LWN.net Weekly Edition for December 22, 2005
A 2005 retrospective
The last issue of December is traditionally a time for many publications to look back at the past year. As we live through a year, it can be a hard time to get a perspective on all that is happening; a review can help develop a better understanding of what we have all experienced.Besides, there's usually not much more to write about at the end of December.
In past years, your editor has reviewed the predictions made at the beginning of the year. That exercise seems a little self-indulgent this time around. So suffice to say that some of last January's predictions have been borne out, and others not. We'll not go through all of them here.
Starting with one which didn't work out: your editor's prediction that 2005 would see the end of SCO was optimistic. We have seen the end of SCO in every way that matters; what remains, at this point, is the ghoulish exercise of watching it all fall apart and seeing where the pieces land. Following SCO is a waste of time at this point, a morbid and pointless exercise in the consequences of stupid decisions. We're looking forward to every minute of it.
Your editor's prediction that software patents would not be enacted in Europe looked optimistic, especially in the first half of the year, but turned out to be correct in the end. More to the point, though: the free software community enjoyed legal victories in almost every battle which was decided this year. No software patents, no broadcast flag, the GPL upheld in German court, FAT patents thrown out, etc. Next year may be tougher, but, for this year, we can all raise a glass and toast our victories. It is not all hopeless.
Let us not forget our defeats, however. The Grokster decision holds software developers responsible for the actions of their users - in some situations, at least. The bnetd decision placed limits on our right to create interoperable software. The situation is not all rosy either.
One battle which came to head this year was open formats: as of this writing, the state of Massachusetts is still fighting over a mandate to use open formats in government. Open access to government documents is a clear requirement for a free society; it seems amazing that there is even a fight on this issue. Open formats are also a key to the desktop for free software. This is an important issue, and the debate has barely begun.
The free software community has acquired a pool of patents of its own. Donations - of greater or lesser freedom - came from IBM, Sun, Nokia, Computer Associates, and others. These patents can help to prevent attacks from competitors in the software industry - though they will do little to deter lawyer-only patent troll firms. But a partial solution is better than none; one might well conclude that the risk of a patent attack against free software is, while still significant, lower than it was a year ago.
For years, we have talked about the evils of digital restrictions management schemes and the dangers inherent in not having control over our own systems. But we can thank SonyBMG for making these points clear to a much larger audience. "Consumers" everywhere have seen what happens when others claim control over their systems. People who bought CDs because it was the right thing to do saw that they were punished for it. Their desire to do the right thing will be much reduced - and the entertainment industry must know it. The DRM battle is far from over, and we have a great deal of ugliness to endure yet. But SonyBMG may have shortened the process for us considerably.
2005 was, perhaps, the year of the foundation. A number of projects, including Zope, Ubuntu, and OpenPKG created independent foundations to look after their code. Red Hat also announced the creation of a Fedora foundation, but, the better part of a year later, that foundation has yet to materialize. The fundamental motivation behind all this founding of foundations is easily found: software (even free software) controlled by a single company tends to make other users nervous. The creation of an independent foundation gives others confidence in a free software project's future.
The free software business world continues to develop. MandrakeSoft and Conectiva merged into Mandriva, Novell went through some difficulties but looks like it may be pulling things together, and the flow of venture capital toward free software businesses increased. HP claimed to have shipped over 1 million Linux servers. It seems there really is business to be done around free software.
Meanwhile, the code continues to get better. The list of significant releases is far too large to review here - check the latest version of your favorite distribution to see much of it. Our development community is active and healthy; it is producing results that few would have thought possible even a few years ago. Ups and downs notwithstanding, 2005 has been a good year for the community. We can all raise a glass to that.
The LWN.net 2005 Linux and free software timeline
For eight years now, the editors at LWN.net have put together a timeline highlighting the most important events of the last twelve months. As always, it has been a busy year. Attacks against free software continued in legislatures and the courts - but few have been successful. Corporations began donating patents to the community, some with more enthusiasm than others. The kernel developers improved their process - and dealt with the abrupt loss of their source code management system. SUSE development became more open. SonyBMG gave us all a lesson on the importance of control over our own computers. And so on.Most importantly, in 2005 the free software community kept on hacking. The variety and quality of the resulting software is simply amazing. The free software community is healthy and growing, despite the legal problems, corporate layoffs, hardware hassles, and occasional petty internal bickering. We are going strong.
This is version 1.0 of the 2005 timeline. If you find any errors or remaining major omissions, please send them to us at timeline@lwn.net; please do not post errors or omissions as comments until after we have had a chance to address them.
The development of the LWN.net Linux Timeline was supported by LWN subscribers; if you like what you see, please consider subscribing to LWN.
As usual, the timeline is split up by month. One of these years, we really will restore the "one big page" option, honest.
For the historically minded, the timelines for the previous seven years remain available:
1998 1999 2000 2001 2002 2003 2004
Thanks to the following people who have helped improve the 2005 Timeline: Ross Combs, Bernhard Reiter, Karl Schendel, and David A. Wheeler.
The XGL development model
XGL is a version of the X server built on top of the OpenGL API. Many developers see the XGL approach as the way forward; as video hardware becomes increasingly 3D-only, OpenGL offers a uniform way to drive that hardware. Once an XGL server becomes available, the door will be opened for all kinds of fast 2D and 3D applications.As it turns out, there is a paid development team working at XGL; these developers are hosted at Novell. This work is being funded with the apparent idea of upgrading the free XGL server and benefiting the free software community in general. So it is interesting to see a significant amount of criticism of Novell's work in the desktop community.
The problem comes down to this: all of Novell's work is being done in-house, using a private repository. The wider community knows that this work is going on, and has some idea of what has been done, but none of the resulting code has been seen beyond Novell. The best description of what is happening - and the reaction to it - can be found in Aaron Seigo's weblog. There we see that the non-Novell developers who would like to hack on XGL are frustrated. They know that a number of problems have already been fixed by Novell, but the code is not available. They fear that much of the work they are doing will be duplicated by what the Novell team does. They feel locked out, and wonder about Novell's reasons for taking this approach.
Everybody seems to assume that Novell's work will, eventually, see the light of day and be contributed back - though the X license does not require that. But that release will confront the community with a large dump of corporate code. It will not have been reviewed by anybody outside of Novell, it may well incorporate design decisions which are not acceptable to other developers, and it is likely to duplicate and conflict with any work done by the rest of the community. The possibility that Novell will hold the code until it has packaged it into a SUSE Linux release is also somewhat annoying.
In the absence of a statement from Novell, one can only speculate on why this approach is being taken. It is possible that Novell is just trying to avoid dealing with developers who oppose the XGL project in the first place. At the moment, it is almost impossible to use XGL without proprietary drivers; developers who feel strongly about avoiding proprietary code would thus rather take a different approach - and they have been rather vocal about that. It is also possible that Novell is simply looking to "get the job done" its way, without the distractions of dealing with the community.
This situation should work out in the end, once Novell releases its code and the process of merging begins. At that point, with luck, the X community will have a much-improved XGL server to work with. But the memory of having been locked out of the process will persist for some time. One can only hope that this code release happens soon so that the next phase can begin.
Two discontinued browsers
The writing has been on the wall for some time, but now it's official: Internet Explorer on the OS X platform will go unsupported at the end of 2005. This browser has seen no active development since 2003, but its users were at least provided with security updates. No more; IE for the Mac is at a dead end.There is little that OS X users can do about this decision. IE is very much a closed-source application, so there is no way for anybody to take over its maintenance after Microsoft walks away. This browser is dead, and its users have no choice but to seek alternatives; fortunately, a number of good alternatives exist. But anybody who was truly dependent on this piece of software is out of luck. It is always this way with proprietary software; it can disappear out from under you at its owner's whim.
Earlier this year, the Mozilla Foundation announced that it was discontinuing support for the Mozilla browser suite. The Foundation saw its future in the independent Firefox and Thunderbird applications, and felt that the time had come to move past its one-time flagship suite. Mozilla users, of whom there are many, had little say in this decision; the Foundation makes its own decisions on how best to pursue its goals.
But Mozilla is free software. So a group of dedicated users came together to continue the maintenance and development of the Mozilla suite, using the old SeaMonkey name. Mozilla/SeaMonkey is a large body of code, not something to be taken on lightly. But the SeaMonkey hackers thought that they could handle it.
On December 19, these hackers announced the availability of SeaMonkey 1.0 Beta. The release includes a number of new features, including drag-and-drop tabs, SVG support, "blazingly fast back," and much more. It provides the full suite of tools: web browser, email client, HTML editor, IRC chat tool, DOM inspector, and two varieties of kitchen sink. This is the full suite, updated with the latest work from Firefox and elsewhere. The SeaMonkey hackers would appear to be up to the job.
And, yes, it works on OS X.
It would be hard to come up with a better example of why free software matters. There are a great many Mozilla users who will never look at the code, but they will still benefit from the freedom of that code. As long as there is a sufficient interest in the community, Mozilla, in the form of SeaMonkey, will live on. No proprietary software has such a bright future.
Holiday schedule
As is traditional, LWN will be taking next week off; the next Weekly Edition will come out on January 5, 2006. We'll be posting news items occasionally over the break, however. Best wishes for a great holiday season from all of us here at LWN!
Security
CAN-SPAM: mission accomplished?
LWN first looked at the CAN-SPAM act back in 2003. This U.S. law was an attempt to address the spam problem through legal means. Our impression at the time was that CAN-SPAM would do little good, and might even do harm by overriding state legislation and legitimizing certain kinds of commercial email. One of the provisions of this law was that the U.S. Federal Trade Commission was required to create a report to Congress on how effective the law is, and what improvements could be made. That report is now available [PDF]. The FTC went through a major investigation; among other things, it used its compulsory powers to require nine ISPs to provide email information. The bottom line, according to the FTC: the CAN-SPAM act has been effective in reducing spam.Your editor's mailbox, now receiving something over 5,000 spams/day, would beg to differ from this conclusion. In fact, a deeper reading of the report suggests that CAN-SPAM has not been as effective as one might expect from reading the headlines, and that the real progress against spam has been made elsewhere.
So what has CAN-SPAM accomplished? From the report:
Both of these claims are probably true. And, doubtless, many LWN readers are pleased to know that some of their incoming commercial email follows "best practices." But the spam problem never had much to do with "legitimate online marketers." There have been suits brought against spammers, and that can only be helpful in the end. But even lawsuits will only be so effective in a world filled with spammers. So one might well wonder how to square these limited gains against this claim from the report:
(LWN reported on the MX Logic report last August.) A reading of the above paragraph might well lead one to the conclusion that the battle against spam has been won, and that CAN-SPAM did it. Anybody who deals with email in any serious way knows that this is not the case.
What is going on - and the report recognizes this - is that anti-spam techniques unrelated to CAN-SPAM have gotten better. The reported 75% drop for AOL users does not mean that 75% less spam has been sent in that direction; it does not even mean that there are 75% fewer AOL users, though one might be tempted to reach that conclusion. The difference is that much less spam is actually making it all the way to their mailboxes. Your editor, too, has seen a reduction in spam reaching his inbox; spamassassin nicely takes care of the bulk of it. But better filtering is not a solution to the problem; it is more like sweeping it under the carpet. And, in any case, it was not legislated by CAN-SPAM.
The report notes that a number of tactics adopted by large ISPs have helped. These include blocking outgoing access to port 25 (which imposes unfortunate costs on some users), rate-limiting email entering and leaving the system, and actively disconnecting users with known-compromised systems. Blacklisting is an effective tool; the report claims that large ISPs are able to block 80% of spam before it ever enters their mail server. The FTC also takes credit for helping to shut down open relays.
Another happy result, according to the FTC, is that "users have grown more tolerant of spam." That's one way to solve the problem.
For the future, the report notes an increase in phishing mail, as well as in spam containing malware. There are a few recommendations; one of those is the adoption of SenderID or some other sort of email authentication mechanism. The FTC would like to see the "US SAFE WEB Act" passed; this law would make it easier for the FTC to share information with agencies of other governments. It would also empower the FTC to compel information from ISPs and others while requiring confidentiality - an extension of governmental power which, given recent disclosures in the U.S., may not be entirely welcome. In fact, this recommendation, along with the agency's desire for email authentication and more rigorous requirements for WHOIS information, leads to the question of just how badly we want governments to "solve" the spam problem for us. Given that the most effective techniques we have so far did not come from governments, perhaps it's time to recognize that the solutions lie elsewhere.
New vulnerabilities
dropbear: buffer overflow
| Package(s): | dropbear | CVE #(s): | CVE-2005-4178 | ||||||||
| Created: | December 19, 2005 | Updated: | December 23, 2005 | ||||||||
| Description: | A buffer overflow has been discovered in dropbear, a lightweight SSH2 server and client, that may allow authenticated users to execute arbitrary code as the server user (usually root). | ||||||||||
| Alerts: |
| ||||||||||
fetchmail: multidrop bug
| Package(s): | fetchmail | CVE #(s): | CVE-2005-4348 | ||||||||||||||||||||||||||||||||
| Created: | December 20, 2005 | Updated: | May 27, 2006 | ||||||||||||||||||||||||||||||||
| Description: | Fetchmail contains a bug which allows a malicious mail server to crash the client by sending a message without headers. This occurs when running in multidrop mode. | ||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||
ffmpeg: buffer overflow
| Package(s): | ffmpeg | CVE #(s): | CVE-2005-4048 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | December 15, 2005 | Updated: | March 17, 2006 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | The avcodec_default_get_buffer() function of the ffmpeg library has a buffer overflow vulnerability. A user can be tricked into playing a maliciously created PNG movie, allowing the attacker to run arbitrary code with the user's privileges. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
openldap: RUNPATH issues
| Package(s): | openldap | CVE #(s): | |||||
| Created: | December 15, 2005 | Updated: | December 21, 2005 | ||||
| Description: | OpenLDAP and Gauche have a vulnerability involving the library search path list. A local attacker who belongs to the portage group can create a shared object in the Portage temporary build directory, allowing an unauthorized privilege escalation. | ||||||
| Alerts: |
| ||||||
Opera: arbitrary code execution
| Package(s): | opera | CVE #(s): | CVE-2005-3750 | ||||
| Created: | December 19, 2005 | Updated: | December 21, 2005 | ||||
| Description: | Opera before 8.51 allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL that another product provides in a command line argument when launching Opera. See the Opera 8.51 changelog for details. | ||||||
| Alerts: |
| ||||||
otrs: multiple vulnerabilities
| Package(s): | otrs | CVE #(s): | CVE-2005-3893 CVE-2005-3894 CVE-2005-3895 | ||||||||
| Created: | December 16, 2005 | Updated: | February 15, 2006 | ||||||||
| Description: | Several vulnerabilities were discovered in the CMS system OTRS. Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, multiple cross-site scripting vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, and Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment. | ||||||||||
| Alerts: |
| ||||||||||
redhat-config-nfs: incorrect permissions
| Package(s): | redhat-config-nfs | CVE #(s): | CVE-2004-0750 | ||||
| Created: | December 19, 2005 | Updated: | December 21, 2005 | ||||
| Description: | John Buswell discovered a flaw in redhat-config-nfs that could lead to incorrect permissions on exported shares when exporting to multiple hosts. This could cause an option such as "all_squash" to not be applied to all of the listed hosts. | ||||||
| Alerts: |
| ||||||
sudo: vulnerability via scripts
| Package(s): | sudo | CVE #(s): | CAN-2005-4158 CVE-2006-0151 | ||||||||||||||||||||||||||||||||||||
| Created: | December 16, 2005 | Updated: | September 1, 2006 | ||||||||||||||||||||||||||||||||||||
| Description: | Perl and Python scripts run via Sudo can be subverted. | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
udev: insecure files in /dev/input
| Package(s): | udev | CVE #(s): | CVE-2005-3631 | ||||||||
| Created: | December 20, 2005 | Updated: | February 28, 2006 | ||||||||
| Description: | Richard Cunningham discovered a flaw in the way udev sets permissions on various files in /dev/input. It may be possible for an authenticated attacker to gather sensitive data entered by a user at the console, such as passwords. | ||||||||||
| Alerts: |
| ||||||||||
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current 2.6 prepatch is 2.6.15-rc6, released by Linus on December 18. This one is intended to be the final -rc before 2.6.15 comes out - hopefully by the end of the year. Quite a few fixes have been merged, but no new features are added at this late stage. "But do give it a try, because Santa Claus has his CIA spooks checking y'all out, and naughty people don't get any of the loot." See the long-format changelog for the details.
About 40 post-rc6 patches are currently sitting in the mainline git repository; they are all small fixes.
The current -mm tree is 2.6.15-rc5-mm3. Recent changes
to -mm include a Sony laptop ACPI driver, support for an
atomic_long_t type, the removal of the swap prefetching patches
("I wasn't able to notice much benefit from it in my testing, and the
number of mm/ patches in getting crazy, so we don't have capacity for
speculative things at present.
"), the unshare() system call
(see below), a set of MD updates, and the dropping of support for
gcc 3.1 and prior.
The current stable 2.6 kernel is 2.6.14.4, released on December 14. It contains a relatively large number of patches with a couple of security fixes and various other important repairs.
In an exception to normal policy, the stable team also released 2.6.13.5 on December 15. It contains three patches, one of which is a security fix.
Kernel development news
Some new system calls
The addition of system calls to the kernel is a relatively rare event. Each new system call changes the interface presented to user space and creates an ABI which must be maintained forever. So new system calls are added only when there is a real need. That said, there is a fair variety of system call patches in circulation at the moment.mknodat() and friends
Ulrich Drepper, the maintainer of glibc, isn't just trying to add a system call; his proposal creates eleven of them. They are all variants on current file operations:
int mknodat(int dfd, const char *pathname, mode_t mode, dev_t dev);
int mkdirat(int dfd, const char *pathname, mode_t mode);
int unlinkat(int dfd, const char *pathname);
int symlinkat(const char *oldname, int newdfd, const char *newname);
int linkat(int olddfd, const char *oldname,
int newdfd, const char *newname);
int renameat(int olddfd, const char *oldname,
int newdfd, const char *newname);
int utimesat(int dfd, const char *filename, struct timeval *tvp);
int chownat(int dfd, const char *path, uid_t owner, gid_t group);
int openat(int dfd, const char *filename, int flags, int mode);
int newfstatat(int dfd, char *filename, struct stat *buf, int flag);
int readlinkat(int dfd, const char *pathname, char *buf, int size);
The pattern should be clear by now: each new system call extends an existing one by adding one or more "dfd" (default file descriptor) arguments. In each case, the new argument indicates a directory which is used instead of the current working directory when relative path names are provided. These calls can help applications work their way through directory trees in a race-free manner, and are also useful for implementing a virtual per-thread working directory.
There was a minor comment on the implementation - Ulrich had wanted to avoid changing an exported function, but such changes are always fair game. Beyond that, there seems to be little resistance to adding these system calls. Expect them in a future kernel.
pselect() and ppoll()
David Woodhouse, meanwhile, has been circulating a patch implementing the pselect() and ppoll() system calls. These calls each take a signal mask; that mask will be applied while the calling process waits for events, with the previous mask being restored on return. There is an emulated version of these calls in glibc now, but a truly robust implementation requires kernel support. As with most things involving signals, the new code gets somewhat complex in places. The end result, however, should be a pair of straightforward system calls which allow a process to apply a different signal mask while waiting for I/O.
unshare()
The unshare() patch by Janak Desai was first covered here last May. It allows a process to disconnect from resources which are shared with others. The target application is per-user namespaces; implementing these requires the ability to detach from the global namespace normally shared by all processes on the system. The current version of this patch implements namespace unsharing, but it also allows a process to privatize its view of virtual memory and open files.
This patch has been through a fair amount of review, and has seen a number of improvements from that process. Andrew Morton's reaction to a request to include the patch in -mm suggests that there is some work yet to be done, though. Andrew wants to see a better justification for the patch; he is also concerned about the security implications of adding a relatively obscure bit of code. The end result is that Janak still has some homework to do before this patch will make it into the kernel.
preadv() and pwritev()
The kernel currently supports the pread() and pwrite() system calls; these behave like read() and write(), with the exception that they take an explicit offset in the file. They will perform the operation at the given offset regardless of whether the "current" offset in the file has been changed by another thread, and they do not change the current offset as seen by any thread. Also supported are readv() and writev(), which perform scatter/gather I/O from the current file offset. The kernel does not have, however, any system call which combines these two modes of operation.
It turns out that there are developers who wish they had system calls along the lines of:
int preadv(unsigned int fd, struct iovec *vec, unsigned long vlen,
loff_t pos);
int pwritev(unsigned int fd, struct iovec *vec, unsigned long vlen,
loff_t pos);
To satisfy this need, Badari Pulavarty has created a simple implementation which is currently part of the -mm tree. It seems that Ulrich Drepper suggested an alternative to adding two new system calls, however: change the iovec structure instead. Badari ran with that idea, posting a new patch creating a new iovec type:
struct niovec
{
void __user *iov_base;
__kernel_size_t iov_len;
__kernel_loff_t iov_off; /* NEW */
};
The new iov_off field is more flexible than plain preadv() in that it enables each segment in the I/O operation to have its own offset. The only down side is that the prototypes for the readv() and writev() methods in the file_operations structure must be changed. So every driver and filesystem which implements readv() and writev() breaks and must be changed. There are fewer of those than one might expect, but it is still a significant change.
It was suggested that the asynchronous I/O operations could be used instead. The AIO interface already allows for the creation of vectored operations with per-segment offsets. The downside is that using AIO is more complicated in user space, heavier in the kernel, and, incidentally, AIO support in the kernel was never completed to the point where it will support these operations anyway. Still, that is an option which may need more consideration before changing one of the fundamental interfaces used by filesystems and drivers.
splice()
Finally, there has been talk over many years of creating a splice() system call. The core idea is that a process could open a file descriptor for a data source, and another for a data sink. Then, with a call to splice(), those two streams could be connected to each other, and the data could flow from the source to the sink entirely within the kernel, with no need for user-space involvement and with minimal (or no) copying.
Some of the infrastructure was put in place one year ago when Linus created
a circular pipe buffer mechanism. Now Jens Axboe has put together a simple splice()
implementation which uses that mechanism. The patch is not ready for
prime time yet (Jens: "I'm just posting this in the spirit
of posting early
"), but it is a beginning. In particular, it allows
a file to be spliced to a pipe, as either the source or the sink. With a
pair of splices, it is possible to set up an in-kernel file copy operation
with no internal memory copying.
Work left for the future includes cleaning up the ("ugly," "nasty") internal interfaces, and generalizing the code so that any two file descriptors can be spliced together. The ability to splice to network sockets would be particularly useful. Some of this may take a while, so don't expect splice() to show up in the mainline in the immediate future.
Semaphores and mutexes
Last week's Kernel Page covered the mutex patch by David Howells. The discussion did not stop at that point, however, so here's this week's episode.There was some fairly strong pushback against the mutex patch after last week's article was written. Linus expressed his thoughts this way:
- creates a non-counting mutex
- .. that is SLOWER than the current counting one
- .. and keeps the old "semaphore" and "up/down" naming
is simply INCREDIBLY BROKEN. It has absolutely _zero_ redeeming features. I can't understand how there are a hundred emails in my mailbox even discussing it.
Here is Andrew Morton's take:
Please. Go fix some bugs. We're not short of them.
The objections should be coming into focus at this point. One problem had to do with performance; the mutex patch was supposed to be faster, but that was not the case in the posted version (which lacked architecture-specific implementations). There was a long discussion on why the semaphore code could not be improved on in this regard. It seems that, on the most popular architectures at least, the locked decrement-and-test code used by semaphores is hard to beat.
David's patch also introduced a sort of global flag day, changing the locking primitives used by vast amounts of code all at once. But it kept the old semaphore function names and applied them to the new mutex type, creating a confusing sort of interface. There was resistance to this choice of naming, but also a great deal of resistance to the idea of making major changes throughout the kernel without a very strong idea of what was being gained for it. All told, the mutex patch set looked like it had a rough road ahead of it.
Enter Ingo Molnar, who has posted a mutex patch of his own. Ingo's mutexes are derived from the code used in the realtime preemption patch, of course, but they have been heavily modified to avoid the objections which greeted David's patch. In this version, a mutex is a separate data type, with its own API:
DEFINE_MUTEX(name);
mutex_init(mutex);
void mutex_lock(struct mutex *lock);
int mutex_lock_interruptible(struct mutex *lock);
int mutex_trylock(struct mutex *lock);
void mutex_unlock(struct mutex *lock);
int mutex_is_locked(struct mutex *lock);
The existing semaphore interface is not changed in any way - at least, not in any way visible to the rest of the kernel. There is an interesting feature, however: the semaphore functions (down(), up(), and friends) have been augmented to be able to handle mutex arguments as well as semaphores. This feature is a migration tool: a subsystem which is being considered for migration over to the mutex type can have its semaphores changed to mutexes, but no other code changes are required. The various checks built into the mutex type will quickly set off alarms if a mutex is being used as a counting semaphore. In that case, the locks can be changed back to semaphores and the whole episode forgotten. If, instead, all seems well, the semaphore calls can be turned into mutex calls. Eventually, when the migration work is complete, this helper code can be removed from the kernel.
The real point of all the above is that, unlike David's patch, this version of mutexes imposes no flag day on the kernel. It is a new primitive, with its own API, and bits of the kernel can be converted over one by one.
Ingo claims that his mutex code is significantly faster than semaphores used as mutexes. The code itself is a bit smaller and tighter, which helps. But he also gets some impressive performance improvements on some tests: a filesystem-based test more than doubled its speed on an eight-processor system. That is the sort of improvement which can help to motivate the quick merging of a patch.
In this case, developers started to wonder just why the semaphore code was so much slower. Some research turned up the fact that, on the x86 architecture, each cycle through a semaphore had the potential to wake up two separate waiting processes, each of which would then contend for the lock. Nobody knows why the code is this way - Linus is mystified by it. It quickly became clear, though, that taking out the redundant wakeup breaks the semaphores and causes lockups. For now, it is a bit of black magic which must remain for the whole thing to work.
Ingo quickly seized on this revelation to drive home one of his other points:
Linus seems to have heard this argument:
He doesn't like the under-the-hood semaphore changes, though, and would like that part of the patch taken out.
Ingo's initial posting contains no less than ten reasons why he thinks the mutex patch should go on; rather than try to rephrase all of those arguments, your editor suggests going straight to the source. It is worth noting that, among other things, merging this mutex patch would move another piece of the realtime preemption patch into the mainline - even though many of the realtime-specific features (priority inheritance, for example) are missing.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Security-related
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
It's a LINI
Each week I think that I will test some cool new distribution (or at least the latest version thereof) that I've been reading about. Each week I have the best of intentions, but no follow-through. This week, at least, I have an excuse. I was distracted with new hardware.It's the end of the year, and as sometimes happens there was some money leftover to spend on hardware. LWN editor Forrest Cook did most of the research, the ordering, and has plans to talk about the hardware in detail in some future article, but we both got new systems this week. Mine arrived yesterday, but the promise of its arrival was enough to discourage me from installing anything new on my old and oh so slow secondary test box, a 350 Mhz Pentium 2. Instead I spent extra time making sure that I had good backups to transfer to my new system.
So yesterday I got home with the new box and then applied admirable restraint by first processing the Tuesday security updates, finishing up the rest of the daily page updates and even spent an hour or so updating entries in the Distributions list before diving into the box and setting up my new LINI PC with the Antec Aria Cube case. It's small and super quiet and it came with Ubuntu 5.10 "Breezy Badger" installed on it's 200 GB hard drive.
This frees up my current work box, a 1.4 Ghz Athlon system, for testing purposes. The old Pentium 2 box will probably be turned into an IP masquerade box/dhcp server, allowing me to connect more than one host to my cable modem without a time consuming reboot/power cycle operation. Next year I resolve to spend more time playing around with some subset of the over 400 distributions on our active list.
New Releases
Debian GNU/Linux 3.1r1 released
The first stable update to Debian 'sarge' has been released. This release includes nearly 200 security updates and several other important fixes; click below for the details.Edubuntu flight 2 CD
Edubuntu joins Ubuntu and Kubuntu in "dapper drake" Flight. That is to say, a beta release of Edubuntu 6.04 is available for testing. Click below for a mirror site near you, plus a look at what's new and some known issues in this release.First Arabic KDE Live CD (KDE.News)
KDE.News looks at the first release candidate of Arabian Linux, a live CD with full support for Arabic and English languages. ARL 0.6 RC 1 (Brick in the Wall) was released December 18, 2005.
Distribution News
Ubuntu Asia Business Tour
Mark Shuttleworth with be leading an Ubuntu business tour of India, China, and many other Asian countries during January and February. "We will be hosting breakfast or lunch presentations for companies and leaders in the free software community, to introduce the Ubuntu project. It would be great to meet any of you who are in the cities we will be visiting!" Click below for more information about the schedule.
Ubuntu meeting minutes and locales restructuring
Reinhard Tartler has provided the minutes for the first official Meeting of the MOTUMedia team. Some of the topics discussed include Skins for MPlayer, testplans for media players and support of Codecs in Ubuntu.Daniel Holbach has released the minutes of last week's Desktop Team Meeting. Topics include the dbus transition, bug days and general workflow.
Martin Pitt looks at locales restructuring and why a dist-upgrade might break. He also explains why this isn't a bug.
Fedora Core 5 Test 2 slipping until January 16
As the title says, Fedora Core 5 Test 2 has been delayed until January 16, 2006. That also means a delay in when Fedora Core 3 support transfers to Fedora Legacy.GR: Declassification of debian-private, First call for votes
The voting period on the general resolution: Declassification of debian-private is now open. Debian developers have until the end of the year to cast their votes.Debian Installer team monthly meeting minutes
Here are the meeting minutes for the December 14, 2005 Debian Installer Team meeting. Topics include beta2 plans, the graphical installer (G-I), G-I meeting in Estremadura, and more.
New Distributions
GenieOS
GenieOS has been added to our list, thanks to this DebianPlanet article. GenieOS is a Debian based system that aims to provide a new-user-friendly install while remaining compatible with Debian repositories. Version 0.5 was released December 18, 2005.Studio to Go!
Studio to Go! a live Linux CD with integrated music software such as Rosegarden, Ardour, LilyPond and so much more. While not 100% free software (speech or beer), Studio to Go! will be a good addition to any musician's repertoire. Studio to Go! v1.50 Download Edition is currently available. (Found on Synthtopia).
Distribution Newsletters
Debian Weekly News
The Debian Weekly News for December 20, 2005 is out, with a look at the most important events in 2004, version 2.9 of FAI, Debian on one DVD, the fourth anniversary of debianforum.de, the ballot for declassification of private mail, Simon Bienlein receives BIENE Award, a new apt-get and dpkg guide, LSB conforming init scripts, and more.Fedora Weekly News Issue 26
The latest issue of the Fedora Weekly News contains an Interview with Red Hat's New CTO, Special Promo Code for SCALE, Beginer Tutorials needed for SCALE, Uninet Fedora Conference, Fedora Ambassadors Meeting Minutes, NetworkManager WPA Status, GNOME 2.13.3 Development Release, Fedora Time Bug, and other topics.Gentoo Weekly Newsletter
The Gentoo Weekly Newsletter for the week of December 19, 2005 covers a Gentoo documentation project status update, Gentoo Summer Camp 2006 organizer forum, Gentoo home media center, KDE.news on Gentoo server, and several other topics.Ubuntu Desktop News
The first issue of the Ubuntu Desktop News is out, with a look at GConf should be faster than ever, Simplified menu for the user, How to install a .deb file? Double-click on it!, All your translations are belong to us, New logout dialog, What's new in the Dapper desktop?, and more.DistroWatch Weekly, Issue 131
The DistroWatch Weekly for December 19, 2005 is out. "The renewed GNOME versus KDE flame war and Xen virtualisation are the two leading topics in this issue; these are followed by a few interesting links, including a timeline of Perl, which celebrated 18 years of age on Sunday. Has Ubuntu Linux been dumbed down? With omission of some of the vital utilities from the latest release, Robert Storey wonders where this increasingly popular distribution is heading. Also in this issue: an interview with Robert Tolu of the GenieOS project, an update on FreeBSD release schedule for 2006, and a handful of interesting new distributions."
Package updates
Fedora updates
Fedora Core 4 updates: system-config-nfs (bug fix), arts (update to 1.5), kdelibs (update to 3.5), kdebase (update to 3.5), kdeaccessibility (update to 3.5), kdeaddons (update to 3.5), kdeadmin (update to 3.5), kdeartwork (update to 3.5), kdebindings (update to 3.5), kdeedu (update to 3.5), kdegames (update to 3.5), kdegraphics (update to 3.5), kdemultimedia (update to 3.5), kdenetwork (update to 3.5), kdepim (bug fix), kdesdk (update to 3.5), kdeutils (update to 3.5), kdevelop (update to 3.3), kdewebdev (update to 3.5), kde-il8n (update to 3.5), caching-nameserver, gjdoc (mostly a bug-fix release), system-config-bind (bug fixes), system-config-netboot (bug fixes), postgresql (update to PostgreSQL 8.0.5), mysql (update to MySQL 4.1.16), arts (don't crash if kdelibs is not installed).Fedora Core 3 updates: perl (bug fix), caching-nameserver, system-config-bind (bug fixes), system-config-netboot (bug fixes).
Mandriva update to digikam
This update fixes flaws in the printing functionality of DigiKam in Mandriva 2006.Slackware updates
Slackware now has gcc-3.4.5 packages available, according to the slackware-current changelog.
Distribution reviews
Review: Tao Live CD (Linux.com)
Linux.com reviews the Tao Live CD. "Tao and I got off to a good start. As it happened, the first day I saw Tao on DistroWatch one of my instructors at university expected us to bring in a SUSE live CD for our GNU/Linux course. I brought in the requisite SUSE CD, but I downloaded and used a Tao live CD instead. My fellow students started to complain about SUSE when I was already at the desktop and they were still only halfway through the loading screen."
Linspire Review: Part Four (Lockergnome)
Lockergnome finishes a four part review of Linspire. "For my money, this OS has saved me both time and headaches in many regards. While it needs to look at some of the points mentioned above, I believe for the most part it is doing good things as its people work to bring Linux to the masses. Most important, doing so in a real world environment - not one designed for hobbyist geeks."
Page editor: Rebecca Sobol
Development
ClaSS - a Web-Based Student Information System
ClaSS, the ClaSS Student System is a project based on the LAMP structure (Linux, Apache, MySQL, PHP..) that provides a web-based administration system for educational institutions. The project was started in 2002, and is headed by Stuart T. Johnson.![[ClaSS]](https://static.lwn.net/images/ns/ClaSS.png)
By placing at the disposal of teaching staff the wealth of information traditionally horded in management databases and spreadsheets, it encourages early intervention in the learning process based on authoritative data. Speeding the recording of data and freeing staff from the duplication of administrative effort, it brings ease, efficiency, and immediacy to all the information processes in a school.
A single installation of ClaSS on a web-server allows access to the system for all staff from the classroom, office, or home. All that is necessary for access is a networked PC (running ANY operating system) loaded with the web-browser Firefox. This provides a single point of access to all information and functions (dependent on access permissions) through a unified and easy to learn web-based user-interface.
Class provides a long list of features, including storage of information about students, curricula, and teacher schedules. It allows this information to be organized and output in various report formats. ClaSS can also be used to organize online course material.
The Technical Whitepaper (PDF) provides an overview of the project architecture, its history, and its goals.
The Administrator's Guide discusses the terminology used for ClaSS, and explains what is involved in setting up a working ClaSS environment.
The online demo site is perhaps the best way to get a feel for the system.
According to the installation FAQ, ClaSS dependencies include PHP, Apache 1.3, MySQL, and PEAR::DB. The project has yet to be tested with PHP5 or Apache2, volunteer help is needed.
Release 0.6.1 of ClaSS
was recently announced:
"Update to the 0.6 version includes a couple of bug-fixes which are critical to a correct installation process.
"
Support for ClaSS is still in the planning stages. There is a business opportunity available for a company that can provide ClaSS support.
ClaSS seems ideally suited for schools with a tight budget, and an IT staff that is reasonably proficient in the use of open-source software.
System Applications
Database Software
Firebird 1.5.3 RC 3 is avalable
Release Candidate 3 of the Firebird 1.5.3 database is available. "This sub-release introduces a number of retrospective fixes to bugs that became apparent and were fixed in the Firebird 2 tree during the pre-alpha and alpha phases of the Firebird 2 development. This release candidate (RC3) will become the released version in about two weeks, provided no regressions are discovered."
MySQL 5.0.17 has been released
Version 5.0.17 of the MySQL database is available. "This is a bugfix release for the current production version."
PostgreSQL Weekly News
The December 18, 2005 edition of the PostgreSQL Weekly News is online with new PostgreSQL database articles and resources.
Interoperability
Samba 3.0.21 Available for Download
Version 3.0.21 of Samba is available. "This is the latest stable release of Samba. This is the version that production Samba servers should be running for all current bug-fixes."
Web Site Development
Midgard 1.8 alpha 1 released
Version 1.8 alpha 1 of the Midgard web development platform has been released. "The Midgard Project has released the first alpha release version for the upcoming 1.8 stable branch of the Midgard Open Source Content Management System. Midgard's 1.8 branch focus on improved stability for Midgard2 technology preview features introduced in 1.7 branch."
Quixote 2.4 released
Version 2.4 of Quixote, a Python-based web development platform, is out. The changes include a bug fix and a new Publisher.process() function.
Desktop Applications
Business Applications
Sugar Open Source 4.0 Available for Download (SourceForge)
Version 4.0 of Sugar Suite has been announced. "The Sugar Team is excited to bring you the seventh major release of the Sugar Suite. Our goal continues to be to build the customer relationship management system that you have always wanted, so your input is vital." New features include Access Control by Role, Inbound Email Response, Enhanced Campaign Management, Enhanced Lead Sharing and Cool Themes.
Desktop Environments
GARNOME 2.13.3 Released (GnomeDesktop)
Version 2.13.3 of GARNOME has been announced. "This release includes all of GNOME 2.13.3 plus a few updates that were released after the freeze date for GNOME 2.13.3. It is for anyone who wants to get his hands dirty on the development branch."
GNOME 2.13.3 Released
Version 2.13.3 of GNOME is out. "This is our third development release on our road towards GNOME 2.14.0, which will be released in March 2006."
GNOME Software Announcements
The following new GNOME software has been announced this week:- Devhelp 0.11 (new features, bug fixes and translation work)
- gob2 2.0.13 (new features and bug fixes)
- Sysprof 1.0.1 (bug fixes)
KDE Software Announcements
The following new KDE software has been announced this week:- aKode 2.0 (bug fixes)
- cb2Bib 0.5.1 (new features)
- ipodslave 0.7.1 (new features)
- K3b 0.12.9 (new features and bug fixes)
- K3DSurf 0.5.4 (new features)
- KAlarm 1.3.5 (bug fixes and translation work)
- Kalva 0.8.50 (new features)
- kbilliards 0.8.6 (new features and bug fixes)
- KDE DVD Authoring Wizard 1.03 (bug fixes)
- KMyFirewall 1.0 (new features and bug fixes)
- KSquirrel 0.6.0 (new features and bug fixes)
- LinCVS 1.4.4 (bug fixes)
- piklab 0.2 (unspecified)
- PyWireless 3.0 (new features and bug fixes)
- RSIBreak 0.4.0 (new features and bug fixes)
X11R6.9/X11R7 Final Release Candidate ready for testing
The final release candidate of the X11R6.9/X11R7 window system has been announced, testers are needed. "We are pleased to announce the availability of the fourth and final full Release Candidate (RC4) for the upcoming X.Org Foundation release of X11R6.9 and X11R7. We have tagged both the monolithic and modular trees and have prepared tarballs for you to test."
Electronics
XCircuit 3.5.5 released
Version 3.5.5 of XCircuit, an electronic schematic drawing package, is out. Changes include a new command line option and a bug fix.
Graphics
g3dviewer 0.2.99.1 released
Version 0.2.99.1 of g3dviewer is out with a new GTK+ 2.0 requirement. "G3DViewer is a 3D file viewer for GTK+ supporting a variety of file types".
GUI Packages
Trolltech Releases Qt 4.1
Trolltech has announced the release of Qt 4.1. "Qt 4.1 - the first feature release since Qt 4.0 - includes a wide range of performance and stability enhancements, as well a number functionality additions." (Found on KDE.News)
Multimedia
SDL.NET 4.0.1 Released
Version 4.0.1 of SDL.NET, a cross-platform set of object-oriented CLS-compliant .NET bindings for the SDL multimedia library, is out. "This release fixes numerous bugs in the library, particularly in the Events class. The Events loop now supports OpenGL applications better. OpenGL attributes can now be accessed using properties. User-defined events work much better. Creating Resizable and OpenGL windows is easier. All of the OpenGL Red Book examples have been ported to SDL.NET and a Wiki-version of OpenGL Red Book was added to the SDL.NET website."
Office Suites
OpenOffice.org 2.0.1 released
OpenOffice.org 2.0.1 is out. As one might expect, this release concentrates on fixing bugs, but there's some new feature work as well: "So, for example, it is now possible to disable and hide particular application settings, which comes in handy for central administration in networks. Moreover, a new keyboard shortcut permits the user to return to a saved cursor position. The bullets and numbering feature has been expanded, and a new mail merge feature is available."
VOIP
Hacking Asterisk and Rails with RAGI (O'Reilly)
Joe Heitzeberg discusses the connection between the Asterisk VOIP software and the Ruby on Rails web development platform in an O'Reilly article. "RAGI is a simple API and set of helper classes that facilitate programmable phone logic, or IVR, from a Ruby environment by implementing the Asterisk AGI protocol. In Rails apps, RAGI makes handling phone call interaction something similar to rendering a web page."
Web Browsers
SeaMonkey 1.0 Beta released
![[logo]](https://static.lwn.net/images/tl/seamonkey64.png)
The SeaMonkey project, which aims to continue maintenance and development
of the Mozilla software suite, has had little visibility recently. But
that does not mean they have not been busy; the first 1.0 beta has been announced.
"SeaMonkey 1.0 Beta features more than just a state-of-the-art web browser, though: the application comes with a powerful email client as well as a WYSIWYG web page composer and a feature-rich IRC chat application. For web developers, mozilla.org's DOM inspector and JavaScript debugger tools are included as well." The final release is expected in January.
Interview with Mozilla hacker Mike Beltzner
As noted in MozillaZine: here is an interview with Mike Beltzner, the "user experience lead" for Mozilla, done by David Tenser. "Weve spent the past two decades promoting a hierarchical (or spatial containment) desktop metaphor for computer filing systems. It would be a disservice to many of our users to replace it completely. There are, however, significant advantages to tagging systems, especially in terms of building a system which defies classical ontology (for more on those advantages, see Shirky: Ontology is Overrated Categories, Links, and Tags.) Adding tagging capabilities to bookmarks can be done in a way that is based in the existing user bases conceptual (hierarchical) model, yet extends it to add richer interaction possibilities."
Minutes of the mozilla.org Staff Meeting (MozillaZine)
The minutes from the December 5, 2005 mozilla.org staff meeting have been announced. "Issues discussed include Firefox Summit and Engineering."
Minutes of the mozilla.org Staff Meeting (MozillaZine)
The minutes from the December 12, 2005 mozilla.org staff meeting have been announced. "Issues discussed include Firefox Summit, Engineering, Upgrading, Awards and Newsgroups reorganisation".
Miscellaneous
Chandler 0.6 is released
Version 0.6 of Chandler, a Personal Information Management (PIM) client application, is out.
Languages and Tools
Caml
Caml Weekly News
The December 20, 2005 edition of the Caml Weekly News is online. Take a look for new Caml articles. Topics include: Weblogs and HostIP modules, Concurrent and Distributed Programming in Ocaml, and Generic access to float arrays.
Java
Jacareto 0.7.10 released (SourceForge)
Version 0.7.10 of Jacareto has been announced. "Jacareto is a capture & replay tool for programs written in Java. You can capture actions on applications and replay them later on (like macros). Jacareto can be used for GUI tests, the creation of animated demonstrations and analyses of user behavior. The latest version of Jacareto contains enhanced multimedia features. In addition, the time management has been improved, an option for direct xml writing has been added and some bugs have been fixed."
Hibernate Class Generation Using hbm2java (O'ReillyNet)
John Ferguson Smart introduces hbm2java on O'Reilly. "Hibernate is a popular open source library for handling object/relational persistence and queries. In Hibernate, mapping between database tables and POJO ("plain old Java objects") classes is configured in a set of XML mapping files. hbm2java is a code generator that converts the mapping files into POJOs. It is part of the Hibernate Tools subproject and can be downloaded in the separate Hibernate Extensions package."
Lisp
CL Gardeners project announced
The CL Gardeners site has been launched. "The project's mission is 'To improve Common Lisp's attractiveness for people who are considering using Lisp but are also tempted by any of the johnny-come-lately languages that offer, at best, a pale imitation of a subset of Lisp's features.'"
Perl
This Week on perl5-porters
The December 5-11, 2005 edition of This Week on perl5-porters has been published. "This week had seen the development of the responses of Perl community to the Webmin security hole, with the usual assortment of activity on many other fronts in the advancement of the Perl interpreter. Pod::Simple integration, issues in newer Windows, better OpenVMS support illustrate the discussion diversity."
Python
Profiling and Optimizing Python (O'ReillyNet)
Jeremy Jones shows how to tune Python applications on O'Reilly. "Premature optimization is the root of all sorts of evil in programming, but meaningful and necessary optimization is vital to effective and efficient programming. When your Python program just doesn't perform, don't reach for C or C++ without first playing with the Python profiler."
Dr. Dobb's Python-URL!
The December 21, 2005 edition of Dr. Dobb's Python-URL! is online with links to the latest Python articles and resources.
Ruby
Ruby Weekly News
The December 18th, 2005 edition of the Ruby Weekly News looks at the latest discussions from the ruby-talk mailing list.
Tcl/Tk
Dr. Dobb's Tcl-URL!
The December 19, 2005 edition of Dr. Dobb's Tcl-URL! is online with the latest Tcl/Tk news and resources.
XML
Amara XML Toolkit 1.1.7 released
Version 1.1.7 of the Amara XML Toolkit has been announced, it features new capabilities, bug fixes and packaging improvements. "Amara XML Toolkit is a collection of Python tools for XML processing-- not just tools that happen to be written in Python, but tools built from the ground up to use Python idioms and take advantage of the many advantages of Python."
Editors
XEmacs in a modern world
XEmacs 21.5b24 has been announced. "Emacs is big. Emacs is mature. But still, when you start it you immediately notice that it's not only mature but old. But this is changing with the last release of XEmacs. XEmacs 21.5b24 finally brings support for Xft fonts to the Emacs world."
IDEs
Checkstyle Statistics Plug-in 0.1.0 released (SourceForge)
Version 0.1.0 of Checkstyle Statistics Plug-in for Eclipse is available. "The elipse-cs team is proud to present a useful addition to the regular Eclipse Checkstyle Plug-in - the Checkstyle Statistics Plug-in. Originally contributed by Fabrice Bellingard the Statistics Plug-in provides two views which greatly ease up handling of large amounts of Checkstyle violations and add some eye candy."
eric 3.8.1 released
Version 3.8.1 of eric3 has been announced, it includes bug fixes and new mouse functionality. "eric3 is a full featured Python (and Ruby) IDE that is written in PyQt using the QScintilla editor widget."
Version Control
Git 1.0.0 released
At long last, version 1.0.0 of the git source code management system has been released. Git maintainer Junio Hamano notes: "The name '1.0.0' ought to mean a significant milestone, but actually it is not. Pre 1.0 version has been in production use by the kernel folks for quite some time, and the changes since 1.0rc are pretty small and primarily consist of documentation updates, clone/fetch enhancements and miscellaneous bugfixes."
Miscellaneous
Luban Java Bridge released in Luban Language Beta 2.0
Version 2.0 of Luban, a component oriented scripting language, is available. It features the new Luban Java Bridge: "the Luban Java Bridge has been built to enable Luban to access arbitrary Java classes, functions and fields."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Free Software as a Social Movement (Z Magazine)
Z Magazine interviews Richard Stallman. "A problem arises when people who might be sympathetic to our ethical position, but focus on other issues, fall into the habit of helping to pressure others into using non-free software. It falls to me to tell them they are doing so, that they with their own actions are giving certain large companies more power. When you send someone a '.doc' file, a 'Word' file, or an audio or video file in RealPlayer or Quicktime format, you are actually pressuring someone to give up their freedom. Perhaps because I constantly have to bring this up, people believe I don't have a sense of proportion."
HOSP promotes open source in the Netherlands (NewsForge)
NewsForge covers the Holland Open Software Platform (HOSP). "Officially founded last summer, HOSP has the goal of bringing together all existing initiatives around open source software, open content, and open standards in the Netherlands."
Companies
Quanta Building MIT's $100 Laptops (eWeek)
eWeek reports that Quanta Computer Inc. has been selected to manufacture the hardware for MIT's One Laptop per Child initiative, which aims to produce $100 laptops. "OLPC's goal is to sell the laptops to governments worldwide who will in turn distribute the machines to schoolchildren in impoverished regions to use in their classes and take home. The computers are expected to come in a brightly colored, rugged chassis in order to protect them from damage and discourage theft, and will run Linux with a 500MHz processor and 1GB of onboard memory, based on a design proposed by OLPC earlier this year."
University Rectors in Italy Promoting Proprietary Software (Linux Journal)
Marco Fioretti has written a followup on his Linux in Italian Schools series with the report from an Italian university group promoting the use of Microsoft products, available at steep discounts. "The simultaneous publication of this press release and my article on the benefits of using free software in the same university/school system isn't the only interesting part of the story. First of all, the language in the CRUI announcement is similar to that used on the page of Microsoft's Italian site that advertises the discount; even if you don't speak Italian, the correspondence is evident."
Linux at Work
Open source everywhere for Canadian brokerage (NewsForge)
NewsForge looks at the successful deployment of Linux and open-source software at a Canadian brokerage firm. "One product that Fortlage calls "absolutely amazing" is PDFlib, a dual-licensed tool that processes PDF data on the fly. GHY's clients keep records using bar-coded forms that cost a dollar each and had to be ordered in multiples of 1,000. "The forms have static and dynamic bar codes, and the customers send them to their shippers to be filled out," Fortlage says. "The problem was that it was not cost-effective, and the costs had to be borne by GHY. We thought, what if we build the forms on the Web, use a cookie to save some information to the desktop about what was last filled out, and make a very simple Web-enabled document?" The result, says Fortlage, is that GHY was able to eliminate 90% of the annual $25,000 cost of the paperwork."
Legal
Microsoft's Yates' to MA: How About 2 Standards? - Transcript (Groklaw)
Groklaw covers the latest remarks from Microsoft's Alan Yates regarding the Massachusetts Open Document Format standardization issue. "First, what Microsoft is asking for is that Massachusetts adopt two standards, to "open up" to that. Yates says that Microsoft has never spoken against ODF, that what Microsoft is proposing is more choice and greater competition than the current Commonwealth policy provides. They want to be included too. It's just a question of two types of business models, Microsoft's, which he describes as a model based on "the magic of software," and IBM's, based on "the magic of services." On that basis, he says public policy shouldn't favor one business model over another, that public policy shouldn't choose software."
A Massachusetts ODF-MS XML Timeline/Resource Page (Groklaw)
Groklaw has started a resource page for those following Open Document Format adoption in the state of Massachusetts. "Here's a draft of what will be a new permanent page on Groklaw, a timeline of all important events in the story of Massachusetts' adoption of Open Formats, Open Standards and it's a compilation of resources. It's in four sections: 1) resources; 2) by topic; 3) events chronologically; and 4) miscellaneous resources. There is some overlap, so that everyone can find what they are looking for, no matter how they approach it. If you can't find it anywhere else, look in the chronological list."
Interviews
People Behind KDE: Debian Qt/KDE Packagers (KDE.News)
KDE.News introduces this People Behind KDE interview with the Debian Qt KDE team. "A special treat on tonight's People Behind KDE as we bring you the Debian Qt KDE Packagers. A whole seven interviews in one! How are those packages made and kept up to date? What would the packagers like in KDE 4? What customisations do Debian's finest make to their own desktops? And do they prefer RMS or Linus? Find out on the Debian Qt/KDE People Behind KDE interview, the answers may not be what you think."
Resources
High Dynamic Range images under Linux (linux.com)
Linux.com has an introduction to high-end image formats and how they are supported with free software. "OpenEXR was developed by Industrial Light and Magic and released under a modified BSD license in 2003. It supports 16-bit floating point, 32-bit floating point, and 32-bit integer pixels. It covers more than the entire visible color spectrum, and more than 10 orders of magnitude in brightness."
KDE and OpenSync develop KitchenSync to replace KPilot (NewsForge)
NewsForge covers the KitchenSync. "Developers of the K Desktop Environment (KDE) have teamed with those at the OpenSync project to produce a graphical interface called KitchenSync to replace the KPilot PDA sync tool beginning with the release of KDE 4. KDE developers made the decision to drop the current synchronization code, including KPilot, an older application also called KitchenSync, KSync, Kandy, and libksync, earlier this year in Spain at the aKadamy conference, just days after a SUSE-sponsored coding session in Nuremberg, Germany, where the KitchenSync interface was developed."
At the Sounding Edge: Music Notation Software for Linux, Part 3 (Linux Journal)
Dave Phillips makes musical notation with MusiXTeX. "MusiXTeX is a set of macros and fonts that provide extensions for music publication with the TeX typesetting software. TeX is a powerful text processing system for UNIX/Linux, originally designed for high-quality typesetting of scientific and engineering articles and books. It puts special emphasis on representing the symbols and graphics found in algebraic equations and other mathematics formulae. This special graphics capability made TeX a natural choice for a high-quality typesetting system for music."
Reviews
Linux Magazine: Busy Kat (KDE.News)
KDE.News mentions a new Linux Magazine article (PDF format) on Kat. "For all the users wanting to better know how the Kat desktop search program works, Roberto Cappuccio explains the inner workings of Kat, the difficulties encountered during development and the future of this long awaited (and still under heavy development) piece of software in the article Busy Kat on Linux Magazine."
CLI Magic: Introducing rss2email (Linux.com)
Linux.com has an introduction of rss2email. "Why would you want to receive feed updates in your inbox rather than checking them in a feed reader? Isn't the whole point of feed subscriptions to browse them at your leisure? For the most part, I don't want to receive an email every time one of the feeds I subscribe to is updated -- I have more than 200 subscriptions, so that would fill up my inbox pretty quickly. However, there are a few select feeds I do want to monitor more closely, so I use rss2email to shoot me an email when those are updated."
Miscellaneous
Cooperative Funding for OpenEMR (LinuxMedNews)
Consultant and OpenEMR developer Rod Roark suggests a new method for the funding of open-source projects: "Accordingly, my company Sunset Systems has organized a collaborative method for improving OpenEMR. We have put together a "wish list" at here. What you can do is pick an item on the list (or propose a new one) that is important to you, and tell us how much cash you might be willing to contribute toward its development, along with any special requirements you may have. When it appears that sufficient funding is available to complete your item to everyone's satisfaction, we'll contact you and the other contributors to confirm agreement and then make it happen."
Bringing MySQL compatibility to PostgreSQL (NewsForge)
NewsForge looks at efforts to advance PostgreSQL adoption by providing MySQL compatibility. "Kings-Lynne, a PostgreSQL developer who also works on the phpPgAdmin project, is working on a MySQL compatibility project for PostgreSQL that may allow people to utilize PostgreSQL with software that normally requires a MySQL database. According to Kings-Lynne, the MySQL compat project is comprised of about 100 MySQL functions, two MySQL aggregates, and "maybe a cast in PostgreSQL.""
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
EFF: Analog Hole Bill Introduced
The EFF reports that the "Digital Transition Content Security Act of 2005," which attempts to shut off high-resolution outputs on our media gadgets, has been introduced into the U.S. House of Representatives. "Digitizers and digital media devices that won't jump through the specified outrageous regulatory hoops - automatically deleting protected analog content after ninety minutes; outputting only 'down-rezzed' images, and satisfying 'robustness criteria' that weld the hood shut against user modification and open source developers - are expected to simply turn off and refuse to convert watermark-protected analog video."
KDE Web Dev 2005 Fund Raiser (KDE.News)
KDE.News has announced a new fund raising effort. "It is hard to believe that our last official fund raiser was in mid October of 2004. As a member of the community you might think that represents a lot of success for our fund raising efforts as we have done fund raisers as often as every few months. Nothing could be further from truth. In actuallity we were already behind when a $100 a month sponsor was forced to pull out."
LinuxQuestions.org Reaches Two Milestones
LinuxQuestions.org has announced the milestones of two million posts and two hundred thousand members. "As one of the largest non-distribution specific Linux communities on the web, LQ continues the rapid growth that it has sustained for almost six years. The site was recently redesigned and is an integral part of a growing network of Linux-related sites."
Commercial announcements
AJAX-Based Echo2 Web Framework and EchoStudio2 Released
NextApp, Inc. has announced the open-source AJAX-based Echo2 Web Framework and commercially-licensed EchoStudio2 Visual Development Tool. "Echo2 unifies AJAX technology with a practical server-side framework to create a next-generation web application platform. For web application developers, Echo2 provides a familiar and powerful component-oriented framework that promotes event-oriented design similar to traditional thick-client user interface toolkits like Java Swing or Eclipse SWT."
CadSoft Releases Eagle 4.16
CadSoft has released version 4.15 of Eagle, a commercial printed circuit CAD application with a freely downloadable "lite version" for hobby use. See the what's new document for the list of changes.Levanta to launch Management Appliance in Korea
Levanta has announced the opening of a Korean sales office, which will sell the Levanta Intrepid M Linux management appliance. ""We chose Korea to launch the Intrepid in Asia because of the widespread adoption of Linux in both government organizations and enterprises," said Matt Mosman, CEO of Levanta. "In the U.S., we've seen the strongest demand for the Intrepid M in corporations and Internet businesses with large numbers of existing Linux deployments. With the fantastic growth of Linux in Korea and large number of Linux systems, we see a big opportunity for the Intrepid M.""
Linux Desktops Double Using Innovative New Software
Userful Corporation has announced a temporary give-away of two-user licenses for its Desktop Multiplier software. "Desktop Multiplier enables a single computer running the Linux operating system to provide multiple independent workstations to multiple users at the same time, with each user workstation comprising a keyboard, monitor and mouse. Free two-user licenses to be distributed in this promotion will enable desktop Linux users with a standard dual-head video card to add another workstation by simply plugging in a spare monitor, USB mouse and keyboard."
Mandriva to ship Skype
Here is the much-anticipated press release from Mandriva, stating that Mandriva 2006 Linux will come with the (proprietary) Skype VOIP application bundled. "With Mandriva Linux 2006, users will be able to easily make business or personal phones calls all over the world using their computer, while taking advantage of local rates. Customers can connect from PC to PC, PC to landline phone, or PC to mobile phone. Additional features, such as voice mail and call forwarding, are also available."
Performancing Announces Performancing for Firefox
Performancing LLC has announced a new Firefox extension. "Performancing, a new organization dedicated to building the world's largest community of professional bloggers, today announced the beta version of its new Firefox extension blogging tool, Performancing for Firefox. The tool will be available for testing by Performancing's growing member base, and is slated for general availability by the end of Q1 2006."
Access2PostgreSQL Sync v.1.0 release
PostgreSQL, Inc has announced the 1.0 release of Access2PostgreSQL Sync. An evaluation copy is available for limited testing. "Access2PostgreSQL Sync is a new converter in our Data Conversion Product Line. This effective application allows you to convert and synchronize mdb (Microsoft Access databases) and PostgreSQL databases."
SMBs using Oracle 10g Standard Edition One on Linux
Oracle Corporation has issued a press release highlighting several of their smaller business customers that are using Oracle on Linux.Sun Announces New Enhancements to Java Enterprise System
Sun Microsystems, Inc. has announced new versions of the Java(TM) Enterprise System and Java(TM) System Suites. "Enhancing the overall capabilities of the Java Enterprise System, the Sun Java System Portal Server 7 is the first to allow the easy creation of interactive communities of users and services, building community portals populated with collaborative content including RSS feeds, blogs and wikis."
Syncsort's DMExpress Supports 64-Bit Linux for Intel(R) EM64T
Syncsort Incorporated has announced 64 bit versions of DMExpress, its high-performance ETL product. "DMExpress' dynamic memory optimizations will take advantage of the 64-bit architecture to dramatically speed up long running, data-intensive applications, allowing companies to process even larger data sizes within the same batch processing window."
Play FLAC and Ogg files in your Volvo
Volvo automobiles have a new Digital Jukebox audio accessory that supports the Ogg Vorbis and FLAC audio formats. "The USB 2.0 connection between the PC and docking station contributes to fast downloading. The system is supplied with PhatNoise Music Manager, a program that simplifies the task of creating, organising and playing digital music files, as well as PhatNoise CD Manager for fast, simple downloading of music files from a CD to the DMS memory. In addition to the conventional CD format, the system supports MP3, WAV, WMA, OGG and FLAC digital sound formats." Found on the FLAC news page.
New Books
C in a Nutshell - O'Reilly's Newest Release
O'Reilly has published the book C in a Nutshell by Peter Prinz and Tony Crawford.Cryptographic Libraries for Developers published by Charles River Media
Charles River Media has published the book Cryptographic Libraries for Developers by Ed Moyle.Insider Threat--latest from Syngress
Syngress has published the book Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft by Dr. Eric Cole and Sandra Ring.IBM Press Publishes "Irresistible! Markets, Models, and Meta-Value in Consumer Electronics"
IBM Press has announced the publication of the book Irresistible! Markets, Models, and Meta-Value in Consumer Electronics. The book has been edited by George Bailey and Dr. Hagen Wenzek.Java Enterprise in a Nutshell, Third Edition - O'Reilly's Latest Release
O'Reilly has published the book Java Enterprise in a Nutshell, Third Edition by Jim Farley and William Crawford, with Prakash Malani, John G. Norman, and Justin Gehtland.PHP Hacks - O'Reilly's Latest Release
O'Reilly has published the book PHP Hacks by Jack Herrington.Skype Hacks: Save and Have Fun with Phone Service--O'Reilly's Latest Release
O'Reilly has published the book Skype Hacks: Save & Have Fun with Phone Service by Andrew Sheppard.XSLT Cookbook, Second Edition - O'Reilly's Latest Release
O'Reilly has published the book XSLT Cookbook, Second Edition by Sal Mangano.Zero Configuration Networking: The Definitive Guide - O'Reilly's Latest Release
O'Reilly has published the book Zero Configuration Networking: The Definitive Guide by Stuart Cheshire and Daniel Steinberg.
Resources
Linux Intranet Configuration document
Segetech has published a new Linux Intranet Configuration document. "This document explains a general purpose intranet infrastructure design, configurations for firewall, DNS, DHCP, NFS, NIS, SSH, NTP, and lists needed services to enable the configured features in the network. Such a network is suitable for software development, office application use, and many other tasks." (Thanks to Daniel Qarras.)
OSV Sponsors Copyright and Patents Briefing Paper
Open Source Victoria has announced its sponsorship of a new Copyright and Patents FAQ document. "Open Source Victoria, Australia's government-funded open source industry cluster, has recently sponsored the preparation of a briefing paper which delves into the issues surrounding copyright, software patents and other issues affecting the software industry. Written by well-known lawyer and principal of Open Source Law, Brendan Scott, the paper is free and available under an Creative Commons licence for everyone to download and read."
Contests and Awards
Astaro wins PC Magazine's Best of the Year award
Astaro's Security Gateway 220, a unified threat management appliance, has won a PC Magazine award. "The magazine selected eight solutions in the categories of Security and Networking for this yearly distinction. Astaro Security Gateway 220 was chosen as the Business Security Appliance for both."
Surveys
2006 XML.com Reader Survey (O'Reilly)
O'Reilly is running a reader survey about XML. "I want to ask for your help. XML.com has a reputation for being a no-nonsense source of cutting-edge technical information about all things XML and the Web. I need your help maintaining that reputation. As you may know, we've been trying to retool our editorial focus during 2005 to concentrate on what the world looks like in the post-core-XML specification era; that is, what happens when we stop working so much on XML as with it?"
Upcoming Events
EHR Standardization conference (LinuxMedNews)
LinuxMedNews has an announcement for the 2006 ICMCC Conference on EHR Standardization and Interoperability. The event takes place in The Hague, The Netherlands on February 6-7, 2006.Discover, Connect, and Succeed at the 2006 MySQL Users Conference
Early registration for the 2006 MySQL Users Conference is open. The event will be held in Santa Clara, California on April 24-27, 2006. "This annual event is an unmatched opportunity for database developers, DBAs, users, and vendors to gather together and share the latest information on MySQL and open source technology. The theme for the 2006 conference is "Discover. Connect. Succeed. Scale Your Business with MySQL.""
CMP Media announces Embedded Systems Conference
CMP Media LLC has announced the 2006 Embedded Systems Conference (ESC). The event will be held in San Jose, CA on April 3-7, 2006. "The five-day Embedded Systems Conference will showcase the latest developments in enabling technologies, systems and software products, and tools created by the electronics industry's most innovative minds -- the Creators of Technology. ESC Silicon Valley will welcome over 300 leading exhibitors and feature more than 194 classes and design seminars to give engineers and engineering managers thorough training and understanding of the industry's most critical themes -- like analog and power, Linux and DSP, Consumer Video, and Wireless Networking."
Notacon Call for Proposals open
A Call for Proposals has gone out for Notacon 3. The event will take place in Cleveland, Ohio on April 7-9, 2006.2006 Ottawa Linux Symposium call for papers
It's that time of year: the call for papers for the 2006 Ottawa Linux Symposium (July 19 to 22) is out. If you would like to present at OLS this year, you have until the beginning of February to put in a proposal.2nd Annual SE Linux Symposium
The 2nd Annual SE Linux Symposium will be held in Baltimore, MD on February 27-March 3, 2006.First X@FOSDEM2006 announced
The first X@FOSDEM2006 has been announced, it will be held on February 24, 2006. "X@FOSDEM2006 consists of an X Developers HotHouse before FOSDEM and an X.org DevRoom on FOSDEM 2006."
X.org Foundation Developer's Conference CFP
A call for papers has gone out for the 2006 X Developer's Conference. The event will be held in Santa Clara, CA on February 8-10, 2006. Abstracts are due by December 31.Events: December 22, 2005 - February 16, 2006
| Date | Event | Location |
|---|---|---|
| December 27 - 30, 2005 | 22nd Chaos Communication Congress | Berlin, Germany |
| January 13 - 15, 2006 | ShmooCon 2006 | (Wardman Park Marriott Hotel)Washington, D.C. |
| January 23 - 28, 2006 | linux.conf.au 2006 | Dunedin, New Zealand |
| January 23 - 25, 2006 | Black Hat Federal Briefings and Training 2006 | (Sheraton Crystal City)Washington, D.C. |
| January 24 - 26, 2006 | O'Reilly Emerging Telephony Conference | (San Francisco Airport Marriott)San Francisco, CA |
| February 6 - 7, 2006 | ICMCC Conference on EHR Standards and Interoperability | (World Forum Convention Center, The Hague)The Netherlands |
| February 8 - 10, 2006 | X Developer's Conference(XDevConf) | (Sun Campus)Santa Clara, CA |
| February 10 - 12, 2006 | CodeCon 2006 | San Francisco, CA |
| February 11 - 12, 2006 | Southern California Linux Expo(SCALE 4x) | (Los Angeles Airport Westin)Los Angeles, California |
Web sites
KDE Dot News: Sponsored by OSU Open Source Lab (KDE.News)
KDE Dot News is now being hosted by the OSU Open Source Lab. "OSUOSL have graciously provided us with both server and network hosting, although of course, OSUOSL has long been hosting us on their network while we had been sharing the Ark Linux webserver. As we outgrew the Ark Linux server and ran into resource limitations however, OSUOSL also graciously offered us new server hosting. The dot is now significantly more responsive and we should definitely be seeing an improvement in uptime as well."
O'Reilly Network Launches Emerging Telephony Web Site
O'Reilly has announced it new Emerging Telephony web site. "IP telephony technologies are heating up the telecommunications industry. Search companies are adding voice options for their customers, web developer voice platforms are creating entirely new services opportunities, open source IP PBX platforms are striking fear into the hearts of traditional telcos. With so many new options, shuffling international players, and related apps coming fast and furious from the deep recesses of hackerdom, O'Reilly Network has launched a new site, Emerging Telephony, to help developers and other interested parties stay ahead of the curve in this industry in transition."
Audio and Video programs
LugRadio: A KDE Update from Aaron Seigo (KDE.News)
KDE.News has announced the latest podcast release from LugRadio. "LugRadio, the online radio show of the Wolverhampton Linux User Group has an interview in their latest episode with KDE hacker Aaron Seigo. The appearance consists of a five-minute update on where the KDE desktop is heading, cool stuff they are working on and KDE's relationship with freedesktop.org. Start listening 30 minutes in for the update."
Page editor: Forrest Cook
Letters to the editor
Cooling down the flames
| From: | Chase Venters <chase.venters-AT-clientec.com> | |
| To: | letters-AT-lwn.net | |
| Subject: | Cooling down the flames | |
| Date: | Mon, 19 Dec 2005 16:54:46 -0600 (CST) | |
| Cc: | chase.venters-AT-clientec.com |
Dear Editor,
I wanted to take a moment out of my day to address the community's
reaction to the use of profanity and strong verbage by Linus Torvalds when
addressing GNOME developers in recent mailing list discussions. It would
be quite silly for me to attempt to address any one side of the argument
over another... it is clear that there are still tempers and feelings
which would turn any such attempt into another 200+-comment flamewar.
What troubles me is that the "friendly" press (I'm inventing the
term to describe sites like Slashdot that tend to cover issues related to
our community) did not report on any strong points Linus made - quotes
simply included his strong language and his call for people to use KDE.
Aaron Seigo, a lead KDE dev, had this to say in his blog:
> but how to express [my] frustration in a way that makes any sort of sense
> is not easy. the question that keeps circling around my head is: if people
> are as passionate about this open source stuff, why do they engage in
> destructive behaviour that works directly against the efforts of those who
> are trying to make it better? this is not a soap opera for your benefit,
> this is a real effort being made by a relatively small number of people
> that, goddess forbid, ought to actually be enjoyable. and someone writing
> one impassioned email, even if that someone is the pope of linux himself,
> does not qualify as a reason to ignore that.
By reducing what should have been a valid debate over design
philosophy into the irrelevant side-comments made in the course of that
debate, participating news outlets reduced themselves to the practices of
sensationalist reporting that would unfortunately scar the public's
perception about the matter at hand.
Linus could be right or he could be wrong. Given the amount of
hysteria generated by Linus raising his voice, I plead that anyone forming
an opinion on this matter first read Linus's remarks in full.
And to those of you who call Linus's remarks "childish" or
"immature", well, would as many of you be saying the same thing if Linus
were screaming instead at Microsoft engineers? Would the same people
call Linus's remarks childish or immature if he were screaming at the
KDE people? Would this have even been a major news story if it was, say,
me that was flaming the GNOME developers - not Linus?
At the end of the day Linus is just a person... a living,
breathing human being like you or I. He expressed his opinions not because
he had been sitting around, twiddling a mustache and planning a chaotic
flamewar, but because of the hope that by considering his frustrations the
developers might be able to better serve their users in the future.
Thank you for your time and consideration.
Yours truly,
- Chase
Page editor: Jonathan Corbet