 New/Beyond     61440         11227

This histogram shows that the vast majority of pages brought into the system had never been seen before; they would be mainly the result of the large grep. A much smaller number of pages - a few hundred - had very small distances. If the patch is working right, those pages (being, one hopes, important things like the C compiler) would be fast-tracked into the active list while the large number of unknown pages would be hustled back out of main memory relatively quickly.

As it turns out, the patch doesn't work right quite yet. Much of the structure is in place, but the desired results are not yet being seen. These details will presumably be worked out before too long. Only at that point will it be possible to benchmark the new paging code and decide whether it truly performs better or not. One never knows ahead of time with virtual memory code; the proof, as they say, is in the paging.

[Thanks to Rik van Riel for his review of a previous draft of this article.]

Comments (4 posted)

Who needs /dev/kmem?

Steven Rostedt recently ran into a little problem. He was trying to read the value of a kernel variable using /dev/kmem, but his attempts returned an I/O error. The resulting inquiry has led to people asking whether /dev/kmem should exist at all.

Unix-like systems have, since nearly the beginning, offered a couple of character device files called /dev/mem and /dev/kmem. /dev/mem is a straightforward window into main memory; a suitably privileged application can access any physical page in the system by opening /dev/mem and seeking to its physical address. This special file can also be used to map parts of the physical address space directly into a process's virtual space, though this only works for addresses which do not correspond to RAM (the X server uses it, for example, to access the video adapter's memory and control registers).

/dev/kmem is supposed to be different in that its window is from the kernel's point of view. A valid offset in /dev/kmem would be a kernel virtual address - these addresses look much like physical addresses, but they are not. On commonly-configured i386 systems, for example, the base of the kernel's virtual address space is at 0xc0000000. The code which implements mmap() for /dev/kmem looks like this in 2.6.12:

	if (!pfn_valid(vma->vm_pgoff))
		return -EIO;
	val = (u64)vma->vm_pgoff << PAGE_SHIFT;
	vma->vm_pgoff = __pa(val) >> PAGE_SHIFT;
	return mmap_mem(file, vma);

The idea is to turn the kernel virtual address into a physical address (using __pa()), then use the regular /dev/mem mapping function. The problem, of course, is that the pfn_valid() test is performed before the given page frame number has been moved into the physical space; thus, any attempt to map an address in the kernel's virtual space will return -EIO - except on some systems with large amounts of physical memory, and, even then, the result will not be what the programmer was after. This mistake would almost certainly be a security hole, except that only root can access /dev/kmem in the first place.

Linus has merged a simple fix for 2.6.13. It does not even try to solve the whole problem, in that it still fails to properly check the full address range requested by the application. But the real question that has come out of this episode is: is there any reason to keep /dev/kmem around? The fact that it has been broken for some time suggests that there are not a whole lot of users out there. It has been suggested that root kits are the largest user community for this kind of access, but there are no forward compatibility guarantees for root kit authors. The Fedora kernel, as it turns out, has not supported /dev/kmem for a long time.

Removing a feature like that is not in the cards for 2.6.13. But, unless some sort of important user shows up, chances are that /dev/kmem will not survive into 2.6.14. Anybody who would be inconvenienced by that change should speak up soon.

Comments (15 posted)

Cleaning up some page flags

struct page is at the core of the memory management subsystem; one of these structures exists for every physical page of memory on the system (and for a few places which are not memory). Since a typical system will contain large numbers of page structures, there is a great deal of pressure to keep that structure small. But there are a lot of things that the kernel needs to know about pages. The result is that struct page contains a densely-packed flags field, and that the developers continually worry about running out of space for flags - even though a fair number of them are currently unused. Some of these flags also carry a fair amount of historical baggage which would be nice to clean up.

Consider, for example, a flag called PG_checked. Its definition in include/linux/page-flags.h (2.6.13-rc6) reads as follows:

    #define PG_checked		 8	/* kill me in 2.5.<early>. */

Somebody clearly missed a deadline. In fact, there is a certain amount of confusion over just what this flag does. A bit of research revealed that it is used in several filesystems, and that it is unlikely to go away anytime soon. ext3 uses this flag to mark pages to be written to disk at a future time. AFS uses it to indicate valid directory pages. Reiserfs uses this flag for journaling purposes. And the (out-of-tree) cachefs implementation uses it to mark pages currently being written to local backing store.

So this flag clearly is not going away anytime soon, much less by 2.5.early. In an effort to clarify the situation, Daniel Phillips has posted a patch which renames the flag as follows:

    #define PG_fs_misc		 8	/* don't let me spread */

There is some disagreement over naming, but the core of the patch is uncontroversial. This flag will officially be dedicated to filesystem use.

Another flag with significant history is PG_reserved. In this case, too, the meaning of the flag has been somewhat obscured over time, though it can be summarized as "this page is special and the VM subsystem should leave it alone." It marks parts of the physical address space which have page structures, but which are not real memory - the legacy ISA hole in the i386 space, for example. The memory dedicated to the kernel text is also marked reserved. The kernel function which maps physical address spaces into a process's virtual space (remap_pfn_range()) will refuse to remap unreserved memory, leading to a long history of device drivers setting that flag to remap internal buffers.

The consensus seems to be that the "reserved" flag can go. So Nick Piggin has been working on a patch which takes it out - mostly. In many cases, code which was testing that flag was really trying to decide if it was looking at a valid RAM page; there are other, better ways of making that test. In other cases, the higher-level VMA structure (which has its own VM_RESERVED flag) contains all of the needed information. In the remap_pfn_range() case, the test is simply removed, allowing all memory to be remapped. This change will modify the behavior of /dev/mem, which, previously, could not be used to mmap() regular RAM.

All that is left, after Nick's patch, is a set of tests in the software suspend code. Once that has been taken care of, PG_reserved can go.

Comments (none posted)

A look at the Linux Terminal Server Project

Since the Linux Terminal Server Project (LTSP) came away with the Best of Show award at LinuxWorld Conference & Expo (LWCE) last week, we thought this would be a good time to take a look at the project and its status. Jim McQuillan of LTSP talked to us about the project and gave some insight into where it's going. What is LTSP? Basically, it's a package for Linux that allows low-powered thin clients to run off of a Linux server.

According to McQuillan, the project was launched in August of 1999. LTSP originated out of a project that began in 1996, to provide a solution for Binson's Hospital Supplies (BHS) that would allow access to an AS/400 for legacy applications and Unix for new applications from a single computer or terminal on each desktop. After several false starts with dumb terminals and Windows PCs, diskless Linux workstations proved to be the best solution for BHS.

Basically, LTSP is a distribution of Linux that sits on the server and is loaded by a thin client over a network using Etherboot or the Preboot Execution Environment (PXE). It sends a TFTP request for the kernel, and once the kernel is in memory, the client does an NFS mount of the filesystem on the LTSP server and a "pivot root" so that the NFS filesystem becomes the root filesystem. Then the LTSP client launches an X server to get a login back to the LTSP server. McQuillan noted that "we didn't invent this technology, it's been around for years. We just glued it together" and made it easier for people to use.

There are some vital differences between LTSP and traditional "dumb terminals" that only display applications. With dumb terminals, all processing takes place on the server. LTSP, on the other hand, makes it possible to run some applications on the server and some applications locally, so that users can run applications that might not work well running over the network or that would place a heavy load on the server. McQuillan cited Firefox as an application that would be good to run locally, or VoIP applications, which the LTSP team demonstrated at LWCE.

LTSP also makes it possible to reuse older hardware that might not be suitable for running current versions of Linux or Windows. McQuillan said that LTSP would run fine on "anything with a PCI bus and 16 MB of RAM". It also allows organizations to reduce support costs by centralizing applications and by using thin clients without hard disks -- thereby eliminating "moving parts" that fail often, and by centralizing storage.

There are a few applications that aren't suitable for LTSP. For example, McQuillan was quick to say that LTSP wasn't really appropriate for gaming. "Trying to run Quake across the network is not a pleasant experience." Other rich multimedia, such as video editing, is pretty much out as well. Also, McQuillan said that if Linux itself didn't fit well for a specific use, then LTSP was pretty much out there as well.

McQuillan said that the project does scale pretty well. The largest deployment he's worked on, the BHS deployment, runs 140 LTSP clients off of one server. He said he's also heard of setups consisting of 400 clients on a quad Opteron server.

There are some limitations for the project. McQuillan told LWN that device support is "not as robust as we'd like", but that the project is working on making things work little better. "We want you to be able to plug in a USB device and instantly, a device icon appears on the desktop...that's where we have to be".

The project is also working to make it easier to lock down the desktops so that administrators can more easily control what applications users have access to. He noted that GNOME and KDE may not be a good fit for larger environments with 50 to 100 users, because they're "fairly heavy". In those environments, McQuillan said that IceWM and XFce were good choices for lightweight window managers.

Another hurdle for LTSP is the fact that it doesn't always fit well into a distribution. Right now, LTSP provides all the "bits" that make up the thin client distribution -- glibc, the kernel, etc. However, they're working on "Project MueKow" (pronounced "moo-cow"), which will use distribution packages as much as possible rather than providing all of the bits directly. The name is a play on Microsoft's "Longhorn."

This will be showing up first in the next Ubuntu release, Breezy Badger. McQuillan said that four developers, two from LTSP and two from the K12LTSP project, went to Sydney in April to "help figure out how to integrate LTSP into Ubuntu". However, he also noted that he's eager to work with all of the distributions, not just Ubuntu.

While attending LWCE, this writer had a chance to spend some time talking to some of the other LTSP team members and looking at the technology. When using a LTSP client, there really isn't a great deal of difference between using a workstation with a local Linux installation and using LTSP.

Overall, LTSP looks like a great solution for organizations that want to save money on PCs and support costs. We're looking forward to seeing it included in Ubuntu and other distributions, which will no doubt help spread LTSP even further.

Comments (1 posted)

BLAG30001 Released

BLAG Linux and GNU has released BLAG30001 (lederhosen). BLAG30001 is based on Fedora Core 3 plus updates, and additional applications from Dag, Freshrpms, NewRPMS, and includes custom packages. "BLAG30001 is the first update to the BLAG30k series. Updates include a new kernel, gaim, gimp, openssl, perl, php, spamassassin, thunderbird, cups, cpp, httpd (apache), openssh, vim, wireless-tools, yum, zlib, bittorrent, graveman, kismet, amule, mplayer, xine, firefox, mozilla, tor and parted. New packages are gtk-gnutella & nicotine. Overall, 139 packages were updated on the CD (16% of the total)."

Full Story (comments: none)

Distro Development Talk

Distro Development Talk is a new forum for the discussion of Linux distribution development issues. The goal is to have a site that describes solutions to common distribution problems and share information between distributions. Click below for the full announcement.

Full Story (comments: none)

Debian 12 Years Old (DebianPlanet)

DebianPlanet notes that the Debian Project turned twelve years old this week and it is available on twelve different architectures.

To celebrate DebianPlanet has started a retrospective of some of the important and interesting things that have happened in the Debian community in the last year.

Comments (none posted)

The Debian Project receives funding

The Debian project has announced that it will received funding from the LinuxFund. The Linux-oriented credit card organization will be disbursing $6,000 in total, $500 per month for one year.

Full Story (comments: 7)

First Annual Bangalore Debian Developer Conference

The Indian Institute of Information Technology, Bangalore is organizing a one day Debian Conference on 20th August, 2005. The conference is mainly to create a platform for Debian Developers in India and create an environment for more contributions to Debian Project from India.

Full Story (comments: 22)

Debian GNU/Linux announcements

The Debian project adds security support for stable amd64. "This port is not yet part of the Debian archive, but it will be included in unstable/testing soon and users already benefit from security updates distributed via security.debian.org."

This is a call for sponsors to donate locations, work and money for debian developer gatherings. Debian developers have found that small gatherings are highly effective for problem solving, especially those that require group discussion and focused cooperation. "Debian should have many such gatherings whenever they are needed. In order to have more of them help from sponsors would be welcome. Gatherings in planning that i know of are debian-qa, debian-java, debian-installer and debian-edu."

Here's an announcement clarifying the policy for the expulsion of Debian Developers.

Comments (none posted)

The return of archive.debian.org (DebianPlanet)

DebianPlanet reports that archive.debian.org is back online, thanks to Phil Hands.

Comments (none posted)

Unofficial Fedora FAQ Update

The Unofficial Fedora FAQ has been updated. There are many minor updates plus a method of installing FC4 using floppies, and several new translations.

Full Story (comments: none)

Debian Weekly News

The Debian Weekly News for August 16, 2005 is out. Topics this week include Debian's twelfth birthday on August 16, the Bangalore Debian Developer Conference, the policy for removing packages from testing, a renaming of kernel source packages, bug handling, security support for AMD64, the policy for the expulsion of Debian developers, LinuxFund funding, the Debian women subproject, sponsors needed for developer meetings, and more.

Full Story (comments: 2)

Fedora Weekly News

The Fedora Weekly News #8 looks at the Fedora Project booth at LinuxWorld San Franicsco, Auditd Initscript Reports Errors, Mozilla Foundation Forms New Organization, Mozilla 1.7.11 Released, mplayerplug-in 3.05 Released, Test de Fedora Core 4 and more.

Fedora Weekly News #9 is also available. This issue covers the availability of Fedora Core 4 with Global File System, Fedora in LinuxWorld San Francisco 2005, LinuxWorld Expo Blogs and Stories, the launch of Fedora Foundation delayed, Fedoraproject.org needs to be revamped, and several other topics.

Comments (none posted)

Gentoo Weekly Newsletter

The Gentoo Weekly Newsletter for the week of August 15, 2005 is out. This edition covers the release of Gentoo Linux 2005.1, the first US Gentoo developer conference webcast from San Francisco, and more.

Comments (none posted)

DistroWatch Weekly, Issue 113

The DistroWatch Weekly for August 15, 2005 is out. "We shall start with a quick look at the first alpha release of the Gentoo Installer project - the first Gentoo live CD which boots into a full GNOME desktop and which can be installed to a hard disk with -- believe it or not -- a mouse! Then we'll talk briefly about the first beta release of SUSE Linux 10.0 and introduce two web sites specialising in bringing you news and information about the many live CD projects available today. Our featured distributions of the week is BLAG Linux And GNU, a single CD Fedora-based distribution with a home entertainment bias."

Comments (none posted)

Fedora updates

Fedora Core 4 updates: system-config-bind (bug fixes), system-config-netboot (bug fixes), lam (bug fix), evolution-data-server (fix crash in the LDAP backend), audit (fix several problems), mc (update to 4.6.1), kdepim (fix kmail bug).

Fedora Core 3 updates: system-config-bind (bug fixes), system-config-netboot (bug fixes), lam (bug fix), mc (update to 4.6.1), system-config-netboot (bug fixes), koffice (update to 1.4.1), and a KDE update to 3.4.2 including kdeaddons, kdeadmin, kdeartwork, kdebindings, kdebase, kdeedu, kdegames, kdegraphics, kde-il8n, kdelibs, kdemultimedia, kdenetwork, kdepim, kdesdk, kdetoys, kdeutils, kdevelop, kdewebdev, arts, arts.

Comments (none posted)

Mandriva Linux updates

Mandriva Linux has an rpmdrake update for 10.0, 10.1, Corporate 3.0 and Corporate Server 2.1. "Due to the changeover of the Mandriva domain names and the unavailability of the old Mandrake Linux domains, rpmdrake needed an update in order to update the mirrors list file."

This ghostscript update fixes Ghostscript 8.15 on 64bit platforms, which can crash and dump core processing on carefully crafted .pdf files.

Comments (none posted)

Trustix TSL-2005-0041

Trustix has fixed bugs in several packages, including apache, cgilib, curl, kernel, libart, mod_auth_mysql, mod_auth_pgsql, mod_authz_ldap, open, php, rrdtool, vlock and webalizer, for TSL 2.2 & 3.0.

Full Story (comments: none)

Austrumi 0.9.7 Released (TuxMachines.org)

TuxMachines reviews Austrumi 0.9.7. "In case you didn't know, Austrumi is a business card size (50MB) bootable Live CD Linux distribution based on 'Slackware GNU Linux' using'Blin' initialisation scripts. I looked at version 0.9.5 back in May and found it to be a great little mini distro. At that time it had wonderful fonts and amazing speed to add enjoyment to using the many apps included in that teny tiny 48mb. Version 0.9.7 was released a coupla days ago and I wanted to see what was new."

Comments (none posted)

Review: Xandros Desktop 3.0 Business Edition (NewsForge)

NewsForge features a review of Xandros Desktop 3.0 Business Edition by Jem Matzan. "Last summer I reviewed Xandros Business Edition 2.5 and found that it generally wasn't ready to compete with existing, established corporate desktops. It suffered from an old kernel, malfunctioning sound drivers, a high pricetag, the inability to perform unattended or remote installations, and a bug in the desktop environment that annoyed me. In the current version, Xandros has remedied all of these negative points."

Comments (none posted)

The autopackage binary packaging framework

The autopackage project is building a cross-distribution software packaging system. The software is being built by this group of programmers. The autopackage FAQ explains some of the project goals:

Autopackage aims to improve on some of the weaknesses of packaging systems such as RedHat's RPM, the RPM Package Manager: "What RPM is not good at is non-core packages, ie programs available from the net, from commercial vendors, magazine coverdisks and so on. This is the area that autopackage tackles."

The use of autopackage involves the package command line utility, or GTK2 and Qt versions of the Manger application. The GUI interface is designed to resemble the Windows InstallShield application. One-click package installation that is similar to Linspire's commercial CNR (click and run) package system makes installations simple. The user interface vision document explains some of the interface guidelines. The how to use document presents a quick tour of the system, and the autopackage screen shots show the software in action.

The autopackage system uses executable package files with the .package suffix, the package format has been designed with multiple distribution support as a primary feature. Automatic dependency resolution is being addressed by the use of Luau, the Lib Update/AutoUpdate Suite.

Issues that need addressing with autopackage include dealing with the upgrading of applications installed by other package management systems, securely managing the signing of packages in a decentralized package distribution environment, lack of a common desktop Linux platform definition, and support for platforms other than X86 and X86-64.

The success of the project may largely depend on its adoption by independent software applications designers. If a critical mass of applications is reached, end users will have sufficient motive to install the software, and the distribution vendors will have motivation to include the system in their base systems. Applications developers wishing to create .package files should review the Packager QuickStart document. A limited number of packages are currently listed on the autopackage downloads page.

Autopackage fills a software distribution niche between distribution-specific packaged software and source code that requires building by the end user. This seems like an area that is fertile for development, developers of lesser-known software applications would likely see their code more widely used if they provided .package files.

Version 1.0.6 of autopackage was announced this week, it includes bug fixes and other improvements.

Comments (13 posted)

PostgreSQL Weekly News

The August 14, 2005 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL database developments.

Full Story (comments: none)

ZODB 3.4.1 final released

Final version 3.4.1 of ZODB, the Zope Object Database, is out. "There have been many bugfixes in various areas since ZODB 3.4. In addition, optional ZEO client cache tracing was badly broken with the introduction of multiversion concurrency control (MVCC) in ZODB 3.3, and ZODB 3.4.1 is the first attempt to repair that."

Full Story (comments: none)

Cairo release 0.9.2 now available

Version 0.9.2 of the Cairo vector graphics library is out. "This is a development release leading up to cairo 1.0."

Full Story (comments: none)

ESP Ghostscript 8.15rc4 announced

Version 8.15 rc4 of ESP Ghostscript has been announced. "ESP Ghostscript 8.15rc4 is the fourth release candidate based on GPL Ghostscript 8.15 and includes an enhanced configure script, the CUPS raster driver, many GPL drivers, support for dynamically loaded drivers (currently implemented for the X11 driver), and several GPL Ghostscript bug fixes. The new release also fixes all of the reported STRs from ESP Ghostscript 7.07.x."

Comments (none posted)

Gallery Preview Release (SourceForge)

Preview Release 1.5.1-RC2 of Gallery, a web-based photo album, is available. "Gallery v1.5.1-RC2 is now available for download. This release is primarily a bugfix release but includes several new features that should make this worth the upgrade."

Comments (none posted)

Quixote 2.1 released and updates of other packages.

Version 2.1 of the Quixote web development platform is out. "The CHANGES file in the distribution describes the changes, which mostly concern refinements to the simple_server and in unicode handling."

Full Story (comments: none)

Patchage 0.2.1 released

Version 0.2.1 of Patchage, a modular patch bay for Jack (audio) and Alsa (Midi), is out. "This released fixes numerous bugs, adds a few GUI enhancements, and has preliminary (untested) LASH support."

Full Story (comments: none)

Cream CRM 2.0 Released (SourceForge)

Version 2.0 of Cream, a customer relationship management system, is available with lots of new features. "Campware is pleased to announce Cream 2.0 "Sofija", the long awaited upgrade of its free and open-source customer relationship management (CRM) system designed specifically to meet the needs of media organizations."

Comments (none posted)

PyX 0.8.1 released

Version 0.8.1 of PyX, a Python graphics package featuring PostScript output, has been released. "This release fixes some bugs in the path module and the output of decorated paths. The fallback for kpathsea was considerably improved in speed (it was unintensionally slowed down in 0.8). The inclusion of the bounding box information in PS and PDF files is now optional. It is suppressed by default when a paperformat is specified. A new path example completes the release."

Comments (none posted)

GNOME Software Announcements

The following new GNOME software has been announced this week:

• anjuta 1.2.4 (critical bug fix)
• Evince 0.3.4 (bug fixes)
• GARNOME 2.11.91 (library updates, build fixes)
• Gazpacho 0.6.0 (new features, bug fixes, and translation work)
• Gazpacho 0.6.1 (build fixes, translation work)
• GLib 2.8.0 (new features and bug fixes)
• Gossip 0.9 (new features and stability improvements)
• GTK+ 2.8.0 (new features, Cairo support)
• libgda/libgnomedb 1.3.91 (bug fixes)
• ORBit2 2.12.3 (bug fixes)
• Pango 1.10.0 (new features, Cairo integration)
• Rhythmbox 0.9.0 (stability and memory usage improvements)
• Teatime 2.4.4 (translation work)

You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE 4: Understanding the Buzz (KDE.News)

KDE.News mentions a new document that explains new KDE 4 features. "With all the excitement surrounding KDE 4 development at the moment people are starting to ask why they have not seen any updates on what KDE 4 will look like. KDE 4 - Understanding the Buzz answers these increasingly common questions by explaining the current status of KDE 4 development and why the exciting work so far is only visible to developers."

Comments (6 posted)

JLP's KDE 3.5 Previews (Part 2) (KDE.News)

KDE.News has announced the availability of part two of a KDE 3.5 preview by Jure Repinc. "It looks like the first part of my KDE 3.5 previews was extremely popular. Much more than I could ever anticipated. I even got Slashdotted. Anyway, here is the second part of the look into the KDE's near future. Enjoy the tour!"

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week:

• Abakus 0.90 (new features, bug fixes, and documentation work)
• amaroK 1.3 (new features and bug fixes)
• kdesvn 0.5.0 (new features)
• KMyMoney 0.8 (new features)

You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

This Month in SVN (KDE.News)

KDE.News has announced the August edition of This Month in SVN. "This issue packs in twice as much content as the previous one, with new features covered in Konqueror, Kicker, KDesktop, amaroK, Konversation and more: "This month has seen some drastic changes in SVN, with KDE4 development moved to trunk and KDE 3.5 gearing up for a stable release sometime after this year's KDE conference.""

Comments (none posted)

XCircuit 3.3.31 released

Version 3.3.31 of XCircuit, an electronic schematic drawing package, is out with several bug fixes.

Comments (none posted)

SQL-Ledger version 2.4.15 released

Version 2.4.15 of SQL-Ledger, a web-based double entry accounting system is out with bug fixes and new features. See the What's New document for details.

Comments (none posted)

Crossfire 1.8.0 Released (SourceForge)

Version 1.8.0 of Crossfire, a cooperative multi-player graphical RPG and adventure game, has been announced. "Crossfire 1.8.0 has been released and includes numerous bug fixes and stability enhancements along with many minor changes and improvements. Also added were new features such as the start of quest tracking system, better support of readable objects, addition of party/group based spells, improved smooth (graphic) sending code for client, and map region support. New maps have been added, as well as various fixes."

Comments (none posted)

GNS game portal server/client v0.1 (beta) released (SourceForge)

Release 0.1 beta of GNS game portal is out with server and client implementations. "GNS, or Game Name Search, is a game portal server/client package. Game developers may integrate the GNS client into their video games, and host an online GNS server to allow clients to find each other over the Internet. GNS servers also provide chat room functionality and content hosting."

Comments (none posted)

Pygame 1.7.1 released

Version 1.7.1 of Pygame, a collection of Python-based games, is out with bug fixes. See the What's New document for details.

Comments (1 posted)

Wine Weekly News

The August 12, 2005 edition of the Wine Weekly News is available. Topics include: CodeWeavers Roadmap, Summer of Code Projects, WGA on Slashdot, Ejecting CD's, Registering DLL's, and ALSA Hardware Acceleration Fix.

Comments (none posted)

Gnumeric 1.5.3 Released (GnomeDesktop)

Version 1.5.3 of the Gnumeric spreadsheet has been announced. Changes include Win32 font improvements, graph improvements, conditional formatting work, bug fixes and more.

Comments (none posted)

OpenOffice.org build 1.9.123 is out

Build 1.9.123 of OpenOffice.org is out with build improvements, bug fixes, and more.

Full Story (comments: none)

1.8 Branch Created, Trunk Opens for 1.9 Development (MozillaZine)

MozillaZine covers the latest Mozilla development branches. "The Gecko 1.8 branch was created on Friday and the trunk is now open for 1.9 development. Mozilla Firefox 1.5, Mozilla Thunderbird 1.5 and Camino 1.0 will all be released from the 1.8 branch over the coming months. Checkins to the branch will be restricted, with developers required to obtain the approval of the new branch-drivers group before landing."

Comments (none posted)

Independent Status Reports (MozillaZine)

MozillaZine has announced the August 12, 2005 edition of the Mozilla Independent Status Reports. "The latest set of independent status reports includes updates from DevBoi, Page Update Checker, InFormEnter, Searchsidebar, Inforss, PasswordMaker, XPathHelper, TamperData, Enigmail, firefoxinhindi, vi, cruxade, thailocalization, Frutiala, Mozilla Archive Format, Download Statusbar, MultExI and Tinderstatus."

Comments (none posted)

Caml Weekly News

The August 16, 2005 edition of the Caml Weekly News is online with new Caml language articles and resources.

Full Story (comments: none)

Haskell Weekly News

The August 16, 2005 edition of the Haskell Weekly News is online with the latest Haskell news. A number of new Haskell software releases are featured in this week's issue.

Comments (none posted)

This week on harmony-dev

The August 7-13, 2005 edition of This week on harmony-dev is online with coverage of the developments to the Harmony open-source Java platform.

Full Story (comments: none)

Joda-Time 1.1 released (SourceForge)

Version 1.1 of Joda-Time, a Java library for handling date and time in the ISO8601 standard, is available. "This release fixes some minor bugs in v1.0 and adds various useful new methods on existings classes."

Comments (none posted)

launch4j 2.0.RC3 released (SourceForge)

Version 2.0.RC3 of Launch4j has been announced. "Launch4j is a cross-platform tool for wrapping Java applications distributed as jars in lightweight Windows native executables." This release fixes a number of bugs.

Comments (none posted)

CL-WIKI 0.0.3 released

Early release number 0.0.3 of CL-WIKI, a Wiki engine for Common Lisp, has been announced.

Full Story (comments: none)

GCL 2.6.7 released

Version 2.6.7 of GNU Common Lisp (GCL) is out. "This version, the latest in the `stable' series, is mostly a bug fix release with modifications intended for interoperation with the computer algebra system Axiom."

Full Story (comments: none)

Verrazano announced

The Verrazano project has been announced. "Rayiner Hashem has made public his Google Summer of Code project Verrazano, which is a C++ bindings generator for Common Lisp. The system "[...] is designed to have robust support for C and C++ header files [...] and to be easily retargettable to a number of different foreign function interfaces"."

Full Story (comments: none)

This Week in Perl 6 (O'Reilly)

The August 2-9 edition of O'Reilly's This Week in Perl 6 is out with the week's Perl 6 development news.

Comments (none posted)

Python 2.4.2 and 2.5 Release Plans (O'Reilly)

Anthony Baxter has posted the release plans for Python 2.4.2 and 2.5 on O'Reilly. "So I'm currently planning for a 2.4.2 sometime around mid September. I figure we cut a release candidate either on the 7th or 14th, and a final a week later. In addition, I'd like to suggest we think about a first alpha of 2.5 sometime during March 2006, with a final release sometime around May-June. This would mean (assuming people are happy with this) we need to make a list of what's still outstanding for 2.5."

Comments (none posted)

Dr. Dobb's Python-URL!

The August 12, 2005 edition of Dr. Dobb's Python-URL! is online with the latest Python language releases and discussions.

Full Story (comments: none)

Ruby Weekly News

The August 14th, 2005 edition of the Ruby Weekly News summarizes the latest discussions on the ruby-talk mailing list.

Comments (none posted)

Warrior Platform 0.93.2 (SourceForge)

Version 0.93.2 of Warrior Platform has been announced. "XAMJ is an XML UI language tightly integrated with Java. This release adds a Warrior Platform API, which allows Warrior to be called as an XML UI Framework without the need to install it as a browser/platform. It also includes a workaround for a bug that affects JREs prior to 1.5.0_01 (NullPointerException on URL.openConnection.) Finally, it fixes a bug that prevented XAMJ document archives from loading resources."

Comments (none posted)

OSDL patent commons gets chilly reception from the 'outspoken' (ZDNet)

David Berlind looks at OSDL's patent commons in this ZDNet Blog. "Likewise, when OSDL jumped on board this week with its patent commons announcement, some of the more outspoken proponents of open source questioned the extent to which such a move really moves the ball forward. Two of those individuals -- attorney Larry Rosen who literally wrote the book on open source licensing and Bruce Perens who earlier this summer joined SourceLabs as vice president of developer Relations and Policy -- were talking virtually the same language when I interviewed them separately. Preaching to the same choir, both men questioned the need to donate patents to such a commons in the first place."

Comments (3 posted)

Lloyd's may offer open-source indemnity (News.com)

News.com reports that Lloyd's of London may soon underwrite open-source software against claims of intellectual property infringement. "John St. Clair, the chief operating officer of insurance firm Open Source Risk Management(OSRM), said on Friday that OSRM is working with "a number of" Lloyd's syndicates, which will start offering open-source insurance "within the next few months.""

Comments (7 posted)

HP exec decries proliferation of open source license types (InfoWorld)

InfoWorld covers a LinuxWorld keynote from HP executive Martin Fink. "In a somewhat tongue-and-cheek request, Fink called on IBM to deprecate its IBM Public License in favor of the GPL. In return, he pledged to give an HP laptop loaded with Linux to IBM executives, including IBM Vice President Irving Wladawsky-Berger." (Thanks to Max Hyre)

Comments (5 posted)

LinuxWorld San Francisco 2005

Groklaw has a report from Douglas Burns, who spent last week at LinuxWorld.

NewsForge has wrap up article with pictures.

Astaro Corporation has announced that the Astaro Security Gateway 420 appliance was awarded a Product Excellence Award in the category of "Best Security Solution".

Comments (5 posted)

OSCON Was Cool! (Linux Journal)

Linux Journal has another look at this year's OSCON, by Russell J.T. Dyer. "What seems to make OSCON interesting, cool and fun is the collection of people attending and perhaps the location. As I mentioned in an earlier article on the Red Hat Summit, technology conventions now seem to be the dominion of big corporations. I don't mind companies being involved, I simply prefer community driven and aligned ones, such as like O'Reilly and MySQL. O'Reilly organizes OSCON and a few other conferences."

Comments (none posted)

Massive Linux handout set for French schools (News.com)

News.com reports on a plan to spread open source to secondary school students in the French region of Auvergne. "The project, which has been funded by the local government, will distribute 64,000 packs of CDs to students, according to Linux Arverne, a Linux user group involved in the initiative. The project aims to get students and their families more interested in free and open-source software."

Comments (1 posted)

Patent Infringement Lawsuits That Involve FOSS (Groklaw)

Groklaw looks into a patent infringement lawsuit filed by J2 and Catch Curve, Inc. against Mijanda. The dispute concerns FAX software. "Mijanda offers a fax to email gateway hosting service on Asterisk, a GPL licensed general purpose IP-PBX available under GNU/Linux. I believe one of the other companies involved is using Hylafax, which is another much older free software solution specific to faxing. The short list of free software packages that are potentially effected includes mgetty+sendfax, some of the fax stuff found in GNOME (and maybe KDE), hylafax, Bayonne, and Asterisk."

Comments (5 posted)

Open-source allies go on patent offensive (News.com)

News.com covers moves by Red Hat and OSDL to build open-source patent repositories. "Red Hat will finance outside programmers' efforts to obtain patents that may be used freely by open-source developers, the top Linux seller said Tuesday at the LinuxWorld Conference and Expo here. At the same time, the Open Source Developer Labs launched a patent commons project, which will provide a central list of patents that have been donated to the collaborative programming community."

Comments (none posted)

Oops. That DVD should have caused the toilet to flush. (ZDNet)

ZDNet blogger David Berlind has found another silly patent: "InterVideo, located in Fremont, Calif., is asking the court to enjoin Dell from manufacturing, selling or importing products that infringe patents tied to its Linux-based InstantOn technology. The software allows a DVD to automatically start playing a movie when a user inserts a disc into a computer running an InterVideo program." The actual patent is relatively simple to read.

Comments (4 posted)

Scyld Software's Becker on Linux, clustering, grid (LinuxWorld.au)

China Martens talks with Donald Becker. "Becker is the founder and chief scientist of Linux clustering vendor Scyld Software, a subsidiary of Linux workstation and server vendor Penguin Computing. Privately held Penguin acquired Scyld in June 2003. Becker founded Scyld (pronounced "scaled" or "skilled') back in 1998, building on work he did while at NASA (the U.S. National Aeronautics and Space Administration) where he started the Beowulf Parallel Workstation high performance clustering computing project. NASA was interested in his project for helping in the modeling of climate data. IDG News Service caught up with Becker as he took a quick break from demonstrating Scyld clustering software at [LinuxWorld]."

Comments (4 posted)

Interview with Chris Hessing, Lead Developer of xsupplicant (Linux Journal)

Matthew Gast talks with Chris Hessing about wireless security protocols, their implementation and their future. "CH: I feel like the security available right now is pretty good, assuming you're running WPA2 with AES. There are some weaknesses in various EAP flavors that need to be addressed, but that's well underway for the most part. What I'd like to do--and I don't know whether we can--is to get a universal EAP type. Something that allows you to use passwords, allows the storage of passwords in secure form and doesn't lock you in to any particular authentication server."

Comments (12 posted)

LinuxWorld: Versora on migrating to Linux (Open Resource)

Open Resource interviews Jon Walker, CTO of Versora. "Q:What does an organization do with Windows-only apps when migrating to Linux? A:They have four choices, really. One is to port the applications, if they have access to the source code. Two is to re-write the application, which most organizations don't have the time luxury to do. A third is to discontinue the use of the application. And the fourth is to run a thin client, Win4Lin or emulator (in this case, if the applicaiton in question is on the codewaever list, you're in luck)."

Comments (none posted)

The Daemon, the GNU and the Penguin - Chapter 17 (Groklaw)

Groklaw has published chapter 17 of the online book The Daemon, the GNU and the Penguin by Dr. Peter H. Salus. This chapter is titled "Excursus: The GPL and Other Licenses."

Comments (none posted)

OOo Off the Wall: Recovering Hidden Treasures (Linux Journal)

Linux Journal finds ways to customize OOo 2.0. "It's a little-known secret, but what you see in the interface of version 2.0 of OpenOffice.org isn't what you have to settle for. Hidden throughout version 2.0 are dozens of pieces of functionality, each available in a few seconds by customizing the menus, toolbars or keyboard shortcuts of OpenOffice.org applications. Some of these hidden treasures are small tools useful only to users with certain work habits. However, perhaps the most useful customizations are older versions of tools that have been redesigned in version 2.0. In several cases, these older versions are designed better than their replacements. And, if nothing else, they often are more familiar."

Comments (7 posted)

Book Review: Linux Desktop Garage (xyz computing)

xyz computing reviews Linux Desktop Garage. "Susan Matteson's Linux Desktop Garage (LDG) is a light read, aimed at the complete Linux novice. Matteson's goal is to explain to readers the absolute basics of Linux on the desktop, without getting bogged down into anything too complex or overly detailed. The author's casual style tries to keep things fun and interesting, as opposed to textbook reading, which a book about Linux can easily turn into. She is clearly trying to make the transistion to Linux less daunting than it otherwise would be, which is not a bad thing. The book comes with a a Gnoppix LiveCD.

Comments (none posted)

Sun's Linux killer shows promise (Register)

The Register has posted a lengthy review of Solaris 10, with many comparisons with Linux. "To attract the user base and developer interest that will really propel Solaris 10 forward, Sun would do well to think about it as a PC as well as a workstation. Generating enthusiasm and attracting a broad base of developers does involve giving people some fun in return, after all. Making SuSE Pro a fun distro and an excellent PC doesn't make it any less of a workstation, server platform, or development environment, a fact apparently lost on Red Hat."

Comments (25 posted)

US Copyright Office Requests Comments on IE-Only Service (Groklaw)

Groklaw covers a proposal from the US Copyright Office. "There is a new wrinkle to the US copyright law. Hollywood usually gets whatever it wants, as you know, from Congress, but in this case, it only got most of what it wants. But the part that will interest you is this: they are asking if those making use of a new pre-registration system they are setting up will be inconvenienced if they make it usable only by Windows Internet Explorer for the time being." Comments on this proposal are due no later than August 22, 2005.

Comments (28 posted)

Scottish police pick Windows in software line-up (InfoWorld)

InfoWorld reports that the Central Scotland Police is dumping StarOffice and returning to Microsoft Office. "In the past, when the agency deployed a new police application on StarOffice and Linux, the application had to be customized to work with the open-source software, [IT head David] Stirling said. It was also more difficult to configure the open-source software so that police officers could access their files from any police station, he said. Perhaps most of all, the agency needed its systems to work smoothly with those at other agencies and criminal justice departments. Scotland's other seven police jurisdictions use Microsoft for their desktops and applications layer, he said. 'Even though we're one of eight police forces, we make up only 5 percent of the police officers. It's hard to have 5 percent driving the rest of the force,' he said."

Comments (16 posted)

Linux entrepreneur tries again (News.com)

News.com takes a look at what Larry Augustin, former CEO of VA Linux, is doing these days. "Augustin is now CEO of Medsphere, a company that sells software designed to let hospitals manage patient records, pharmacy orders, medical procedures, billing and other responsibilities. That may sound like a dramatic departure from his last executive post, but the open-source philosophy is a unifying thread."

Comments (none posted)

Brazil's Ubuntu-powered digital training bus

Here's a Ubuntu forum posting regarding the Brazilian "digital inclusion bus." This bus contains twelve workstations (and one server) running Ubuntu Linux; it is used to provide training sessions on Internet use and OpenOffice. There's some nice pictures included.

Comments (3 posted)

New web database applications builder for Linux

Awaresoft has released Aware IM - software for business professionals and developers who want to create web database applications without programming. Works with MySQL, Derby and other databases.

Full Story (comments: none)

Cluster Builder 1.1 released

LinuxHPC.org and Cluster Resources, Inc. have announced the release of Cluster Builder 1.1. "An expanded version of Cluster Builder was released today, extending the site's scope beyond basic cluster components to include grid middleware and industry specific applications. Cluster Builder*a Web site highlighting high performance computing (HPC) software and hardware*helps administrators, evaluators and users discover available clustering options and solutions."

Full Story (comments: none)

NERSC Launches Linux Networx Supercomputer

Linux Networx has announced the deployment of a 722 processor cluster system at the DOE/Lawrence Berkeley National Laboratory National Energy Research Scientific Computing Center (NERSC). "Named "Jacquard," the Linux Networx system will provide computational resources to scientists from DOE national laboratories, universities and other research institutions to support a wide range of scientific disciplines including climate modeling, fusion energy, nanotechnology, combustion, astrophysics and life sciences."

Comments (none posted)

Maguma Workbench Version 2.6 Available

Version 2.6 of Magma Workbench is available. "Maguma announces the release of Maguma Workbench 2.6.0, the IDE for PHP and Python, which brings with it a greatly simplified licensing system, that will get users up and running very quickly without hassle. This update addresses a few issues that cropped up in version 2.5 and is a free upgrade from version 2.5".

Full Story (comments: none)

Novell and CS2C to Deliver Linux Offerings in China

Novell, Inc. has announced an agreement with the China Standard Software Company (CS2C) to deliver Linux server and desktop offerings to the Chinese market. "The announcement builds on the strategic partnership launched in April 2005, and will enable the further adoption of Linux in China."

Comments (none posted)

DbWrench Database Design 1.2.1 Released

PostgreSQL has announced version 1.2.1 of DbWrench Database Design. "DbWrench is a multi vendor, cross platform database design and round-trip engineering software. It's features include: a syntax highlighting SQL query editor, support for many of today's most popular databases, a graphic entity relation diagram (ERD) designer, ability to forward and reverse engineer databases. DbWrench is written in pure java allowing it function on numerous operating system platforms."

Comments (1 posted)

SugarCRM Expands CRM Portfolio with Sugar Enterprise Edition

SugarCRM Inc. has announced the Sugar Enterprise Edition of its SugarCRM Customer Relationship Management system. "Key features include Oracle(TM) 9i support, an Offline Client, advanced reporting, and the Module Loader for plug-and-play installation of third-party extensions."

Comments (none posted)

TuxMobil Linux Laptop Survey Exceeded 4,000 Reports

TuxMobil has announced the receipt of over 4000 reports on Linux laptop installations. "Contributors from all over the world are providing tips and tricks to get Linux and other UniX flavors running on almost any laptop model starting from ELKS Linux on laptops with 286 CPU to 64bit distributions on machines equipped with AMD64. Linux is well suited for todays laptops and notebooks. Only a few hardware parts don't work well because the manufacturers don't care to provide necessary details. Parts which often don't work well are Suspend-to-RAM, internal card readers and internal modems."

Full Story (comments: 2)

Appro XtremeBlade wins LinuxWorld Product Awards

Appro has announced the winning of a LinuxWorld Product Best Clustering Solution Award for its XtremeBlade Cluster Solution.

Full Story (comments: none)

Clarkson University wins Linux Tech Competition Awards

Two students from Clarkson University have won first and second place in a Linux technology competition. "The winning project of DeShane and Jablonski targets the need for a collection of tools to manage large structured sets of persistently accessed data, offering users speed and ease of use when accessing the information. To achieve their goal, the team implemented a system that allowed them to search a large amount of data, and then make each subsequent search faster and easier to perform based on the results of previous queries."

Full Story (comments: none)

Kontact Logo Competition Gets Serious (KDE.News)

KDE.News covers the addition of a new prize to the Kontact logo design competition. "Kontact started a competition for a new logo earlier this month; where the winning logo will become the official logo at the next release. Now we found a sponsor to back the competition to give a Wacom tablet to the artist that created the winning logo."

Comments (none posted)

KDE and Qt Projects Take Top Honors In TuxMobil GNU/Linux Award 2005 (KDE.News)

Several KDE-related projects have won awards in the TuxMobil GNU/Linux Award 2005. "Two of the five awarded projects have ties to KDE: KDE-Pim/Pi (Pi-Sync) and KWlanInfo, while another two use the Qt toolkit for their graphical interfaces. Congratulations to all those involved in the winning projects!"

Comments (none posted)

Freedel 2005 - New Delhi, India

Freedel 2005 will take place in New Delhi, India on September 17 and 18, 2005.

Full Story (comments: none)

Ohio Linux Fest - October 1, 2005

The Ohio Linux Fest takes place on October 1, 2005 in Columbus, Ohio. "The Ohio LinuxFest is a free annual conference and event for the Linux and Open Source Software community. Hosting authoritative speakers, the Ohio LinuxFest welcomes Linux and OSS professionals, enthusiasts, and anyone who wants to take part in the event."

Full Story (comments: none)

OSDC 2005 Call For Papers

A call for papers has gone out for the 2005 Open Source Developers' Conference. The event takes place in Melbourne, Australia on December 5-7, 2005. Proposals are due by August 19.

Full Story (comments: none)

2006 O'Reilly Emerging Technology Conference CFP

A Call for Participation has been posted for the 2006 O'Reilly Emerging Technology Conference. "The 2006 O'Reilly Emerging Technology Conference will happen March 6-9 at the Manchester Grand Hyatt in San Diego, California. Proposals are due no later than September 19, 2005."

Full Story (comments: none)

linux.conf.au 2006 - Call For Miniconfs

A call For miniconfs has gone out for the linux.conf.au 2006 event. "The 2006 conference is being held in Dunedin, New Zealand, at The University of Otago". Proposals are due by August 24.

Full Story (comments: none)

LinuxWorld and NetworkWorld Canada 2006

The LinuxWorld and NetworkWorld Canada 2006 Conference & Expo will take place on April 24-26, 2006 in Toronto, Canada.

Full Story (comments: none)

Events: August 18 - October 13, 2005

Date	Event	Location
August 20, 2005	Free Audio and Video Event(FAVE)	(Trinity Community and Arts Centre)Bristol, UK
August 20, 2005	Debian Conference	(The Indian Institute of Information Technology)Bangalore, India
August 27 - September 4, 2005	aKademy 2005	(University of Málaga)Málaga Spain
August 31 - September 2, 2005	YAPC::EU::2005	(University of Minho)Braga, Portugal
September 1 - 2, 2005	Symposium on Security for Asia Network(SyScAN'05)	(The Dusit Thani Hotel)Bangkok, Thailand
September 1 - 4, 2005	GOTO10 ASP digital sound workshop	Rotterdam, the Netherlands
September 5 - 9, 2005	International Computer Music Conference(ICMC 2005)	Barcelona, Spain
September 14 - 16, 2005	php|works	(Holiday Inn Yorkdale)Toronto, Canada
September 16 - 18, 2005	ToorCon 7	(San Diego Convention Center)San Diego, CA
September 17 - 18, 2005	Freedel	New Delhi, India
September 19 - 21, 2005	Plone Conference 2005	(Semper Depot, Lehargasse)Vienna, Austria
September 20 - 23, 2005	New Security Paradigms Workshop(NSPW)	(UCLA Conference Center)Lake Arrowhead, California
September 23 - 24, 2005	Sixth Symposium on Trends in Functional Programming(TFP 2005)	Tallinn, Estonia
September 26 - 29, 2005	Hack in the Box Security Conference(HITBSecConf2005)	Kuala Lumpur, Malaysia
September 28 - 30, 2005	OpenOffice.org Conference 2005(OO.oCon)	Koper (Capodistria), Slovenia
October 1, 2005	Ohio LinuxFest 2005	Columbus, OH
October 2 - 5, 2005	Gelato October 2005 Meeting for Linux on Itanium	Porto Alegre, Brazil
October 5 - 6, 2005	LinuxWorld London	Olympia, London, UK
October 6, 2005	Fedora Users and Developers Conference(FUDCon London)	(LinuxWorld Conference and Expo UK)London, UK
October 7 - 9, 2005	Indie Games Con 2005(IGC)	Eugene, Oregon
October 8 - 10, 2005	GNOME Boston Summit	(Gates Building)Cambridge, MA
October 12 - 13, 2005	IT Underground(ITU)	Warsaw, Poland
October 13 - 14, 2005	Open Source Desktop Workshops	San Diego, CA

Comments (1 posted)

GNUmed conference report (LinuxMedNews)

LinuxMedNews has announced the posting of a report on the 2nd GNUmed conference. "Yesterday the 2nd GNUmed conference in Germany took place. The current state of affairs was discussed. The immediate next steps were defined."

Comments (none posted)

2005 O'Reilly Open Source Convention Wrap Up

O'Reilly presents a wrap-up of the 2005 O'Reilly Open Source Convention. "Parties, receptions, birds of a feather sessions, and tours punctuated this year's OSCON. During the Tuesday Evening Extravaganza, OSCON traditions continued with the "State of the Onion" address given by Perl legend Larry Wall. The Yahoo!-O'Reilly Buzz Market Report was given by David Pennock and Rael Dornfest. Paul Graham, author of "Hackers & Painters," spoke on "What Business Can Learn From Open Source." Perennial OSCON crowd-pleaser Damian Conway brought down the house with his "Fun With Dead Languages" presentation."

Full Story (comments: none)

Appeal Website Launched (KDE.News)

KDE.News has announced the launch of the Appeal project web site. "Appeal is a living experiment in progressive development and organizational concepts as applied to the KDE project (http://www.kde.org). Within the Appeal environment the practices of art, usability and software development are brought together during the earliest phases of development and supported through ongoing communication and periodic in-person meetings. Appeal serves as an incubator for emerging technologies that reflect this philosophy of work."

Comments (none posted)

GPLmedicine.org (LinuxMedNews)

LinuxMedNews has an announcement for the new GPLMedicine.org site. "I am happy to announce GPLMedicine.org I will be using this site to publish articles, letters and other information advocating the use of the GPL license in medicine. The first thing I am publishing there is the site credo, which argues that only the Gnu Public License should be used in medical software."

Comments (none posted)

WorldVistA.org: New Look, Backend (LinuxMedNews)

LinuxMedNews reports on changes to the WorldVistA web site. "The WorldVistA website is sporting a new look and software backend based on plone. Looks like they are gearing up for the long-haul and upcoming VistA vendor training."

Comments (none posted)

New lugradio episode out (GnomeDesktop)

A new episode of LUGRadio has been announced. "Of special interest for GNOME people is an interview with Joe Shaw about Beagle, the desktop search tool. The show is available from the lugradio website and also features discussion about the glory of podcasting, interview on openSuse and a musical extravagance from drummer Jono Bacon and Adam Sweet on the bass guitar."

Comments (none posted)

Trademarks and F/OSS

From:		John Morris <jmorris-AT-beau.org>
To:		letters-AT-lwn.net
Subject:		Trademarks and F/OSS
Date:		Tue, 16 Aug 2005 20:41:23 -0500

It is time for the community who use and depend on Free/Open Source
Software to open a discussion on Trademarks. It appears successful
projects follow a predictable pattern. They are established, become
popular and establish corporations to make themselves compatible with
the rest of the corporate world.
 
In and of itself this isn't a problem, and often is a big positive due
to the good things that money can bring to a project. But one problem
is that the corporate world uses Trademarks and our world really can't.
So there are three choices before us.
 
1. When a project reaches critical mass and needs to incorporate, the
Corporate world takes the original name and it's goodwill along with the
codebase and commercializes it while we fork a different name for
ourselves. i.e. We do the work of changing the thousands of places the
original name appears in webpages, domain names, FAQs, popularizing the
new name, etc.
 
2. As a community we declare our belief that by the time a Free project
reaches the stage of maturity where incorporation is required that its
original name is generic and untrademarkable. Force the corporation, in
it's initial round of financing, to expend the effort to search out a
fresh trademarkable name for it's product and pay to advertise it.
After all, is Free Software still Free when you can't build the tree as
delivered or distribute the documentation without paying for a license?
 
3. Resign ourselves to a world where new distributions of Free Software
face the daunting prospect of either conducting an extensive trademark
review and massive renaming project or raising the funds to license an
ever increasing number of trademarks.
 
Personally I recommend #2 and that we start by moving to void the
trademarks on Linux and Mozilla. If we can win those two fights it will
be clear to the next batch that a fresh new name is the safest course.
 
The Mozilla Foundation has already mothballed the Mozilla browser suite
so they really should not expend much effort in a fight. They do appear
to be willing to fight for Firefox so let us resolve that it is for them
to distribute in closed binaries to Windows users and that when we use
the Firefox branch of the codebase we call it something else. And make
sure that THEY expend the effort to make it easy for us to do so. That
all interaction with the Free World be through it's unencumbered name.
That means we don't have to keep remembering that to download or report
a bug in IceWeasel you have to go to a different product's site.
 
Same with Linux. If the corporate world needs a trademarked name (and
it is fairly clear they do) let them expend the effort to run the focus
groups and such to come up with a new one. It would cost the community
a major effort to locate and replace every Linux reference for no net
benefit to us. Let those who will benefit from a trademarked name be
the ones to expend the resources. RedHat and Novell already apply
hundreds of patches to their kernel tree so one more wouldn't be a big
problem for them.
 

Comments (16 posted)