LWN.net Weekly Edition for March 13, 2003
The first big Linux lawsuit
As most LWN readers have doubtless heard by now, SCO has filed a $1 billion lawsuit against IBM, claiming that IBM has misused SCO's proprietary Unix technology in Linux. LWN posted a look at SCO's complaint on the day it was released. Since then, more detailed analyses (and rebuttals) of SCO's claims have come out. See, for example, Karsten Self's commentary and the proposed response on the opensource.org site. Both are currently in draft form. Rather than try to add to those well-researched responses, we'll take this space to try to ponder some of the implications of this case.But first, it's worth pointing out that there is some real amusement to be found in Eric Raymond's buyer's guide for Unix on PC hardware, dated 1993. He had a warning for SCO and other proprietary systems vendors:
The message clearly was not heard. But, thanks to the net, it still exists to show to anybody who believes that SCO's entitlement to the x86 Unix market was unchallenged until IBM came along.
It remains to be seen how this case will be resolved. What seems like an obvious answer to the technical community sometimes comes across a little differently to a court. Nonetheless, IBM is equipped with relatively fearsome weaponry for the intellectual property battlefield. SCO will not have an easy time of it.
In the mean time, what can we expect?
- SCO claims that this suit has nothing to do with the Linux
community - it is simply a contract dispute. But that is clearly not
true. By claiming that Linux could not have reached a useful state
without an illegal stream of proprietary technology provided by IBM,
SCO has insulted the Linux community. The alleged
ineptitude of those who hack on Linux is at the core of SCO's case.
Linux, they say, is a
bicycle compared to a luxury car; it is only suitable for hobbyists
and non-profit organizations. This display of contempt will not be
quickly forgotten.
- SCO's Unix business is doomed - they say so themselves in their
complaint: "
Plaintiff stands at imminent risk of being deprived of its entire stream of all UNIX licensing revenue in the foreseeably near future.
" (Paragraph 119c). The company has slammed Linux - and its development community - to the point that it is hard to imagine how SCO will attempt to sell Linux-based products and services with a straight face. SCO, in other words, has just signalled its exit from the operating system business. SCOsource is evidently supposed to be the future of the company - if its management sees any future at all. - It is hard to imagine the UnitedLinux consortium remaining intact
under this sort of stress. Whether the other members find a way to
ease SCO out, or whether the whole thing will simply fragment, remains
to be seen.
- This case may well affect the Linux market in the near future. People
choosing technologies for their businesses have a certain, rational
aversion to lawsuits and disputed technology. How big the effect will
be depends, certainly, on the perception of SCO's chances of success.
So far, the general view seems to be that (to put it charitably), SCO has an uphill battle ahead of it. Investors have brought about a slight rise in SCO's stock price, but the market capitalization of the company remains under $30 million. That is not the capitalization of a company that has convinced investors it will be receiving a $1 billion judgement. If this perception does not change, the effect of this lawsuit could be relatively small.
- If the complaint is to be believed, SCO's biggest grievances have
to do with the JFS filesystem and the Omniprint drivers. If Linux
were to lose these technologies, it would be a poorer system. But,
honestly, the lives of most Linux users would not be affected all that
much.
- We have been reminded of the dangers of code contamination. Anybody who signs an agreement to view proprietary code, then goes on to work on free software, risks (being accused of) contaminating that software with proprietary technology. That risk exists whether the proprietary code is Windows, Solaris, or something belonging to SCO. Anybody who is contemplating such an agreement should think long and hard about the consequences.
This is the first of the big Linux intellectual property lawsuits; we should not expect it to be the last. Free software is too big a change, and it threatens too many interests, for things to go any other way. We are fortunate that the first attack was against a defendant with the resources and interest to defend itself - though the defendant could conceivably disagree. The burden of defending the next suit could well fall on somebody less able to shoulder it.
Going for BALANCE
[This article was contributed by Joe 'Zonker' Brockmeier]
If at first you don't succeed... Rep. Zoe Lofgren (D-Calif.) reintroduced the awkwardly-named Benefit Authors without Limiting Advancement or Net Consumer Expectations (BALANCE) Act last Monday. The bill was shot down last year in committee. Rep. Rick Boucher (D-Va.) is co-sponsoring the bill. Boucher has been outspoken on the need for reform of the Digital Millennium Copyright Act in the past, though he seems to be taking a back seat on this one (perhaps because he has a DMCA reform bill of his own on the table).
The BALANCE Act does not do away with the DMCA, as many in the Linux community would like to see. Instead, it attempts to amend the DMCA to allow for the exercise of fair use. The act notes that the DMCA "failed to give consumers the technical means to make fair uses of encrypted copyright works."
Not surprisingly, the Business Software Alliance (BSA) and the Motion Picture Association of America are against the BALANCE Act. Jack Valenti is quoted in the Mercury News as saying that the legislation "puts a dagger in the heart of the Digital Millennium Copyright Act," which is pretty much what everyone outside the entertainment and proprietary software industries would like to do.
The BSA's press release says that Lofgren's proposed exceptions go too far:
Of particular concern, provisions of this legislation allowing the disablement of technological protection measures on copyrighted materials would provide safe harbor for pirates who could easily claim that the 'intent' of their actions were legal even if it resulted in knowingly unlawful infringement and economic loss to copyright owners.
Interestingly, while the BSA comes out against the BALANCE Act, some of its member companies (i.e. Intel and HP) have been quick to endorse it and other bills like it that seek to undo some of the damage of the DMCA and the entertainment industry's relentless attempts to disallow fair use.
A reading of the bill shows that the BSA's position is a stretch, at best. The bill would ensure rights to "reproduce, store, adapt or access the digital work" for archival purposes or to "perform or display the work, or an adaptation of the work, on a digital media device, if the work is not so performed or displayed publically."
Circumvention of copyright protection would be allowed only if "such an act is necessary to make a noninfringing use of the work" and if "the copyright owner fails to make publically available the necessary means to make such noninfringing use without additional cost or burden to such person." In short, the bill seems to say that somebody could legally use or create something like DeCSS only if the movie studios do not provide, free of charge, a way for them to play DVDs on their devices.
The BSA is right about one thing: the BALANCE Act may very well hinder shrinkwrap licensing, which the software industry loves so much. The act would not allow enforcment of "nonnegotiable license terms...to the extent that they restrict or limit any of the limitations or exclusive rights" under the act. In other words, movies studios and software companies could not apply shrinkwrap licenses that disallow backup copies or circumvention that allows fair use. It's hard to see how that would "stifle industry growth and limit consumer choices."
So far, however, the DMCA hasn't been used to "promote continued innovation." It's been used to stifle competition and prevent fair use. Right now, the bill is in committee. The odds of passing the bill are a long shot, but one can always hope that this bill, or one very much like it, will make its way through Congress soon.
Security
Brief items
Red Sheriff
[This article was contributed by Tom Owen]
Check your cookie list in your browser for cookies from imrworldwide.com -- if they're there, then the red sheriff is watching you.
You won't be alone. For well over a year, vexed users have been popping up on the newsgroups, in slashdot and on lists of all sorts with independent rediscoveries of Redsheriff's activities. Unscientific sampling suggests that machines not owned by paranoid technicians always have these cookies.
The web was not designed to make marketing easy. Proxies and other caches mean that the server logs can dramatically undercount page views and downloads. Spiders and bots work the other way, but there's no reason to believe they balance out. The users share and reuse their IP addresses, you can't tell for certain what country they're in, and they even lie to their own PCs. Maybe M. Mouse is a legitimate name in Martinique, and a birth date of 01/01/01 might just mean that you saw Steamboat Willie first time round. But probably not.
Advertisers hate this. They hate trusting the word of a site owner about page impressions, but even when those numbers make sense they still don't know if the campaign is reaching the target preteens, or is being wasted on middle-aged tax consultants who just really like Britney. Many of them prefer to stick with old media where they get respectable numbers from the likes of Nielsen and ABC.
So the demand for better information is huge, and there's a long history of attempts to get it: doubleclick, web bugs and third-party cookies. The big accounts at the traditional end of the industry prefer to trust names and methods translated from broadcast media: closely monitored sample panels, surveys and focus groups. That would be fine, but one thing that no-one has ever been able to do is reconcile the numbers from these two approaches.
Redsheriff want to bridge that gap -- by making the whole internet their panel.
Founded in Australia in 1996 as a research firm, by 2001 Redsheriff was expanding into technical means. Along the way, they picked up global ambitions and some serious capitalists led by WPP, Martin Sorrel's advertising conglomerate. Earlier website versions on the Wayback machine couple horrifying wild-west copy with fairly explicit information about their offerings which is lacking from the current site.
And in fact they keep a lowish profile all round. There are no secrets, but no fuss either and little interest in publicity. It doesn't matter: the evidence is easy enough to gather. Redsheriff client sites (try Selfridges) drop or reference two main components:
- A pair of persistent cookies -- IMRID and V5 -- reporting to imrworldwide.com, a domain registered to redsheriff. You seem to get an IMRID once only -- if it's there it'll never be altered. It seems as though it's intended to be a globally unique machine name. By contrast V5 updates for almost anything you do on the site.
- A java applet (real java, not a script) called Measure, mostly silent,
but recognisable from the console message
----------- RedSheriff Measurement ----------- Privacy: http://www.redsheriff.com/privacy.htm
It returns a record to imrworldwide.com when you leave a site.
Redsheriff say they can report on movement within a flash site, as well as use of non-client sites, and it looks as though these are jobs for the applet. There doesn't seem to be an ActiveX component yet, but given MS's attitude toward Java, this is probably only a matter of time.
So far, Redsheriff knows many of the sites you visit from day to day and year to year, and within some of them they know the pages you look at. This is a good start (for them), but technical means aren't enough: they don't know who you are. This next stage is probably what has piqued the interest of partners like WPP and Taylor Nelson Sofres
What these buyers want is income, age, education, family status, and Redsheriff apparently gets it the easy way: by popping up a questionnaire with a chance of winning some prize. This questionnaire carries the client site branding, but the data goes to the Redsheriff servers. As a final touch, some percentage of the responses are qualified with telephone interviews. The privacy policy is surprisingly less clear than it could be -- it looks as though some identifying personal information will be held on the basis of the target's consent implied when they filled in the survey.
Redsheriff is doing nothing all that weird, but the effect is still spooky. Assuming their software and datacenter work right, they'll know largely complete browsing histories stretching over years for vast numbers of computers. And if they can do the surveys right, many of these histories will carry trustworthy demographic information and many more will be similar enough to have it inferred. They can't quite equal a panel in joining up work and home browsing or breaking out multi-use PCs but their potential sample is so comprehensive they hardly care: the data are going to make them big money.
If you don't want to be part of this database, it's easy to stop without marring the browsing experience: simply block third party cookies (erase any you have) and don't run applets. It's that easy. Maybe that's why they don't want the public gaze.
BIND 9.2.2: Slipstream Release?
[This article was contributed by Tom Owen]
The recent discussion on Bugtraq (e.g. here and here) raised the ugly possibility that ISC was fixing security problems in BIND and keeping quiet about them.In fact it does seem as though the release could have been better described in the BIND list. Two faults are described at the end of the current Bind vulnerability listing and the reason for the omission looks easy to guess: One is in the resolver library rather than the daemon itself, and the other is caused by linking with an unfixed version of OpenSSL.
It's not wrong to keep up to date with BIND, but the earlier server is only vulnerable if you use DNSSEC and linked an older version of OpenSSL.
New vulnerabilities
ethereal - format string vulnerability
| Package(s): | ethereal | CVE #(s): | CAN-2003-0081 | ||||||||||||||||||||||||
| Created: | March 10, 2003 | Updated: | June 12, 2003 | ||||||||||||||||||||||||
| Description: | The SOCKS dissector in Ethereal 0.9.9 is susceptible to a format string overflow. This vulnerability has been present in Ethereal since the SOCKS dissector was introduced in version 0.8.7. It was discovered by Georgi Guninski. Additionally, the NTLMSSP code is susceptible to a heap overflow. All users of Ethereal 0.9.9 and below are encouraged to upgrade. See the full advisory for additional information. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
mysqlcc - world readable file permissions
| Package(s): | mysqlcc | CVE #(s): | |||||
| Created: | March 7, 2003 | Updated: | March 12, 2003 | ||||
| Description: | Gentoo reports that versions of mysqlcc prior to 0.8.9 had all configuration and connection files world readable. | ||||||
| Alerts: |
| ||||||
netscape-flash: buffer overflow
| Package(s): | netscape-flash | CVE #(s): | |||||||||
| Created: | March 10, 2003 | Updated: | June 20, 2003 | ||||||||
| Description: | Potentially exploitable buffer overflows exist in the Macromedia Flash
Player. The full advisory is here.
"The cumulative security patch is available today and addresses the potential for exploits surrounding buffer overflows (read/write) and sandbox integrity within the player, which might allow malicious users to gain access to a user's computer. The possibility of running native code on a users machine is a theoretical exploit, and extremely difficult to execute in practice. There are no known examples of running such native code from Macromedia Flash movies; however, even though this issue is difficult and theoretical in nature only, we are encouraging users to upgrade." | ||||||||||
| Alerts: |
| ||||||||||
qpopper - buffer overflow
| Package(s): | qpopper | CVE #(s): | CAN-2003-0143 | ||||||||||||||||
| Created: | March 12, 2003 | Updated: | March 21, 2003 | ||||||||||||||||
| Description: | As reported in this advisory, qpopper 4.0.x contains a buffer overflow vulnerability which may be exploited remotely - but only by an attacker possessing a valid username and password. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
usermode - local root compromise
| Package(s): | usermode | CVE #(s): | |||||||||
| Created: | March 12, 2003 | Updated: | March 15, 2003 | ||||||||
| Description: | The /usr/bin/shutdown program in the usermode package can be used to kill all running process and obtain a root shell. The best solution is simply to remove it. | ||||||||||
| Alerts: |
| ||||||||||
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current development kernel is 2.5.64, unchanged from one week ago. Linus has been busy, however; his BitKeeper tree includes more driver model work, the continuing removal of unwanted stuff from devfs, a uClinux update, an x86-64 update, some block layer cleanups (see below), scheduler changes for improved interactive response (see below again), and a number of other fixes.Alan Cox has released 2.5.64-ac3 which adds a new set of IDE updates. "Handle with care."
The current stable kernel is 2.4.20; Marcelo has not released any 2.4.21 prepatches over the last week.
Alan Cox's current 2.4.21 prepatch is 2.4.21-pre5-ac3. Here you'll find an even newer set of IDE changes, along with quite a few other fixes and updates.
Kernel development news
Improving interactivity on Linux systems
The 2.5 kernel features a massively reworked scheduler which, among other things, improves the interactive feel of a desktop system. It goes to great lengths to try to separate interactive tasks from "background" processes, and to give a priority boost to the former. One way that this distinction is made is to look at how much time each process spends sleeping. Processes that sleep a lot are generally waiting for humans to do something, so the kernel tries to ensure that, when they wake up, they get quick access to the processor.This heuristic works well much of the time, but it also fails badly in some situations. Consider, for example, the case of a user dragging a window across the screen. That sort of operation can require a fair amount of computation on the part of the X server. If the system is busy anyway (with a kernel compilation, for example), the X server can end up using all of the processor time that is available to it. When the server stops sleeping, the kernel concludes that it is a compute-bound background task and drops its priority. At that point, the pointer stops keeping up with the mouse, and the desktop experience becomes generally unpleasant.
A classic solution (which predates Linux) for this problem is to raise the priority of the X server. A higher-priority server can make things work better for some users, but it ignores the fact that similar situations can arise with other interactive processes that require a fair amount of processor time. Streaming media applications tend to work this way, for example. Raising the priority of the X server can make things worse for this sort of application. Also, as Linus points out, tweaking priorities in this way is an indication that the system has failed somehow:
A few patches have gone into the 2.5.65 kernel which, by most reports, make things a lot better. One of them, which originally came from Linus, is based on the recognition that, if an interactive process is waiting for another process to do something, that other process should be considered interactive as well. The X server may be using a fair amount of CPU time, but, since interactive processes (i.e. the clients that the user works with) are waiting for it, the X server should still be seen as an interactive process.
The ideal time to make this adjustment might be when an interactive process goes to sleep waiting for an event. Unfortunately, that is hard to do; the kernel has no way to know, in the general case, who will be waking up processes that sleep on a particular queue. On the other hand, when the wakeup actually occurs, the relationship is immediately obvious. So the new scheduler will, at wakeup time, look at the interactivity bonus for the process being awakened. If that process has maxed out its bonus (as processes that sleep a lot will), the "excess" interactivity bonus is given, instead, to the process which is performing the wakeup. Thus, a sleeping mail client gives some of its bonus to the X server, which wakes it up. This patch is said to improve the interactivity of X significantly.
Ingo Molnar has taken Linus's patch and merged it into a larger set of scheduler changes (which, in turn, has gone into 2.5.65). Some of the additional changes that have been made include:
- Various scheduler parameter tweaks. The maximum timeslice given to
any process has been reduced, for example (to 200ms).
- One process can preempt another with the same priority, if the former
has a longer remaining timeslice.
- The first wakeup of a newly-forked child has been made smarter, resulting in less work being redone.
The end result of these changes is a kernel which provides a much more satisfying interactive experience. Note, however, that some causes of X server stalls - in particular, those related to disk I/O scheduling - still have not been resolved. Work is ongoing, however.
(See also: Jim Houston's self-tuning scheduler patch, which takes a different approach to scheduler improvement).
Block device registration and 32-bit dev_t
Long-suffering block driver maintainers will have to cope with a new change in 2.5.65: this patch from Andries Brouwer changes the prototype of register_blkdev(), which is used by block drivers to tell the kernel of their existence. The previous version of this function took a struct block_device_operations pointer, which contains some of the operations provided by the driver. That parameter has not been used for some time (block operations are now directly associated with disks, and are kept in the generic disk structure), so Andries removed it.Not everybody agreed with this change. With all of the work that has been done in the block layer, register_blkdev() does not actually do very much anymore. Its main remaining purpose is to associate a driver name with a major number, so that it shows up in /proc/devices. A block driver can now function nicely without calling register_blkdev() at all. The long-term plan is to remove register_blkdev() altogether. In the mean time, it was asked, why bother changing the prototype of a doomed function? Even so, the change was merged into 2.5.65.
The real purpose of Andries's patch, however, was to get rid of the static blkdevs array used to keep track of block devices in the kernel. blkdevs is about the only static array left in the block subsystem, and thus is one of the remaining impediments to Andries's real goal: the long-awaited expansion of dev_t to 32 bits.
The 32-bit dev_t is one of the final items on the 2.5 "todo" list. It is still considered important by many users: an Oracle engineer mentions 4000-disk systems that "want to go to Linux" but can't, and from IBM we hear about a 5000-drive system with waiting customers. There appears to be little opposition to the adoption of a larger dev_t, even at this late stage. But everybody agrees that it would be best to get this change done sooner rather than later.
The amount of work remaining is said to be relatively small. The block layer, for example, is almost ready for a larger dev_t now. The char device subsystem could take more work - many drivers "know" that device numbers (especially minor numbers) are only eight bits. So a detailed audit of many drivers could be required. This suggestion from Alan Cox could make life a little easier, though. The idea would be to replace the venerable register_chrdev() function with a new register_chr_device() which takes a parameter indicating the largest minor number that the driver can deal with. A change to all char drivers would still be required, but, by defaulting the maximum minor number to 255, these drivers could be made safe without the need for a larger "audit and fix" operation. The few drivers that actually need more minor numbers could be fixed individually.
There are, of course, other issues to deal with before a larger dev_t will be truly stable. Some protocols (i.e. NFSv2) aren't prepared for large device numbers. The interface to user space may well hold a surprise or two. And so on. These are all problems that can be solved, but the process will take time.
(As an aside, Alexander Viro, who has been an active participant in the
block layer and dev_t work, has been absent from kernel
development for a few months. In a recent
message, however, he proclaimed "I'm finally back - hopefully for
good.
" Welcome back, Al).
Klibc and initramfs
Another incomplete 2.5 development item is initramfs - an initial filesystem attached to the kernel image. The plan is to move much of the early boot code into initramfs, so that it can be run in user mode. But there has not been a whole lot of progress in that direction.One part of the process is klibc, a small C library to be used in initramfs applications. A patch exists which adds a working klibc to the 2.5.64 kernel, but Linus is not ready to merge it:
In other words, unless some code which really needs klibc does not show up soon, it may not get merged into 2.5 at all. That would have the effect of pushing the whole initramfs project back into the next development series. There are people working on creating this code, but, as Linus says, it's late in the game.
Smatch update
Smatch is Dan Carpenter's project to create a free version of the Stanford Checker. The project is making progress, and smatch is now capable of finding several classes of bugs in the Linux kernel. Some patches fixing bugs found by smatch have already begun to appear.The database of problems found by smatch is now hosted at kbugs.org. As of 2.5.64, there are just over 1000 potential bugs in the database. Many of them are certainly false alarms, but others will be real. An interesting feature of the kbugs.org site is the ability to "moderate" bugs as being real problems or not. With this capability, interested volunteers can help to sift out the real bugs, even if they don't feel able to contribute patches to fix them.
The smatch project is still in an early stage, but it is already showing great promise as a tool which can help in the creation of a better kernel.
Edge-triggered interfaces are too difficult?
The new epoll interface was covered here back in October, 2002. The epoll system calls offer a significant performance improvement for applications which must frequently poll large numbers of file descriptors. It does so by performing the setup work only once, and then trapping new I/O events as they occur.One aspect of the epoll interface is that it is edge-triggered; it will only return a file descriptor as being available for I/O after a change has happened on that file descriptor. In other words, if you tell epoll to watch a particular socket for readability, and a certain amount of data is already available for that socket, epoll will block anyway. It will only flag that socket as being readable when new data shows up.
Edge-triggered interfaces have their own advantages and disadvantages. One of their disadvantages, as epoll author Davide Libenzi has discovered, would appear to be that many programmers do not understand edge-triggered interfaces.. Additionally, most existing applications are written for level-triggered interfaces (such as poll() and select()) instead. Rather than fight this tide, he has sent out a new patch which switches epoll over to level-triggered behavior. A subsequent patch makes the behavior configurable on a per-file-descriptor basis.
The end result is a more flexible epoll interface that can be more easily used in existing applications. The patch has not been merged as of this writing, but there does not seem to be any reason why it shouldn't be. After all, epoll has not yet appeared in a stable kernel release; now is the best time to be making improvements to the interface.
The BitKeeper to CVS gateway goes live
Larry McVoy has announced the availability of the current BitKeeper kernel repository in CVS format. Things are still stabilizing, but the plan is to have the current 2.4 and 2.5 repositories available in CVS format in near real time. Almost all of the change and commit information will be available, making it easy for people who are unwilling or unable to run BitKeeper to peruse the kernel's revision history and track current developments. Says Larry:
Of course, when dealing with this sort of topic, things are never that easy. People will certainly be happy to have the CVS repository available, but one other aspect of the announcement has made people nervous. It seems that the near-SCCS file format used by BitKeeper is increasingly difficult to work with; now that BitKeeper repositories can be accessed in CVS format, the BitKeeper developers would like to move to a new, proprietary format. And that idea does not fly with all developers; this complaint from Ben Collins has been echoed by a few hackers:
It is clear that, as long as BitKeeper is in use by the kernel development community, some people are going to be unhappy. Nothing short of the complete freeing of the BitKeeper source will satisfy some users, and that does not appear to be in the cards. Fortunately this disagreement, while noisy, hasn't really gotten in the way of continued kernel development.
In fact, it hasn't even gotten in the way of BitKeeper as it improves the kernel development process. Regardless of what one thinks of BitKeeper or its license, the fact remains that kernel development has been working well over the last year; an incredible stream of patches has been merged, and the people involved have stayed sane. As sane as they were before, anyway.
(As an aside, Larry has suggested that the
license clause that forbids (free) BitKeeper use by people working on other
source management systems could be removed in the future "if we feel
we have pulled far enough ahead that everyone else is just playing
catchup
").
Driver porting
Driver Porting: block layer overview
| This article is part of the LWN Porting Drivers to 2.6 series. |
Fully covering the changes that have been made will require a whole series of articles. So we'll start with an overview which highlights the major changes that have been made without getting into any sort of detail. Subsequent articles will fill in the rest.
Note that parts of the block layer remain volatile - this development is not yet complete. We'll keep up with further changes as they happen.
So, what has changed with the block layer?
- A great deal of old cruft is gone. For example, it is no longer
necessary to work
with a whole set of global arrays within block drivers. These arrays
(blk_size, blksize_size, hardsect_size,
read_ahead, etc.) have simply vanished. The kernel still
maintains much of the same information, of course, but the management
of that information is much improved.
- As part of the cruft removal, most of the <linux/blk.h>
macros (DEVICE_NAME, DEVICE_NR, CURRENT,
INIT_REQUEST, etc.) have been removed;
<linux/blk.h> is now empty. Any block driver
which used these macros to implement its request loop will have to be
rewritten. It is still possible to implement a simple request loop
for straightforward devices where performance is not a big issue, but
the mechanisms have changed.
- The io_request_lock is gone; locking is now done on a
per-queue basis.
- Request queues have, in general, gotten more sophisticated. Quite a
bit of work has been done in the area of fancy request scheduling
(though drivers don't generally need to know about that). There is
simple support for tagged command queueing, along with features like
request barriers and queue-time device command generation. Request
queues must be allocated dynamicly in 2.6.
- Buffer heads are no longer used in the block layer; they have been
replaced with the new "bio" structure. The new
representation of block I/O operations is designed for flexibility and
performance; it encourages keeping large operations intact. Simple
drivers can pretend that the bio structure does not exist,
but most performance-oriented drivers - i.e. those that want to
implement clustering and DMA - will need to be changed to work with
bios.
One of the most significant features of the bio structure is that it represents I/O buffers directly with page structures and offsets, not in terms of kernel virtual addresses. By default, I/O buffers can be located in high memory, on the assumption that computers equipped with that much memory will also have reasonably modern I/O controllers. Support operations have been provided for tasks like bio splitting and the creation of DMA scatter/gather maps.
- Sector numbers can now be 64 bits wide, making it possible to support
very large block devices.
- The rudimentary gendisk ("generic disk") structure from 2.4 has been greatly improved in 2.6; generic disks are now used extensively throughout the block layer. Among other things, each generic disk has its own block_device_operations structure; the operations are no longer directly associated with the driver. The most significant change for block driver authors, though, may be the fact that partition handling has been moved up into the block layer, and drivers no longer need know anything about partitions. That is, of course, the way things should always have been.
Subsequent articles will explore the above changes in depth; stay tuned.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions
Distribution News
Debian GNU/Linux
The Debian Weekly News for March 11, 2003 looks at some recent Linux kernel developments, Debian fun stuff from Openstuff.net, and much more.Here is the call for votes for the Debian Project Leader Election 2003.
The Debian release manager is looking for assistants to help with the many tasks that need to be accomplished before sarge can be released.
Join in the third bug squashing party for sarge, March 14 - 16, 2003, and help to correct as many release critical bugs as possible in all those Debian packages.
Gentoo Weekly Newsletter -- Volume 2, Issue 10
Here's the Gentoo Weekly Newsletter for the week of March 10, 2003. This week GWN looks at distcc in a nutshell; and notes that they got a remarkable response to their call for developers.Mandrake Linux Community Newsletter
The Mandrake Linux Community Newsletter for March 7 is out; it looks at the second Mandrake Linux 9.1 release candidate, the business case of the week, and more.Red Hat's new offerings
Here is the press release from Red Hat regarding its new commercial distribution offerings. "Red Hat Enterprise Linux ES" is a cheaper version of the Advanced Server product (now "Red Hat Enterprise Linux AS"); "It is ideally suited for application-, network-, file-, print-, mail-, and Web-serving, as well as for running custom or packaged business applications." Also available is "Red Hat Enterprise Linux WS," which is aimed at engineering workstations - software development, electronic design, etc.
Slackware 9.0-rc2 has been released for testing.
Slackware has released a second candidate for Slackware 9.0. As usual the gory details can be found in the slackware-current change log.SuSE announces 8.2, new partner program
SuSE has announced SuSE Linux 8.2, a strongly desktop-oriented version of the company's distribution. Availability is mid-April.The company has also launched a new partner program, which is aimed at helping others sell SuSE products.
Young project leader hopes to make Linux software installation easier (NewsForge)
Robin Miller interviews Mike Hearn, leader of the Autopackage project in this NewsForge article. "Autopackage is a concept that is in the process of becoming a reality, a little bit at a time, in the traditional Open Source manner. The idea is to come up with a single software packaging/installation system that will work across all major Linux distributions, and resolve dependencies, too, so that neither developers nor users need to worry about distribution compatibility issues." Thanks to Ashwin N
New Distributions
Orange Linux
Orange Linux is a floppy-based Linux distribution that includes a set of tools for making your own distribution, a VGA graphics library, and a small Pong game. Initial version 1.0 was released March 11, 2003.rpm-livelinuxcd
rpm-livelinuxcd is a 120MB RedHat-based distribution that runs completely from CD, fits into around 80MB of RAM and is nearly indistinguishable from a system installed on a hard disk. Features include hardware recognition at boot, samba, dhcpd, name, xinetd, and SSH servers, virtual terminals, PAM, etc. Useful for dedicated servers, routers, emergency systems, cluster nodes and such, it does not contain an X11 Server. Initial version 0.9 was released March 5, 2003.
Minor distribution updates
ALT Linux
ALT Linux has released v2.2 with major feature enhancements. "Changes: This release contains a lot of new packages in addition to largely improved existing base; almost all of them are built with gcc3. The already good server and desktop is now a lot better with a larger degree of audited and secured services and smoother office and multimedia applications out-of-the-box."
Astaro Security Linux
Astaro Security Linux has released v4.001 with major bugfixes. "Changes: This Up2Date fixes bugs in the AntiSpam Feature in the SMTP Relay, the Pfsgroup variable setting in IPSec VPN, an issue in the POP3 Proxy, and a problem with empty IPSec logs, and sets the correct crypto algorithm for the Blowfish IPsec policy. Outgoing emails are no longer checked for spam."
Fd Linux
Fd Linux has released v3.0-0 with major feature enhancements. "Changes: In this version, the kernel was upgraded to 2.4.20 and migrated to iptables. PCMCIA support was added to incorporate PCMCIA network cards and 802.11b wireless adapters, such as Lucent/Orinoco, Cisco, and D-Link cards. There was a complete rewrite of the rc.network automatic network configuration script, and this version moves over to the uClibc library set to save on space, upgrades to the udhcp DHCP client/server binaries, compiles in more commands and functions into BusyBox, provides working add-on packages for usage expansion, has the ability to mount extra portions of RAM to expand file system, and features much more."
LinuxInstall.org
The LinuxInstall.org Project has released v3.0rc1. "Changes: This release includes kernel 2.4.18-26.8.0, security updates, Mozilla 1.2.1, Evolution 1.2.2, a complete set of Red Hat 8.0 manual documents in HTML, Acrobat Reader 5.06 with Mozilla Plugin, Real Player 8.0 with Mozilla Plugin, Flash Player 6.0 r69 with Mozilla Plugin, Microsoft TrueType Core Fonts for Web, XMMS 1.2.7, xine 0.9.18 with libdvdcss, and a dual-boot configuration with NTFS/FAT32 support."
Morphix
Morphix has released v0.3-3 with minor feature enhancements. "Changes: XFree v4.3 added, a number of installer bugs have been fixed, and a translucency lkm mini-module is available for testing."
Trinity Rescue Kit v 1.0 released
The Trinity Rescue Kit has released v1.0. It now has networking capabilities like ssh and samba and supports about every network card, disk controller and USB controller.uClinux
uClinux has released v20030305 with major feature enhancements. "Changes: Lots of new things and lots of fixes. This release has both uClinux 2.4.20 and 2.0.39 kernels, uClibc-0.9.19, glibc-2.2.5. and uC-libc, over 50 board types with default configurations, and about 150 application packages."
Distribution reviews
Red Hat 8 - Invigorate your desktop (iodynamics)
This iodynamics article looks at Red Hat Linux 8.0, with some helpful hints to help you make the most of your Red Hat desktop. "Red Hat's latest Linux distribution is one example of this progress. The distribution comes with hundreds of great open-source applications, but it takes some 'tweaking' to configure Red Hat as a complete desktop OS. While many applications are included, some, for one reason or another, are not. And of those that are included, some need additional configuration to work properly."
Page editor: Rebecca Sobol
Development
Choosing a ternary operator for Python
C and C++ programmers encounter the ternary operator early in their education. This operator, which in C syntax, looks like:
<condition> ? <expression1> : <expression2>
evaluates to expression1 if (and only if) the given condition evaluates true; otherwise expression2 is chosen. The ternary operator is a compact representation of a common operation (choosing between two values), and it is a heavily-used feature in languages which provide it.
Python does not provide a ternary operator, much to the chagrin a subset of hackers who are otherwise very happy with the language. As a way of responding to years of requests, Python Benevolent Dictator For Life Guido van Rossum posted a proposal for a Pythonic ternary operator, and asked the community to get back to him with its opinion. To say that the discussion was active would be a substantial understatement; thousands of messages were posted discussing the merits of ternary operators, whether Python should have one, and what form it should take. The result was a revised version of PEP 308.
That proposal included a few possible forms for a Python ternary operator. The primary proposal was for this form:
(if <cond>: <expr1> else: <expr2>)
This form is easily extended to four or more operands:
(if <cond>: <expr1> elif <cond2>: <expr2> else: <expr3>)
Unusually for Python, the parentheses would be mandatory. For that reason, and the fact that the syntax looks a lot like the regular if/else control structure, not everybody was happy with this proposal. So a number of alternatives were floated as well. They range from the standard C syntax to variants like:
<cond> and <expr1> else <expr2>
<cond> then <expr1> else <expr2>
<expr1> if <cond> else <expr2>
cond(<cond>, <expr1>, <expr2>)
<cond> ?? <expr1> || <expr2>
<cond> -> <expr1> else <expr2>
If this were Perl, the language hackers would have probably just implemented all the possibilities and been done with it. But Python programmers like to have one accepted way of doing things, so a decision had to be made. A vote was held, and the results are now available.
No alternative won a clear majority of the 518 votes counted. The parenthesized syntax from the proposal got the most votes, but the C syntax was not far behind. The "no change" contingent was rather smaller, but very passionate in its arguments. The end result is that vote coordinator Raymond Hettinger has not chosen to certify a winning proposal as such. Instead. he is passing the results back to the Benevolent Dictator who, after all, has a rather larger vote than anybody else. As of this writing, Guido has not made his decision known.
System Applications
Audio Projects
ALSA 0.9.1 released
Version 0.9.1 of the ALSA collection of sound driver, library, utilities, and tools has been released. This is the first stable release in the 0.9 series.JACK 0.61.0 released
Version 0.61.0 of the JACK Audio Connection Kit is available. New features include in-process client support, bug fixes, and improved documentation.liblrdf 0.2.4 announced
Version 0.2.4 of librdf is available. "liblrdf is a library for handling RDF files describing LADSPA plugins, plus it can also do lightweight general RDF tasks." This version adds a pkgconfig file and bug fixes.
Planet CCRMA at home
The Planet CCRMA project provides a collection of RPM packages for turning a Red-Hat based computer into an audio workstation. The latest change are as follows: "Added a preliminary version of a Planet CCRMA roadmap, it should help you identify potentially useful programs. This is just a first version, most probably incomplete, hopefully not very innacurate :-)"
Database Software
SAP DB Version 7.4.03.14
Version 7.4.03.14 of SAP DB is available. See the Release Information for change information.Using Topic Maps to Extend Relational Databases (O'Reilly)
Marc de Graauw shows how to use XML topic maps with databases on O'Reilly. "Relational databases are great for storing structured data which conforms to a well-defined relational database schema. They are not so good at storing information that does not conform to such a schema. Since user requirements inevitably change, this means costly database upgrades."
Education
Linux in Education Report
Issue #91 of the Linux in Education Report is out. Topics include a report from the Lane Community College's Open Source Educational Group, putting a Linux lab into Logan High School, the Demo@Schools project, SkoleLinux, a table of equivalents / replacements / analogs of Windows software in Linux, a discussion on the limits of Open-source Software, setting up a computer lab for OS testing, the Linux in Education Spring Conference, and more.
Electronics
gEDA News
The latest new software from the gEDA project includes Icarus Verilog development snapshot 20030308, and GTKWave 2.0.0pre3-20030304.
Printing
GSview 4.32 beta release
Version 4.32 beta of GSview, a PostScript viewing program, has been announced. Changes include security fixes for compatibility with AFPL Ghostscript 8.00, Catalan, Russian and Slovak language support, and minor bug fixes.LinuxPrinting.org news
The latest news from LinuxPrinting.org includes the addition of a number of HP, Epson, and Minolta printers to the Foomatic printer support database.
Web Site Development
Midgard Components Framework 1.0 released
Version 1.0 of Midgard Components Framework is now available under the GNU LGPL license. "MidCOM provides a framework for creating reusable and configurable components for web applications using the Midgard Content Management Framework."
Quixote 0.6beta3
Version 0.6beta3 of Quixote, a Python-based web development framework, is available. Change information is in the source code.Zope Members News
The most recent headlines on the Zope Members News include: Zope at the CeBIT 2003 in Hannover!, MailBoxer 2.2.2 released, Initial Release of CSVFile Product, CJKSplitter v0.2, TextIndexNG 1.09 released, CMF 1.3.1 Released, CMFCollectorNG 0.20 final released, Update to the ieeditor addon, Silva Windows installer, and Initial release of RSessionDA.Improving mod_perl Sites' Performance: Part 8 (O'Reilly)
Stas Bekman continues his O'Reilly series on mod_perl tweaking with part 8. "In this article we continue talking about how to optimize your site for performance without touching code, buying new hardware or telling casts. A few simple httpd.conf configuration changes can improve the performance tremendously."
Miscellaneous
The Mojolin Project
The first pre-release of the code for the Mojolin Project is available. Mojolin is a web-based system that connects job seekers with potential employers.The 802.11g standard -- IEEE (IBM developerWorks)
L. Victor Marks introduces 802.11g wireless networking on IBM's developerWorks. "The bid continues to improve the 802.11 standard to something that fulfills our wireless transmitting fantasies. Victor Marks shows us how 802.11g has shaped up, and how it's fareing in the race."
Desktop Applications
Audio Applications
ladcca 0.3.1 released
Version 0.3.1 of LADCCA, the Linux Audio Developer's Configuration and Connection API, is available and features a few bug fixes. "LADCCA is a session management system for JACK and ALSA audio applications on GNU/Linux."
swh-plugins 0.3.7 available
Version 0.3.7 of swh-plugins, an audio systhesis package, is available. This edition features changes to the gate code and the addition of a bandlimiting filter.Spiralsynth Modular 0.2.1
Version 0.2.1 of SpiralSynth Modular, "an object orientated music studio with an emphasis on live use", is out. Changes include a new GUI, midi note filtering, new plugin groups, more theming, a matrix pattern sequencer, bug fixes, and more.
ecamegapedal 0.4.1 released
Version 0.4.1 of ecamegapedal, a real-time audio effects processor, has been released. Bugs have been fixed in the build process. See the release notes for more information.RTMix 0.7 released
Version 0.7 of RTMix is available. "RTMix is an open-source (GPL-licensed) software application designed to provide stable, user-friendly, standardized, and efficient performance interface that enables performer(s) to interact with both the computer and each other in the least obtrusive fashion." Many new features and fixes are included in this release.
Desktop Environments
KDE-CVS-Digest for March 7, 2003
The March 7, 2003 edition of the KDE-CVS-Digest is out. Topics are summarized as: "KDevelop gets more templates, Quanta gets better action toolbars and Umbrello gets new code generators. A dummy KDE 3.2 release schedule. More merges from Safari to KHTML."
Workrave 1.2.0 ''Stats'R'Us''
A new version of Workrave, a Gnome-based tool that helps people with Repetitive Strain Injuries (RSI), has been announced. "Workrave now keeps track of all your activity and allows you to browse through any date in history to see for how long you used the computer, how many keys you pressed, the distance your mouse moved, and many other statistical data."
Eel and Nautilus 2.2.2 Released
FootNotes has an announcement for Eel and Nautilus 2.2.2. "Normally we don't anounce nautilus releases to mailing lists. "We won't bother," we say to ourselves, "people will find it eventually." But "eventually" won't cut it with this release."
It is too darned good.
GNOME 2.2 Gains Muscle and Polish (eWeek)
eWeek reviews GNOME 2.2. "The latest upgrade of the GNOME Foundation's desktop environment offers users a spare and approachable graphical interface to Linux and similar operating systems that's matured noticeably since its last release."
GNOME System Tools 0.24.0 is out!
FootNotes announces the latest GNOME Systems Tools release. "A new version of the GNOME System Tools has seen the light!, this is mainly a bugfix release, so no new features have been added."
Interoperability
Samba 3.0alpha22 available
Version 3.0alpha22 of Samba is available. "The latest alpha snapshot of the SAMBA_3_0 cvs tree is available for download. It is being provided for testing purposes." The release notes are available here.
Office Applications
The OpenOffice.org Community Council
The OpenOffice.org project has decided that the time has come to form a "community council" to guide its further development. The council is expected to be made up of nine members representing various parts of the project (and a seat for Sun Microsystems). It will make decisions on strategic planning (where OOo should be going) and resource allocation, represent the project to Sun and the public, and arbitrate disputes within the development community. There will be an online vote, starting March 14, on the council charter; read the announcement if you are interested in participating.AbiWord Weekly News
Issues number 133 and 134 of the AbiWord Weekly News are available. The latest issue is summarized as: "Fixes to the Linux/PPC build comes in from one unknown hacker, while another name, Larin Hennessy, makes quite the noticeable splash. Snapping back to the release outline for AbiWord II: The Wrath of Dom results in a hard feature freeze. Finally, Hub knocks off two more posers on the Release HackDown for 1.0.5"
Kernel Cousin GNUe
Issue #71 of Kernel Cousin GNUe is out with the latest GNU Enterprise development news. Topics include: Release plans and Case-Insensitive Queries, Multi-part delimited Stock-Keeping Units in gnue-sb, GNUe Tools users, Running GNUe Small Business, and GNUe Small Business vs. sql-ledger.LyX Development News
The March 6, 2003 edition of the LyX Development News is out, with news of LyX release 1.3.0 and other development work.
Web Browsers
Galeon 1.3.3 released
Development version 1.3.3 of the lightweight Galeon browser has been announced. "This is the release many of you have been waiting for, it reintroduces the much wanted javascript etc. quick toggles. You're slowly running out of excuses if that has been your reason to stay with the stable 1.2.x releases ;)"
mozillaZine
The latest mozillaZine topics include: Another Round of 1.3 Candidate Builds, Honesty Issues Dog Anonymous Donations Poll, 1.3 Candidate Builds Available for Testing, BBC News Examines Alternative Browsers, Xabyl 1.0 Alpha Released, Preferences Toolbar 2.2 Released, Mitchell Baker on Browser Innovation, Gecko and the Mozilla Project, and Camino 0.7 Released!.
Miscellaneous
GnomeICU 0.99 release
FootNotes has an announcement for version 0.99 of Gnome ICU, an internet chat utility. "After months of hard work we have a new release. The main focus of this release was to get all of the features in place for 1.0. Only one BIG thing is missing: working, stable file transfer. All other ICQ features should be here."
Languages and Tools
Caml
Caml Weekly News
The March 11, 2003 Caml Weekly News looks at Libraries in functional languages, ipv6, and Xcaml 0.0.1.The Caml Light / OCaml Hump
This week, the new software on The Caml Light / OCaml Hump includes: SKS; an OpenPGP keyserver, bibgrep; a bibtex file index and search utility, and CamlG4; a library for Objective Caml for performing SIMD parallel processing on PowerPC G4 processors.
Java
Advanced Text Indexing with Lucene (O'Reilly)
Otis Gospodnetic introduces Lucene on O'Reilly. "Lucene is a free text-indexing and -searching API written in Java. To appreciate indexing techniques described later in this article, you need a basic understanding of Lucene's index structure. As I mentioned in the previous article in this series, a typical Lucene index is stored in a single directory in the filesystem on a hard disk."
Using Hierarchical Data Sets with Aspire and Tomcat (O'Reilly)
Satya Komatineni discusses Hierarchical data sets on O'Reilly. "This article examines the structure of, and a Java API for, Hierarchical Data Sets. Unlike the XML Journal reference two years ago, you will now actually have a piece of executable code to use to start taking advantage of Hierarchical Data Sets."
Lisp
Call for Macsyma code
A call for code has been issued for the Macsyma project. "Maxima is a computer algebra system written in Common Lisp. It is a descendant of DOE Macsyma, whose origins date back to the late 1960s at MIT." Thanks to Paolo Amoroso.
Perl
Apocalypse 6
Larry Wall has posted Apocalypse 6, a look at how Perl 6 will handle subroutines. "Unlike regexes, Perl subroutines don't have a lot of historical cruft to get rid of. In fact, the basic problem with Perl 5's subroutines is that they're not crufty enough, so the cruft leaks out into user-defined code instead, by the Conservation of Cruft Principle. Perl 6 will let you migrate the cruft out of the user-defined code and back into the declarations where it belongs."
This week on Perl 6
The March 3, 2002 edition of This week on Perl 6 is available. Topics include: IMCC calling conventions, A couple of easy questions..., More on optimizing the JIT with IMCC, Parrot 0.0.10 freeze, Dan's plans, PSteve Peters' Patches Prevent Parrot Peeves, and Meanwhile, in perl6-language.March Perl Journal
The March 4, 2003 edition of the Perl Journal has been published. Topics include: "Fractal Images and Music With Perl, Writing Multilingual Sites With mod_perl and Template Toolkit, Perl in High Performance Computing Environments, Something for Nothing by Simon Cozens, Creating Perl Application Distributions by brian d foy, And more, including a review of Graphics Programming in Perl."
PAR 0.65 released; need binary package contributions (use Perl)
Version 0.65 of PAR has been announced. "PAR is a cross between JAR and Perl2exe/PerlApp; this version marks significant improvements like automatic binary installation, POD stripping and 5.6.1 support."
PHP
PHP Weekly Summary
Topics on this week's PHP Weekly Summary include: 64-bit compatibility, namespaces in ZE2, Apache2 and PHP, Extensions with Debian Woody, sqlite extension, and ZE fixes.
Python
Dr. Dobb's Python-URL! for March 10, 2003
The Dr. Dobb's Python-URL is available with weekly news and links for the Python community.The Daily Python-URL
This week's Daily Python-URL article topics include: Slashback: Rocketry, Pythonation, Scoffing, Python in a Nutshell, Create declarative mini-languages, Metaclass programming in Python, Inside the RSS validator, and more.Wrap GObjects in Python (IBM developerWorks)
Ross Burton shows how to access C code from Python. "Learning how to wrap GTK+ C modules for use in Python will enable you to use a C-coded GObject in Python whenever you like, whether or not you're especially proficient in C."
Ruby
The Ruby Garden
New topics on the Ruby Garden include: nil.method_missing (Objective-C behaviour) and propagating comparisons like Python.The Ruby Weekly News
Topics on this week's Ruby Weekly News include: Russian Ruby resource and Ruby Course, Test::Unit::Mock: Mock objects for testing with Test::Unit, PSE as Ruby module and an RAA question, OSCON, and "I'm to give short talk on ruby at work, anybody have material/outlines they can donate".
Scheme
Smalltalk
Squeak 3.4 released
Version 3.4 of Squeak has been released. "Squeak is a personal multimedia environment aimed at end-users of all ages, developers, authors, and teachers. Beneath its graphical user interface, it is powered by a descendant of the Smalltalk-80 language."
XML
Prototyping One-to-many Links with XSLT (O'Reilly)
Bob DuCharme covers linking and XSLT on O'Reilly. "In the ongoing debate about the future of linking, a key topic is the representation of one-to-many links. There are several ways to implement them, mostly by using JavaScript code to create pop-up menus, but the only standard way to represent them is W3C XLink extended links, and these have not caught on."
Miscellaneous
Mono 0.23 Released
Version 0.23 of Mono, an open source implementation of the .NET Development Framework, has been released. "This is only a bug fix release, because we introduced an unfortunate bug in reflection in version 0.22. This should fix compilation for many of you that had problems."
Jext Plugins
There is a new plugins page on the Jext programmer's editor site. A number of plugin extensions to the editor are listed.
Page editor: Forrest Cook
Linux in the news
Recommended Reading
SCO sues Big Blue over Unix, Linux (ZDNet)
Now we get to see where the "SCOSource" program is going: according to this ZDNet article, SCO has filed suit against IBM, claiming that IBM has moved SCO's intellectual property into Linux. "Linux's rapid maturity--for example, growing up to work on large multiprocessor servers--is evidence of the presence of Unix intellectual property, the SCO suit said. 'It is not possible for Linux to rapidly reach Unix performance standards for complete enterprise functionality without the misappropriation of Unix code, methods or concepts to achieve such performance, and coordination by a larger developer, such as IBM,' the suit said."
Developers Back IBM in Unix Suit (Wired)
Here's Wired's take on the SCO vs. IBM suit. "Open-source programmers are rallying behind IBM, and say SCO's lawsuit is "suicidal" and "an insult to open-source programmers.""
SCO vs. IBM
SCO's lawsuit against IBM continues to generate considerable press coverage. Interested LWN readers will have already read our analysis of the suit. For those who want to read more, here are just a few of the articles we've seen in the past couple of days.
Open for Business says SCO
Needs to Go. "... the company seems to have decided the best
course of action is to do the business equivalent of [a] suicidal person
murdering those around him prior to taking his own life and attempt to take
the GNU/Linux community with it as it goes down the tubes.
"
Joe Barr at LinuxWorld finds it funny, but not 'ha-ha'
funny. "Having established early on in the complaint that they
apparently know very little about the history of Unix and free software,
SCO continues by trudging into new areas in which to display just how
tenuous a grasp they have on computing in general.
"
News.com reports: IBM
unfazed by SCO Unix threat. ""We've reviewed our contracts, and
our Unix license is irrevocable and perpetual," Mike Fay, vice president of
communications for IBM's systems group, said in an interview Monday. "We're
completely committed to AIX and will continue to ship it."
"
PCLinuxOnline initiates community boycott of SCO
PCLinuxOnline has responded to the SCO lawsuit against IBM by initiating a community boycott of the company and its products. They have set up several forums to collect evidence to use in the courtroom, and also to discuss possible community responses.KDE & Gnome Usability Engineers Agree on 'Unity' (OSNews)
OSNews brings together KDE and Gnome usability engineers to talk about unifying the Linux desktop. "Some users want infinite number of options and preferences, while others prefer a non-bloated interface where the best options for them is already decided by the system. Now, we all know that there is no such thing as the "Perfect UI", but would it be acceptable to sacrifice certain configurability and... bloat --with the possible outcome of losing some users-- in order to provide a cleaner interface? Do you think such a move would simplify things for the user or do little but rob power from those who know enough to use it?"
Companies
Red Hat: An Appraisal and Outlook (ZDNet)
Here's a Gartner pronouncement on Red Hat's future. "Red Hat holds an enviable position as the leading Linux distributor, with a wide lead over its next competitor. However, market dominance in the Linux and open-source community has a different meaning, because the open-source paradigm operates by different principles than commercial software."
Red Hat revamps premium Linux plan (News.com)
News.com looks at Red Hat's plans for a lower-cost version of the Advanced Server product. "Red Hat is becoming increasingly aggressive with its high-end Advanced Server software plans, but the company wasn't successful in persuading companies to pay $1,500 to $2,500 per year for a subscription to use the Linux version on low-end servers. The new Enterprise Linux ES product costs $349 or $800 per year, depending on support levels..."
Business
How Is the Linux Server Market Shaping Up? (Midrange Server)
MidrangeServer.com looks at the Linux server market. "According to statistics compiled by Gartner's Dataquest research unit, IBM captured 41.6 percent of the $385 million in Linux server sales in the U.S. market alone last year. IBM hasn't seen market share statistics like that in the server market--especially in a new market with lots of aggressive players and on an operating system platform that it does not control--since the 1970s." (Thanks to Martin Rowe)
Linux Adoption
Linux continues to surge in Asia (ZDNet)
Here's a ZDNet article looking at Linux growth in Asia. "In a survey of IT managers in 12 countries in Asia-Pacific (except Japan), Linux is installed on a tiny six percent of servers, computers that organizations that use to run databases or hold data. But in 2003, this figure set to grow 24 per cent, more than double the rate of its closest competitor, Unix, which is expected to grow nine percent."
German Government Agency Rolls Out KGX
KDE.News reports on the roll-out of 50 Linux-based desktop systems by the German government. "The test 50-seat rollout was spear-headed by the Federal Office for Information Security (BSI) in conjunction with several small German IT companies. The thin-client setup reportedly includes KOffice as the office suite."
Legal
Oregon considers Open Source software legislation (Register)
The Register covers a bill introduced in the Oregon State Legislature on March 5 by Rep. Phil Barnhart that will require the state government to consider using open source software when acquiring new software. "Rep. Barnhart says, "I am a long-time lurker on Slashdot, so I have been aware of the [open source] issue for some time. I've been convinced for a long time that Windows is a difficult program -- wasteful and expensive." And, he adds, "The little experience I've had with open source has been very positive.""
Tech plays both sides on DMCA (ZDNet)
This ZDNet article looks at the DMCA and how HP and Intel seem to both revile and support the act. "Last week, Intel and HP's names appeared on a press release circulated by the Business Software Alliance (BSA) opposing crucial changes to section 1201 of the DMCA. Specifically, the BSA lashed out at a bill that would make it legal to bypass copy-protection mechanisms--as long as you're not planning to circulate the resulting file to tens of thousands of your closest friends."
Interviews
Red Hat heading off UnitedLinux (ZDNet)
ZDNet Germany talks with Red Hat chief executive Matthew Szulik about Sun, UnitedLinux and the battle for the desktop. "Our biggest task is educating the marketplace that open-source software is more reliable, more secure and more affordable. The large proprietary OS software companies will struggle with the economics and value of the open-source/Red Hat model. We continue to make significant progress in corporate environments and businesses that want the reliability and value associated with Red Hat products and services in comparison to the expensive proprietary alternatives."
Resources
Buffer Overflow Attacks and Their Countermeasures (Linux Journal)
Here's a security conscious Linux Journal article examining buffer overflows. "Buffer overflow problems always have been associated with security vulnerabilities. In the past, lots of security breaches have occurred due to buffer overflow. This article attempts to explain what buffer overflow is, how it can be exploited and what countermeasures can be taken to avoid it."
Testing SMP Kernel Modules with UML (O'Reillynet)
Here's an article on the O'Reilly Network on how to test kernel modules in a multiprocessing environment - even if you do not have an SMP system. "Fortunately there is now a method of simulating a SMP system with a single CPU Linux system. Fantastically, it requires no financial investment. The tool is Jeff Dike's User Mode Linux (UML)."
The Contenders (LinuxMedNews)
LinuxMedNews has published a list of popular open-source software projects for medicine. "Newcomers to the Free and Open Source Software (FOSS) in medicine scene have commented that it is difficult to discern which FOSS projects are the most advanced. At the risk of upsetting many worthy projects and hard-working people I bring the following short list of what I consider to be The Contenders: a United States centric view of those projects and resources that have achieved or are most likely to achieve a critical mass of users, developers and clinical ability. The criteria includes a Free license, a shipping product that is in actual use in real-world situations."
Reviews
Six/Four: The Internet Under Cover (eWeek)
eWeek runs a beta version of the Six/Four System, new peer-to-peer technology from Hactivismo. "An offshoot of the Cult of the Dead Cow hacker group, Hacktivismo is dedicated to preventing state-sponsored censorship of the Internet. It created the Six/Four System, which is named for the June 4, 1989, date of the Tiananmen Square massacre, to make it possible to access information anywhere on the Internet and put a big hole in things like China's Internet firewall."
What Can Ruby Do for the Enterprise? (NewsFactor)
The E-Commerce Times covers Ruby. "Although Ruby documentation is still in progress, the language offers many benefits that might be reason enough for IT managers to consider using it. Chromatic said that as the new kid on the block, relatively speaking, Ruby has been able to learn from other languages. "It's had the chance to borrow the good features and polish some of the yuckier features. In particular, it's a lot nicer to embed Ruby than it is Perl.""
Miscellaneous
Open source apps attacked (vnunet)
Vnunet looks at recent security vulnerabilities in Sendmail and Snort. "Last week showed how quickly news of vulnerabilities can be exploited to produce software that wreaks havoc on the Net. Within 24 hours of the problems being made public, an easy-to-use exploit program for the Sendmail vulnerability was posted on the Bugtraq mailing list. According to Bugtraq, default installations of Sendmail and Red Hat Linux are not vulnerable to this particular exploit, but firms that have compiled Sendmail for use with Red Hat 7.1, 72 or 7.3 are vulnerable."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
UK Campaign for Digital Rights debunks the digital piracy myth
Here's a press release from the UK Campaign for Digital Rights which examines certain myths that fuel copyright measures such as the European Copyright Directive 2001/29/EC.Python Software Foundation obtains favorable advance ruling from IRS
The Python Software Foundation has been recognized by the IRS (the US office of taxation) as a tax-exempt non-profit foundation (aka 501(c)(3)), and that the IRS has given the PSF a "favorable advance ruling" on the PSF's application for recognition as a public charity.
Commercial announcements
IBM releases Web Services Development Tools
IBM's web services development lab has released its Web Services Software Evaluation Kit. "Get a fresh collection of Web services articles and tutorials on the SEK CDs, and learn about everything from the basics of SOAP, WSDL, and UDDI, to the latest techologies in the Web Services stack such as workflow, security, and attachments."
"Google Hacks" Released by O'Reilly
O'Reilly has released "Google Hacks", "a unique collection of one hundred tips and tools gathered from expert users of Google, as well as developers who are excited about Google's new API."
Mortgage Builder Installs Linux-Based LOS System
Here's a press release about a company called Mac-Clair Mortgage Corporation. It seems Mac-Clair and Mortgage Builder Software, Inc. have installed Mortgage Builder(R) Loan Origination Software (LOS) on Mac-Clair's Linux system.MySQL launches certification program
MySQL AB has announced the launch of its new program for the certification of MySQL managers and developers. The currently available certification levels relate mostly to SQL and database management skills; more advanced levels will be offered in the future."Python in a Nutshell" Released by O'Reilly
O'Reilly has released "Python in a Nutshell" by Alex Martelli. "In the tradition of O'Reilly's "In a Nutshell" series, this book offers Python programmers one place to look when they need help remembering or deciphering the syntax of this open source language and its many modules. This comprehensive reference guide makes it easy to look up all the most frequently needed information--not just about the Python language itself, but also the most frequently used parts of the standard library and the most important third-party extensions."
Resources
ifrOSS License Center
Institut für Rechtsfragen der Freien und Open Source Software (ifrOSS) has published its new license center in English. This is an extesive license list of Free software/Open Source and Open Content licenses.
Upcoming Events
GCC Developer's Summit
The Gnu Compiler Collection (GCC) Developer's Summit will be held on May 25-27, 2003 in Ottawa, Canada. A call for papers has been sent out.KDE Presence at CeBIT 2003
Here's a reminder that CeBIT 2003 starts tomorrow (March 12, 2003), and the KDE team will be there, showcasing current developments scheduled for KDE 3.2 and more.O-STEP: Transitioning an Industry to Open Source Software
Tony Stanco will present O-STEP, the Open Source Threshold Escrow Program, at the Open Standards/Open Source in National and Local eGovernment Programs conference in Washington, D.C. on March 17, 2003.Does your grandma know about OOoCon 2003?
The folks at the OpenOffice.org conference remind you to register for the conference, it will be held in Hamburg, Germany on March 20 and 21, 2003.CfP: AUUG System Administration Symposium
A call for papers has been sent out for the first AUUG System Administration symposium, which will be held on April 9th in Melbourne, Australia.OPIE open mobile Linux goes CeBit
The Open Palmtop Integrated Environment (OPIE) team will be present at the CeBit fair in Hanover, Germany. The event will be held on March 12-19, 2003.Mark-Jason Dominus coming to Belfast (use Perl)
Use Perl mentions that Mark-Jason Dominus will be providing some Perl training and discussion in Belfast, Ireland on March 24 and 28, 2003.AMIA Call for Participation: Open Source Expo
LinuxMedNews has an announcement for the American Medical Informatics Association's open-source Expo. "AMIA is announcing its first ever Open Source Expo for the Fall 2003 conference in Washington, D.C. The expo will occur during the poster session. The call for participation states: '...Suggested items to include in the abstract are brief description of the functionality and scope of the product, the motivation for making the product open source, the development and usage history, how the development was funded, product features, design and implementation details, future directions, and a URL for more information and from where the product may be downloaded...'"
Events: March 13 - May 8, 2003
| Date | Event | Location |
|---|---|---|
| March 13 - 19, 2003 | CeBIT 2003 | (Hannover exhibition center)Hannover, Germany |
| March 13, 2003 | Second Annual Web Services Expo | (iPark Silicon Valley)San Jose, CA |
| March 17 - 19, 2003 | Open Source for National and Local eGovernment Programs in the U.S. and EU | (The Marvin Center Grand Ballroom, George Washington University)Washington, DC |
| March 20 - 21, 2003 | First OpenOffice.org Conference(OOoCon2003) | (University of Hamburg)Hamburg, Germany |
| March 20 - 21, 2003 | Conference PHP 2003 | (École Polytechnique de Montréal)Montreal, Quebec, Canada |
| March 26 - 28, 2003 | PyCon DC 2003 | (George Washington University)Washington DC |
| March 29, 2003 | First Hungarian PHP Conference | Budapest, Hungary |
| March 31 - April 2, 2003 | 2nd USENIX Conference on File and Storage Technologies(FAST '03) | (Cathedral Hill Hotel)San Francisco, CA |
| April 2 - 3, 2003 | The UK Python Conference | (Holiday Inn Oxford)Oxford, England |
| April 5, 2003 | Linux In Education Spring Conference | (Grand Prairie High School)Grand Prairie, Texas |
| April 10 - 12, 2003 | MySQL Users Conference & Expo 2003 | (Doubletree Hotel)San Jose, California |
| April 13 - 17, 2003 | RSA Conference 2003 | (Moscone Center)San Francisco, CA |
| April 14 - 15, 2003 | Samba eXPerience 2003 | (Hotel Freizeit)Göttingen, Germany |
| April 15 - 16, 2003 | LinuxUser & Developer Expo 2003 | Birmingham, UK |
| April 22 - 26, 2003 | Embedded Systems Conference(ESC) | (Moscone Convention Center)San Francisco, CA |
| April 22 - 25, 2003 | The O'Reilly Emerging Technology Conference | (Westin, Santa Clara)Santa Clara, CA |
| April 23 - 25, 2003 | PHPCon East 2003 | (Park Central Hotel)New York, NY |
| April 28 - 30, 2003 | Real World Linux 2003 | (Metro Toronto Convention Centre)Toronto, Canada |
| May 3, 2003 | International Conference on Software Engineering 2003 | Portland, Oregon |
| May 8 - 9, 2003 | International PHP Conference, 2003 | Amsterdam, the Netherlands |
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Miscellaneous
The php|architect Grant Program
The magazine php|architect will be awarding grants for PHP development. "php|architect, the monthly magazine for PHP professionals, it proud to announce the launch of the php|architect Grant Program. Its purpose is to provide financial support for the PHP-related open-source projects that have the potential of bringing the greatest benefit to the PHP community in general." Two $1000.00 grants will be awarded on June 30, 2003.
Page editor: Forrest Cook
Letters to the editor
Irresponsible SCO
| From: | Andy Oram <andyo@oreilly.com> | |
| To: | letters@lwn.net | |
| Subject: | Irresponsible SCO | |
| Date: | Mon, 10 Mar 2003 14:49:56 -0500 (EST) |
I haven't seen much discussion of this in the Linux community, perhaps because the charges are so vague, but I thought something meaningful could be said. Andy ------- http://www.oreillynet.com/pub/wlg/2889 Reference: http://news.com.com/2100-1016-991622.html A lot of brickbats are coming the way of SCO since it launched a lawsuit against IBM on the grounds of trade secrets. What's scandalous is not the choice to resort to a lawsuit--because companies have to defend these sorts of things in court in order to preserve their meaning--but the disregard for the needs of Linux users, developers, vendors, and watchers everywhere. SCO chose a low road indeed, trying to maximize its legal flexibility instead of acting like a member of a community. Linux supporters are worried about this for good reason. The lawsuit inevitably recalls the suit AT&T brought against the Berkeley developers of BSD in the 1980s. Then as now, the issue was that developers had access to UNIX during the time they developed their own code. The AT&T complaint involved copyright rather than trade secrets, but the parallels are unmistakable. Although my memory may deceive me, I believe AT&T never demonstrated that a single line of BSD code originated in UNIX (which officially should be written in all-caps). The lawsuit was resolved after many years, but a lot of people blame the confusing around the suit for the stagnation of BSD and its inability to take off at the crucial moment when people were looking for a free software operating system. (I doubt that suit was the problem, but it did waste time and make a mess of things. AT&T sold its rights to UNIX long ago, apparently recognizing that it was managing every aspect of that valuable technology with the same incompetence that it had conducted the BSD lawsuit. As intellectual property, UNIX bounced around for a while and ended up at SCO. It's probably no coincidence that SCO decides to act the heavy around this period when many observers believe UNIX is dying and that Linux will take over where it stood. But they know very well what problems and bad feelings the BSD lawsuit reached. They know how many people (roughly) depend on Linux day by day. What would a responsible company do to uphold its rights while allowing the world to continue? SCO could have examined Linux code and determined where their purported trade secrets lay. They would then have widely publicized the disputed code. They'd say, "Don't use JFS" (or whatever it happened to be); "we're litigating it." Whatever components were in dispute could quickly be pulled out of the kernel; users could depend on other components for whatever functionality they needed. Of course, SCO's lawyers wouldn't tell them to do this. I'm sure the lawyers want as wide a field to play on as they can get. And it is not they who will be appalled when play is done and they discover the whole field has been turned into a desert. SCO can still overrule its narrow-minded lawyers and take a high road. If they've got a claim, make it clearly. That is what the public deserves. Judging from the scattered news reports I've read, they refused to be specific even in the legal complaint they sent the court. And this hand-waving is a tell-tale sign of weakness. We are all justified in assuming, till we have evidence to the contrary, that SCO's lawsuit will go the way of the evidence the Bush administration waved about excitedly for months concerning aluminum tubes purchased by Iraq, now revealed by weapons inspectors on the ground to bear no relation to weapons of mass destruction. But millions of users around the world are in limbo until we know for sure, and there is no reason for that except malice or hamfistedness on the part of SCO. Andy Oram
In defence of RPM!
| From: | Alex Bennee <alex@bennee.com> | |
| To: | distro@distrowatch.com | |
| Subject: | In defence of RPM! | |
| Date: | 07 Mar 2003 16:00:36 +0000 | |
| Cc: | letters@lwn.net |
Hi, I was reading the distrowatch artcile (Is RPM Doomed? http://www.distrowatch.com/dwres.php?resource=article-rpm) which contained was a long rant against the incompatabilities of binary RPM's across distributions. Although the article did point out a few ways things can be improved I feel as though I must jump in with a little pro-RPM evengelism :-) Firstly a quick question. Why is binary compatibility required? The majority of applications your likely to look at are source based. If the binary RPM exists then there should .src.rpm nearby. In my experience 99% of dependancy problems are solved by simply building the binary RPM yourself. I can't believe your suggesting moving over to a source based distribution because: emerge application saves a few lines over: rpm --rebuild application.src.rpm rpm -ivh ~/rpm/RPMS/applictaion.rpm I'll grant that Gentoo's source based system offers a lot when it comes to large multi-component builds. However if your really that up for the bleeding edge you'll find living on Manrake Cooker (or Debian unstable) costs you less time in the long run than constantly rebuilding common components. In fact I run Mandrake Cooker on my main desktop and I've had very few problems with running a: urpmi.update -a urpmi --auto-select every few days. I can leave the heavy lifting to the Cooker people and concentrate on the apps I'm actually interested in. But arguments about ease of building asside the biggest difference rpm makes to my life is knowing where all the files on my PC come from. Having in the past lived/survived a windows environment where your never quite sure if a DLL is left over detruitus or an essential system component I find the ability to do a: rpm -qf /usr/bin/randomfile a godsend. As a bonus I know if I un-install a package from my system all its files go with it leaving nothing lying around. As I have consistently found with open source tools its easy to get frustrated at percieved inadaquacies at first but if you invest a little time reading the documentation/playing with the app your experience is drastically improved and you'll wonder how you got along without it. Briefly returning to the problems of people who distribute binary only rpm's (of which is concern mainly to the commercial software people) there is a solution. Build your binary RPM's for the big 3 (RedHat, Mandrake, UnitedLinux) and build a forth statically linked RPM for the rest. Regards, -- Alex, homepage: http://www.bennee.com/~alex/ Everyone is a genius. It's just that some people are too stupid to realize it.
Page editor: Jonathan Corbet