LWN.net Weekly Edition for May 22, 2003
GNU and Ghostscript part ways
The recently announced GNU Ghostscript 7.07 release will be the last. GNU Ghostscript - a free PostScript and PDF interpreter which lurks at the core of free print systems worldwide - is the result of several years worth of cooperation between its developers and the Free Software Foundation. Disagreements over the best way to create free software have brought an end to that cooperation - and to GNU Ghostscript. Fortunately, users of GPL-licensed Ghostscript should see little, if any, change.Many companies have tried innovative licensing schemes as a way of creating free software while making enough money to pay their programmers. Ghostscript works with a variant of the "escrow" approach. New Ghostscript developments are released under the Aladdin Free Public License (AFPL), which is not a free license. It gives users the right to use, modify, and distribute copies of AFPL Ghostscript - with an important restriction:
In other words, the Ghostscript copyright holder (artofcode LLC) reserves the right to make money from the distribution of Ghostscript. If you want to distribute AFPL Ghostscript as part of a commercial product (i.e. inside a printer), you must come to an agreement with Artifex Software, which handles these deals.
After one year has passed, however, the AFPL-licensed code is re-released under the GPL as (until now) GNU Ghostscript. Of course, by that time a new batch of code will be just beginning its time under the AFPL. The end result is the the GPL version is always a bit old. It is, however, clearly good enough for most users; most Ghostscript users probably never bother to download and install the AFPL version, even though they have the right to do so.
According to the Free Software Foundation's Bradley Kuhn, the FSF, while accepting the GNU Ghostscript releases, has never been entirely comfortable with the method by which they are produced. There is, he says, "nothing important enough to be worth sacrificing freedom for." So the non-free Ghostscript releases have always gone against FSF principles - even if, in the end, it results in a much improved free Ghostscript. (The FSF also is not convinced that the Ghostscript model results in improved free releases; Mr. Kuhn cites the MySQL approach as, perhaps, a better way of doing things).
The difference in viewpoints between the FSF and the Ghostscript team have resulted in two issues which have, at this point, brought about the end of the GNU Ghostscript releases. The first is the FSF's insistence that nothing in GNU Ghostscript can even mention that AFPL Ghostscript exists. This is not a new situation - see this note from Richard Stallman in response to the GNU Ghostscript 5.10 release announcement back in 1998. That announcement mentioned AFPL Ghostscript 5.50, which was set to become GNU Ghostscript 5.50 several months later; this mention violated the FSF's rules on information control and had to be corrected. More recently, Mr. Stallman told the Ghostscript developers that there were "major and pervasive problems" with the GNU Ghostscript release.
The Ghostscript team did comply with the FSF's wishes, and changed the copyright notices for the 7.07 release.
The other issue has to do with bug tracking systems. The Ghostscript team wants to use a single, unified bug tracker for both versions of the code. Among other things, a common bug database makes it easy to determine whether bugs reported in GNU Ghostscript have been fixed in the AFPL version; in such cases, according to Ghostscript maintainer Raph Levien, the bug fixes are always backported to the GNU version. The FSF was unwilling to agree to a single bug tracking system, however. They would like to see a real development community form around the GPL version of the code and a bug tracking system which includes the AFPL version, in their opinion, works against that goal. The Ghostscript team, unwilling to deal with the hassles of maintaining two separate bug tracking systems, decided to cease making GNU Ghostscript releases.
Ghostscript users may not notice the difference, however.
Given that each side continues to express great respect for the other and
the two remain on friendly terms, there is a real possibility that things
could yet be worked out in the future. In the mean time, as Mr. Levien
told us: "...while we are discontinuing the GNU affiliation, our
commitment to GPL releases of Ghostscript is as strong as ever.
"
GNU Ghostscript will, in the future, bear a name like "GPL Ghostscript,"
and it will not be considered as part of the body of GNU code. But the
GPL-licensed Ghostscript releases - a valuable gift of high-quality code -
will continue.
D.H. Brown Linux Summary
[This article was contributed by Joe 'Zonker' Brockmeier]
What a difference two years makes. D.H. Brown recently released its 2003 Linux Function Review and finds that Linux has improved dramatically since 2001 — though still lagging behind commercial Unix. The executive summary of the report is available to non-subscribers, though you have to provide some contact information in exchange.
In the 2001 report, D.H. Brown compared SuSE 7.2, Red Hat 7.1, Caldera OpenLinux 3.1, TurboLinux Server 6.5 and Debian GNU/Linux 2.2r3 against commercial Unix. In the 2003 review, the race is pared down to three Linux contenders: Red Hat Advanced Server 2.1 (RHAS), SuSE Linux Enterprise Server 8 (SLES) and Debian GNU/Linux 3.0.
The D.H. Brown Function Review is based on "functional capabilities as of January 1, 2003" in five areas: Scalability; reliability, availability and serviceability (RAS); system management; Internet and Web application services; and directory and security services. Note that the report looks at Linux only as an enterprise system, not in terms of desktop functionality.
According to the report, there are 167 items total that have been reviewed by D.H. Brown — the same criteria used by the company to analyze Unix systems. These are rated according to what is offered by each vendor, so add-on packages from third parties don't count. This puts Linux at a slight disadvantage when rating results, since some technologies may be available for Linux from vendors like IBM, HP or SGI, but not provided directly by Red Hat or SuSE.
As with the 2001 report, SuSE comes out ahead of Red Hat, particularly in terms of systems management. SuSE ranked "Very Good" in systems management thanks to YaST2 and advanced support for LVM but falls behind RHAS and Debian because it is not suited for managing multiple systems from the same interface. Red Hat scores points for enabling multiple system management with its Red Hat Network. In all categories SuSE either tied with or surpassed RHAS, with Debian taking third place or tying for second place with RHAS.
Linux fared poorly in the review in the RAS category, with all three distributions scoring below "Unix minimum" with a rating of "OK" -- Debian GNU/Linux was significantly behind SLES and RHAS, which were tied. In particular, Linux was dinged for not having the same kind of failure recovery features available with high-end RISC Unix systems. For example, none of the distributions reviewed included processor failure recovery or software-based support for advanced memory redundancy.
Linux really excels in terms of support for networking protocols, even pulling ahead of some commercial Unix systems. It's interesting to note that a careful reading of the report shows Linux to be handily matching or pulling ahead of SCO UnixWare in many areas. SLES even pulls ahead of the strongest Unix vendor in terms of protocol support, though it's unclear how relevant some of the protocols are to real-world use. For example, both Debian and SuSE have support for IPSec over IPv6, something which isn't exactly in widespread usage.
Another thing that is interesting to note is that Linux is shooting for a moving target in trying to catch up with commercial Unix. If commercial Unix systems had not evolved significantly between 2001 and 2003, Linux would have caught up or surpassed most commercial systems in D.H. Brown's ratings. The report gives bar graphs showing the 2001 in grey and the 2003 score in green. In almost every case, Linux is scoring ahead of the top Unix score from 2001. One also wonders whether commercial Unix distributions would have advanced so quickly in two years without Linux nipping at its heels.
It's disappointing that D.H. Brown did not compare Linux to Windows Server 2003, particularly since they recently released a report that looks at the advancements made with Windows 2003 Server: Windows Server Platform Reaches Maturity. In that report, Windows 2003 server is mostly examined only in the context of previous Microsoft offerings.
In all, the report does a good job pointing out some of the areas where Linux could still use improvement or benefit from additional features while noting that Linux has come a long way in a short time. It seems, at least to this Linux user, as a fair evaluation of Linux's place in the enterprise market. In fact, the report could serve as a useful roadmap for SuSE and Red Hat when planning new features and improvments to their enterprise offerings. It will be interesting to see how well Linux fares in two years.
Fun with SCO
This week's most amusing development in the SCO case is the announcement that Microsoft, that great purveyor of Unix products, has agreed to buy a Unix license from SCO. The amount of money involved has not been disclosed, but there are reports that Microsoft is paying between $10 and $20 million. It is surely coincidental that SCO predicted that licensing revenue would be $10 million this quarter. That is, incidentally, almost half the revenue that the company was expecting over the quarter.There has been no end of speculation regarding Microsoft's motivation for funneling that much money into SCO. It all remains just that, however: speculation. We may find out what is really going on eventually, but it will take a while.
The community's attitude toward SCO and its lawsuit remains scornful (at least). It is a matter of faith that SCO's claims are without merit. That faith will probably prove to be justified, but one might wonder about what might happen if SCO turns out to have a point. LWN's standalone article on the topic (reprinted below) was criticized by some as obvious and/or naive, but the question, we believe, deserves a bit more thought than it is receiving. Even if SCO's case turns out to be no more than the hollow, baseless slander that it appears to be, the free software community remains vulnerable to injections of proprietary code.
...and if SCO is right...?
As a general rule, the reaction to SCO's lawsuit against IBM has been one of derision and disbelief. It is generally assumed that SCO does not have a legal leg to stand on. SCO's tactics (ever-expanding FUD while refusing to point out the allegedly infringing code) have certainly served to reinforce that perception. But it is worth taking a moment to consider what could happen if SCO turns out to be right. Forewarned, as they say, is forearmed.The Linux kernel (which is the subject of at least some of SCO's claims) is, as a whole, clearly an independent development. The development history is sufficiently public to make that clear. But it is worth considering a few things:
- The source to various proprietary Unix systems tends to be more
widespread than many people think. Numerous companies have source
licenses, and, despite careful procedures, copies can leak out.
- There is considerable reputation value in making contributions
to the Linux kernel. Perhaps more than any other free software
project, the kernel is surrounded by developers who would like to get
their names into the changelog, even if that means submitting spelling
fixes.
- Some people are lazy or unable to program at the level required for kernel development (or both). Some of those people may have access to some flavor or other of proprietary Unix. And some of them might just be sufficiently dishonest to present somebody else's code as their own.
It is also worth bearing in mind that there is no process for checking the pedigree of code submitted to the Linux kernel. Kernel developers (like other free software developers) have more than sufficient integrity to keep them from stealing code, and the process relies upon that fact. If a developer can convince Linus or another major kernel hacker that a patch makes sense, in it goes. Some kernel code is heavily reviewed, but there are vast amounts of code that may not have ever had a serious look by anybody other than its author.
Beyond all that, of course, is the unpleasant scenario of tainted code being deliberately submitted to the kernel with the express intent of creating legal problems.
The end result is that there might be code of dubious parentage in the kernel. Such code is probably small, and not in the kernel core. But the existence, say, of a purloined device driver somewhere in the kernel would not be entirely surprising. The kernel community might just wake up one morning to find that there are plagiarists in its midst.
What happens then? Obviously, a code purge would be called for. Unless SCO explicitly puts any offending code under the GPL (which it might have to do to preserve its own right to distribute the kernel), any infringing code must be pulled from the kernel. That code could be excised even if SCO does release it; its presence would certainly be galling to a number of people. A big "purge and rewrite" operation could, among other things, delay the release of the 2.6 kernel.
Future code contributions would receive a higher degree of scrutiny - this may well happen regardless of how the SCO suit turns out. Even if it has not yet happened here, free software projects are vulnerable to injections of tainted code. Developers may have to be prepared to explain how they came up with a particular patch. It is hard to imagine the kernel adopting a bureaucratic mechanism where develpers must sign code releases with warranties and indemnification agreements, but it could happen. Adding that kind of friction to the system can only serve to slow down development, of course.
Most frightening, perhaps, is what happens if the kernel development community discovers that one or more of its members has been polluting the well with unfree code. The resultant shattering of trust could impair that community's ability to work together for a long time. In the worst case, if important developers are implicated in dishonest activities, a major fork of kernel development is not out of the question.
A successful suit would also make waves in the business world, of course. In the worst case, companies could move away from free software out of fear of lawsuits; this scenario seems unlikely, however. But companies could hold back on code releases or contributions to free software projects out of fear of being accused of illegal copying. A general chilling effect which slows adoption of Linux is a real possibility.
Happily, the most likely outcome is that SCO and its lawsuit go down in flames. They have picked on, perhaps, the most transparently developed piece of code in history by way of a huge company with seriously scary lawyers, deep pockets, and the will to defend itself. But the worst-case scenario is worth keeping mind for this simple reason: even if the Linux community doesn't get burned this time, it could happen in the future. We need to pay a great deal of attention to where our code comes from.
Security
Brief items
The networking hash vulnerability
Most Linux kernels have a slightly different sort of vulnerability in the networking subsystem. For most users, the new problem is nothing to be particularly worried about. For systems that export important services to the net (i.e. web servers), however, this one is worth paying attention to.The networking code maintains a number of internal hash tables to speed lookups. In the networking code, for example, one table is used to quickly find the route to a remote system; another is used in the netfilter connection tracking code. The problem is that the hashing function used for these tables is predictable and can be influenced by outsiders. In particular, a suitably clever attacker can, through careful choices of (false) source packet addresses, create a great many entries in a single hash chain.
Once the chain gets long, the kernel will begin to take a long time to look up each packet which hashes to that chain. This behavior enables a simple denial of service attack: send a bunch of packets with the right addresses and watch the target system slow to a crawl. By exploiting this vulnerability, an attacker can get many of the effects of a large, distributed denial of service attack without having to arrange the "distributed" part - a single system will do.
Fixing the problem is a simple matter of picking a better hash function which does not have such predictable behavior. Patches are available for the 2.4 kernel, though, as of this writing, few vendors have released updates; this LWN vulnerability entry will track the updates as they are received. The 2.4.21-rc2 and 2.5.69 kernels also contain the fix - but nobody should be running important services on either of those.
May CRYPTO-GRAM newsletter
Bruce Schneier's CRYPTO-GRAM newsletter for May is out; it looks at encryption and wiretapping, using unique email addresses for spam avoidance, and cash register receipts. "This wiretapping report provides hard evidence that a closed security design methodology -- the 'trust us because we know these things' way of building security products -- doesn't work. The U.S. government hasn't encountered a telephone encryption product that they couldn't easily break."
Oops
Two weeks ago, this page reported that OpenBSD does not yet have executable stack protection on the x86 architecture. That statement, as it turns out, aligns poorly with reality. OpenBSD has had non-executable stacks since 3.2; what it does not (yet) have is protection for the other data areas - that is the protection offered by the "W^X" technology in OpenBSD 3.3, but which will not be available for x86 until the 3.4 release. We blew it, and we regret the error.
New vulnerabilities
cdrecord: format string vulnerability
| Package(s): | cdrecord | CVE #(s): | CAN-2003-0289 | ||||||||||||
| Created: | May 16, 2003 | Updated: | May 21, 2003 | ||||||||||||
| Description: | A format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the "dev" parameter. | ||||||||||||||
| Alerts: |
| ||||||||||||||
gnupg: key validation
| Package(s): | gnupg | CVE #(s): | CAN-2003-0255 | ||||||||||||||||||||||||||||||||||||
| Created: | May 16, 2003 | Updated: | November 18, 2003 | ||||||||||||||||||||||||||||||||||||
| Description: | A key validation bug was discovered in the GNU Privacy Guard (GPG) which would cause keys with more then one user ID to trust all user ID's with the amount of trust given to the most-valid user ID. | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
lv: privilege escalation
| Package(s): | lv | CVE #(s): | CAN-2003-0188 | ||||||||||||||||
| Created: | May 16, 2003 | Updated: | June 4, 2003 | ||||||||||||||||
| Description: | Leonard Stiles discovered that lv, a multilingual file viewer, would read options from a configuration file in the current directory. Because such a file could be placed there by a malicious user, and lv configuration options can be used to execute commands, this represented a security vulnerability. An attacker could gain the privileges of the user invoking lv, including root. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
sendmail: insecure temporary files
| Package(s): | sendmail | CVE #(s): | |||||
| Created: | May 16, 2003 | Updated: | May 20, 2003 | ||||
| Description: | Paul Szabo discovered bugs in three scripts included in the sendmail package where temporary files were created insecurely (expn, checksendmail and doublebounce.pl). These bugs could allow an attacker to gain the privileges of a user invoking the script (including root). | ||||||
| Alerts: |
| ||||||
Resources
Security Flaw Shows Microsoft Passport Identities Can't Be Trusted (ZDNet)
ZDNet is running a Gartner pronouncement on the security of online identity services in the light of the Passport vulnerability. "This discovery deals a major blow to Microsoft and the Liberty Alliance, which have not yet succeeded in getting the consumer e-commerce market to accept identity services of this type. Gartner surveys have shown that consumers and enterprises have already seen more risk than value in Passport and Liberty."
LinuxSecurity.com newsletters
New issues of the Linux Advisory Watch and Linux Security Week newsletters from LinuxSecurity.com are available.
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current development kernel remains 2.5.69; there have been no development kernel releases since May 4.Patches continue to accumulate in Linus's BitKeeper repository, however; it now contains some NFS fixes, sysfs support for network devices, an XFS update, some scheduler fixes, a change to the request_module() prototype, some framebuffer fixes, more annotations of user-space pointers and makefile support for Linus's (still unreleased) kernel source analyzer, 48-bit IDE addressing support, a (hopefully) working IDE tagged command queueing implementation, the BIO "walking" API, more devfs cleanups (devfs_register() is gone), the USB "gadget" subsystem, a wireless networking update (and quite a bit of networking work in general), dynamic block I/O request allocation, a fair amount of SCSI cleanup work, a generic x86 subarchitecture, a number of TTY layer cleanups, a USB update, an IA-64 update, and a vast number of other fixes -- some 700 changesets in all.
The current stable kernel is 2.4.20; no 2.4.21 prepatches have been released since 2.4.21-rc2 on May 8.
Kernel development news
The second "must fix" IRC session
The second IRC discussion on the 2.6 "must fix" list was held on May 21. The full transcript is available for those who are interested. Below is a quick summary of some of the high points.- Power management. Patrick Mochel is in a debugging stage;
in any case, power management changes could go in after 2.6.0.
- Frame buffer restore after suspending, lots of pending issues, especially
on 3d systems. "It's gonna be hell and will take time." Not
necessarily a show stopper for 2.6.0.
- IDE suspend/resume: patches exist which put suspend and
resume operations on request queues so they are properly serialized
with other activity.
- I/O scheduler selection; some way of choosing between I/O
schedulers is needed before the new schedulers can be merged. The
anticipatory scheduler still has enough problems on some loads that it
cannot go in otherwise.
- qlogic drivers: several exist, none really work. Consensus
seems to be that the "feral" driver is the one to go forward with.
- Crypto loopback driver, would be nice for 2.6, but nobody
seems to be working on it.
- ext3 big kernel lock removal: Patches exist, but some "deep
surgery" is required to make it all work. There are concerns that
none of the Linux journaling filesystems perform all that well on SMP
systems.
- ext2 and ext3 block allocations: the filesystems can allocate
blocks poorly. Not necessarily a 2.6.0 issue.
- IRQ balancing, mostly a question of whether the user space
tools should be bundled with the kernel. What's really needed,
perhaps, is a better distribution mechanism for user-space kernel
tools.
- klibc: was awaiting users before it could be merged into 2.5,
but those users have not yet materialized. Alexander Viro has things
that would use it, so this work may move forward before 2.6.
- kexec (booting one kernel directly from another): is working,
but "seems intrusive and late." It's very useful for some users,
though.
- Object-based reverse mapping VM: it still has issues with
highly-shared pages and nonlinear mappings. The latter problem has
been solved. Some think that, if objrmap is merged at all, it should
be marked experimental.
- Networking: Andrew says "net/ is boring, it just works all the
time."
- Early console/printk and a general API for reporting errors to
user space. This stuff looks too late and slow to get in this time
around.
- Kbuild: a better way of building external modules, and allowing
separate source and object directories. "Both sound important."
Conclusion was that it will happen, but it could be after 2.6.0.
- Firmware loading: Greg KH pointed out the driver model firmware
interface currently in patch form (see this
LWN article). Should be merged soon.
- ACPI: still has problems, but work is proceeding.
- Asynchronous I/O: I/O to files still is not truly asynchronous. Patches exist, but are "late, a bit intrusive, a bit messy." People think they are important, however; work will be done to clean them up.
No further discussions have been scheduled at this time.
Kernel policy issues: compatibility and configuration
When the kernel is deep into a feature freeze and there are not a whole lot of new developments to worry about, it must be time for some policy debates. A couple of issues that have come up over the last week or so - both involving the FUTEX subsystem - cast an interesting light on how policy issues are made, and how the kernel project interacts with its user community.A "FUTEX" is, of course, a fast user-space mutual exclusion primitive. FUTEXes are similar to SYSV semaphores in terms of the functionality they provide, though no attempt has been made to be compatible with the SYSV semaphore interface. A FUTEX is also fast: if there is no contention for a particular lock (which should be the case most of the time) there is no need to go into the kernel at all. An actual system call is only made when a process must wait. FUTEXes are used by the blindingly fast 2.5 threading implementation; other applications will certainly be found for them as they become more widely available.
Ingo Molnar recently sent out a series of patches to the FUTEX subsystem; one of them adds a new "requeueing" feature. This feature addresses a performance problem in glibc resulting from a double-lock implementation there; with requeueing, a process which waits on a condition variable can be automatically requeued on a different lock when the condition becomes true. Requeueing avoids the "thundering herd" problem (when many processes are awakened only to contend with each other and go back to sleep) which otherwise results in this situation.
The patch drew complaints about how the new feature is implemented. The FUTEX subsystem provides a single system call (futex()) with a command argument. All FUTEX operations are multiplexed through this single call. This style of system call has been deprecated within the kernel for a while now; it is difficult to get a handle on what multiplexor calls are really doing. So it was suggested that, rather than adding yet another command to futex(), Ingo should really tear out the old system call and create a set of new, single-function calls.
Ingo did, in fact, send out a patch implementing the futex_wait(), futex_wake(), and futex_requeue() system calls. But he left the old futex() call in as well. And that is the core of the real disagreement: certain developers feel that, since no stable kernel was ever released with the old system call, it should be simply removed before 2.6.0.
The problem, of course, is that stable kernels have been released with that system call. In particular, Red Hat Linux 9 contains a version of the 2.4.20 kernel with Native PThread Library and FUTEX support patched in. Removing the futex() system call would break glibc on those systems. So the question becomes: should a feature which has, officially, only been present in development kernels be removed, thus breaking a widely-deployed distribution? Or does a certain amount of compatibility cruft have to remain in the 2.6.0 kernel in order to avoid that breakage?
In this case, the issue has been resolved by a decree from Linus: compatibility will be preserved.
In a separate posting, Linus states:
"...the goodness of an operating system is not in how pretty it is,
but in how well it supports the user.
" And that attitude, of
course, has a lot to do with why Linux is as successful as it is.
The other FUTEX-related issue has to do with configuration options. Christopher Hoover recently submitted this patch which makes the FUTEX subsystem optional; those who don't want FUTEXes would be able to configure them out of the kernel entirely. Linus, however, doesn't like the idea:
Similar issues have come up, for example, with regard to making the epoll() system call or parts of sysfs optional. Increasingly, there is an interest in defining a minimal functionality that all Linux kernels will have. Without that, it can be hard to get developers to use some of the advanced features offered by the kernel.
On the other hand, developers creating kernels for embedded systems often want to jettison everything that is not absolutely needed. These people, of course, argue for the ability to configure every feature in the kernel. And, as Alan Cox pointed out, making features configurable forces developers to make the implementation of those features properly modular.
The likely resolution is that configuration options will be provided for "core" features, but they will be hard to find. Such options may be buried under a menu titled "remove core functions for embedded systems," or hidden from the higher-level configuration interfaces altogether (requiring the use of a text editor on the .config file to change them). Different users have very different needs, and the Linux kernel tries to address as many of those needs as it can.
A general method for firmware loading
While most computer peripherals work right "out of the box," some will not function properly until the host system has downloaded a blob of binary firmware. Often as not, this firmware is proprietary software. In the past, a number of drivers have gone into the kernel with proprietary firmware bundled in. In the eyes of many, all devices have proprietary firmware in them; there is little reason to be upset if, in some cases, that firmware arrives via the kernel. But others (notably, the Debian project) object to linking any sort of non-free software into their kernel.The end result is that the recommended way of dealing with devices needing firmware downloads is to have a user-space process handle it. That way, no non-free software need be linked into the kernel; as a side benefit, it also gets easier to upgrade that firmware. The downloads have typically been handled by way of a device-specific ioctl() call; each driver includes its own, slightly different implementation.
In 2.5, the device model provides a framework which can be used to clean up the handling of firmware downloads. All that was missing was an actual implementation. Manuel Estrada Sainz has filled that gap, however, with a patch adding an interface for firmware loads.
In the new scheme, a device driver needing firmware for a particular device makes a call to:
int request_firmware(struct firmware **fw, const char *name,
struct device *device);
Here, name is the name of the relevant device, and device is its device model entry. This call will create a directory with the given name under /sys/class/firmware and populate it with two files called loading and data. A hotplug event is then generated which, presumably, will inspire user space to find some firmware to feed the device.
The resulting user-space process starts by setting the loading sysfs attribute to a value of one. The actual firmware can then be written to the data file; when the process is complete, the loading file should be set back to zero. At that point, request_firmware() will return to the driver with fw pointing to the actual firmware data. The user-space process can chose to abort the firmware load by writing -1 to the loading attribute.
When the driver has loaded the firmware into its device, it should free up the associated memory with:
void release_firmware(struct firmware *fw);
There has been talk of maintaining firmware within the kernel so that subsequent requests can be satisfied without going back to user space. No such mechanism has been implemented at this point, however. For situations where it is not possible to wait for user space to react, there is a request_firmware_nowait() function which will call back into the driver when the firmware is available.
As of this writing, the new firmware code has not yet been merged into the mainline kernel. Changes to the interface would not be surprising, but it seems likely that 2.6 will have a generic firmware support interface that is not vastly different from what is described here.
Driver porting
Driver porting series changes
As was noted last week, the driver porting series is approach completion and new articles will be relatively rare from now on. The series is being maintained, however. Some changes this week include:
- The miscellaneous changes article has
been updated to cover the new request_module() prototype.
- The BIO structure now reflects the
addition of bvec_kmap_irq().
- Request queues I has a brief description of the new "BIO walking" functions.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Device drivers
Documentation
Filesystems and block I/O
Networking
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
Caldera/SCO Linux: Obituary
[This article was contributed by Ladislav Bodnar]
Four years ago, Caldera produced one of the best Linux distributions of all times, gained a respectable market share and established vast international presence. Last week, the company suspended its Linux-related activities. What went wrong?
Caldera, Inc. was established in 1994 by two former Novell employees Ransom Love and Bryan Sparks. Much of the funding came from Ray Noorda, Novell's former President and CEO and his Canopy Group Investment Company, which he founded in 1995. In February 1996, Caldera released its first Linux product under the name of Caldera Network Desktop 1.0. New releases followed at regular intervals, but it wasn't until Caldera OpenLinux 2.3 in August 1999 that the company made a substantial impact on the Linux market by introducing Lizard. Caldera's Lizard was the first graphical installer ever deployed by a Linux distribution.
The OpenLinux
2.3 and especially OpenLinux
eDesktop 2.4 releases were well received by Linux fans. "Caldera
users truly loved Caldera. The Caldera community was strong, close, and
laid-back. The Caldera user mailing list was a true delight.
" wrote
Dennis Powell nostalgically in a recent commentary
at Linux and Main. Caldera's KDE-centric products with no GTK/Gnome
libraries were remarkably stable and bug-free, a fact that produced an
unusually high percentage of entertaining, off-topic discussions on the
mailing lists. In the following months, Caldera expanded its presence
to 82 countries, introduced Linux training courses and tirelessly
attended all major Linux shows and exhibitions around the world. It all
seemed like a huge success story.
Behind the scenes, however, things did not look nearly as rosy. Sales of boxed products were slow, which prompted the company to withdraw from the retail market in 2001. But the biggest shock came in June of that year when Caldera announced an unprecedented decision to introduce per-seat licensing for their upcoming OpenLinux Workstation and Server 3.1.
There was a loud stir on the Caldera mailing list. Even louder was
the heated exchange of
words between GNU's Richard Stallman, who called Caldera "a
parasitic company
" and Ransom Love, who claimed that "the open
source movement has no clue about marketing
". Despite the
wide-spread criticism, Caldera pressed ahead with the new license,
although, in what looked like a sudden change of mind, it quietly released
the distribution as a free download for non-commercial purposes.
Nevertheless, the damage was done.
The company made the headlines twice in 2002. In May, Caldera was behind the initiative to launch United Linux, a consortium of four companies (the other three were SuSE, Turbolinux and Conectiva) to create an enterprise class distribution, while sharing a unified code base and pooling some of their resources. Despite repeated claims that the consortium is not anti-Red Hat, many analysts felt otherwise.
The final version of United Linux 1.0 was released in November 2002.
By that time, there was no more Caldera as the company renamed itself
to 'The SCO Group'. "Caldera to change its name to SCO, reemphasizing
its dedication to Linux, and capturing brand recognition of the SCO
name
", proudly proclaimed the press
release. Thus, Caldera's last Linux product became known as SCO Linux
4.0 powered by UnitedLinux. It carried a per seat license and it
was only available from SCO's online store for between $600 and $2,200
depending on support requirements (the $600 edition came with no
support whatsoever). We don't know how many boxes SCO sold, but one
thing is for certain - SCO Linux made very little dent in Red Hat's
market dominance.
Richard Stallman made himself heard
once again: "Licensing per seat perverts the GNU/Linux system into
something that respects your freedom as much as Windows.
" The
Caldera/SCO mailing list became the prime example of the general
disillusionment with the company practices. The once popular and lively
discussion forum degenerated into angry exchanges, accusations and
demands for clear statements about the company's future plans. As these
were not forthcoming, many left the list with a widely varying degree
of civilized behavior.
But of course, all the controversial decisions the company made in
the past were nothing compared to the current onslaught against Linux.
"Linux is an unauthorized derivative of UNIX and legal liability that
may arise from the Linux development process may also rest with the end
user.
" "For the reasons explained above,
" continues
the letter
sent to SCO customers on May 14, 2003, "we have announced the
suspension of our own Linux-related activities
". The intentions were
made very clear -- or where they? Back to the SCO mailing list and another
quote from a message by a SCO support representative on the very next day
(please note that at the time of writing, SCO's online mailing
list archives have yet to be updated to show this message): "SCO
will continue to honour and renew support agreements and will continue to
provide maintenance in the form of security fixes for [OpenLinux 3.1.1 and
SCO Linux 4.0]. SCO has no plans to retire SCO Linux at this time.
"
Maybe some lawyers can conclude that the meanings of the two statements are
really equivalent, but for the rest of us, they are just another sign of
confusion from a company whose honesty and reliability would make the
former Iraqi information minister look like an innocent child.
This is a sad, sad end of a great distribution and quite possibly the
company, whose greed and desperation, rather than solid products, have
become the dominant business model. What's the opposite of "rest in
peace, Caldera/SCO Linux
"?
Linux Audio Workstation (LAW)
The LAW distribution, is not a complete Linux distribution. It is a collection of documents and installation scripts that can be used to turn your existing system into an audio workstation. Version 1.0 uses Red Hat Linux 7.2 (Valhalla) as a base system. The next version will use Debian as the base. Of course LAW scripts will probably work well on other distributions with little or no modification.
Distribution News
Debian GNU/Linux
The Debian Weekly News for May 20, 2003 is available. This week's topics include GCC 3.2 & 3.3; Libranet 2.8; Debian Leader Delegations; Debian MIA Check; and much more.There will be a key-signing party at Debconf 3.
A new mailing list debian-multimedia mailing list has been created for discussion about the development of applications that produce multimedia content, handling multimedia data, supporting multimedia hardware etc.
Gentoo Weekly Newsletter -- Volume 2, Issue 20
The Gentoo Weekly Newsletter for May 19, 2003 is out. Gentoo announces the creation of Gentoo Games. Read more below about how Gentoo plans to advance Linux gaming."The Complete FreeBSD" Released by O'Reilly
O'Reilly has released "The Complete FreeBSD", a practical guidebook that explains how to get a computer up and running with the FreeBSD operating system and how to turn it into a functional and secure server.Mandrake Linux
MandrakeSoft reports that the gnome-pilot package, which provides PDA support for GNOME had an error where it would not work the Palm Tungest T. This update fixes that issue.EnGarde Secure Linux
Guardian Digital reports that PHP packages shipped with some versions of EnGarde had debugging enabled, causing them to not support some third-party add-on packages. This update disables debugging.
New Distributions
Bonzai Linux
Bonzai Linux, formerly known as miniwoody, has released version 1.5. Found on Debian Planet.DietLinux
DietLinux is a dietlibc-based Linux distribution. Glibc is fully avoided. Some of the most important server daemons (DHCP, DNS, etc.) are working. The initial version, 0.1, was released May 16, 2003. DietLinux has joined the "Special Purpose" section of our Distributions List.Freepia
Freepia is small GNU/Linux distribution designed to run on Via Epia-M Mainboards. At present it only runs on the M-9000. The motivation behind this project is to build a full featured, low noise media box to play movies/mp3s/images etc. It currently uses Freevo, but in the future there maybe support for other media players like mythtv or vdr. Version 0.3.1 was released on May 17, 2003. Freepia has also joined the "Special Purpose" section of our Distributions List.ThinStation
ThinStation is a Linux distribution that enables you to convert standard PCs into full-featured diskless thinclients supporting all major connectivity protocols. It can be booted from the network using Etherboot/PXE or from standard media like floppy/CD/hd/flash-disk etc. The configuration is centralized to simplify terminal management. Version 0.91 was released on May 15, 2003.
Minor distribution updates
BBIagent
BBIagent has released v1.8.1 with minor feature enhancements. "Changes: Parallel port or USB printers attaching to the router can now be shared by other computers on the network with LPR or RAW protocol."
Damn Small Linux
Damn Small Linux has released v0.3.9 with minor feature enhancements. "Changes: This version features PPP over Ethernet (PPPoE) so that it works with ADSL connections. XMMS can now play MPEGs thanks to the SDL plugin. It also includes Zile, a very small yet powerful Emacs clone."
Knoppix
Knoppix has released v3.2-2003-05-16 with minor bugfixes. "Changes: Support for some TFT displays, updated drivers for wireless cards, several other updates, and improved auto-detection."
Morphix
Morphix has released v0.3-6 with major feature enhancements. "Changes: This release adds heaps of bugfixes (and probably new bugs), a new, pretty Xcursor, and a load of other changes. icewm has been replaced with XFCE4 in LightGUI."
Mulimidix
Mulimidix has released v0.1.9pre with major bugfixes. "Changes: This release features the 2.4.20 kernel and VDR 1.1.29 (including AIO). Various bugfixes were made, the configuration scripts were updated, and a lot of other useful stuff was added."
PXES Linux Thin Client
PXES Linux Thin Client has released v0.5.1-41 with major feature enhancements. "Changes: Some important changes include ISOPXES to generate bootable PXES CDs and a telnet server. The ability to create "multi-session" images containing more than one cliet session code was added. The local session was improved. The session used can be decided at run time and the interactive selection of many parameters were added. Outstanding is the ability to select IP address parameters at runtime, freeing it from the DHCP. The look and feel have been improved too. Various client sessions were added (partial) aiming to be the real Universal Linux Thin Client."
Warewulf
Warewulf has released v1.11 with minor bugfixes. "Changes: A fix for a permission issue in the node filesystem with /dev/zero and a bug in nodeupdate regarding node permissions. Some GUI bugs were also fixed, and optimizations were made in wwnodes."
Distribution reviews
Booting Your Business Card: Linux-BBC 2.1 (Linux Journal)
The Linux Journal reviews LNX-BBC 2.1. "There are no man pages, however. Linux-BBC is very much a 'we expect you to know what you're doing' kind of distribution. After all, you can run screen, ssh out to a working system, read the fine manual and cut-and-paste code back into the local host."
Debian on Steroids II: The Libranet Workout (Linux Journal)
Linux Journal reviews Libranet, version 2.8. "Libranet's proprietary features are ease of installation and administration. While based on the rock-solid Debian Woody, Libranet also includes up-to-date applications from the Debian testing and unstable versions, making sure that everything works smoothly and together. Updates come from Sarge, the testing branch. Is that worth paying for? With a full 30-day refund guarantee, trying it yourself is the best way to answer the question."
Page editor: Rebecca Sobol
Development
GCC 3.3 released
Version 3.3 of GCC, the GNU Compiler Collection, has been released thanks to the tireless efforts of these contributors.The Changes, New Features, and Fixes page documents everything that is new with this version.
A number of changes include the removal of support for processors and obsolete features:
- These obsolete CPUs are no longer supported, this is a great place to follow industry CPU trends.
- Support for multi-line string literals has been dropped.
- The stand-alone -A- assertion is gone.
- The DWARF debugging format has been deprecated.
- The C and Objective-C compilers no longer use the "naming types" extension such as (typedef foo = bar);.
- The -traditional option has been removed from the C compiler.
Some of the new features include:
- A new Deterministic Finite Automata (DFA) scheduler for processor pipeline optimization.
- An edge coverage profiler file format for improved code profiling.
- A new superblock formation pass for optimizing functions.
- A function reordering pass for optimizing function placement.
- A pile of new language-specific improvements.
- Many GNU FORTRAN improvements.
- Separation of front-end dependencies in the compiler.
- The redirection of make install by means of the variable DESTDIR.
- Support for many new CPU targets.
- Improvements to specific CPU targets.
- Many bug fixes.
- Documentation improvements.
System Applications
Audio Projects
Alsa 0.9.3b released
Version 0.9.3b (and apparently version 0.9.3c) of the Alsa sound driver is available. Changes include: "ISA PnP and other fixes. We removed /proc/asound/dev directory. The 'make install' should create new device files, but in case of problems, the snddevices script should be executed."
JACK 0.71.2 Released
Version 0.71.2 of the Jack Audio Connection Kit is available. Changes include an updated README, and removal of the fltk example client, see the release notes for more information.Ogg Traffic
The May 13, 2003 edition of Ogg Traffic is out with the latest Ogg Vorbis audio compression software news.
Database Software
MySQL 4.0.13 has been released
Version 4.0.13 of the MySQL database has been released. "This is a bugfix release for the current production version."
PostgreSQL Weekly News
The May 14, 2003 edition of the PostgreSQL Weekly News is out. "The decision has been made to push back the 7.4 release schedule by 1 month. This means feature freeze will occur on June 16th, with Beta starting July 1st. The move has been made mainly to accommodate the win32 & PITR developers, with a nod to giving client developers enough time to implement some of the new front-end/back-end protocol changes."
psqlODBC 07.03.0100 Released
Version 07.03.0100 of psqlODBC has been released. "With this release, the ODBC 3 driver is now the default."
Education
Linux in Education Report
Issue #96 of the SEUL/edu Linux in Education Report is out. Issues include: the UK Office of Fair Trading and anti-competitive Microsoft license issues, HOSEF, the Hawaii Open Source Education Foundation, reports from ITFirms in South Africa about Free and Open Source software in developing countries, and new educational software releases.
Mail Software
SpamAssassin 2.54
SpamAssassin 2.54 has been released. This would normally look like a minor release, but it has a change that could almost be seen as a security fix. It seems that there were some spammers bright enough to figure out that, if they added headers to make their mail look like it came from mutt, pine, or mozilla, SpamAssassin would give their spam a bonus. Thus the curious flood of mail composed simultaneously with mutt and pine. Version 2.54 closes that hole; it's a worthwhile upgrade for anybody running SpamAssassin.
Printing
GNU Ghostscript 7.07
Version 7.07 of GNU Ghostscript has been released. "This release contains an important security update, and all free software users are encouraged to update. Also included are improvements to the display and pngalpha devices, improved comformance with the GNU coding guidelines, and minor build tweaks. This will also be the last release of Ghostscript as a GNU project. We will continue to make releases under the GNU General Public License, but because of disagreements over censorship of the AFPL releases and our development model in the GNU release, we feel we have to part ways with the GNU project."
LinuxPrinting.org news
The latest changes on the LinuxPrinting.org site include support for the HP DeskJet 9300, OfficeJet 5105, 6105, PSC 1100, 1110, and 1200 printers, and more.
Web Site Development
CMF 1.4 Released (ZopeMembers)
The final release of version 1.4 of the Zope Content Management Framework (CMF) is available. See the Change Log for information on what's new.Zope Group Calendar version 0.1 released (ZopeMembers)
The first release of the Zope Group Calendar has been announced. This is an enhancement of the CMF calendar with interfaces for Agendas, Days, and Months.PABlog 1.4 released (ZopeMembers)
Zope Members News has an announcement for version 1.4 of PABlog, a blog tool that runs under CMF and plone.Formulator 1.4.0 released (ZopeMembers)
Version 1.4.0 of Formulator, an extensible framework for the creation and validation of web forms, has been released. "There are a number of new features, including unicode support, new options for DateTime fields and string fields, as well as a system for the public rendering of data based on the form."
mnoGoSearch-php-3.2.0 released
Version 3.2.0 of mnoGoSearch-php, a PHP front-end for the mnoGoSearch web site search engine, is available. See the changes document for more information.
Miscellaneous
GNOME System Tools 0.26.0 is out! (GnomeDesktop)
Version 0.26.0 of GNOME System Tools, a set of cross-platform configuration utilities, has been released. "This new release features (amongst lots of bugfixing) network profiles, so users can store several network configurations, and change between them with a couple of clicks."
Desktop Applications
Audio Applications
MusE 0.6.0 released
Version 0.6.0 of MusE, the Linux (Midi) Music Editor, is available. Changes include a bunch of bug fixes, a Swedish translation, and more, see the ChangeLog file in the source distribution for details.Tkeca 1.2.0 Released
Version 1.2.0 of Tkeca, the Tk-based GUI interface for Ecasound, has been released.
Desktop Environments
KDE-CVS-Digest
The May 16, 2003 KDE-CVS-Digest is out. "In this week's issue of KDE-CVS-Digest, read about the beginnings of a mobile device framework and the reworking of KMail groupware functionality. Also, bug fixes in Kate, KDE Print, Konqueror, KWin, KSpread, Kopete and many others."
KDE Traffic
Issue #51 of KDE Traffic is out. Topics include: dot.kde.org weekly roundup and responses, karm: what is a maintainer good for?, KHTML developers: Animated GIF playing, KOffice 1.3 w/o Kexi, and KOffice's Filters on Test.KDE 3.1.2: The Even More Stable Release
Version 3.1.2 of KDE has been announced. "The KDE Project has released KDE 3.1.2, the second maintenance release of the KDE 3.1 release series. It features more and much improved translations and many problem corrections."
KDE/Qt Gain Increased Support for Indic Languages
KDE.News covers the upcoming KDE 3.2 desktop, which will include improved Indic language support. "Currently, Devanagari (screenshot), Bengali (bn-2, bn-3, bn-1) and Tamil have been tested but Syriac, Tibetan, Khmer and others are expected to work as well. Dirk Mueller writes: "The KDE Project encourages interested people who understand these languages".
Games
Animation in SDL (O'Reilly)
Bob Pendleton explains game animation basics under SDL on O'Reilly. "The Simple DirectMedia Layer (SDL), a powerful, commercial grade and cross platform game development library, has been used to write or port more than 40 commercial games. SDL runs on pretty much any PC or PDA which has a graphic screen and something at least roughly like an operating system."
TuxTyping 1.5.0 released (SourceForge)
According to SourceForge, version 1.5.0 of Tux Typing, an educational typing tutorial game, is available. "After over a year of development with no releases, we are pleased to present Tux Typing 2 "Preview" release. Most of the internals have been rewritten with a focus on extensibility and internationalization. Creating a language pack is now as simple as creating a file for translations (lang.po file), maybe finding a font [1], setting up how the keyboard maps to the characters [2], and finally creating some word lists."
JOOLS 0.1 released (PyGame)
Version 0.1 of JOOLS is available from the PyGame site. "Jools is a graphical puzzle game in the tradition of Tetris, it is a clone of Bejeweled (TM). In a nutshell, the goal is to swap adjacent jools (jewels) within a grid, in order to create rows of three or more of a kind. These jools will then disappear, and more will fall to fill their places."
Graphics
GIMP 1.2.4 Released
Version 1.2.4 of the GIMP, the Gnu Image Manipulation Program, has been released. "The long awaited version 1.2.4 has finally been released. This is a bugfix release in the stable 1.2 series."
GUI Packages
flews 0.3 released
Version 0.3 of flews, a set of extended Widgets for FLTK, has been released.wx4J 0.1.0 has been released
wx4j, a Java binding for the wxWindows cross-platform GUI framework, has been released. "Since wx4j uses native widgets, it utilizes the native look and feel. This is the initial public release of wx4j."
Interoperability
CrossOver Office Version 1.3.5 available
Version 1.3.5 of CrossOver Office has been released. "The key change in version 1.3.5 is that it now operates properly on glibc 2.3 systems, including SuSE 8.2, RedHat 9.0, and Mandrake 9.1."
Samba-3.0alpha24 released
Version 3.0alpha24 of Samba is available. Release information is available on the here. "The purpose of this alpha release is to get wider testing of the major new pieces of code in the current Samba 3.0 development tree. We have officially ceased development on the 2.2.x release of Samba and are concentrating on Samba 3.0. To reduce the time before the final Samba 3.0 release we need as many people as possible to start testing these alpha releases, and hopefully giving us some high quality feedback on what needs fixing."
Wine Traffic
Issue #170 of Wine Traffic has been published. Topics include: TransGaming Poll Update, SpyHunter Port, More on FoxPro, Direct3D Status, Lotus Notes Breakage, NPTL Auto Detection & RH9 Packages, RPC Documentation Update, Valgrinding Wine, Separating 16/32 Bit OLE Functions, Improving Exception Handling, and SourceForge Download Stats.
Office Applications
AbiWord Weekly News
Issue #144 of the AbiWord Weekly News is out. "Yes, we have 1.9.1 ready for your playing about (Win32 binaries STILL not available by press time). Martin has added a nice ability to copy and paste whole tables, but only after the 1.9.1 release. A c-style cast finder was created by Andrew, which I'm sure some of you may want to try out, and, finally, nyorp plays with your editor's mind just long enough to make him take a break in the middle."
StarDict 2.1.0 released. (GnomeDesktop)
GnomeDesktop has an announcement for version 2.1.0 of StarDict. This release adds the: "dictd dictionary converter, this added about 100 dictionaries. wquick dictionary converter, this added about 150 dictionaries. dictzip support, so StarDict can use .dict.dz compressed file now. WyabdcRealPeopleTTS support, now StarDict can pronouce English words."
Web Browsers
Epiphany 0.6.1 (GnomeDesktop)
GnomeDesktop.org mentions the release of version 0.6.1 of the Epiphany web browser. "Epiphany is a GNOME web browser based on the mozilla rendering engine. Version 0.6.1 released and it includes updated translations, bugfixes, interface improvements, new features and code changes."
Mozilla Firebird 0.6 released
Mozilla Firebird 0.6, the first release of the browser formerly known as Phoenix since its high-profile name change, is out. The release notes detail the changes; included therein is a new default theme, a new preferences window, one-click removal of all privacy-related data, and several other new features. French and Polish language versions of this release are also available.Independent Status Reports (MozillaZine)
The May 15th, 2003 Mozilla Independent Status Reports are out. "The latest set of status reports includes updates from BookSync, CardGames, Bugxula, DailyComics, Mozile, Download Statusbar, Demiurge, Linky and Xprint."
Minutes of the mozilla.org Staff Meeting (MozillaZine)
The minutes from the May 12, 2003 Mozilla.org staff meeting are available online. "Issues discussed include a reorganisation of the CVS tree and build system, Tinderbox3 and MozTools, 1.4 Beta, 1.4 final and 1.5."
Miscellaneous
Gaim 0.63 released (GnomeDesktop)
Gnomedesktop.org has an announcement for version 0.63 of Gaim, an internet messaging client. "This new release features a rewrite of the plugin API, support for adding chats to your buddy list, buddy list speed enhancements, and the MSN protocol plugin was rewritten, and has experimental buddy icon support as well as MSN Mobile support."
Languages and Tools
Caml
Caml Weekly News
The May 13-20, 2003 edition of the Caml Weekly News is out with the latest Caml language news.
Java
A JSTL primer, Part 4: Accessing SQL and XML content (IBM developerWorks)
Mark A. Kolb concludes his series on JSTL with Part 4, Accessing SQL and XML content. "A hallmark of Web-based applications is the integration of multiple subsystems. Two of the most common mechanisms for exchanging data between such subsystems are SQL and XML. In this article, Mark Kolb concludes his coverage of JSTL with an introduction to the sql and xml libraries for accessing database and XML content in JSP pages."
JDBC query logging made easy (IBM developerWorks)
Jens Wyke covers JDBC logging issues on IBM's developerWorks. "A simple extension to the JDBC java.sql.PreparedStatement interface can make query logging less prone to error, while also tidying up your code. In this article, IBM e-Business Consultant Jens Wyke shows you how to apply a basic wrapping technique ("extension by wrapping," also known as the Decorator design pattern) for very satisfying results."
How Servlet Containers Work (O'Reilly)
Budi Kurniawan explains Java servelet containers in an O'Reilly book excerpt article. "This article explains how a simple servlet container works. There are two servlet container applications presented; the first one is made as simple as possible and the second is a refinement of the first. The sole reason I do not try to make the first container perfect is to keep it simple."
Perl
This Week on perl5-porters (use Perl)
The May 12-18, 2003 edition of This Week on perl5-porters has been published. "This week, discussions spawned across : manual pages, and their adaptation to perl's audience ; build problems ; interfaces ; conventions ; and the usual amount of bugs."
This week on Perl 6 (O'Reilly)
The May 11, 2003 edition of This week on Perl 6 is out. Topics include: Long option Processing, Excessive memory usage?, NCI and handling of generic buffers of stuff, Calling convention changes, IMCC vs. Parrot assembler, More on stack walking, PIO work, sysinfo op, and more.
PHP
PHP Weekly Summary
The May 19, 2003 PHP Weekly Summary is out. Topics include: "PEAR gathering in Amsterdam, RC 3, Activestate awards, Websphere MQ extension, Unbundling expat and libml2, stdio conversion."
PHP 4.3.2RC3 Released
Version 4.3.2RC3 of PHP is available. "This is the third and final release candidate and should have no critical problems/bugs. Nevertheless, please download and test it as much as possible on real-life applications to uncover any remaining issues."
Python
Dr. Dobb's Python-URL!
The Dr. Dobb's Python-URL for May 20, 2003 is out. This week: recommendations for other programming languages which a Python programmer might enjoy learning; the Second Annual European Python and Zope Conference; and much more.Using libxml in Python (O'Reilly)
Uche Ogbuji shows how to use libxml from Python on O'Reilly. "A few years ago the increase of interest in XML processing in GNOME led to the development of a base XML processing library and, subsequently, an XSLT library, both of which are written in C, the foundational language of GNOME. These libraries, libxml and libxslt, are popular for users of C, but also those of the many other languages for which wrappers have been written, as well as language-agnostic users who want good command-line tools."
Ruby
Ruby Weekly News
The May 19, 2003 edition of the Ruby Weekly News is out. Threads include: Objects vs. Data Structures, and Enumerable #each with arguments. New softwar includes: Madeleine 0.3, an OpenSSL module for Ruby, and wxRuby Beta 0.01.
Tcl/Tk
Dr. Dobb's Tcl-URL!
The May 20, 2003 edition of Dr. Dobb's Tcl-URL! has been published. Take a look for the latest Tcl/Tk news.
Miscellaneous
Using the Subversion Client API, Part 2 (O'Reilly)
Garrett Rooney concludes his two-part series on the Subversion version control system. You may want to start with part one of the series.
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Microsoft to license Unix code (News.com)
The plot thickens: News.com reports that Microsoft has decided to license Unix from SCO. "Late Sunday, Microsoft general counsel Brad Smith said acquiring the license from SCO 'is representative of Microsoft's ongoing commitment to respecting intellectual property and the IT community's healthy exchange of IP through licensing.'" (Thanks to Ashwin N. and Cecil Whitley).
Online petition challenges SCO (vnunet)
Vnunet covers an online petition which challenges SCO's claim to ownership of intellectual property in Linux. "Now the creator of an online petition is inviting users to sign up to challenge SCO to sue them. A message on the website reads: "I am a Linux user. I feel that SCO's tactics toward an operating system of my choice are unjust, ill founded and bizarre.""
Torvalds Suggests DiBona for SCO Panel (Linux Journal)
Linux Journal takes a look at who might be on the panel of experts to which SCO will reveal their allegedly stolen UnixWare code. "Appointing a believable panel would be difficult, Torvalds said in an e-mail interview. "I suspect the people I'd like to see are not people SCO would care for or [who] would be able to sign an NDA on it. The thing I would want is somebody who is able to actually trace things back in time to be able to make a judgment of whether it came from UnixWare or from Linux. Somebody who is technical enough and has enough background in the kernel that he can follow it down without going mad", he said."
Linux vendors confused by SCO actions (ZDNet)
ZDNet talks with Linux vendors about the SCO lawsuit. "Red Hat also indicated that it did not yet see SCO's tactics having an effect on business. "We've seen no indication from enterprise customers that these statements from SCO have been a deterrent from viewing Red Hat as a trusted provider of Linux solutions," the company said in a statement on Thursday."
The fear war against Linux (News.com)
News.com has an article by Bruce Perens on the announcement that Microsoft will license SCO's Unix patents and the source code. "Who really benefits from this mess? Microsoft, whose involvement in getting a defeated Unix company to take on the missionary work of spreading FUD (fear, uncertainty and doubt) about Linux is finally coming to light."
Microsoft Agrees to License Unix (Wired)
Wired takes another look at SCO, IBM and Microsoft. "Since the lawsuit, people have "suggested that SCO doesn't own any Unix patents," [SCO VP] Hunsaker said. The Microsoft deal "is part of an ongoing effort to validate our intellectual property rights... (and) shows very clearly we own Unix patents because Microsoft just licensed them," Hunsaker said."
Microsoft, SCO and Linux (IT-Director)
IT-Director is running a column by Robin Bloor on the SCO case. "What the Microsoft deal will do, if nothing else, is help finance SCO so it can pursue its legal games. Indeed some people suspect that it is a Microsoft legal action by proxy - which may be the usual conspiracy theory in motion, but who knows."
Tragedy to farce--the SCO vs. IBM lawsuit (ZDNet)
For those who haven't seen enough of this stuff yet: ZDNet has published an Eric Raymond rant about the SCO lawsuit. "In order to make its case against IBM, Caldera has had to push the claim that Linux was a pathetic makeshift until the corporate hand of IBM injected into it secrets stolen from the ancient Unix code. Besides being ludicrously false, this enraged every Linux developer on the planet. Accusing us of trafficking in stolen goods was bad; implying that we were incompetent was far worse."
Companies
IBM to debut new desktops for businesses (News.com)
News.com covers new desktops from IBM. "The ThinkCentre line will initially consist of three models: the ThinkCentre S50 small-size machine, the A50p multimedia computer and the M50 that IBM will ship with desktop versions of Red Hat or SuSE Linux. More models will be added as the year progresses."
IBM and T-Rex (IT-Director)
IT-Director digs up some information about the T-Rex mainframe. "The second factor and the one that brought the mainframe back to life was Linux. Implemented in a virtual machine environment on the mainframe, Linux proves to be very economical "per instance" and cheaper to configure and run than on any other platform."
Ballmer on Linux (Register)
The Register covers a meeting held by Microsoft with European industry analysts to discuss Linux and other Open Source Software (OSS). "Overall the day indicated that Microsoft is now happy to recognise that the influence of Linux is growing. It is clear that we can now expect Microsoft to attempt to build its case for Windows as an operating system based on rational arguments rather than a simple dismissal."
How Microsoft Warded Off Rival (NY Times)
Several readers have pointed out this NY Times article (registration required), which indicates that Microsoft has probably violated European anti-trust laws in its efforts to win over Linux at all costs. "The Microsoft campaign against Linux raises questions about how much its aggressive, take-no-prisoners corporate culture has changed, despite having gone through a lengthy, reputation-tarnishing court battle in the United States that resulted in Microsoft's being found to have repeatedly violated antitrust laws."
Linux Adoption
Playing the Linux Game, By email (IT-Director)
IT-Director tells us how to play the Linux Game. "IBM has done well playing the Linux game. Although in theory Linux doesn't belong to anyone, in practice it belongs to those that can profit from it most and thus it belongs most to IBM. It belongs to Hewlett Packard and Dell too of course. It doesn't belong to Sun Microsystems much and it belongs least to Microsoft. Just to confirm this, Steve Ballmer recently said, yet again, that Microsoft will not port its products to Linux."
TORCH Independent Consultant (TIC) Program announced (LinuxMedNews)
LinuxMedNews covers a new consultant program for the fledgling Free/Open Source Medical Software industry. "The TIC program is designed to provide independent consultants with the information and tools needed install and support the electronic health record application TORCH. TORCH is licensed under the GPL and can be downloaded from the Open Paradigms,LLC website."
If the glass slipper fits (InfoWorld)
InfoWorld examines the maturing of open source. "The real issue for open source is adjusting from being remarkable to being important. There's a real distinction between the two. Remember when cell phones were new? Your first call was probably to a friend to say, "Hey, guess what! I'm on a cell phone." If you called your friend today with the same message, chances are your friend would ask, "Are you feeling OK?" Open source advocates should be pleased that many open source technologies (Linux, MySQL, Apache) are so entrenched in the enterprise (that is, important), and that their presence is similarly unremarkable." (Thanks to Lenz Grimmer)
PeopleSoft: .Net is IT 'asbestos' (News.com)
News.com reports that PeopleSoft President and CEO Craig Conway called Microsoft's .Net initiative the information technology equivalent of asbestos. "Speaking at the software company's 2003 Leadership Summit in Sydney, Australia, Conway said the state of the global economy makes it imperative for businesses to control IT costs. He advocated Linux-based server-centric operating environments for enterprise applications as one way to achieve this goal."
Developing Countries Gain from Free/Open-Source Software (Linux Journal)
Linux Journal looks at a report from Finland that says FLOSS use is increasing around the world for business, education and political needs. "Free software and open source's "inherent qualities" also make it a prime tool for achieving local language educational software, "especially for languages which are not deemed commercially viable for proprietary software vendors". "If the adoption of FLOSS in developing countries is done wisely, it can help stimulate indigenous software industry and create local jobs", says the study."
Legal
Congress calls to arms against pirates (News.com)
News.com looks into a new congressional caucus devoted to combating piracy and promoting stronger intellectual property laws. "Joining Wexler as co-founder of the caucus is Rep. Adam Smith, D-Wash., who helped author a note last fall to 74 fellow Democrats assailing the Linux open-source operating system's GNU General Public License as a threat to America's "innovation and security." Smith's district includes the Seattle surburbs near Microsoft's Redmond, Wash., headquarters. The third founder is Rep. Tom Feeney, R-Fla., a first-term congressman and former speaker of the Florida House of Representatives who was once Gov. Jeb Bush's running mate."
Interviews
Interview with Display Works Inc. (KDE::Enterprise)
KDE::Enterprise interviews Display Works Inc., about KDE and how it is used in the company. "We began about a year ago to migrate our desktops to KDE 2.1.2 for our front office staff. We intentionally provided very little in the way of training to give us a real evaluation of KDE as a desktop. Our staff are generally not at all sophisticated computer users, and we wanted a direct experiential measurement as to what we would call the "competence" of KDE as a work environment. The experiment was a tremendous success."
Interview: Talking pizza and packets with Samba co-founder Tridge (NewsForge)
NewsForge interviews Andrew Tridgell. "Much in the same way that Cisco founders Sandy Lerner and Leonard Bosack invented the router so they could send emails to each other across the Stanford University campus, Andrew Tridgell just wanted the three computers on his home network to talk to each other. The three computers, a PC running DOS, a Sun workstation, and a DECstation 3100 running Digital Unix, needed a common protocol that all could understand. Hacking on what he thought was a proprietary protocol of a DOS-Unix program called Pathworks, Tridge (as he's known) accidentally found himself reverse-engineering the heart of Microsoft's networking, the SMB protocol."
Interview with Andreas Mohr (WineHQ)
WineHQ features an interview with Wine developer Andreas Mohr. "This week Andreas Mohr finds himself in the hotseat. Andi was born in Karlsruhe, Germany in 1977 and grew up in Renningen, near Stuttgart. He did the usual military service after high school and in 1997 began studying electrical engineering at Stuttgart University. Now he's attending the University of Applied Sciences in Esslingen studying computer science. Besides the normal CS classes Andi is focusing on embedded systems, automation, and networking."
Resources
Administer Linux on the fly (IBM developerWorks)
This article on IBM developerWorks shows how to use the /proc filesystem to get a handle on your system. "This article includes hints and tips for performing various administrative tasks and changing your system without rebooting. Linux provides various ways to change underlying operating system values and settings while keeping the system up and running."
Reviews
Database Users Keen on Linux 2.6 Kernel (eWeek)
eWeek examines the improvments to the 2.6 kernel that will help database users. "Tim Kuchlein, director of information systems at Clarity Payment Solutions Inc., a developer of prepaid electronic payment systems, said the ability for the kernel to support extra memory will enable his company to work its database like Google: running on all memory, all the time."
Miscellaneous
Can Ogg Vorbis change digital audio? (NewsForge)
NewsForge looks into open source digital audio products. "Xiph.Org is an umbrella organization for a group of open source multimedia development projects. Other projects operated by Xiph.Org include Ogg Theora , a video code developed in cooperation with On2 Technologies ; Free Lossless Audio Codec (FLAC); and Speex , a low bitrate codec designed for speech compression. Vorbis, however, is probably the highest-profile aspect of the project."
Can software developers form an 'open source' union? (NewsForge)
NewForge proposes a union for software developers. "There has never been a successful union-style organizing movement among software developers. Ian Lurie, who runs a Seattle Web design firm, believes this is because traditional "industrial" union structures don't serve programmers' needs very well, but that a new, "open source" union structure based on pre-industrial craft guilds might make lives better for people in the job-nomadic IT industry."
NASA Technical Report Recommends Adopting Mozilla Public License (MozillaZine)
According to MozillaZine, NASA has selected the Mozilla MPL as a license to distribute some free software under. "Adam Hauner wrote in to tell us about a NASA technical report which recommends that the US space agency distribute some of their software under the Mozilla Public License. The report, by Patrick J. Moran of the NAS Systems Division at the NASA Ames Research Center, explains how open source is compatible with NASA's mission and evaluates several licenses before recommending that the Mozilla Public License be an option for software distribution."
Open source in the stars for NASA? (News.com)
News.com covers a NASA analyst's recommendation that the agency move some software development to an open-source model. "That report found that open-source software "plays a more critical role in the (Department of Defense) than has been generally recognized" and argued that, if open source were banned, the military's information security would plummet and costs would rise sharply."
Key battles forge fate of free software (SiliconValley)
Dan Gillmor looks at the SCO and OpenTV cases. "If the FSF is right that OpenTV is violating the GPL, and if this behavior is found to be legal by the courts, the entire free-software and open-source movements could be derailed. Agreeing to share the improvements you make in the GPL-licensed software you've used is an essential part of the larger ecosystem."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
World Wide Web Consortium approves patent policy
The W3C has announced the final approval of its patent policy, which states that patented technology included in W3C standards must be licensed on a royalty-free basis - at least for the purpose of implementing the standard. This long process has finally reached its conclusion.LSB Architecture Specs for PPC64, S390, & S390X approved by the FSG
The Free Standards Group board has approved the LSB version 1.3 archetecture specs for the S390, S390X, and PPC64 platforms.Public Review for LSB's AMD64 architecture
The Linux Standards Base is looking for comments from the community on its first draft of the architecture specification for the AMD64 (x86-64) processor.
Commercial announcements
D.H. Brown Associates Releases 2003 Linux Function Review
D.H. Brown Associates has published the 2003 release of its Linux Function Review, a comprehensive functional evaluation of Linux as a commercial server operating environment. "Although UNIX systems still clearly offer important functional advantages for the most demanding, high-end commercial applications, Linux has now become a mainstream operating environment for a broad range of general-purpose departmental and workgroup applications in addition to its traditional base of infrastructure solutions, "edge of network" applications, development platforms, and technical computing applications."
Digital Mars releases Linux version of D Lanuage
Digital Mars has released a free executable of their D language compiler for Linux. (Thanks to Ben Woodhead.)IBM's "ThinkCentre" desktops
IBM has announced the availability of its new "ThinkCentre" line of desktop computers. For the most part, it looks like yet another announcement for yet another PC (albeit a nice-looking one), but the "M50" model is available with the Red Hat or SuSE distributions preinstalled. IBM has, until now, been unenthusiastic about the Linux desktop market, so these systems represent a bit of a shift in the company's strategy.Opera 7 now available on Linux
Opera Software has released Opera 7 for Linux. The new version includes major new features changes from Opera 6 for Linux as well as a built-in e-mail client, not previously available in Opera for Linux.Investment bank and law firm co-sponsor Open Source Software Symposium
C.E. Unterberg, Towbin, an investment bank, and the law firm Testa, Hurwitz & Thibeault, LLP announced they will co-sponsor an Open Source Software Symposium, to be held on Tuesday, May 20th in Boston, Massachusetts. "Jeff Becker, Director and Head of Software Investment Banking at C.E. Unterberg, Towbin and the event's organizer commented, "Open Source software providers continue to demonstrate their entrepreneurial spirit, drive and success despite the challenges of a prolonged drought in IT spending and upheavals in the equity markets. To thrive in this unforgiving environment requires both a sound business model and exceptional execution, aspects that are often hotly debated in the Open Source arena.""
An open letter from Matthew Szulik
Here is an open letter from Red Hat CEO Matthew Szulik. "Consistent with Red Hat's core values--Freedom, Commitment, Courage and Accountability--Red Hat's software development community takes valid intellectual property rights seriously. We respect and take effort to maintain the legal and technical integrity of valid intellectual property, including patents, copyright and trademark. When the integrity of the Red Hat brand is publicly called into question, we will defend the use of Red Hat Enterprise Linux by our customers."
Sun and Red Hat Enter Into Global Partnership Agreement
Sun Microsystems, Inc. has announced that it has entered into a global alliance agreement with Red Hat to distribute Red Hat's Enterprise Linux. As part of the agreement, Red Hat will distribute Sun's Java Virtual Machine (JVM) with Red Hat Enterprise Linux.VTT Goes Open Source
VTT Information Technology has announced its entry into the world of open-source software. "As its first open source software, VTT published a user-friendly network-testing tool Nipper (Neat Internet Protocol Packet Editor). Nipper is Java based tool that can be used in many ways for testing networks, protocols and networking applications. Nipper was originally developed in a programmable network research project. As Nipper was found practical tool more generally and not limited to programmable network testing, it was selected to be the pilot software in the VTT open source project."
Ximian Releases Red Carpet 2.0
Version 2.0 of Ximian's Red Carpet has been announced. "Ximian, Inc., the leading provider of desktop and server solutions enabling enterprise Linux adoption, today announced the availability of Red Carpet 2.0, a new version of its desktop client software that allows users to manage Linux software installed on workstations and servers. Users will benefit from a streamlined user interface, powerful new functionality for finding installed packages and recording installation history, and the ability to manage software on systems other than their own."
Resources
GNOME Talks! Part 2 (GnomeDesktop)
The American Council of the Blind presents part two from a four part mp3 series on GNOME accessibility. "In the second of a four-part series from the American Council of the Blind, Sun accessibility engineer Marc Mulcachy demonstrated the GNOME Panel and Control Center. He also mentions what system he is running, and that it is hard to install Red Hat 9 compared to Red Hat 8, due to the removal of Speak-Up."
Configuring NFS for control by IPTABLES and other firewalls
Chris Lowth has published a HOWTO called: "Configuring NFS under Linux for Firewall control".SAMBA Printing Howto
The CUPS project mentions the availability of a new SAMBA printing howto document, which now emphasises the CUPS print system.LDP Weekly News
The May 20, 2003 edition of The Linux Documentation Project Weekly News is out with the latest new documentation news.
Upcoming Events
Linux@work in Dublin
The Linux@work business conference and exhibition will be held in Dublin, Ireland on June 18 in parallel with the GU4DEC conference.European Zope Training Tour (ZopeMembers)
The European Zope Training Tour will consist of four events, in Denmark, Berlin, Cern, and an unspecified UK location starting on May 26, 2003. See the tour schedule for more information.Python Conference Reports
Guido Van Rossum has published two reports on recent Python conferences, News from Python UK and Notes from PyCon DC.Events: May 22 - July 27, 2003
| Date | Event | Location |
|---|---|---|
| May 25 - 27, 2003 | GCC Developer's Summit | Ottawa, Canada |
| May 28 - 30, 2003 | Open Source Content Management, 2003(OSCOM) | (Harvard Law School)Cambridge, Mass |
| May 30 - 31, 2003 | 4th European Tcl/Tk Users Meeting(Tcl'Europe 2003) | Nürnberg, Germany |
| June 4 - 6, 2003 | Enterprise Linux Forum Conference & Expo | (Santa Clara Convention Center)Santa Clara, California |
| June 9 - 14, 2003 | USENIX 2003 | (Marriott Hotel)San Antonio, TX |
| June 10, 2003 | Linux For Business | (The Commonwealth Institute)London, England |
| June 16 - 18, 2003 | Yet Another Perl Conference::North America(YAPC::2003) | (Florida Atlantic University)Boca Raton, FL |
| June 16 - 18, 2003 | GNOME User and Developer European Conference(GUADEC) | (Trinity College)Dublin, Ireland |
| June 18 - 23, 2003 | Open Source Clinical Application Resource Workshop(OSCAR) | (McMaster University)Ontario, Canada |
| June 21 - 22, 2003 | EuropeanRubyConference | (University of Karlsruhe)Karlsruhe, Germany |
| June 23 - 26, 2003 | ClusterWorld Conference & Expo | (San Jose Convention Center)San Jose, California |
| June 23 - 26, 2003 | Fourth Workshop On UML for Enterprise Applications | (Hyatt Regency San Francisco Airport Hotel)Burlingame, CA |
| June 24 - 26, 2003 | LinuxUser & Developer Expo | (Birmingham National Exhibition Centre)Birmingham, UK |
| June 25 - 27, 2003 | European Python and Zope Conference 2003 | (CEME)Charleroi, Belgium |
| July 7 - 11, 2003 | O'Reilly Open Source Convention 2003(OSCON) | (Portland Marriot)Portland, Oregon |
| July 10 - 13, 2003 | LinuxTag | Karlsruhe, Germany |
| July 12 - 17, 2003 | Debcamp | Oslo, Norway |
| July 18 - 20, 2003 | Debconf 3 | (The University of Oslo)Oslo, Norway |
| July 23 - 26, 2003 | Ottawa Linux Symposium | Ottawa Canada |
| July 23 - 25, 2003 | YAPC::Europe 2003 | (CNAM Conservatory)Paris, France |
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Page editor: Forrest Cook
Letters to the editor
...and if SCO is right...? My suggestion:
| From: | Tres Melton <class5@pacbell.net> | |
| To: | letters@lwn.net | |
| Subject: | ...and if SCO is right...? My suggestion: | |
| Date: | Sat, 17 May 2003 03:18:41 -0700 |
Fellow Readers,
I'm not a lawyer so take the following with a grain of salt. I do know
a little bit about the law and I seem to recall a process called
discovery. IBM should find out exactly what pieces of code SCO claims
ownership of. It would then be a simple matter to sort through the LKML
and find out who submitted the patch. Then most likely that person
never had access to the code in question. Failing that, it shouldn't be
too difficult for the hacker in question to give an explanation of the
code's origin. Specifically what itch he was trying to scratch with
it. It would be even better if the author could find some of the
original patches. You know the ones that are so alpha you'd be
embarrassed to have them to be seen in public.
There is also the unfortunate possibility that the code in question is
indeed hijacked. If that is the case then a kernel cleansing needs to
happen as soon as possible. The possibility of SCO changing the license
on the code in question is not really a possibility. They *CAN'T*
change the license while they are fighting this court case; it would
invalidate the case and it would be dismissed. And Linux can't wait for
the completion of a court case to proceed.
IBM needs to ask for an injunction or something to force SCO to reveal
whether they are claiming the code in its entirety or a substantial part
thereof. If they are only claiming that portions of the code have been
hijacked then they should not be allowed to slow or stop the Linux
juggernaut. They should be forced to reveal the parts of the kernel
that they are making a claim on so that they can be quickly excised from
the kernel on the grounds that any delay will cause irreparable harm to
itself and all of the other companies with Linux strategies.
I think that the lawyers involved will be surprised by exactly how fast
the community is going to fix this problem once it is fully out in the
light. The only really bad possibility is if they can prove that a
major subsystem has been infringed; like the 'elf' file type. Most
likely it will end up being a few corner cases though. I do have one
question though: when we change the error "Printer on fire" to "Printer
exploded" do we have to notify The Department of Homeland Security of a
terrorist event every time the error is returned?
Just my Thoughts
Tres
--
Tres Melton <class5@pacbell.net>
Re: SCO the "owner" of the UNIX operating system
| From: | Andrew Josey <ajosey at nospam.rdg.opengroup.org> | |
| To: | lwn@lwn.net | |
| Subject: | Re: SCO the "owner" of the UNIX operating system | |
| Date: | Thu, 15 May 2003 15:57:59 +0100 |
Dear LWN
Regarding SCO's positioning on UNIX, The Open Group would like to make
it clear that SCO holds the rights only to the operating system source
code originally licensed by AT&T and does not own the UNIX trademark
itself or definition of what a UNIX system is.
Reference to the SCO web site show that they own certain
intellectual property and they correctly attribute the trademark.
SCO has never owned "UNIX".
In 1994 Novell (who had acquired the UNIX systems business of AT&T/USL)
decided to get out of that business. Rather than sell the business as a
single entity, Novell transferred the rights to the UNIX trademark and the
specification (that subsequently became the Single UNIX Specification)
to The Open Group (at the time X/Open Company). Simultaneously, it
sold the UNIX source code and the product implementation (UNIXWARE)
to SCO. The Open Group also owns the trademark UNIXWARE, transferred to
them from SCO more recently.
As the owner of the UNIX trademark, The Open Group has separated the
UNIX trademark from any actual code stream itself, thus allowing multiple
implementations. Since the introduction of the Single UNIX Specification,
there has been a single, open, consensus specification that defines the
requirements for a conformant UNIX system.
There is also a mark, or brand, that is used to identify those products
that have been certified as conforming to the Single UNIX Specification,
initially UNIX 93, followed subsequently by UNIX 95, UNIX 98 and now
UNIX 03. Both the specification and the UNIX trademark are managed and held
in trust for the industry by The Open Group. SCO, along with all other
vendors of UNIX systems (regardless of whether they are members of The
Open Group or not), distribute a UNIX system that has been certified
through the X/Open and The Open Group certification process.
The Open Group is committed to working with the community to further the
development of standards conformant systems by evolving and maintaining
the Single UNIX Specification and participation in the Linux Standard Base.
For further discussion on SCO's IP Claim please also see:
<http://mozillaquest.com/Linux03/ScoSource-02_Story01.html>
<http://mozillaquest.com/Linux03/ScoSource-02_Story04.html>
For the Austin Group see:
<http://www.opengroup.org/austin/>
For LSB certification and testing information see:
<http://www.opengroup.org/lsb/cert/>
<http://www.opengroup.org/testing/lsb-test/>
For the UNIX System Web site see:
<http://www.unix.org/>
-----
Andrew Josey
Director of Certification
The Open Group
Letter to the editor: Legally Defining Access
| From: | Paul Sheer <psheer@openfuel.com> | |
| To: | lwn@lwn.net | |
| Subject: | Letter to the editor: Legally Defining Access | |
| Date: | Thu, 15 May 2003 12:44:55 +0200 |
Defining Computer Access
------------------------
>
> * "Access" should be interpreted broadly. "...I
> propose that a user accesses a computer any time the
> user sends a command to that computer that the
> computer executes. In effect, I would define access as
> any successful interaction with the computer." Pinging
> the computer, or reaching a login screen, would be
> sufficient.
>
> * The definition of "unauthorized" should be much more
> narrow. "I propose that courts limit access 'without
> authorization' to accesses that circumvent
> restrictions by code. Breaches of regulation by
> contract should as a matter of law be held to be
> insufficient grounds for access to be considered
> 'without authorization.'"
>
The broad definition of computer access is correct. The
narrow definition of authorized access needs some work
though. What is "circumventing" exactly? If a piece of
code, due to a human error in the programmer's thinking,
allows access by some means other "typical access", then
can we really say that a circumvention has happened? The
intent of the code is exactly how the code executes on
that CPU.
As a parallel, if a company finds a loophole in a
contract, then that company can exploit the loophole and
be immune to a law suite. If a hacker finds a loophole in
a piece of code, then similarly, he should be allowed to
use that loophole without having to think about how the
programmer may have intended that code to behave.
Put otherwise, a "restriction by code" cannot be defined
in any meaningful way. It implies that code execution does
not implement the algorithm that the code defines!! What
the code does and does not restrict is open to
interpretation only by the CPU of the machine. The CPU is
impartial, therefore we can assume that if a person did
"hack" a machine then that the code did intend it!!!
You can only really define access by the human processes
needed to set up an access. For example, unauthorized
access could be defined to access through impersonating
someone elses creditials: i.e. stealing a login or access
key that was not intended to be used by you.
Under the definition of "...circmvent..." stealing a
password is allowed! :-)
Page editor: Jonathan Corbet