|
|
Log in / Subscribe / Register

LWN.net Weekly Edition for August 3, 2006

The PostgreSQL business

Back at the beginning of 2005, Pervasive Software decided that there was money to be made by selling support services for the PostgreSQL relational database management system. It seems like a good idea; PostgreSQL is a rock-solid system, increasingly fast, offering a number of interesting features. It is running in no end of production environments - including, it should be said, on the LWN.net server. Free RDBMS systems look poised to create trouble for their proprietary competition just like Linux made life difficult for proprietary Unix systems. PostgreSQL is clearly around for the long haul, and looks like a winning bet.

Not for Pervasive, however; the company has just published an open letter to the PostgreSQL community stating that, while the company remains a big fan of PostgreSQL, it is getting out of the PostgreSQL business. The money, it seems, simply wasn't there. Pervasive is not the first to come to this conclusion; a few years ago, a company called Great Bridge failed with the same model, despite employing several high-profile PostgreSQL developers. Red Hat still offers its version of PostgreSQL, but the last posted news for that product is dated November, 2005, and the product is not mentioned anywhere in Red Hat's last annual report.

PostgreSQL, it seems, is a hard business. According to Pervasive, the problem is that the free support is just too good:

While we always knew that PostgreSQL is a solid product with advanced database capabilities and that it has a very real opportunity to shake up the high-end database market, we underestimated the high level of quality support and expertise already available within the PostgreSQL community. In this environment, we found that the opportunity for Pervasive Software to meaningfully increase adoption of PostgreSQL by providing an alternative source for support and services was quite limited.

It is true that the PostgreSQL community is capable and helpful; any company which wishes to offer something better than what the community provides has a very high standard to meet. But there almost certainly has to be more to it than that. MySQL AB has had a fair amount of commercial success - something which companies working with PostgreSQL have not been able to duplicate. One might guess that the PostgreSQL community is more helpful than the MySQL community, and, as a result, there is more commercial opportunity in the MySQL realm. This does not seem like an idea that is likely to go very far. Something else is happening.

Perhaps commercial PostgreSQL support is simply an idea whose time has not come. Most PostgreSQL users may still be early adopters - people who are willing and able to handle the support details themselves. The larger market of users who are more interested in buying support services, perhaps, has simply not developed yet. To the extent that this hypothesis holds water, the companies which have tried to create a market in PostgreSQL services have not done an adequate job of selling its merits to potential customers. That would indicate that more work has to be done to spread the word on what a good product PostgreSQL truly is; there needs to be a serious brand-building effort.

There is another factor which should be taken into account here, however. Much of MySQL AB's success does not come from support services; instead, it comes from licensing. The MySQL code is licensed under the GPL, and the copyrights are all held by MySQL AB; as a result, MySQL AB is able to offer proprietary-style licenses to companies which wish to use MySQL, but which do not wish to license their own products under the GPL. PostgreSQL, instead, carries a BSD license and its copyrights are held by a number of different groups. So there is no "GPL exception" business model possible for PostgreSQL. Anybody wanting to use PostgreSQL in a proprietary product can do so without asking permission (or buying licenses) from anybody.

What all this means is that anybody trying to build a business around PostgreSQL must rely entirely upon services. They must convince potential customers that PostgreSQL is good enough to merit consideration over any number of proprietary alternatives, but not so good that these customers can support it themselves. The latter part should be relatively easy - there's still no end of customers who require support services before they will consider deploying a system. But convincing companies to walk away from their proprietary database vendors remains a hard sell. PostgreSQL, along with a number of other free database management systems, is a high-quality project. Eventually the commercial world will understand that fact, just like it has slowly figured out that Linux is worthy of its attention. But, until that time comes, making money from PostgreSQL will be a challenging task.

Comments (30 posted)

GPLv3 beta 2 and LGPLv3 beta 1

The Free Software Foundation has released a second draft of version 3 of the GPL. This draft incorporates comments made in the first draft, filtered, of course, by the FSF's goals. The resulting changes tweak some terms, clarify others, and generally increase the international applicability of the license. The fundamental nature of the license and its goals has not changed, however, and quite a few people who disliked the first draft will have reason to be displeased with this version as well.

Those interested in the details of the changes and why they were made may want to look at the FSF's rationale document [PDF].

The term which, perhaps, upset the most people was the anti-DRM provision requiring recipients to be able to install and run modified versions of the software. In particular, if GPLv3-licensed software is shipped on a device which will only run binaries signed by a particular private key, that key must be provided with the source code. The wording of this term has changed in the second draft, but its intent has not. It now reads:

The Corresponding Source also includes any encryption or authorization keys necessary to install and/or execute modified versions from source code in the recommended or principal context of use, such that they can implement all the same functionality in the same range of circumstances. (For instance, if the work is a DVD player and can play certain DVDs, it must be possible for modified versions to play those DVDs. If the work communicates with an online service, it must be possible for modified versions to communicate with the same online service in the same way such that the service cannot distinguish.)

The FSF, it seems, is serious about not allowing GPLv3-licensed code to be used on locked-down systems.

The first draft included a term saying, in effect, that any covered software was not an "effective technical measure" protecting access to copyrighted work. That term was intended to block use of the DMCA to lock down systems built with GPL-licensed code. That term has been reworded:

When you convey a covered work, you waive any legal power to forbid circumvention of technical measures that include use of the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing the legal rights of third parties against the work's users.

The new wording has the same intent, but it is intended to apply to anti-circumvention laws in other countries (and the EU Copyright Directive in particular).

A fundamental term is the one stating that anybody who distributes software under the GPL, and who owns patents covering some of the techniques used by that software, is giving the recipients the right to use those techniques. The first draft expressed this term as an explicit grant of licenses to use the relevant patents. The second draft, instead, requires anybody distributing the software to accept a covenant not to assert their patents against users of the software. The FSF has evidently written a separate opinion document - not yet published - which describes the reasons for making this change.

The prohibition on distribution of "covered works that illegally invade users' privacy" has been removed. Evidently, there was a strong public reaction against this term, so it came out.

The language in the first draft which allowed charging up to ten times the actual cost for source code distribution is gone. The GPLv2 language, limiting charges to the "reasonable cost" of shipping the source, is back. The second draft has added a new term stating that making the source available for free download (for three years) is sufficient to satisfy the source distribution requirements of the license. It has also been made clear that redistribution of a program through a peer-to-peer client (as happens automatically with a protocol like BitTorrent) does not require accepting the license and taking on the source distribution requirements.

The language on additional terms has been changed somewhat. There is now an explicit prohibition on terms regarding who pays attorney's fees, choice-of-venue terms, arbitration clauses, etc. There is also a clause saying that, if the software has been received with any disallowed additional restrictions ("no commercial use" restrictions being given as an example), the recipient may simply ignore those restrictions.

The first draft of version 3 of the Lesser GPL is also available. The new LGPL is much shorter and simpler than its predecessor, mostly because it is expressed as a patch to GPLv3. The intent of the LGPL has not changed much. There are terms intended to make it possible to run a proprietary application with a modified version of the LGPL-licensed library, however - including a requirement that installation keys, if needed, be distributed with the source.

By the FSF's schedule, the rest of the year will be dedicated to receiving comments on the new draft of the GPLv3. The FSF has previously said that it would like to adopt the final version of the new license in January, 2007, and there is no indication that this timeline has changed. There will be another series of public meetings, with the next meeting happening in Bangalore, India, on August 23 and 24. Anybody who has opinions on the drafts, and who has not yet expressed them to the FSF, may want to do so in the near future or forever hold their peace.

Comments (53 posted)

ATI, AMD, and free drivers

August 2, 2006

This article was contributed by Stacey Quandt

On July 24, 2006, AMD and ATI announced they will merge in order to combine AMD's strength in microprocessor technology with ATI's proficiency in graphics, chipsets and consumer electronics. The transaction, valued at US $5.4 billion, is expected to close toward the end of 2006, subject to approval by ATI shareholders, regulatory approvals and other customary closing conditions. At first blush, the obvious implications of the merger focus on the market pressure this combination will place on Nvidia and Intel, and how it will enable AMD and ATI to accelerate innovation in the commercial, consumer electronics and mobile computing segments.

In the near term, the merger enables the companies to create an integrated graphics business and deliver core logic chipsets to compete with Intel in the consumer market. In the long-term, the combined company should be well positioned to develop coprocessor-based media and physics acceleration technologies which will enable advances in chips beyond today's cores.

If viewed from an open source perspective, some additional questions surface: 1) Will AMD, which has cultivated a strong relationship with the Linux community, work with ATI to release open source drivers - including supporting suspend/resume on laptops?; and 2) How will a combined AMD and ATI influence the growth of the Linux desktop and handheld market? There will probably be no comments from the companies until after the sale has closed. But the potential benefits to the open source community resulting from a combined AMD and ATI are intriguing. In this context, it is worth remembering that Intel - AMD's primary competitor - has been working to provide free Linux drivers for its video chipsets.

It would be absurd to believe that open source graphics drivers and advances in Linux laptops and handheld devices are the motivation behind this merger. But the opportunity for AMD to prosper in the Linux market from embedded systems to servers, coupled with AMD's long-term goal of beating Intel to market, makes the release of open source drivers possible as a tactical outcome of a larger strategic vision. Any augmentation of AMD's Linux and open source strategies will most likely be revealed subsequent to the merger, so look for possible changes in early 2007.

Comments (12 posted)

Page editor: Jonathan Corbet

Security

Is my distribution vulnerable?

We recently posted a brief item about an Apache vulnerability which has the potential to be remotely exploitable. A number of distributors have responded to this vulnerability with the appropriate updates, but there is no update for Red Hat Enterprise Linux. Thanks to a helpful comment, we know that this is not a case of Red Hat letting its customers down; instead, RHEL is simply not vulnerable to this particular bug. Since there is no need for an update, none has been issued.

In this case, RHEL users can get information about this (non-) vulnerability from the Red Hat knowledge base - as long as they don't mind the disclaimer that "Red Hat makes no express or implied claims to its validity". In general, however, it remains difficult for users of any distribution to determine whether their installed systems are exposed to any specific vulnerability. The release of an update generally provides a positive answer, but, until that update comes out, users do not know for sure. Linux distributors would do well for their users by providing this information in an easily-found location.

As it happens, there are a couple of distributions which do make some information available:

  • Fedora maintains a list of CVE numbers, along with comments on whether the distribution is vulnerable or not. It fails the "easily found" test, however: the list is maintained as a text file in a CVS repository, and one must go into the CVS web interface to see it. But, once one knows about the file, it is easy to pull it up and get information on specific problems. For the Apache problem, Fedora was indeed vulnerable, and the problem was fixed via a backport.

  • Some time back, LWN received a somewhat indignant message to the effect that we should have looked up a vulnerability in the Debian Security Bug Tracker. There is a lot of good information there on specific vulnerabilities; the CVE-2006-3747 page (for the same Apache vulnerability) notes that stable has been fixed, but that testing and unstable are vulnerable.

    This tracker also fails the "easily found" test: it is not hosted under a debian.org domain, and there is no mention of it on the Debian security information or security FAQ pages. A determined user can find a non-vulnerabilities page which has some useful information, but it does not have the full story.

Most of the time, Linux distributors do a high-quality job of tracking and responding to vulnerabilities. It is rare that users of a high-profile distribution remain without updates for serious vulnerabilities for any serious period of time. They could help their users a bit more, however, if they were to make more of their tracking information available. More visibility into the system will increase confidence that problems are being addressed - especially in cases where a distribution is not vulnerable and the problem does not exist in the first place.

Comments (4 posted)

New vulnerabilities

apache: off-by-one buffer overflow

Package(s):apache apache2 httpd CVE #(s):CVE-2006-3747
Created:July 28, 2006 Updated:August 2, 2006
Description: Mark Dowd discovered an off-by-one buffer overflow in the mod_rewrite module's ldap scheme handling. On systems which activate "RewriteEngine on", a remote attacker could exploit certain rewrite rules to crash Apache, or potentially even execute arbitrary code (this has not been verified).

"RewriteEngine on" is disabled by default. Systems which have this directive disabled are not affected at all.

Alerts:
Gentoo 200608-01 apache 2006-08-01
Debian DSA-1132-1 apache2 2005-08-01
Debian DSA-1131-1 apache 2006-08-01
Slackware SSA:2006-209-01 apache 2006-07-29
rPath rPSA-2006-0139-1 httpd 2006-07-28
Mandriva MDKSA-2006:133 apache 2006-07-28
Fedora FEDORA-2006-863 httpd 2006-07-28
Fedora FEDORA-2006-862 httpd 2006-07-28
SuSE SUSE-SA:2006:043 apache,apache2 2006-07-28
OpenPKG OpenPKG-SA-2006.015 apache, apache2 2006-07-28
Ubuntu USN-328-1 apache2 2006-07-27

Comments (3 posted)

audacious: buffer overflow

Package(s):audacious CVE #(s):CVE-2006-3581 CVE-2006-3582
Created:August 2, 2006 Updated:September 13, 2006
Description: Audacious (prior to version 1.1.0) suffers from a buffer overflow which could be exploitable via a maliciously crafted media file.
Alerts:
Gentoo 200609-06 adplug 2006-09-12
Gentoo 200607-13 audacious 2006-07-29

Comments (none posted)

drupal: arbitrary file execution

Package(s):drupal CVE #(s):CVE-2006-2742 CVE-2006-2743 CVE-2006-2831 CVE-2006-2832 CVE-2006-2833
Created:July 27, 2006 Updated:August 2, 2006
Description: The Drupal web platform has a number of remotely exploitable vulnerabilities including:

An SQL injection vulnerability in the "count" and "from" variables of the database interface.

Incorrect file extension handling in an Apache/mod_mime environment.

A cross-site scripting vulnerability in the upload module.

A cross-site scripting vulnerability in the taxonomy module.

Alerts:
Debian DSA-1125-2 drupal 2006-07-27
Debian DSA-1125-1 drupal 2006-07-26

Comments (none posted)

freeciv: denial of service

Package(s):freeciv CVE #(s):CVE-2006-3913
Created:August 1, 2006 Updated:August 4, 2006
Description: A buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN from July 15, 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c.
Alerts:
Debian DSA-1142-1 freeciv 2006-08-04
Mandriva MDKSA-2006:135 freeciv 2006-07-31

Comments (none posted)

heartbeat: permission error

Package(s):heartbeat CVE #(s):CVE-2006-3815
Created:July 28, 2006 Updated:August 15, 2006
Description: Yan Rong Ge discovered that wrong permissions on a shared memory page in heartbeat, the subsystem for High-Availability Linux could be exploited by a local attacker to cause a denial of service.
Alerts:
Mandriva MDKSA-2006:142 heartbeat 2006-08-14
Ubuntu USN-326-1 heartbeat 2006-07-27
Debian DSA-1128-1 heartbeat 2006-07-28

Comments (none posted)

kernel: privilege escalation

Package(s):kernel-source-2.6.8 CVE #(s):CVE-2006-3626
Created:July 27, 2006 Updated:August 23, 2006
Description: The kernel process filesystem has a race condition that can be exploited for the purpose of privilege escalation. This affects multiple architectures.
Alerts:
Red Hat RHSA-2006:0617-01 kernel 2006-08-22
SuSE SUSE-SA:2006:049 kernel 2006-08-18
Debian DSA-1111-2 kernel-source-2.6.8 2006-07-26

Comments (1 posted)

libtiff: buffer overflows

Package(s):libtiff CVE #(s):CVE-2006-3459 CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465
Created:August 2, 2006 Updated:September 5, 2006
Description: An audit of the libtiff library (done by Tavis Ormandy at Google) turned up several buffer overflow vulnerabilities.
Alerts:
Red Hat RHSA-2006:0648-01 kdegraphics 2006-08-28
Slackware SSA:2006-230-01 libtiff 2006-08-18
Gentoo 200608-07 tiff 2006-08-04
Ubuntu USN-330-1 tiff 2006-08-02
Red Hat RHSA-2006:0603-01 libtiff 2006-08-02
Debian DSA-1137-1 tiff 2006-08-02
rPath rPSA-2006-0142-1 libtiff 2006-08-01
Mandriva MDKSA-2006:136 kdegraphics 2006-08-01
Mandriva MDKSA-2006:137 libtiff 2006-08-01
Fedora FEDORA-2006-877 libtiff 2006-08-02
Fedora FEDORA-2006-878 libtiff 2006-08-02

Comments (none posted)

mantis: cross-site scripting

Package(s):mantis CVE #(s):CVE-2006-0664 CVE-2006-0665 CVE-2006-0841 CVE-2006-1577
Created:August 2, 2006 Updated:August 2, 2006
Description: The mantis bug tracking system has some cross-site scripting bugs of its own to track.
Alerts:
Debian DSA-1133-1 mantis 2006-08-01

Comments (none posted)

mozilla: multiple vulnerabilities

Package(s):firefox seamonkey thunderbird CVE #(s):CVE-2006-3113 CVE-2006-3677 CVE-2006-3801 CVE-2006-3802 CVE-2006-3803 CVE-2006-3804 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810 CVE-2006-3811 CVE-2006-3812
Created:July 27, 2006 Updated:September 15, 2006
Description: This CERT advisory contains details on multiple vulnerabilities in Mozilla products, including Firefox, SeaMonkey and Thunderbird. The most serious vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system.
Alerts:
Debian DSA-1160-2 mozilla 2006-09-15
Debian DSA-1161-2 mozilla-firefox 2006-09-13
Debian DSA-1159-2 mozilla-thunderbird 2006-09-08
Debian DSA-1161-1 mozilla-firefox 2006-08-29
Debian DSA-1160-1 mozilla 2006-08-29
Red Hat RHSA-2006:0594-02 seamonkey 2006-08-28
Debian DSA-1159-1 mozilla-thunderbird 2006-08-28
Mandriva MDKSA-2006:146 mozilla-thunderbird 2006-08-21
Mandriva MDKSA-2006:145 mozilla-firefox 2006-08-21
Mandriva MDKSA-2006:143-1 mozilla-firefox 2006-08-17
Mandriva MDKSA-2006:143 mozilla-firefox 2006-08-16
SuSE SUSE-SA:2006:048 firefox thunderbird seamonkey 2006-08-16
Fedora FEDORA-2006-902 firefox 2006-08-09
Fedora FEDORA-2006-903 thunderbird 2006-08-09
Gentoo 200608-04 thunderbird 2006-08-03
Gentoo 200608-03 firefox 2006-08-03
Gentoo 200608-02 seamonkey 2006-08-03
Red Hat RHSA-2006:0609-01 seamonkey 2006-08-02
Ubuntu USN-327-2 firefox 2006-08-01
Ubuntu USN-329-1 mozilla-thunderbird 2006-07-28
Red Hat RHSA-2006:0611-01 thunderbird 2006-07-28
Red Hat RHSA-2006:0610-01 firefox 2006-07-28
Slackware SSA:2006-208-01 mozilla 2006-07-28
rPath rPSA-2006-0138-1 thunderbird 2006-07-27
Red Hat RHSA-2006:0608-01 seamonkey 2006-07-27
Ubuntu USN-327-1 firefox 2006-07-27
rPath rPSA-2006-0137-1 firefox 2006-07-26

Comments (none posted)

osiris: format string vulnerability

Package(s):orisis CVE #(s):CVE-2006-3120
Created:July 28, 2006 Updated:August 3, 2006
Description: Ulf Harnhammar and Max Vozeler from the Debian Security Audit Project have found several format string security bugs in osiris, a network-wide system integrity monitor control interface. A remote attacker could exploit them and cause a denial of service or execute arbitrary code.
Alerts:
Debian DSA-1129-1 orisis 2006-07-28

Comments (none posted)

sitebar: missing input validation

Package(s):sitebar CVE #(s):CVE-2006-3320
Created:August 1, 2006 Updated:August 2, 2006
Description: A cross-site scripting vulnerability has been discovered in sitebar, a web based bookmark manager written in PHP, which allows remote attackers to inject arbitrary web script or HTML.
Alerts:
Debian DSA-1130-1 sitebar 2006-07-30

Comments (none posted)

Resources

Linux patch problems: Your distro may vary (SearchSecurity.com)

SearchSecurity.com compares the security patch response time across a number of popular Linux distributions. "So, why pick one brand instead of another? One reason is security. Not the security of the code itself, but how fast security patches get applied and published. The faster a security patch can be applied, the smaller the window of opportunity for attacks that exploit those vulnerabilities. Therefore, all other things being equal, security managers would prefer a Linux distribution with a record of speedy publication of fixes for security issues."

Comments (6 posted)

Page editor: Jonathan Corbet

Kernel development

Brief items

Kernel release status

The current 2.6 prepatch is 2.6.18-rc3, released on July 29. The patch rate is beginning to slow as this kernel stabilizes, so this prepatch adds a number of fixes but not much else. The long-format changelog has the details.

Well over 100 fixes have been merged into the mainline repository since -rc3 was released.

The current -mm tree is 2.6.18-rc2-mm1. Recent changes to -mm include a big x86-64 update, an NFS update, and lots of fixes.

Comments (4 posted)

Kernel development news

Quote of the week

I will, in fact, claim that the difference between a bad programmer and a good one is whether he considers his code or his data structures more important. Bad programmers worry about the code. Good programmers worry about data structures and their relationships.

-- Linus Torvalds

Comments (12 posted)

Marcelo Tosatti passes the 2.4 baton

Marcelo Tosatti has announced the availability of the third 2.4.33 release candidate, containing a very small number of patches. He has also announced that the 2.4 maintainership is passing on to Willy Tarreau, who has been running the 2.4 "hotfix" patch series for some time. Many thanks are due to Marcelo, who has maintained the 2.4 kernel since 2.4.16.

Comments (2 posted)

SCSI command filtering

Burning data to a CD or DVD is a complicated task, involving the use of a wide range of SCSI commands. So, any application which burns discs must have the ability to send special SCSI operations to the drive. Just before the 2.6.8 kernel came out, however, the kernel developers decided that applications should not be able to send just any SCSI command. Some of those commands could lead the drive to rewrite its firmware, catch fire, or replace music tracks with recordings of Richard Stallman singing. In an attempt to keep such undesirable things from happening, Linus added a late patch which blocked unprivileged users from using any SCSI commands which do not appear in an in-kernel whitelist.

It is almost certainly true that no user ever destroyed a CD drive with a 2.6.8 system. In fact, very few of them even wrote discs; the filtering at that stage was so severe that unprivileged users could not do anything useful at all. Subsequent updates made things better, however, and by about 2.6.10 burning worked again for most users.

Not for all users, however. As Dave Jones recently noted on the linux-scsi list, the command filtering still trips up some Plextor drives. The cdrecord utility tries to send vendor-specific commands to those drives, but the kernel filters them out. Everything then comes to a halt, and the user must retry the operation as root to get the job done. Dave asked: might it be a good idea to add a per-vendor exceptions capability to the filtering code?

The response which came back from a couple of block subsystem developers was that the command filtering should simply be taken out altogether. Evidently this topic had been discussed at the recent storage summit, and the participants had agreed that this feature should be removed. James Bottomley put it this way:

If we're going to allow users access to burn CDs, it's impossible to police them with certainty as this case indicates. If we allow vendor specific commands down, there are bound to be some that format the drive or destroy the firmware...

So I think ripping the table out and acknowledging we have no security is better than giving the illusion of having it.

There are a number of complaints about the filtering code. It is a way of encoding policy in the kernel, which is generally frowned upon - even though the policy, in this case, is really an attempt to enforce a difference between access to a disc within a drive and access to the drive itself. The command list will never be entirely correct; it seems that some drives must receive the appropriate, vendor-specific incantations or they will refuse to write discs. Some commands mean different things to different types of devices; what's safe for a CD burner might be a destructive operation on a different SCSI-like device. It also doesn't help that there are, in fact, two different SCSI command filters in the kernel (one in drivers/scsi/sg.c, the other in block/scsi_ioctl.c) which implement different policies. For all of these reasons, attendees at the storage summit apparently agreed to take the filtering out.

There's just one little problem with this plan: Linus feels differently about filtering:

Put another way: you will remove that command filtering in block/scsi_ioctl.c only in a kernel that I don't maintain, or by disabling it in some way that is so hidden that I won't notice. Because I'm not so stupid as to think that it's ok for normal users to set driver passwords or rewrite the disk firmware just because they have write permissions to the device. That's pretty damn final.

This statement would appear to be pretty damn final. That does not mean that the situation cannot be improved, however. The leading idea at the moment would appear to be to allow a privileged user to make changes to the command filter table. Distributions could then ship tools which detect problematic devices and modify the filtering tables accordingly; the whole thing could be transparently integrated with the hotplug functionality. Jens Axboe has a patch (originally from Peter Jones) which turns the filter list into a per-device object, tweakable through sysfs, so each device could have its own set of exceptions.

Just how this interface works may yet require some discussion to nail down. But the configurable, per-device filter looks like the way forward. It retains the filtering of dangerous commands while moving the policy decisions to user space. Once the policy can be changed, distributors can do the work to ensure that specific devices are well supported, or, if they prefer, simply mark all commands as "allowed" and, for all practical purposes, remove the filter altogether.

Comments (11 posted)

Debating reiser4 - again

Hans Reiser is nothing if not persistent. Back in October, 2002, he requested that his new reiser4 filesystem be included into the 2.5 development kernel before it went into the pre-2.6 stabilization mode. Nearly four years have passed, during which reiser4 has been through endless linux-kernel debates, numerous changes to fix problems found by reviewers, the removal of core features, and a long wait in the -mm kernel. Despite all of this, reiser4 is still not in the mainline - but Hans has not given up.

There have been a number of obstacles to overcome so far. The "files as directories" feature tweaked POSIX semantics in a way that disturbed some people, and, more importantly, had crucial locking problems; that feature has been removed. The posted benchmarks have not been entirely credible to all observers. There is concern about how committed the reiser4 developers are to ongoing support of the filesystem, once it is merged. Hans tends to have difficult relations with other kernel developers, and does not always respond entirely gracefully to (often not entirely graceful) review comments. The end result has been a difficult path toward inclusion for a filesystem which truly does offer some interesting ideas and the potential for top-level performance.

Partially as a result of a feeling that the reiser4 process has gone on for too long, the debate has returned to linux-kernel. Hans and company would like to see reiser4 put into 2.6.19, and it seems that they might just succeed.

Some outstanding issues remain, though some of them may not be as problematic as some people think. The biggest of those, probably, is the reiser4 plugin concept. Plugins allow the filesystem to behave differently for every file stored there; they can add features like compression, encryption, or many of the more esoteric things currently done with FUSE. Plugins raise all kinds of red flags in the development community. So, for example, Linus states:

As long you call them "plugins" and treat them as such, I (and I suspect a lot of other people) are totally uninterested, and in fact, a lot of people will suspect that the primary aim is to either subvert the kernel copyright rules, or at best to create a mess of incompatible semantics with no sane overlying rules for locking etc.

Jeff Garzik has concerns as well:

I don't want to be the distro support person trying to fix a crash in "reiser4", where the customer has secretly replaced the standard inode data structure with a plugin written by an intern, and secretly replaced the directory algorithm with a closed source plugin from PickYourVendor. Trying picking through that mess with a filesystem debugger.

The message for the reiser4 developers over the last few years is that any such mechanism, if it makes sense at all, should be implemented within the VFS level, rather than within any specific filesystem. Reiser4 plugins are seen as a separate, private VFS with a long potential for problems.

What a number of people have not realized, perhaps, is that the plugin issue is much smaller than it once might have been. They cannot be loaded at run time, so there should not be copyright issues like those that accompany closed-source kernel modules. And most of the plugin functionality has been removed in response to past comments. Andrew Morton, who has recently reviewed the code himself, comments:

The plugins appear to be wildly misnamed - they're just an internal abstraction layer which permits later feature additions to be added in a clean and safe manner. Certainly not worth all this fuss.

From Andrew's point of view, the biggest problems would appear to be the lack of direct I/O and extended attribute support. Direct I/O looks like it might not be too far in the future, but it does not appear that there is any immediate prospect of extended attributes. That means that, among other things, a reiser4 filesystem cannot support SELinux. That limitation may cause some distributors to leave reiser4 support out, even after reiser4 has finally been merged into the mainline kernel.

The remaining objections may be enough to dissuade some users or distributors from working with reiser4, but it would seem that they should not be enough to block the merging of reiser4 into the mainline. A new filesystem does not affect anybody who does not use it, and the bad pitfalls for reiser4 users (deadlocks, for example) should be long gone. So it may just be that Hans Reiser's long wait is nearing its end.

Comments (16 posted)

Toward a kernel events interface

Last week's article on network channels suggested that channels might not be the way of the future at all. Since then, there has been a great deal of discussion on how networking might move forward on many levels, some of which might yet include channels. Your editor plans to gain an understanding of the Grand Unified Flow Cache and related concepts (such as Rusty's plans to thrash up netfilter yet again) for a future article; for now, we'll look at a different aspect of networking (and beyond): a user-space events interface.

Unlike some other operating systems, Linux currently lacks a system call for generalized event reporting. Linux applications, instead, use calls like poll() to figure out when there is work to be done. Unfortunately, poll() does not solve the entire problem, so application event loops must do complicated things to deal with things like signals. Handling asynchronous I/O within a traditional Linux event loop can be especially tricky. If there were a single interface which provided an application with all of the event information it needed, applications would get simpler. There is also the potential for significant performance improvements.

There are two active proposals for event interfaces for Linux: the kevent mechanism and the event channel API proposed by Ulrich Drepper at this year's Ottawa Linux Symposium. Of the two, kevents currently have the advantage for one simple reason: there is an existing, working implementation to look at. So most of the discussion has concerned how kevents can be improved.

The original kevent API is seen as being a bit difficult; it relies on a single multiplexer system call (kevent_ctl()), an approach which is generally frowned upon. The call also requires the application to construct an array with two different types of structures, which is a bit awkward. So one of the first suggestions has been to separate out various parts of the API. The current kevent patch (as of August 1) contains a new system call: 

    int kevent_get_events(int ctl_fd, 
                          unsigned int min_nr,
			  unsigned int max_nr,
			  unsigned int timeout,
			  void *buf,
			  unsigned flags);

This call would return between min_nr and max_nr events, storing them sequentially in buf, subject to the given timeout (specified in milliseconds). The flags argument is unused in the current implementation.

There are a number of things which might be improved with this interface, but, as it happens, its final form is likely to look quite different. The current interface still requires frequent system calls to retrieve events; Linux system calls are fast, but, in a high-bandwidth situation, it still would be preferable to spend more time in user space if possible. With a different approach to event reporting, it might just be possible.

The idea which has been discussed is to map an array of kevent structures between kernel and user space. This array would be treated as a circular buffer, perhaps managed using a cache-friendly, channel-like index mechanism. The kernel would place events into the buffer when they occur, and user-space would consume them. Whenever there are events to process, the application could obtain them without entering the kernel at all. Once this mechanism is in place, the kevent_get_events() call could go away, replaced by a simple "wait for events" interface (though glibc would almost certainly provide a synchronous "get events" function). The result should be a very fast interface, especially when the number of events is large.

There are a couple of issues to be worked out, still. One has to do with what happens when the buffer fills. The current asynchronous I/O interface does not allow there to be more outstanding operations than there are available control block structures; that way, there is guaranteed to be space to report on the status of each operation. That can be important, since the place in the kernel which wants to do the reporting is often running at software or hardware interrupt level. If one envisions using kevents to track thousands of open sockets, an unknown number of connection events, etc., however, preallocating all of the event structures becomes increasingly impractical. So something intelligent will have to be done when the buffer fills.

The other issue has to do with "level-triggered" events which correspond more to a specific status than a real event which has occurred. "This socket can be written to" is such an event. When an interface like poll() is used to query whether a write would block, the kernel can check the status and return immediately if the given file descriptor can be written to. Reporting this sort of status through a circular buffer is rather harder to do. So, one way or another, applications will have to explicitly poll for such events.

Given the current level of interest, some way of dealing with these issues seems likely to surface in the near future. That could clear the path for merging kevents into the mainline, perhaps as early as 2.6.20.

Comments (7 posted)

New kernels and old distributions

The udev utility has a well-defined job: take information from kernel events and the sysfs virtual filesystem and use it to create device files corresponding to the actual configuration of the system. If udev falls down, the system will be partially or completely unusable, a situation which tends to go over poorly with users. So, when Andrew James Wade reported a udev failure with a recent -mm kernel, the developers took notice.

The problem, as it turns out, is caused by some sysfs changes designed to improve power management in the kernel. The immediate problem can be fixed by adding another patch, but that, in turn, only leads to further problems; a number of distributions will break because the version of udev they ship is too old to understand the new sysfs format. Andrew Morton complained that Fedora Core 3 breaks, but the problem is likely to be more widespread than that.

Greg Kroah-Hartman, the developer behind the changes, responded this way:

That distro is unsupported now, right?

How long do you expect the kernel to support unsupported, community based distros that thrive on the fact that they are quickly updated? [...]

And yes, I will revert the patch in mainline that causes people to have to upgrade to a udev that is in FC5, and wait till the next release for that to happen (the minimum will be 081, which was released in January, 2006, by the time 2.6.19 is out, that will be about 10 months old.)

Andrew was unimpressed:

My (repeat) point is that we're proposing to break _all_ distros which are older than ten months. We don't play the "oh, that isn't supported any more" game.... This sucks. Do you know what machines we'll be breaking out there? I sure don't.

Among others, distributions scheduled to break with the 2.6.19 kernel include Ubuntu 6.06 LTS ("dapper") and the not-yet-released Slackware 11. So, unsurprisingly, it's not just Andrew who is displeased by this change; there is a definite chance that the whole set of patches will be withdrawn and rethought.

Greg asks a fundamental question, however: "How long should the community have to care about a distro after the creators of it have abandoned it?" The traditional answer has been "forever," but the new generation of "kernel in user space" tools is making that promise harder to keep. Tools like udev are tightly tied to the sysfs filesystem which, in turn, is a nearly direct representation of internal kernel data structures. Sysfs functions, in some ways, like an internal kernel API, but it is, in reality, a user-space interface. Keeping it stable and avoiding compatibility problems with older user-space tools is a difficult challenge, aggravated by the fact that the kernel developers are still well within the process of figuring out how sysfs should really work.

At this year's Kernel Summit, there was some talk of folding tools like udev into the kernel code base and distributing them together. New kernels would always come with a version of udev that worked, and some of these compatibility problems would go away. There are limits, however, to how many tools can be packaged in this way, and, in any case, it can be hard to see this approach as anything other than a hack to avoid the hard problem of keeping such a wide and complex ABI stable.

This particular problem will likely be worked around, one way or another. But it won't be the last such. If the kernel developers are going to continue to promise that the user-space ABI will remain stable indefinitely, they will have to get a handle on all aspects of that ABI - not just the system calls. It will not be easy: modern systems require complex communications between the user and kernel realms. But the kernel developers have solved plenty of "not easy" problems so far; given the increased attention being paid to ABI regressions, they will probably figure this one out too.

Comments (27 posted)

Patches and updates

Kernel trees

Linus Torvalds Linux v2.6.18-rc3 ?
Andrew Morton 2.6.18-rc2-mm1 ?
Marcelo Tosatti Linux v2.4.33-rc3 (and a new v2.4 maintainer) ?
Willy Tarreau Linux 2.4.32-hf32.7 ?

Architecture-specific

Eric W. Biederman ELF Relocatable x86 and x86_64 bzImages ?

Build system

Jon Masters Fwd: [PATCH] MODULE_FIRMWARE for binary firmware(s) Apr 19

Core kernel code

Paul E. McKenney Early prototype RCU priority-boost patch ?
Pekka J Enberg revoke/frevoke system calls V2 ?
Badari Pulavarty Add vector AIO support ?
Evgeniy Polyakov kevent: introduction. ?

Device drivers

Jesse Huang Create IP100A Driver ?
Edgar Toernig /dev/itimer ?
John W. Linville What's new in wireless-dev? ?
Dan Williams dmaengine: enable mutliple clients and operations ?
Daniel Ritz usbtouchscreen: version 0.4 ?
Steve Glendinning SMSC LAN911x and LAN921x vendor driver ?
Steve Wise iWARP Core Support ?

Documentation

Michael Kerrisk man-pages-2.35 is released ?
Zhang, Yanmin PCI-Express AER implemetation: aer howto document ?

Filesystems and block I/O

Dan Smith device-mapper: Add userspace target ?
David Howells [PATCH 00/30] Permit filesystem local caching and NFS superblock sharing [try #11] ?
NeilBrown [PATCH 000 of 11] knfsd: Introduction - Make knfsd more NUMA-aware ?
Dave Hansen Mount writer count and read-only bind mounts (v5) ?

Janitorial

Alan Cox PATCH: There is no devfs, there has never been a devfs, we have always been at war with... ?

Networking

Thomas Graf Multiple IPV6 Routing Tables & Policy Routing ?
Steve Wise Network Event Notifier Mechanism ?
Masahide NAKAMURA Mobile IPv6 introduction ?
Pablo Neira Ayuso libnfnetlink new API #2 ?
Balazs Scheidler RFC: matching interface groups ?
Jiri Benc d80211: pull request ?

Security-related

Arjan van de Ven Add -fstack-protector support the the kernel ?
Serge E. Hallyn [PATCH] file posix capabilities ?
Chris Wright LSM: remove BSD secure level security module ?

Virtualization and containers

Jeremy Fitzhardinge [PATCH 0 of 13] Basic infrastructure patches for a paravirtualized kernel ?

Page editor: Jonathan Corbet

Distributions

News and Editorials

MEPIS and GPL Compliance

MEPIS Linux (home of SimplyMEPIS and MEPISLite) is a fairly popular Debian-based distribution company. With the recent release of SimplyMEPIS 6.0, a MEPIS transitioned from using Debian packages to using Ubuntu (actually Kubuntu as MEPIS is KDE-centric) packages.

MEPIS has typically used binary packages straight from the parent repository for large parts of the system. They never carried the source code for these unaltered packages. For packages that they did alter, such as the MEPIS kernel, they have always made the source code available. However that doesn't conform to the letter of the GNU General Public License (GPL) version 2, the license used by many of the packages found in SimplyMEPIS. The GPL v2 states:

3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:

a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

Sending people to the parent source repository is not good enough, although they got away with it for some time. So MEPIS has now announced a full GPL source release. There are some interesting comments in the associated GPL compliance FAQ, however.

MEPIS now offers all source code on 2 DVDs available though the MEPIS Store.

Comments (3 posted)

New Releases

Version 3 of the ROCK Linux Distribution Build Kit a.k.a "ROCK3" released!

ROCK Linux has released version 3 of its Distribution Build Kit. The release announcement (click below) contains the changes since version 2.0.3, plus pointers to the new ROCK Linux roadmap and more.

Full Story (comments: none)

Mandriva Linux 2007 Beta version "Thor"

Mandriva has released the first beta of Mandriva Linux 2007. CD and DVD images are available for download for a variety of architectures and languages.

Comments (none posted)

Familiar v0.8.4-rc3 released

A new release candidate for Familiar Linux v0.8.4 is available for download. It comes with various bug fixes and further improves support for the HP iPAQ h2200, hx4700, and h6300 series of devices.

Full Story (comments: none)

First beta release of the 64 Studio distribution

64 Studio has released a 709MB DVD-R image for version 0.9.0 beta. "This will install Debian testing with X.org 7.0, the Gnome 2.14 desktop, Linux kernel 2.6.17 with real-time pre-emption patches and a selection of creative applications, covering audio and music, 2D and 3D graphics, and publishing for the web and print. It also includes the internet and office tools that a creative user is likely to need for their daily work." Click below for information on download and known issues.

Full Story (comments: none)

Distribution News

New SPI board of directors and officers

Software in the Public Interest has announced that it has appointed new Officers following the election of three new members to the board of directors. "In a board meeting on 1st August, the board elected Bdale Garbee as President, Michael Schultheiss as Vice President, Neil McGovern as Secretary and Josh Berkus as Treasurer of the board."

Full Story (comments: none)

Debian's birthday, 16th of August

The Debian Project will have its 13th anniversary on August 16, 2006. A wiki page has been set up to help organize local celebrations.

Full Story (comments: none)

Ten Days Later: Tremendous Reception to SUSE Linux Enterprise 10

Novell, Inc. has issued a press release claiming success for SUSE Linux Enterprise 10. "To date, over 165,000 users from around the globe have downloaded components of the SUSE Linux Enterprise 10 suite, which includes the SUSE Linux Enterprise Server and SUSE Linux Enterprise Desktop products."

Comments (none posted)

Ubuntu Documentation Website and Wiki

Ubuntu's community-contributed documentation has been moved to its own wiki on the global documentation website.

Full Story (comments: none)

Upcoming Ubuntu releases (6.06.1, Knot 2)

The first point release of the current stable version of Ubuntu (a.k.a. Dapper Drake) will be released soon. Ubuntu 6.06.1 LTS will be built from dapper, dapper-security, and dapper-updates, and will consist of updated desktop, alternate, and server CD images. On the development release front, the second milestone release of Edgy (Knot 2) should be out next week.

Full Story (comments: 1)

Xandros targets unsupported Windows users

Xandros is seeking to attract legacy Microsoft Windows users. ""Now that Microsoft has discontinued all support for Windows 98, 98SE and ME, legacy Windows users have three options," said Andreas Typaldos, CEO of Xandros. "First, they can cross their fingers and continue to use the abandoned, insecure and unsupported Windows product. Second, they can purchase a costly XP upgrade along with new hardware that will be out of date as soon as Vista is released. Or third, they can continue using their existing computer by installing the latest Xandros Desktop Home Edition. Not only does this option extend the useful life of their computer without a need to learn anything new, but it also provides users with a stable and reliable platform that is free from the constant frustration of spyware and viruses, and costs less than Windows-based Anti-Virus software alone.""

Full Story (comments: none)

Distribution Newsletters

Debian Weekly News

The Debian Weekly News for August 1, 2006 covers new members on the QA team, an integrated l10n infrastructure in the works for Debian, Xen on Debian GNU/Linux 3.1 howto, proposed branding for Debian Derivatives, key management for Secure APT, and several other topics.

Full Story (comments: none)

Fedora Weekly News Issue 57

The Fedora Weekly News looks at One Laptop Per Child: An Education Project, The K12 Open Source Interview Series Has Begun, OSCON Day 0 - Freedom 2.0, On-Disk.com Donations and Big Developer Payouts, Use Fedora Directory Server For Manageable LDAP, Book review: Red Hat Fedora 5 Unleashed, and more.

Comments (none posted)

Gentoo Weekly Newsletter

The Gentoo Weekly Newsletter for July 31, 2006 covers Catalyst 2.0 released, Bugday's 3rd anniversary, Gentoo/Java staffing needs, Developer of the week - Joshua Kinard, and more.

Comments (none posted)

Ubuntu Weekly Newsletter - Issue #7

The Ubuntu Weekly Newsletter for the week of July 15 - 21, 2006 covers the Edgy Eft Knot 1 Release, The Classroom, Ubuntu Magazine Meeting, Canonical Commercial Repositories, Opera 9 for Ubuntu, Hug Day, Technical Board Meeting, Ubuntu Marketing Team Meeting, Lugradio Live 2006, and more.

Full Story (comments: none)

DistroWatch Weekly, Issue 162

The DistroWatch Weekly for July 31, 2006 is out. "This is my third and final week bringing you DistroWatch Weekly. It's been great fun, but I now have an even greater appreciation for the contribution Ladislav Bodnar makes to the Linux and Open Source Community. Fedora and Mandriva have announced the end of the support cycle for some older products, Ubuntu is starting class and Gentoo is holding elections. Dr. W. T. Zhu brings us an in-depth look at all the options and features available here at Distrowatch with glimpses into some of the history as well. Beranger brings us a wonderful look at last week's release of Zenwalk Linux 2.8, while I report on my test drive of Berry Linux 0.72."

Comments (none posted)

Package updates

Fedora updates

Updates for Fedora Core 5: xorg-x11-drv-nv (new PCI IDs, better installer behaviour), cups (update to 1.2.2), samba (bug fixes), vim (Vim-7.0 Patchlevel 42), hal (bug fix), xorg-x11-drv-nv (bug fix), java-1.4.2-gcj-compat (bug fixes), openoffice.org (bug fix), icon-naming-utils (update to 0.7.3), selinux-policy (bump for FC5), NetworkManager (update to 0.6.4), lksctp-tools (resolves a kernel - userspace interface conflict), libstdc++so7 (reverts the libstdc++so7 string implementation to the rc kind), scim (rebuilt against libstdc++so7), scim-anthy (rebuilt against libstdc++so7), scim-chewing (rebuilt against libstdc++so7), scim-hangul (rebuilt against libstdc++so7), scim-m17n (rebuilt against libstdc++so7), scim-pinyin (rebuilt against libstdc++so7), scim-tables (rebuilt against libstdc++so7).

Updates for Fedora Core 4: samba (bug fixes).

Updates for Fedora Extras 5: dumb (security issue).

Comments (none posted)

Mandriva update to ImageMagick

Mandriva has updated ImageMagick packages that fix an infinite loop issue.

Full Story (comments: none)

rPath updates

Updates for rPath Linux 1: conary, conary-build, conary-repository (Conary 1.0.25 maintenance release), vsftpd (start vsftp as a listening service).

Comments (none posted)

Slackware updates

It's been a busy week for Slackware Linux. Many packages have been upgraded including KDE and X11 packages. There are Linux 2.6.17.7 in testing, For a complete view see the slackware-current changelog.

Comments (none posted)

Ubuntu updates

Updates for Ubuntu 6.06 (Dapper Drake): openoffice.org (minor fixes), openoffice.org-l10n (added help in many languages), localechooser (bug fix), openoffice.org (improved amd64 support), openoffice.org (adjust the Conflict/Replaces for dapper-updates), kdenetwork (bug fixes), gnome-games (bug fixes), matplotlib (bug fix), sixpack (bug fixes + bib manpage), sparc-utils (sync with Debian), hw-detect (improved sparc support), openoffice.org-amd64 (update to 2.0.3-3dapper6), gajim (new upstream release), libwpd (new upstream release), base-installer (backport from trunk), debian-installer (improved sparc support), libgnomeui (bug fixes), gtksourceview (new upstream version), gnome-desktop (new upstream version), pessulus (new upstream version), openoffice.org (upload to dapper-proposed; remaining changes compared to edgy), gedit (new upstream version), ubiquity (bug fixes), gtkhtml (new upstream version), debian-installer (add dapper-security to sources.list.udeb), kdenetwork (bug fixes), openoffice.org-amd64 (update to 2.0.3-4dapper1), gnome-panel (new upstream version), zenity (new upstream version), debian-installer-utils (backport bug fixes), file-roller (new upstream version), gnome-themes (new upstream version), debian-installer (bug fix), nautilus-cd-burner (new upstream version), yelp (new upstream version), eel2 (new upstream version), gnome-applets (new upstream version), totem (new upstream version), dasher (new upstream version), gnome-games (new upstream version), eog (new upstream version), gtk+2.0 (new upstream version), epiphany-browser (new upstream version), gnome-menus (new upstream version), gnome-session (new upstream version), gdm (new upstream version), gtk2-engines (new upstream version), ia32-libs-kde (add dapper-security to the list of sources), ia32-libs-openoffice.org (freshen packages).

Comments (none posted)

Newsletters and articles of interest

KDE and Distributions: SabayonLinux (KDE.News)

KDE.News has an interview with Fabio Erculani, founder and developer of Sabayon Linux. "Sabayon Linux is quite a new addition to the family of KDE distributions. It first came into existence on the Gentoo Forums as RR4/RR64 and was designed to provide a fast and easy way to get a Gentoo system with extras. After the initial success, founder and developer Fabio Erculani decided to turn this project into a fully fledged distribution. It was also decided that a new name was needed and thus Sabayon Linux was born."

Comments (none posted)

Little-known APT utilities for Debian desktop users (Linux.com)

Linux.com looks at APT. "The Advanced Packaging Tool (APT) is a distinguishing feature of Debian-based systems. APT was the first major alternative in GNU/Linux to boast automatic dependency resolution. Most GNU/Linux users know it through the apt-get command, a utility that calls on the lower-level dpkg command. However, other APT-based utilities remain largely unknown to desktop users. Some of these utilities offer a range of functionality far beyond those of the basic tools."

Comments (none posted)

Distribution reviews

First look: Freespire (Linux.com)

Linux.com looks at Freespire. "Freespire is the free offshoot of the proprietary Linspire Linux distribution, formerly an outside effort, but now produced by the company itself. The first beta release is available through the Freespire Web site, both as an CD-sized burnable ISO image and as a VMware Virtual Appliance. Despite its youth and inexperience, it already exhibits considerable polish."

Comments (none posted)

Mandriva 2007 Beta 1 (TuxMachines)

TuxMachines reviews the first beta release of Mandriva 2007 and the results are not good. "[T]his release isn't even beta quality. I know Mandriva has been plagued with hardware issues amongst other things and their beta cycle was falling embarrassingly behind schedule, but they should have waited a bit longer. Don't bother downloading this one."

Comments (none posted)

Rock Linux 3 reviewed (Tweakers.net)

Tweakers.net reviews Rock Linux 3. "It took a bit over 20 months, but finally, ROCK 3 is done. Over the last 20 months, ROCK Linux has seen many changes not only in the code, but also in its aim and social relations: ROCK has an official mission statement, ROCK has switched to a Wiki-based website, allowing anyone to contribute in various ways, not only coders and bug-reporters, Sadly, some people have left ROCK for one reason or another, Other people have in turn become more active in the project, Despite - or because - of that, ROCK 3 is now available for public consumption."

Comments (none posted)

Symphony OS marches to a different drum (Linux.com)

Linux.com reviews Symphony OS. "Symphony OS is a GNU/Linux distribution designed to innovate from the ground up. Although originally based on Knoppix and now on Debian stable, it quickly differentiates itself from the bulk of distros by implementing the ideas articulated in a so-called grey paper on user interface design by Jason Spisak, one of the co-founders of Lycoris. Often, Symphony's implementations challenge UI assumptions on any platform. At other times, the possible shortcomings of Symphony OS' solutions raise issues themselves. Either way, in putting the May 2006 beta through its paces, I found it impossible to stop thinking about UI design. Even when Symphony OS does not provide ultimate answers, it raises questions about usability that are too often ignored."

Comments (4 posted)

Page editor: Rebecca Sobol

Development

Season of KDE fosters young students, Part One

August 1, 2006

This article was contributed by Nathan Sanders

For two years now, Google's Summer of Code has furnished students with time, money, and help to encourage the next generation of open source developers. During that time, several thousand applications were submitted to Google, of which only several hundred could be accepted. The Summer of Code's capacity is limited by funds - each project Google sponsors costs them $4500 to the student and $500 to the mentor, plus associated expenses - as well as organizational concerns. Dozens of revered open source projects signed up to accept students for the Summer, including KDE, makers of what is one of free software's most popular desktop environments. As a large project, KDE was lucky enough to have Google sponsor twenty-four students. Unfortunately, this left nearly 200 hopefuls without work.

The KDE organization itself stepped up to take on many of these left over students as part of their own Season of KDE 2006, which is hoped to be the first of many such events. Organizer Sebastian Trueg told me: "The idea arose in a discussion between the Summer of Code mentors when it was obvious that Google would not support as many students as we had hoped. We did not want to waste all that talent and all that enthusiasm so we came up with the idea to do our own follow-up project. It took some time to get off the ground but now 15 projects are running." Invitations were sent to nearly all those left over from the Summer of Code. Most politely declined to join the Season of KDE, citing commitments to summer jobs, internships, and other occupations. Organizer Pradeepto Bhattacharya recalls, however, that: "some of the students replied with so much enthusiasm that many of us were actually surprised."

KDE cannot afford to pay, but there are other incentives for students. They offer the same mentors and experiences to their students as Google would and, if sponsors can be found, the students may also get to attend aKademy 2006 in Dublin. Trueg notes: "For now we only support them in a non-financial way but we hope to improve on that." The selected students officially began work on their project on July 10th, and are expected to present a mid-term report on September 10th. The completed projects are due on November 11th, along with final comments from students and mentors.

Not surprisingly, the group of students who have signed on bear a great resemblance to the KDE community as a whole. A majority of them are from outside the United States and have a strong educational background in computer science. Nearly all of the students I questioned had intended to become involved with KDE whether or not their Summer of Code applications were accepted, and were delighted by the Season of KDE and the opportunity to work with a mentor. Student Yang Sheng, working on the "KNotes improvement" project, told me: "I took this as a practice and a challenge more than as a simple project. So it not only aids KNotes' improvement, but also my own improvement." Similarly, the mentors were delighted to mold new recruits for their particular area of KDE development. Trueg, also a mentor for the "K3b lite" project, explains: "I think it is a very good opportunity for new developers to become involved with the KDE project".

Fifteen projects were registered as members of the Season of KDE. Many of the ideas were built upon suggestions given to potential applicants by KDE developers. This week we take a look at the first five of these projects.

Martin Böhm's Tab support for KWin (mentored by Lubos Lunak)

Inspired by a three year old feature request on bugs.kde.com, Martin Böhm intends to add Fluxbox-like tabs to Kwin, KDE's window manager. Tabs in window managers work just like those in web browsers, allowing several windows to occupy the same space. The Fluxbox implementation lets you group windows by dragging them onto each other with the middle mouse button, and then allows switching between windows in the group by clicking on a tab bar placed on an edge of the window. Groups save on space and clutter and can be moved, minimized, and maximized together. They can be disassembled by dragging off tabs with the middle mouse button.

Some question the usefulness of tabs for a window manager. Many note that having windows overlap as tabs obstructs the ability to drag and drop documents, a highly touted usability feature. Others point out that the taskbar already serves to tab windows, and that developers are free to implement them per-application if they deem it necessary, though this argument does not address the ability to group together different applications. Fortunately, Böhm will add configuration options to KControl, including keyboard shortcuts and default behavior, so that those who do not like tabs can ignore them. He also points out that there will be essentially no performance cost for the feature. Some users will no doubt enjoy using tabs with applications such as KEdit or the GIMP, which do not implement application tab support but could perhaps benefit from them.

Böhm considers himself a window-manager connoisseur who has particularly extensive experience with KDE and Fluxbox. He cites skill in C++ (the foremost requirement for his project), an interest in Qt and KDE, and server administration experience at a small ISP. He and mentor Lubos Lunak appear to share Czech citizenship and background, which Böhm feels eliminates any potential communication barrier. Lunak has had his hand in KDE for years, on a diverse set of components including KHotKeys, Kicker, and kdelibs.

Ivan Cukic's "Kamion" User State Migration Tool (mentored by Thiago Macieira)

"User state migration" refers to saving or restoring a user's application configuration and data for backup purposes or use on another installation. Today, wise Unix users may opt to accomplish this by copying their /home directory, though they must first take a comb to their files to make sure they aren't restoring application settings of an incompatible version or wasting space by archiving browser caches. Kamion promises an integrated wizard for both "packing" and "unpacking" compressed user states, making sure to avoid the pitfalls of the /home method. Cukic envisions a database of application signatures, kept by either distribution packagers or KDE developers, that will instruct Kamion of which versions have incompatible settings and which files are not worth packing.

Cukic intends to offer users a simple and usable solution without depriving them of any power. Kamion will prompt the users as to which application states they want to restore, and whether to ignore incompatibility warnings. An option to package only specific applications may be added, or even specific data such as a music collection. Users will also choose whether to save their packs to disk, email them, or burn them to CD with K3b. Kamion will be integrated into the desktop via a mime type for .kamion packs and options in the KDE Welcome Wizard.

Many of these details did not exist in Cukic's initial Summer of Code application. He informed me that he has dropped his proposed XML data storage format in favor of a faster sqlite3 method. When I contacted him he had already nearly completed the Kamion backend library and was readying to begin work on the GUI. Though he told me he has experience with KDE development, Kamion will be his first notable contribution to the desktop. Cukic, a student at the Faculty of Mathematics, University of Belgrade Computer Science Department, seems devoted to software engineering and is active in the free software world. Mentor Thiago Macieira is one of KDE foremost bug-fixers and maintainer of its networking code.

Dragan Jovev's API for media file meta-information (mentored by Carsten Pfeiffer)

A user's media collection usually consists of much more than what can be found in a 'Music' folder on the hard drive. Jovev recognizes that it can be expected to extend to a large assortment of DVDs, storage cards, external and network drives, and even the Internet. Such a distributed collection is difficult to manage, even with the aid of one of the many "collection manager" applications like Tellico. In response to this, Jovev has designed an API and storage backend to allow KDE applications to store information about any media that they access and keep this information even when the media is no longer accessible. The user will be able to, for example, browse his entire music collection in Amarok and be prompted to insert a specific CD if necessary.

His API, KMetaLibrary, needs to be sufficiently fast, configurable, and robust as to appear transparent to the user. To that end, Jovev plans to section off his database. As described in his Season of KDE page:

Each collection will be done using SQLite, XML or some other type of database. There will be separate collections for movies, songs and pictures. This will make faster manipulation of data for applications that are working, for example, only with pictures. Also, it will be easier to create and manage separate database structures, since video and audio files will not use same data structure.

Configuration to restrict the API's cataloging scope will be possible both globally and per-application. Digikam, for instance, may be restricted to indexing photos it found on flash cards.

Jovev has had delays in starting his project, but promises that in August he is "ready to spend all [his] spare time on this project. That means 5-6 hours per day." He may have to, for an ambitious idea that mentor Carston Pfeiffer expects to prove an integral part of KDE 4. Pfeiffer is the creator of image viewer Kuikshow and the KISDN telephony program and has been a contributor to several other KDE projects, including KDE 3's meta data facilities. When I contacted him, he had a very insightful note about the benefits Season of KDE students are getting: "collaborating on software development (which is something you hardly learn in computer science classes)". He continues: "Due to lack of time, I cannot develop much for KDE myself recently, so the least I could do is help others doing that."

Jovev is a computer science major at the Faculty of Electronic Engineering, University of Nish in Serbia. The KMetaLibrary project is his first formal involvement with KDE, though he tells me has written small patches in the past that were not published. His Season of KDE page imparts that he has been a KDE user for six years and has had software development experience with Irvas International.

Corey Latislaw's KOffice ClipArt Browser (mentored by Carsten Pfeiffer)

Clip art has undeniable appeal to those doing casual desktop publishing, the exact Microsoft Office jockeys that desktop Linux is targeting. Such images usually have legal restrictions, but great strides have been made in compiling an Open Clip Art archive. Latislaw is making a clip art library browsing application that she intends to integrate with KOffice. The applications would be usable across all of KOffice's many components, where inserting an image would be applicable.

In the current version of KOffice, users can easily add preselected pictures to documents, but there are no tools to help them find images. Latislaw's browser would present them with thumbnails of the images in their clip art libraries, similar to the behavior of many competing office suites. Mentor Carsten Pfeiffer imagines clip art being selectable from any source, such as CDs or network directories, though Latislaw specifically outlined Open Clip Art integration to me. He suspects that Latislaw will implement images categories organized and searchable by meta-data or perhaps even content. Some previous attempts at coding a KOffice clip art browser seem to have been abandoned.

Latislaw is a student at Florida State University, treasurer of their Women in Computer Science organization, and contributes to the FSU Student Leadership Corps. Latislaw tells me that she has settled on using C++ for her project and has been refreshing her skills in the language. She hopes to present the browser at aKademy

Emmanuel Lesser's optical touchscreen (mentored by Olaf Jan Schmidt)

Lesser's project is a fantastically innovative and interesting method for turning a $20 webcam and a user's existing monitor into a functional touchscreen. His software will litter the screen with markers, which when photographed by the webcam and fed through OCR, will recognize when a marker is missing (covered by a finger) and report it as the position of the user's click. He hopes to bring touchscreens, whose applications include aiding the disabled, to the masses, foregoing expensive monitor hardware or Tablet PCs. Mentor Olaf Jan Schmidt is a member of the KDE Accessibility team.

The optical method for touch recognition does have several hampering flaws. Lesser intends to write a custom OCR engine tailored to the job which will have some performace penalties that will undoubtedly be exacerbated on older hardware. Logic algorithms, which lesser will write in Prolog, are needed to differentiate between markers users intentionally cover and those incidentally covered by their arms. The webcam must also have a direct view of the monitor, which may involve a custom mounting solution and interfere with the user's workspace. Calibration will be required before use. Lesser does not address the possibility, if any, of conflict between a low-speed webcam video camera and CRT refresh rates, nor low-resolution images and the detection of markers.

Extensive coding is necessary for the project, ranging from low-level driver support to a graphical configuration utility. Much of it will be ported from a 2003 prototype that Lesser wrote in JavaScript. Nonetheless, he will have to code an OCR engine from scratch, develop Prolog algorithms to process the images, manage driver support, create a GUI using the technique, and author a plugin-like sub engine system to allow other applications to hook into his code. Lesser laments the stagnation of his prototype, but states that, "I firmly believe that by coding a custom OCR-engine, using more flexible (low-level) languages like C and with my extended knowledge and experience, this application can become very fast and compatible with virtually any platform."

Ten more Season of KDE Projects projects will be examined in the second and final part of this article series.

Comments (2 posted)

System Applications

Embedded Systems

BusyBox 1.2.1 (stable)

Stable version 1.2.1 of BusyBox, a condensed collection of command line utilities for embedded systems, is out. "Since nobody seems to have objected too loudly over the weekend, I might as well point you all at Busybox 1.2.1, a bugfix-only release with no new features."

Comments (none posted)

Web Site Development

Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released

The Apache Software Foundation and The Apache HTTP Server Project have announced the release of version 2.2.3 of the Apache HTTP Server ("Apache"). This version fixes a potential security flaw. "Depending on the manner in which Apache HTTP Server was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution. This issue has been rated as having important security impact by the Apache HTTP Server Security Team."

Full Story (comments: none)

Skeletonz: The pythonic CMS system

Skeletonz is a new Python-based content management system. "Say goodbye to tedius backend administration and say hello to insite dynamic editing of your site! The system is a CMS refreshment - - it represents a whole new way of editing! Say goodbye to bloatness also. Skeletonz is dynamic, very fast and dead simple to use. The system has been in development for around 9 months. Current version is 1.0 beta."

Full Story (comments: none)

Desktop Applications

Audio Applications

das_watchdog V0.2.4 and jack_capture V0.3.7 announced

New versions of das_watchdog and jack_capture are available with bug fixes and other improvements.

Full Story (comments: none)

sfront 0.91 - 7/30/06 released

sfront 0.91 7/30/06 is out with bug fixes. "Sfront compiles MPEG 4 Structured Audio (MP4-SA) bitstreams into efficient C programs that generate audio when executed."

Full Story (comments: 1)

Desktop Environments

GARNOME 2.15.90 (aka 2.16.0 Beta 1) released

Version 2.15.90 of GARNOME, the bleeding-edge GNOME distribution is out. "We are pleased to announce the release of GARNOME 2.15.90 Desktop and Developer Platform. This release includes all of GNOME 2.15.90 (aka 2.16.0 Beta 1), tweaked and updated with love by the GARNOME Team."

Full Story (comments: none)

GNOME Software Announcements

The following new GNOME software has been announced this week: You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE 3.5.4 released

KDE 3.5.4 is out. The announcement describes it as a maintenance release, but notes that there are "over 27 new features" as well. Those new features include better removable device support, improved wireless networking configuration, and more; the changelog has all the details.

Full Story (comments: none)

KDE Software Announcements

The following new KDE software has been announced this week: You can find more new KDE software releases at kde-apps.org.

Comments (1 posted)

News from KDE Web Dev (KDE.News)

KDE.News presents News from KDE Web Dev. "The Quanta development team is pleased to announce our Hot New Stuff server implementation is now running. This means that Quanta Plus users can now begin taking advantage of KNewStuff. We are also preparing for exciting new developments we want to work on during the upcoming Akademy in Ireland. We will have at least four developers there and we very much appreciate any help rasing funds for travel, accommodation and other expenses. Two of our developers have notebooks running 500 MHz or slower and I would like to get them new notebooks for the conference. You can contributed to the project at the kdewebdev site. Finally development has resumed on Kommander, read on for full details."

Comments (none posted)

KDE Commit-Digest (KDE.News)

The July 30, 2006 edition of the KDE Commit-Digest has been announced. Here's the content summary: "Work begins on integrating C# support in KDevelop, as the second phase of the "C# parser for KDevelop" Summer Of Code project, whilst a companion effort concurrently starts to support Java. Eigen, a matrix and vector mathematics library is begun. okular is ported to QGraphicsView. Infrastructure improvements in Solid and Kalzium. "Siox" tool ported to Krita."

Comments (none posted)

Electronics

gerbv 1.0.2 released

Version 1.0.2 of gerbv, a Gerber file viewer for printed circuit CAD designs, is out. See the release announcement for details. "This is to announce the third release in the stable branch of gerbv, 1.0.2. During the course of the 1.5 year many things has been rotting away in the CVS. Some patches has found it's way out on the 'net anyhow, like the GCC4-patch. If anyone is interested to take over this project and bring it up to new heights - or at least maintain it properly - is welcome."

Comments (none posted)

Games

Allegro 4.3.0 has been released

Version 4.3.0 of Allegro, a game programming library for C/C++ developers, is available. "This is a WIP version, which will probably not work as expected for many things when using as a 4.2 drop in, although the 4.3 branch will be developed together with a compatibility layer, mapping the 4.2 API onto the new 4.3 API. This release is only the first release of the 4.3 branch though, and many if not most things are not implemented yet."

Also, version 0.1.4 of Alpy, the Python bindings to Allegro, is out with new features and bug fixes.

Comments (none posted)

GUI Packages

Trolltech Releases Preview of Qt for Java (KDE.News)

KDE.News covers the first preview release of Qt for Java. "Trolltech has released a preview of the long awaited Java bindings for Qt 4. "Qt Jambi technology integrates Qt with the Java programming language, providing new possibilities for both Java and C++ programmers. This technology enables Java developers to take advantage of the powerful features of Qt from within Java Standard Edition 5.0 and Java Enterprise Edition 5.0.""

Comments (none posted)

Interoperability

Wine 0.9.18 released

Version 0.9.18 of Wine has been announced. Changes include: Still more work on Direct3D, A lot of MSI bug fixes and improvements, More compatible memory management, Several fixes for Win64 support, Some performance improvements and Lots of bug fixes.

Comments (none posted)

Medical Applications

Care2x version 2.2 released (LinuxMedNews)

Version 2.2 of Care2x has been announced. "Care2x is an open source web-based hospital information system (HIS). The development of Care2x started back in 2002 by Elpidio Latorilla. The software is released under the GNU General Public License. The latest version 2.2 is maintenance release."

Comments (none posted)

Office Suites

KOffice 1.6 Alpha Released (KDE.News)

KDE.News has announced KOffice 1.6 alpha. "Swiftly following the latest bugfix release for KOffice 1.5, the KDE Project today announced the release of KOffice 1.6 alpha. This is the first preview release for KOffice 1.6, scheduled for release this October. KOffice is an integrated office suite with more components than any other suite in existence. KOffice 1.6 is mainly a feature release for Krita and Kexi while the new revolutionary KOffice 2.0 is being developed".

Comments (none posted)

OpenOffice.org Newsletter

The July, 2006 edition of the OpenOffice.org Newsletter is online with the latest OpenOffice.org office suite news.

Full Story (comments: none)

Web Browsers

Mozilla Firefox 1.5.0.5 Released (MozillaZine)

MozillaZine has announced the release of version 1.5.0.5 of the Mozilla Firefox web browser. "Mozilla Firefox 1.5.0.5 is now available for download. This update to the Mozilla Corporation's flagship browser includes stability and security fixes and changes for the Frisian locale. The Firefox 1.5.0.5 Release Notes have more details and the Firefox 1.5.0.5 section of the known vulnerabilities page has details about the security bugs resolved in this release."

Comments (6 posted)

Miscellaneous

ANNA 0.2 announced

Version 0.2 of ANNA is out with several new capabilities. "ANNA: (Artificial Neural Network Architecture) is a Back propagation neural network class developed thinking in a good matching class to the FLTK. The distribution include the source code and a demo which should work on Linux systems. The structure is very flexible and you can change in a simple way the number of inputs, number of hidden layers, number of neurons per layer and the outputs. There is included a nice Structure editor, where you can visualise the neuronal network structure."

Comments (none posted)

GnuPG 1.4.5 released (another security fix)

A new stable GnuPG v1.4.5 has been released. "Fixed 2 more possible memory allocation attacks. They are similar to the problem we fixed with 1.4.4. This bug can easily be be exploited for a DoS; remote code execution is not entirely impossible."

Full Story (comments: none)

The LZMA Utils

The LZMA Utils is a relatively new compression utility that works like gzip/bzip2, but uses the LZMA algorithm, it is a work in progress. (Thanks to Fabio.)

Comments (none posted)

Languages and Tools

Caml

Caml Weekly News

The August 1, 2006 edition of the Caml Weekly News is out with new Caml language articles.

Full Story (comments: none)

Python

SciPy 0.5.0 released

Version 0.5.0 of SciPy, Scientific Tools for Python, is out. "This version adds support for NumPy 1.0b1. It also contains bug fixes and minor enhancements to sparse, weave, optimize, ndimage, stats, and other modules. New features include callback functions in optimization routines, ..."

Comments (none posted)

Dr. Dobb's Python-URL!

The August 2, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Tcl/Tk

Dr. Dobb's Tcl-URL!

The August 1, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

Cross Compilers

Small Device C Compiler 2.6.0 released

Version 2.6.0 of SDCC, a cross-compiler for 8051, DS390, Z80, PIC and HC08 microprocessors, is out. "This release improves the compiler's conformance to the C standard. Significant progress was also made on the PIC (both 14- and 16-bit) backends. For the 8051 SDCC has seen the addition of a new memory model, code banking and bit variables. Numerous feature requests and bug fixes are included as well. Since 2.5.0 the ChangeLog has grown by more than 3000 lines so all changes are simply too numerous to name."

Comments (none posted)

IDEs

Wing IDE 2.1.1 released

Version 2.1.1 of Wing IDE has been announced. "We're happy to announce the release of Wing IDE version 2.1.1, an advanced development environment for the Python programming language. This is a bugfix release, fixing several editor, subprocess, and startup bugs."

Comments (none posted)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

Google To Launch Ad-Free Open Source Project Site (LinuxWorld)

LinuxWorld reports that Google is adding open source project hosting to its services. "The heart of an open source project hosting service is the version control system, which keeps track of changes to software and allows developers to fix conflicting changes or roll back to previous versions. Google will be using Subversion, an open source version control system to which several Google developers contribute, [Google engineer Greg] Stein said."

Comments (22 posted)

Fedora wants to draw in women (ZDNet)

ZDNet covers the launch of the Fedora Women project. ""A large portion of the Fedora user base is made up of women. They are often under-represented within the community, with many people not even realizing how big a share of the community they are. The Fedora Women program aims to improve that representation and to provide a forum for the women of the Fedora community," the group said."

Comments (none posted)

Trade Shows and Conferences

OSCON kicks into full gear (NewsForge)

Joe 'Zonker' Brockmeier covers day three of the O'Reilly Open Source Convention on NewsForge. Covered sessions and events include: Open Technology Development: Open Source and the US Government, Greg Kroah-Hartman's Current State of the Linux Kernel, Lightning States sessions, and the exhibit floor.

Comments (none posted)

OSCON day four: Zen and tomatoes (NewsForge)

NewsForge covers day four at O'Reilly Open Source Convention (OSCON). "Guido van Rossum, the creator of Python, gave an talk on "Python 3000," the minor revamp of Python, which will eventually result in Python 3.0. During his session van Rossum discussed the philosophy of the new design and gave a tentative timeline for development."

Comments (none posted)

Final thoughts on OSCON - with video! (NewsForge)

NewsForge presents an OSCON wrap-up. "The eighth annual O'Reilly Open Source Convention wrapped up Friday with a half day of talks and a farewell address by Eben Moglen, general counsel for the Free Software Foundation and chairman of the Software Freedom Law Center, on the importance of software licenses. Moglen's talk provided a perfect end to an excellent conference."

Comments (none posted)

The SCO Problem

SCO Group's stock falls (Salt Lake Tribune)

The Salt Lake Tribune observes a minor milestone in the SCO case: "After a sustained slide fed by sustained poor earnings results and courthouse reversals, SCO shares closed Tuesday at $2.28 per share. That was 2 cents per share lower than the company's stock sold for on March 25, 2003. That was the same day SCO, alleging IBM had transferred SCO's proprietary Unix code into its Linux releases, filed its $5 billion complaint against Big Blue in Salt Lake City's U.S. District Court."

Comments (18 posted)

Companies

Pervasive exits open-source PostgreSQL business (ZDNet)

ZDNet reports that Pervasive Software is getting out of the PostgreSQL support business. "In a letter to the PostgreSQL community of developers, Pervasive Software President John Farr said last week that the company "underestimated the high level of quality support and expertise already available within the PostgreSQL community.""

Comments (3 posted)

Legal

Medsphere sues company's co-founders (Modern Healthcare)

Modern Healthcare has an article about a suit by Medsphere Systems against its co-founders. "According to the lawsuit, these alleged acts include posting proprietary source code known as 'OpenVistA Client' -- also known as 'Kickstand' -- and 'Jumps' on June 6 and June 7 on the SourceForge.net open-source development Web site..." Note that reading the full article requires an intrusive registration step - and isn't worth it. (Seen on Linux Med News).

Comments (5 posted)

Interviews

People Behind KDE: Olivier Goffart (KDE.News)

KDE.News has announced an interview with Olivier Goffart in its People Behind KDE series. "Today's star of People Behind KDE is a member of what was once described as "the younger generation of Kopete developers". This man talks Messenger and Jabber nativly but only communicated on IRC thanks to Babelfish. Learn about the trials of a Kopete developer in our interview with Olivier Goffart."

Comments (none posted)

Eben Moglen explains highlights of GPL3 second draft (NewsForge)

NewsForge talks with Eben Moglen about the second draft of GPLv3. "Moglen stepped us through the highlights of the new draft. They include language simplifications that make the GPL easier to use and lead to greater internationalization, clarification of issues about potentially restrictive technologies and peer to peer downloads, and a radical simplification of the GNU Lesser General Public License (LGPL). Although some issues remain, he believes that this draft is the first clear indication of what the final version of GPL3 will look like."

Comments (none posted)

Resources

Deploying BIRT (O'ReillyNet)

Jason Weathersby shows how to deploy BIRT in an O'Reilly article. "The Business Intelligence and Reporting Tools (BIRT) project is an open source, Eclipse-based reporting framework that enables the creation and deployment of complex report designs. Development with BIRT can usually be thought of as a two-step process: the creation of the report designs within the Eclipse BIRT Report Designer, followed by the deployment of the designs and framework to an application for dissemination."

Comments (none posted)

The Generative Internet, by Jonathan Zittrain, Esq. -- RFC (Groklaw)

Groklaw has published an article by Jonathan Zittrain entitled "The Generative Internet", the author is requesting comments on the work: "I've just finished a new paper on the future of the Net, in which I extol its open qualities but fear that a focus on an open Internet can too often exclude worrying about an open PC -- which I define in a broader fashion than the divide between free and proprietary software typically contemplates. I think it's critically important that users retain general purpose PCs, even some with proprietary OSes, instead of "information appliances." I fear these appliances, like TiVo, can come to predominate -- or that the PC itself will morph towards becoming one, with new gatekeepers determining what code will or won't run on them, rather than the users themselves."

Comments (5 posted)

A geo-located photo album in five easy pieces (Linux.com)

Kevin Quiggle and Mike Whitton explain how to add GPS location information to a photo album in a Linux.com article. "Open standards, and openness in general, enables people to combine a variety of technologies in new and interesting ways. For example, using a camera with Exif support, a GPS receiver, the Google Maps API, and Perl, PHP and JavaScript, Mike Whitton created a Web-based photo album in which the photographs are automatically placed on a map at the exact location they were taken. Let's take a look at how this is done."

Comments (none posted)

August Linux Gazette available

The August issue of the Linux Gazette is out; topics this month include XMMS effect plugins, low-fat Linux, concurrent server design, and more.

Comments (none posted)

Mainstream Parallel Programming (Linux Journal)

Linux Journal looks at parallel programming. "Whether you're a scientist, graphic artist, musician or movie executive, you can benefit from the speed and price of today's high-performance Beowulf clusters."

Comments (none posted)

Reviews

CLI Magic: Feh for image viewing (Linux.com)

Linux.com reviews Feh, an image viewer. "Too many Linux image viewers are tinged with little annoyances -- they take too long to load, are slow to redraw the display, have limited format support, sport inconvenient controls -- so when you want to settle on one, inevitably there's something to make you utter feh! in general discontent. Good call -- feh is the name of a speedy little viewer that packs in a surprising number of features for its size."

Comments (13 posted)

KDE 3: All About the Apps (Part 4) (KDE.News)

KDE.News covers some KDE 3 applications. "This is part four of the the successful series All About the Apps, reminding us that while KDE 4 development may be fun, to watch to find great apps working today KDE 3 beats them all. This time we report on the Linux equivalent of Cubase - Rosengarden, the great Basket, KPhotoAlbum and the next version of KDevelop."

Comments (none posted)

Thunderbird 2.0 preview (NewsForge)

NewsForge looks forward to Thunderbird 2.0. "The tag system has three advantages over the old label system. First, you can define as many tags as you want (labels were limited to five). Second, you can apply as many tags as you want to each message (labels were limited to one per message). And third, tags are hot, new, and Web 2.0 buzzword-compliant (labels are not)."

Comments (none posted)

Review: VMware's worthy new option for virtual servers (NewsForge)

NewsForge reviews VMware Server 1.0. "VMware offers the VMware Server software as an RPM or a tarball with the installer and necessary components -- no Debian package at this time, unfortunately. I decided to go with the RPM install on a dual Pentium III 1.0GHz server with 2GB of RAM, running CentOS 4.3. VMware Server should install on most x86 or AMD64 Linux distros. The main prerequisites are GCC and the kernel headers for your system."

Comments (none posted)

Miscellaneous

Does dual licensing threaten free software? (Linux Journal)

Glyn Moody examines some issues behind the dual-licensing of software projects, in a Linux Journal article. "A whole new generation of open source companies like MySQL, SugarCRM and JasperSoft have shown that such an approach can be highly successful, and this is encouraging others to adopt the same model – Scalix is the latest to join the club. Before this becomes established as the de facto standard for open source business in the dotcom 2.0 world, now might be a good time to examine whether it is really is such a good thing for free software, or whether it might even represent a threat to its fundamental principles."

Comments (5 posted)

Page editor: Forrest Cook

Announcements

Non-Commercial announcements

Extremadura government to move to Linux

The government of the Spanish state of Extremadura has made the decision to move all of its systems over to free software and open formats within one year. "The councillor explained that a version gnuLinEx, adapted for the public administration, will be established as the obligatory operating system in workplaces of the civil servants of the Junta and that the OS will be gradually introduced to all administrative organizations of the Junta de Extremadura."

Full Story (comments: 2)

The Linux Business Campus Nuremberg

The Linux Business Campus Nuremberg has announced its existence. It is a sort of business incubator aimed at Linux and open source businesses; there seem to be a number of early SUSE folks (among others) involved. "Thirteen campus coaches currently offer advisory services ranging from organizing high-ranking contacts with international software companies, support for open source technology and business models, advice on setting up a product or sales management system and development of go-to-market strategies to growth financing support from the Business Angel network and venture capital companies."

Comments (none posted)

Proposal for an OpenDocument icon (OpenDocument Fellowship)

There is a new Proposal for an OpenDocument icon set. "The idea is that each icon maker (desktop environments, applications, etc) will make their own icon set, suitable for their environment, but will include this image so that the user can recognize the document as an OpenDocument file. Think of PDF. KDE and Gnome have different PDF icons, but both are recognizable as PDF be[c]ause of the red squiggle that is associated with PDF. Wouldn't it be nice to have something like that for OpenDocument? Having such an image would significantly improve awareness of the OpenDocument format." (Thanks to Pete Harlow.)

Comments (none posted)

Software in the Public Interest announces new officers

Software in the Public Interest has announced the appointment of three new board members. "Software in the Public Interest is pleased to announce that it has appointed new Officers following the election of three new members to the board of directors. In a board meeting on 1st August, the board elected Bdale Garbee as President, Michael Schultheiss as Vice President, Neil McGovern as Secretary and Josh Berkus as Treasurer of the board."

Full Story (comments: none)

Commercial announcements

BitRock Releases LAPPStack 1.0

BitRock has announced availability of LAPPStack 1.0. "BitRock LAPPStack 1.0 is an easy to install distribution of Apache, PHP, PostgreSQL, Python, and supporting libraries. LAPPStack allows users to have a complete web development environment up and running in just minutes."

Full Story (comments: none)

Boeing Selects Wind River Carrier Grade Linux

Wind River Systems, Inc. has announced the selection of the Wind River Platform for Networking Equipment - Linux Edition by Boeing, for use in the P-8A Multi-mission Maritime Aircraft mission system. "The P-8A is a long-range anti-submarine warfare, anti-surface warfare, intelligence, surveillance, and reconnaissance aircraft. It possesses an advanced mission system for maximum interoperability in battle space. Capable of broad-area, maritime, and littoral operations, the P-8A is expected to improve training, deployment, and operation of the U.S. Navy's maritime patrol and reconnaissance forces."

Comments (none posted)

GDA Technologies announces Freescale MPC8548E PowerQUICC III Reference Platform

GDA Technologies, Inc. has announced an embedded Linux reference platform for the Freescale Semiconductor MPC8548E PowerQUICC processor. "The MPC8548E-based AMC is designed with high-performance Gigabit Ethernet interfaces and up to 8 lanes of PCI Express for embedded applications in broadband telecommunications and data communications networks. The board has four Gigabit Ethernet ports (two on the front panel and two on the edge connector) along with a debug port on the front panel and 8 PCI Express lanes on the AMC edge connector."

Comments (none posted)

South Korean Haansoft joins Linux group OSDL

South Korean Linux developer Haansoft has joined Open Source Development LabsL (OSDL). "The company's involvement should help the spread of linux in Asia, OSDL said. For example, Haansoft is also a developer of Asianux 2.0, the second version of the Asianux Linux distribution. Other companies behind Asianux are Red Flag Software Co. Ltd., one of China's leading Linux developers, and Japan's Miracle Linux Corp. Asianux 2.0 should be available in South Korea and China in July and in Japan in October."

Comments (none posted)

ObjectWeb Releases Enterprise Content Management and Repository Solution

ObjectWeb has announced the release of an Open-Source Enterprise Content Management and Repository Solution, the eXo Enterprise Content Management and eXo Java Content Repository. "ObjectWeb and eXo Platform SARL today announced the availability of the first complete open-source content management and repository solutions that allow users to create, manage and store documents from a customized, single point-of-access Web portal."

Full Story (comments: none)

Wind River Contributes Code to the Eclipse Foundation

Wind River Systems, Inc. has announced the release of over 300,000 lines of code to the Eclipse Foundation. "The contributions are being made to four Eclipse projects: the C/C++ Development Tools (CDT) Project, the Platform Project, and both the Target Management (TM) and Device Debugging (DD) subprojects within the Device Software Development Platform (DSDP) Project."

Comments (none posted)

Wind River announces new commercial grade Linux platforms

Wind River Systems, Inc. has announced the availability of new commercial grade Linux platforms. "At its foundation is a pristine, unmodified, stable version of the Linux 2.6.14 kernel. Available today, the Linux editions of the Wind River(R) General Purpose Platform, Platform for Consumer Devices and Platform for Network Equipment ship with the latest version of the company's Eclipse-based device software development suite, Wind River(R) Workbench 2.5 and include significant new enhancements to runtime performance and footprint size, networking protocols, security, file systems and hardware architectures."

Comments (none posted)

New Books

Ruby Cookbook - O'Reilly's Latest Release

O'Reilly has published the book Ruby Cookbook by Lucas Carlson and Leonard Richardson.

Full Story (comments: none)

No Starch Press releases "Ubuntu Linux for Non-Geeks"

No Starch Press has published the book Ubuntu Linux for Non-Geeks by Rickford Grant.

Full Story (comments: none)

Contests and Awards

Astaro Product Awarded by Leading IT Security Publication

Astaro Corporation has won an award from SC Magazine. "Astaro Corporation, developers of a Linux-based line of network security appliances comprised of more than 300 open source projects and proprietary technology, today announced that SC Magazine has honored the Astaro Security Gateway 425 with the SC Magazine "Recommended" Award and an overall rating of 4 stars in the group test category of firewalls."

Full Story (comments: none)

Education and Certification

LPI, Ubuntu and MySQL Certification exams to be offered at LinuxWorld

The Linux Professional Institute has announced a round of Ubuntu and MySQL Certification exams, to be held at LinuxWorld San Francisco on August 15 -17, 2006.

Full Story (comments: none)

Upcoming Events

Fourth International Conference on GPLv3 (Bangalore)

The Fourth International Conference on GPLv3 will take place in Bangalore, India on August 23 and 24, 2006. "A part of the world-wide drive to create awareness about the upcoming version three of the GNU General Public License (GPLv3), the two-day conference is expected to draw delegates from across the communities - legal, bureaucrat and academia."

Full Story (comments: 1)

Gelato ICE, Singapore

The next Gelato Itanium Conference & Expo (ICE) will take place in Singapore on October 1-4, 2006.

Full Story (comments: none)

RubyConf*MI, OSCON, and 'Ruby for Rails' (Linux Journal)

Linux Journal has an announcement for RubyConf*MI. "It's being held in Grand Rapids Michigan on Aug 26th. It looks like a good conference, David Black will be speaking (the word is he'll be presenting a day of training through Ruby Power and Light ahead of the conference as well). I'm going to be speaking there too, along with several local Ruby hackers. You can see the speaker list or register for the conference at their website."

Comments (none posted)

Events: August 3 - September 28, 2006

Date Event Location
August 3, 2006Black Hat USA 2006 Briefings and Training(Caesars Palace)Las Vegas, NV
August 3, 2006SigGraph 2006(Boston Convention and Exposition Center)Boston, MA
August 4 - 6, 2006DEF CON 14(Riviera Hotel)Las Vegas, NV
August 4 - 6, 2006Wikimania(Harvard Law School)Cambridge, MA
August 4 - 6, 2006Vancouver Python WorkshopVancouver, BC, Canada
August 8 - 10, 2006Flash Memory Summit(Wyndham Hotel)San Jose, CA
August 14 - 17, 2006LinuxWorld San Francisco 2006(Moscone Center)San Francisco, CA
August 14 - 17, 2006ApacheCon Asia(Trans Asia Hotel)Colombo, Sri Lanka
August 17 - 18, 2006Python for Scientific Computing(SciPy2006)(Caltech)Pasadena, CA
August 18 - 19, 2006The Ubucon Conference(Google headquarters)Mountain View, CA
August 21 - 27, 2006Ireland PyPy sprint(University of Limerick)Limerick, Ireland
August 23 - 24, 2006Fourth International Conference on GPLv3(Indian Institute of Management)Bangalore, India
August 26, 2006RubyConf*MI(Calvin College)Grand Rapids, MI
August 28 - 31, 2006Bellua Cyber Security Asia 2006(Jakarta Convention Center)Jakarta, Indonesia
September 8, 2006Leipzig Python WorkshopLeipzig, Germany
September 9 - 10, 2006Linuxtage in Essen(University of Essen)Essen, Germany
September 11 - 13, 2006OpenOffice.org Conference(OOoConf 2006)Lyon, France
September 12 - 15, 2006php|works/db|works 2006Toronto, Canada
September 13 - 15, 20062006 WebGUI Users Conference(The Vegas Club Hotel and Casino)Las Vegas, NV
September 14, 2006NLUUG najaarsconferentie 2006(De Reehorst)Gelderland, The Netherlands
September 14 - 16, 2006Wizards of OS 4 - Information Freedom RulesBerlin, Germany
September 18 - 21, 20062006 European Open Source Convention(EuroOSCON)Brussels, Belgium
September 18 - 21, 2006New Security Paradigms Workshop(NSPW)Schloss Dagstuhl, Germany
September 23 - 30, 2006KDE World Summit 2006(aKademy)(Trinity College)Dublin, Ireland
September 25 - 28, 2006Embedded Systems Conference(Hynes Convention Center)Boston, MA

Comments (none posted)

Page editor: Forrest Cook

Letters to the editor

"Foundational software" and Free Software

From:  Micah Yoder <micah-AT-yoderdev.com>
To:  letters-AT-lwn.net
Subject:  "Foundational software" and Free Software
Date:  Sun, 30 Jul 2006 18:36:54 -0500

Hi,
 
I have become aware of some nonprofit organizations which are not only
rejecting Linux, but standardizing on the entire Microsoft stack -- Windows
Server, Exchange Server, Office, Outlook, SQL Server, etc -- all because of
one class of software: "Foundational software."
 
This software runs the entire database structure of the organization and has
special features for donor management and other things they need. One of
these products is Navigator by Serenic, which seems to be one of the more
popular, but there are others.
 
Obviously, something is very wrong here. Free Software is supposed to benefit
nonprofit organizations even more than businesses because, hypothetically,
they have less money for software.
 
I'll be the first to admit that I don't understand exactly what this software
does -- I have never set it up nor used it. But apparently it ties together
all the Microsoft servers and applications in a way that makes things easy
for these organizations.
 
My question, to which I would welcome answers in talkbacks, is do we have
members of the Free Software community who use and understand this software,
and what can be done about it?
 
I would not necessarily argue that said software *must* be Free Software, but
we do need to have a reasonable solution that ties together the similar Free
applications. If it itself is Free Software, fine.
 
One project that has shown some promise is GNU Enterprise (
http://www.gnuenterprise.org ), but its progress seems slow right now.
 
In any case, a project to implement this class of software with Free tools
seems a necessary step to achieving World Domination.
 
Micah

Comments (9 posted)

Page editor: Jonathan Corbet


Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds