LWN.net Weekly Edition for June 12, 2003
Embedded Linux and the GPL
Linux and embedded systems are a natural combination. Linux provides the level of control and ability to customize that embedded vendors need; it can also be pared down into a (relatively) small footprint. And, of course, there are no per-unit royalties to be paid; that is a big deal for many applications. It is not surprising that an increasing number of gadgets have a Linux kernel running inside them.Much of the code running in those systems is licensed under the GPL. While no royalties need be paid for the distribution of GPL-licensed code, there are other obligations which must be met. In particular, a Linux-powered gadget is supposed to come with either (1) a copy of the source for the code running inside, or (2) a written offer to ship the source anytime in the next three years. While some companies (e.g. TiVo) make their source available, it would seem that some other embedded system vendors are forgetting about this obligation when they ship their boxes.
Recently, Andrew Miklas noticed that his Linksys WRT54G wireless access point was running GPL-licensed software, including a 2.4.5 kernel and the BusyBox tool suite. The product contains no source, offer of source, or even acknowledgement of the GPL software running inside. Attempts to obtain source from Linksys have, so far, been unsuccessful. The Free Software Foundation is now taking an interest in this case.
Linksys, it seems, is not alone in this behavior. Products from Belken, Buffalo Technology, and QLogic have also been shown to have Linux inside, with no source forthcoming. Lest one despair completely, however, it's worth looking at Colm MacCárthaigh's experience with his Dell TrueMobile 1184 router. Not only was he able to (eventually) get the source from Dell; his efforts also convinced Dell to include a source CD with the product.
Mr. MacCárthaigh's experience is worth noting for a couple of reasons. The first is that Dell was simply unaware that it was supposed to make source available. In most GPL violation cases, the real problem is that the company involved is unaware of its obligations under the license; GPL violations tend to be unintentional. With some persistence - and politeness - it is usually possible to get these companies to move into compliance with the GPL. The Free Software Foundation has been very good at this in the past; in contrast with its loudness on other fronts, the FSF treats GPL problems with discretion and tact. As a result, most GPL violators are brought around to compliance without being pushed into full-scale defensive lockdown.
The other thing to note is that Mr. MacCárthaigh did not get anything all that exciting for his efforts: a stock 2.2.14 kernel with a widely-available patch set. In the Linksys case, many Linux users are getting worked up about the prospect of extracting a new set of wireless network drivers by forcing a release of code. These users will almost certainly be disappointed. The drivers in question will be implemented as loadable modules which, until some disgruntled kernel developer proves otherwise in court, are legal to distribute for use with the kernel. Linksys owes its customers the source for its Linux kernel, BusyBox, and any other GPL software that it includes in its product. But it is under no obligation to open up any proprietary drivers that it is using.
The truly sad part is that embedded system vendors need not even provide source which can be rebuilt and loaded into their devices. As reported here in May, there appears to be no legal impediment that can prevent systems vendors from requiring kernels to be signed by a private key before they can be run. You can look at what your Linux-powered device is running (if you trust the vendor to provide the true source for the binaries in the box), but you may not be able to change it.
Even so, it is important that distributors of GPL-licensed software live up to the obligations imposed by that license. There is a vast body of highly capable software which is available under the GPL, and all that's required to be able to use it is to make the source available under the same license. That is a small price to pay for free (of charge) access to software that, by some estimates, is worth over a billion dollars.
Update: since this article was first published, Linksys has stated that it will release the source for the GPL-licensed code running in the WRT54G router.
LZW is Free! (Almost)
[This article was contributed by Joe 'Zonker' Brockmeier]
The LZW patent is nearing its expiration date. Appropriately enough, patent 4,558,302 expires next Friday, June 20 -- plan your parties accordingly. At least if you're in the U.S. -- the patent will continue to be valid for a little longer in several other countries.
Unisys sat on the patent for nine years before it attempted to start collecting royalties on software that made use of LZW to create images in the Graphics Interchange Format (GIF), and for the use of GIFs on websites. Unisys really started putting the pressure on in 1999, however, asking web site operators to fork over a fee of $5,000 just to use GIFs on a publically-accessible website or an Intranet site. You could also get a license to cover both a "Billboard" site and an Intranet for the low, low fee of $7,500.
Pressure is a relative term. Unisys was never successful in garnering the licensing fees from the majority of sites that use GIFs, nor did they conduct an RIAA-style search for sites using GIFs to send threatening letters to. And, compared to Amazon's "one-click" patent, the LZW patent looks almost reasonable.
Nevertheless, the Unisys money-grab inspired a deep loathing in quite a few Webmasters and other users who had already been using GIFs or the LZW algorithm for quite some time, and who resented the sudden demand for royalties. Thus the Burn All GIFs day was born. Thanks to their GIF efforts, Unisys has the dubious honor of being one of the first companies to awaken the Free and Open Source software communities to the danger of software patents.
Don Marti, webmaster for the Burn All GIFs site, said it's yet to be seen how successful the Burn All GIFs project has been.
The W3C's decision to declare itself a patent-shenanigans-free zone is a positive development, and other information technology standards bodies should also drop the idea of "UFO" (Uniform Fee Only) patent policies, which impose prohibitive transaction costs on free software and small companies.
Marti also noted that the W3C's royalty-free policy is a step forward for Free and Open Source software developers.
Of course, it's not all about GIFs. The LZW algorithm is also found in a number of other graphics formats and in programs that compress data. GIFs are merely the most widely-recognized use of LZW. For example, LZW is used in the Unix "compress" utility, which led to the creation of the widely-used gzip as a replacement.
It's unlikely that the Free and Open Source community will rush back to using the LZW algorithm, now that it has been effectively replaced. But even as it re-enters the public domain, the LZW tale serves as a cautionary tale of the dangers of software patents. It won't be the last.
Penguin Computing acquires Scyld
Penguin Computing announced on June 10 the signing of an agreement to acquire Scyld Computing, the Beowulf cluster software and services company started by Donald Becker. This acquisition is a significant step being taken by one of the true survivors among Linux companies. So we dropped Penguin Computing founder Sam Ockman a few questions; here's what he had to say.Why has Penguin Computing decided to acquire Scyld at this time?
Most of our business has historically come from our enterprise customers. About a year ago they started to get very interested in high performance computing (HPC). Now an increasing number of our customers have their own clusters.
Corporate customers really care about "total cost of ownership". It's a term that is used derisively in the Linux community, but in the enterprise it's very important. Scyld has engineered the best management framework for clusters, so it was a natural fit for us to buy them.
How do you expect Penguin's cluster offerings to change as a result of the Scyld acquisition?
Simultaneously, we will be concentrating on longer term goals. We have a very clear vision as to where clustering is going. There is going to be a lot of innovation in the next few years.
Based on extensive input from the existing customers of both companies, we have already begun work on the next generation of software and hardware solutions for the HPC space.
What are your expectations for the Linux cluster market over the next few years?
Job scheduling and resource utilization will become more and more important as clusters are shared throughout a corporation. We're working on some very elegant solutions to these problems.
Some of your competitors have been targeting specific markets - bioinformatics, for example. Does Penguin anticipate taking a similar path with its offerings?
What's great about Scyld is that it's an analogous situation. Don Becker, the founder and CTO of Scyld is the inventor of Beowulf. So Scyld's software and knowledge have grown with the market.
That said we're now seeing considerable growth in biotech, Computational Fluid Dynamics (CFD) and Electronic Design Automation (EDA). We're gaining customers that are using clusters in each of these fields. As we do, our knowledge increases, and new customers come our way, often recommended by word of mouth.
But it's not just those three fields either; it's amazing some of the things our clusters are being used for. Clusters are being used almost everywhere there is a computationally intensive problem. And it's not just in places where supercomputers would have been used before. Because the cost of a cluster is at least an order of magnitude less than a monolithic supercomputer, it has opened up whole new markets.
Penguin Computing has managed to survive in a market (Linux-installed systems) where many others have failed. What have you done differently to be able to succeed in this way?
Another way of phrasing that question, perhaps, is: why should a customer buy a server (or a cluster) from you, rather than from a large vendor like Dell?
Dell's an interesting comparison choice. If you want real support from them you have to buy something called DLine Plus. For fifteen problems over three years you pay $2,999 extra.
At Penguin Computing we include all of our experience, and completely support the server for no additional charge. We've been engineering and supporting Linux servers longer than Dell and IBM.
On the cluster front, it's an even easier choice. With the acquisition of Scyld we have the best management framework for Beowulf clustering. And Don and his team have more knowledge about Beowulf than anyone else. After all Don invented it!
Scyld has a number of resellers, including Hewlett-Packard, and we definitely value those relationships. So, HP or any of Scyld's other resellers is also a very good choice for clusters.
Are you willing to release any sort of annual revenue information for Penguin Computing? Or, perhaps, some sort of server volume figures?
Does Penguin employ contributors to any free software projects? Which ones?
Another project that is near and dear to our hearts is lm_sensors. We often have to write new code to make lm_sensors work with our next generation servers, and we make sure that we GPL all of that. Some other projects that we've contributed to include LCDproc.
In addition to directly writing code, we do a lot to support the Linux and Open Source community. We're a corporate patron of FSF/GNU and have also donated servers to them (including the server they use to run their mailing lists). Penguin Computing has also given servers to H. Peter Anvin so he could develop RAID-6. Finally, along with BitMover, we provide and host kernel.bkbits.net, which is used by many of the senior kernel developers.
An open letter to SCO
We recently sent the following letter to several contacts at SCO and its public relations agency:
The SCO Group has made repeated claims that Linux contains code taken from proprietary Unix. On the basis of these claims, a $1 billion lawsuit has been filed against IBM, and letters have been sent to many Linux users warning that they may face legal liability. You have publicly compared the Linux community to thieves and liars. What you have not done is to back up your claims in any way, with the result that you have now been hit with legal notices for unfair competitive practices in two countries.The Linux and free software communities take great pride in their ability to develop code which is inferior to none. They have no interest in stealing code from anybody; Linux hackers are not so dishonest, and, frankly, most of them believe that they can do a better job themselves. Linux is an implementation of a number of well-published standards, but it is an original work.
That said, if it turns out that there is stolen code in the Linux kernel (or elsewhere) the community very much wants to know about it. We would like to remove that code and find out how it came to be included in the first place. Anybody who turns out to have contaminated Linux with proprietary code will, to say the least, not be welcome in our community in the future. If this has happened, we want to get to the bottom of it even more than you do. We do not want it to happen again.
You have made grave accusations against our community and caused a great deal of concern in that community and beyond. You now owe it to us to back up those accusations.
You need not - at this point - reveal any proprietary code of yours. But you owe it to us to point out which code in Linux is, by your claims, stolen from you. This code, by virtue of having been distributed by many (including you) in source form, can no longer be held to be confidential; SCO's claims to that regard are unconvincing. You will not violate any confidentiality by simply indicating which code you are taking exception to.
SCO claims that the Linux community would use any such disclosure to remove the evidence ("That's like saying, 'show us the fingerprints on the gun so you can rub them off.'" - Darl McBride in the Wall Street Journal). This claim, too, is unconvincing. The development history of Linux is public and cannot be erased; all the evidence you need can be found on SCO's own distribution disks. There is no way to "rub off" those fingerprints. Yes, the Linux community would quickly remove any code that was shown to be proprietary, but that would not change the evidence for your case and you know it.
Making a demonstration for a limited number of reporters under NDA is inadequate. Your NDA excludes the people who can best make judgements on the origins of code and prevents the development community from addressing any wrongs that may have occurred.
Instead, if you point out the code the Linux community will track down its origins far more quickly and effectively than your lawyers ever could. Your refusal to do so only suggests that you fear exactly that: a careful investigation could show that any common code comes from a freely available source. If your claims are honest and legitimate, you owe it to the community to back them up.
If SCO is serious about its claims, it is time to show some integrity and expose those claims to general scrutiny. Please, SCO, show us the code.
We did actually get a response back from them. Here's SCO's statement:
An SCO representative has since stated that the offending code is in the Journaling Filesystem (JFS), NUMA, and SMP support. JFS is an obvious, large contribution from IBM, and, though it originally comes from OS/2, it could conceivably contain some of SCO's code. JFS is good stuff, but its loss would affect very few Linux users.
The initial NUMA support was contributed by Kanoj Sarcar, then at SGI. IBM has since improved that code, of course. It is well known that Linux SMP support was initially helped by the company then known as Caldera. It has since seen work by a great many people. It is conceivable, though improbable, that a significant amount of proprietary code could have been sneaked in somewhere.
But, without knowledge of the code that SCO objects to, it will be impossible to independently verify whether any of it has been copied or not. SCO continues to hide behind the "confidentiality" of code which has been publicly distributed, with the result that nobody can ascertain whether its claims have merit or not. Perhaps that is the point.
Who is selling SCO stock?
SCO's stock has gone up significantly in value since the company filed its suit against IBM. There has been speculation that the real purpose of the whole operation was to inflate the stock price and give insiders a chance to cash out before it all falls apart. Insider trades must be publicly documented, of course, so we took a moment to see what has happened so far.Perhaps the most interesting filing so far is this S/3A form, first filed in February and since updated several times. It appears that two external stockholders, John R. Wall and Morgan Keegan & Co., have decided to dump an even million shares that they hold. SCO has gone through the whole registration process - at its expense - to make this happen, but the proceeds go directly to the two sellers.
Mr. Wall got his (800,000) shares at the end of 2002 (along with $100,000 in cash) for a $1 million note payable by Vista.com, a company he founded. Those shares, at current prices, are worth nearly $7 millon. Not a bad deal.
Morgan Keegan was retained by the company "to act as an exclusive financial advisor to assist the Company in its analysis, consideration and if appropriate, execution of various financial and strategic alternatives available to it including, but not limited to, securing additional equity and/or debt capital and potential strategic transactions including mergers, acquisitions and joint ventures" (2002 annual report). The cynical among us might conclude that a "strategic alternative" has indeed been chosen. There is, however, no evidence that either of these two large shareholders have anything to do with the lawsuit - they are simply happy beneficiaries.
There have been some recent sales by SCO executives:
- Opinder Bawa has
one
filing for having sold 15,000 shares, and another
for 8,000 shares. He would appear to have sold all the shares he
possesses (but he still has a lot of options).
- Robert Bench
has three filings: 7000
shares, 5000
shares, and 4100
shares.
- Jeff
Hunsaker sold 5000
shares at the beginning of June.
- Darl McBride sold 7000 shares just after the suit was filed.
The record thus shows a small amount of cashing-in as the stock price goes up, but, with the exception of the large sale by John Wall and Morgan Keegan, nothing all that significant. If all this is truly an effort by SCO management to cash out, the people involved have not yet made their move.
Security
Brief items
Some interesting publicity
For today's amusement, let's look at this TechWeb article on patch management. In the middle of the article one finds:
The first claim - that a given Linux server gets more updates than a given Windows server - could at least be verified. Whether the figure means anything is another story. Updates to a Linux system cover the vast array of packages available there. Many of them result from active code audits and fix obscure problems that are difficult to exploit. Of the large number of security problems fixed by Linux distributors each year, it is a good bet that most of them are never exploited to compromise even a single system. How many systems have you encountered that are threatened by any of these recently-patched problems?
- The Hangul Terminal
vulnerability ("Since it is not possible to embed a carriage
return into the window title the attacker would then have to convince
the victim to press 'Enter' for it to process the title as a
command...")
- Insecure temporary files in
gzip. It is a local vulnerability, but the chances of it
being used are very small.
- The file vulnerability, which requires an attacker to convince the system administrator to run "file" on a specially-crafted file.
...and so on. It is good that these problems are being fixed, but they do not threaten most users. The updates to that Windows system, instead, are far more likely to be addressing serious vulnerabilities that are being actively exploited.
The second claim in the TechWeb article ("many of the attacks aimed at Windows vulnerabilities are written by Linux experts") requires a response. How, exactly, did they come by this information? It is, after all, rare for authors of malware to include their resumes with the code. This statement is pure slander which has been reported as fact. One can only hope that a correction will be forthcoming.
New vulnerabilities
atftp: buffer overflow
| Package(s): | atftp | CVE #(s): | CAN-2003-0380 | ||||||||
| Created: | June 9, 2003 | Updated: | June 12, 2003 | ||||||||
| Description: | Rick Patel discovered that atftpd is vulnerable to a buffer overflow when a long filename is sent to the server. An attacker could exploit this bug remotely to execute arbitrary code on the server. Read the full advisory for more information. | ||||||||||
| Alerts: |
| ||||||||||
eterm: buffer overflow
| Package(s): | eterm | CVE #(s): | |||||||||
| Created: | June 9, 2003 | Updated: | June 12, 2003 | ||||||||
| Description: | "bazarr" discovered that eterm is vulnerable to a buffer overflow of the ETERMPATH environment variable. This bug can be exploited to gain the privileges of the group "utmp" on a system where eterm is installed. | ||||||||||
| Alerts: |
| ||||||||||
gzip: insecure temporary files
| Package(s): | gzip | CVE #(s): | CVE-1999-1332 CAN-2003-0367 | ||||||||||||||||
| Created: | June 9, 2003 | Updated: | June 16, 2003 | ||||||||||||||||
| Description: | Paul Szabo discovered that znew, a script included in the gzip
package, creates its temporary files without taking precautions to
avoid a symlink attack (CAN-2003-0367).
The gzexe script has a similar vulnerability which was patched in an earlier release but inadvertently reverted. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
hanterm: two vulnerabilities in Hangul Terminal
| Package(s): | hanterm | CVE #(s): | CAN-2003-0077 CAN-2003-0079 | ||||||||
| Created: | June 6, 2003 | Updated: | June 11, 2003 | ||||||||
| Description: | Hangul Terminal is a terminal emulator for the X Window System, based on Xterm.
Hangul Terminal provides an escape sequence for reporting the current window title, which essentially takes the current title and places it directly on the command line. An attacker can craft an escape sequence that sets the window title of a victim using Hangul Terminal to an arbitrary command and then report it to the command line. Since it is not possible to embed a carriage return into the window title the attacker would then have to convince the victim to press Enter for it to process the title as a command, although the attacker could craft other escape sequences that might convince the victim to do so. In addition, it is possible to lock up Hangul Terminal before version 2.0.5 by sending an invalid DEC UDK escape sequence. | ||||||||||
| Alerts: |
| ||||||||||
KDE: vulnerability in SSL implementation
| Package(s): | KDE | CVE #(s): | CAN-2003-0370 | ||||
| Created: | June 6, 2003 | Updated: | June 11, 2003 | ||||
| Description: | KDE versions 2.2.2 and earlier have a vulnerability in their SSL implementation that makes it possible for users of Konqueror and other SSL enabled KDE software to fall victim to a man-in-the-middle attack. | ||||||
| Alerts: |
| ||||||
mod_php: integer overflow
| Package(s): | mod_php php | CVE #(s): | |||||
| Created: | June 9, 2003 | Updated: | June 12, 2003 | ||||
| Description: | The PHP emalloc() function implements the error safe wrapper around
malloc(). Unfortunately this function suffers from an integer overflow and
considering the fact that emalloc() is used in many places around PHP
source code, it may lead to many serious security issues. Read the full
advisory.
The function str_repeat(string input, int multiplier) returns input repeated multiplier times. The implementation of this function suffers from a simple integer overflow caused by a very long second argument and could allow a local/remote attacker in the worst case to gain control over the web server. Read the full advisory. The function array_pad(array input, int pad_size, mixed pad_value) returns a copy of the input padded to size specified by pad_size with pad_value. Unfortunately the implementation of this function suffers from an integer overflow caused by a very long second argument and could allow a local/remote attacker in the worst case to gain control over the web server. Read the full advisory. | ||||||
| Alerts: |
| ||||||
XaoS: improper setuid-root execution
| Package(s): | xaos | CVE #(s): | |||||
| Created: | June 9, 2003 | Updated: | June 11, 2003 | ||||
| Description: | XaoS, a program for displaying fractal images, is installed setuid root on certain architectures in order to use svgalib, which requires access to the video hardware. However, it is not designed for secure setuid execution, and can be exploited to gain root privileges. | ||||||
| Alerts: |
| ||||||
Resources
LinuxSecurity.com newsletters
The latest Linux Advisory Watch and Linux Security Week newsletters from LinuxSecurity.com are available.
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current development kernel is 2.5.70, which was released on May 26.Patches continue to accumulate in Linus's BitKeeper tree; among the almost 900 patches there can be found a fair amount of driver model work (see below), some extensive PCI bus cleanups (dealing with potential race conditions there), the big IDE changeover to taskfile I/O, a new /proc/kallsyms file, support for per-CPU variables in modules, a change the kmalloc_percpu() interface, an Atmel at76c50x wireless driver, a long-sought fix for hanging TCP sessions, an improved slab allocator which performs better in busy, multi-processor situations, some kbuild tweaks, an ALSA update, a set of hash function changes to deal with algorithmic complexity attacks, a FAT filesystem rework (if you have been waiting to be able to create FAT partitions greater than 128GB, this patch is for you), a v850 subarchitecture merge, a RAID update, the removal of the long-deprecated callout TTY device (/dev/cua) support, and several other fixes and updates.
The current stable kernel is 2.4.20. Marcelo released 2.4.21-rc8 on June 10, saying "If
nothing really bad happens in 2 days, this becomes final.
"
There is already a certain amount of disagreement over 2.4.22. In particular, a number of people would like to see an ACPI merge in the release - the current ACPI code has been languishing outside of the official kernel for over a year. Marcelo's response is that 2.4.22 is supposed to come very quickly (within two months) and ACPI is too big, so it will have to wait for 2.4.23. There has been some predictable grumbling over this decision; a lot of people are waiting for a real ACPI merge. Marcelo appears to be uninclined to change his mind, however.
Kernel development news
Reworking system devices
"System" devices, as seen by the Linux device model, are components wired deeply into the core of the system, and which do not sit on a separate bus. Such devices include the CPUs, interrupt controller, timer, etc. They do not behave like most other devices (for example, you cannot open and write to them), and they are usually a vital part of the system as a whole. System devices are easily confused with "platform" devices - things like serial and parallel ports which usually are found on the system motherboard, but which act more like regular peripherals.
Up through 2.5.70, the Linux device model has treated system devices like
most other devices. There is a fake "system bus" to which system devices
"attach", and the usual driver methods are expected to be present. But, as
Patrick Mochel noted in his patch
reorganizing the system device API, "System devices are special, and
after two years of listening to Linus preach this, it finally sunk in
enough to do something about.
"
System devices are special in a number of ways. You generally know that they have to be present (you don't have to go probing for them), and there is little point in trying to load a driver for them. When dealing with power transitions (suspending or resuming the system), system devices need to be the last to shut down and the first to restart. They have weird interfaces that no other devices have; consider, for example, controlling CPU frequency policy. System devices, in other words, need to be treated in their own, particular way.
So, as of 2.5.71, there is a new API and user-space interface for working with system devices. There is a new include file (<linux/sysdev.h>) which defines a class type for system devices:
struct sysdev_class {
struct list_head drivers;
/* Default operations for these types of devices */
int (*shutdown)(struct sys_device *);
int (*save)(struct sys_device *, u32 state);
int (*suspend)(struct sys_device *, u32 state);
int (*resume)(struct sys_device *);
int (*restore)(struct sys_device *);
struct kset kset;
};
A new type of system device is set up by filling in one of those structures and passing it to sysdev_class_register(). An actual system device is then created by filling in one of:
struct sys_device {
u32 id;
struct sysdev_class * cls;
struct kobject kobj;
};
and passing it to sys_device_register(). The class-specific suspend and resume functions will now be called at the right times for that device, and a new sysfs directory will show up under /sys/devices/system with a default set of attributes.
For more complicated sorts of devices, it is still possible to register one or more "drivers" which add functionality. There is yet another structure to fill in:
struct sysdev_driver {
struct list_head entry;
int (*add)(struct sys_device *);
int (*remove)(struct sys_device *);
int (*shutdown)(struct sys_device *);
int (*save)(struct sys_device *, u32 state);
int (*suspend)(struct sys_device *, u32 state);
int (*resume)(struct sys_device *);
int (*restore)(struct sys_device *);
};
A call to sysdev_driver_register() will associate this driver with a specific system device class. Multiple drivers can be registered; each will be given a chance to respond to events involving devices in the given class. The add() and remove() methods allow the driver to respond to the creation or destruction of system devices - generally by adding or removing attributes to their sysfs entries. Thus, "drivers" in this context take on the functions handled by "interfaces" elsewhere in the driver model.
The new system device mechanism is thus a sort of hybrid combination of the device, driver, bus, and class structures used by "regular" devices. The new code is, perhaps, a step in the right direction, but it clearly illustrates one thing: the Linux device model still has not stabilized, and may not for a while yet. The device model is a major change to how things are done in the kernel, and the developers are still feeling around for the best way of doing things.
The Kernel Janitor patchsets
The Kernel Janitor project is getting organized, as can be seen in this announcement regarding the new "KJ" patchset series. Essentially, this patchset is an attempt to pull together and organize the numerous janitorial patches out there. With luck, the result should be cleaner kernel.Janitorial patches can have a difficult path into the kernel. Anybody who has sent patches to Linus knows that they often disappear into the void, never to be heard from again. Getting patches applied can require a fair amount of persistence and effort. The patches must be updated to apply cleanly to each new kernel release and resubmitted; eventually you may catch Linus in the right mood, and he'll either apply the patch or tell you why he won't.
Carrying patches forward and resubmitting them can be a significant load for kernel developers. It can be hard enough when the patch does something new and exciting. But even the most determined janitor can get discouraged with maintaining cleanup patches which seem to never get applied. It is not uncommon for developers to simply give up on patches after a few iterations.
Mechanisms like the Trivial Patch Monkey can help. The Monkey will resubmit patches to Linus after every new kernel release as long as (1) they still apply, and (2) they do not get merged. This system lets developers forget about the really boring patches, on the assumption that they will eventually go in.
Many cleanup patches are not trivial enough for the Trival Patch Monkey, however. The new KJ patchset appears to be an attempt to create a mechanism for such patches. To be included in -kj, a patch must be approved by at least two kernel janitors project developers (how they decide who is in the club is unspecified) and must not be vetoed by anybody. After a trouble-free week in -kj, patches can be forwarded on to the top-level tree maintainers.
The first patch set in this series is 2.5.70-bk13-kj.
Inside the Linux kernel debugger (developerWorks)
The developerWorks site has posted a detailed tutorial on the KDB kernel debugger. "In this article we'll start with information on downloading KDB patches, applying them, (re)compiling the kernel, and starting KDB. Then we'll get into the KDB commands and review some of the more often-used commands. Finally, we'll look at some details about the setup and display options."
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
On SuSE's Dramatic Rise and Mandrake's Uninspiring Lethargy
[This article was contributed by Ladislav Bodnar]
These are good times for Linux. The frequency of news releases about Linux adoption in governments, educational institutions and private companies has increased spectacularly since the beginning of this year and hardly a day goes by without a success story. Relax and smile, Linux is winning.Two weeks ago, we covered SuSE's achievement as a major force behind Munich's decision to switch 14,000 computer systems from Windows to Linux. By mentioning SuSE again, we are breaking the unspoken rule of providing balanced coverage of various Linux distributions; yet SuSE has been in the media so often recently, that it is hard to refuse its courting. If for no other reason than for the fact that SuSE is -- wait for this -- recruiting new employees.
Yes, in these times of layoffs and downsizing a Linux company is seeking new personnel. Unbelievable, perhaps, but true, at least according to this announcement, which appeared on the main page of SuSE's German language web site earlier this week. Even better, most of these openings are technical positions for software engineers and project managers. Refreshing news indeed.
SuSE appears to be the main driving force behind the positive Linux sentiment. At first, it was the Munich deal which caught media attention, but the good news didn't end there. An internal memo from Microsoft's CEO Steve Ballmer, warning about the Linux challenge, was widely publicized around the world. The sudden rise in stock prices of several Linux companies, followed by a second major price cut of Microsoft products in as many weeks were taken as a further indication of the Linux revolution finally happening. SuSE's subsequent announcement about the release of its new, enterprise-level product called SuSE Linux Desktop was seen as yet another proof that Linux is now a serious competitor -- not only on servers, but on desktops too.
The immaculate timing of all these events was further complemented by a report in ITNews:
In sharp contrast to SuSE's continuous presence in the media, things
have been extremely quiet across the border in Paris, the headquarters
of MandrakeSoft. The company was in the headlines in January this year
when it filed for protection from creditors and again some three months
later, when it released Mandrake Linux 9.1. "Good
product
", was the general consensus shared by most reviewers.
But once the new release hysteria died off, so did Mandrake's
appearance in news feeds. If anything, news wasn't good:
"Wal-Mart replaces Mandrake PCs with SuSE PCs
", claimed OSNews last
week, while PCLinuxOnline
reported earlier that "Deno is about to leave
MandrakeSoft
". This is a major blow for Mandrake as Denis Havlik
was the initiator of the financially successful MandrakeClub
subscription service and the sole maintainer of Mandrake's web sites
for several months.
Now, why is it that one Linux company is on a major success path, while the other appears to be barely limping? Why is it that SuSE's sales force has managed to sign up Munich and Debeka, while Mandrake's marketing department has nothing exciting to report? If Munich can switch to Linux, why not Marseilles? Of course it can. But for that to happen, the Mandrake sales team has to go out and demonstrate the viability of its products. There has never been a better time -- Linux sentiment is at its highest since late nineties, the OS has matured and there are success stories to show. Mandrake has to conceal its pride, learn from SuSE and get customers. If they don't, they might wake up one day and find out that Marseilles is indeed running Linux. Unfortunately for them, not Mandrake Linux.
Distribution News
Debian GNU/Linux
The Debian Weekly News for June 10, 2003 is available. Topics include Debian X Strike Force Subversion Repository; Freedesktop Menu System; Status of Sarge Release Issues; Version Control for Packages File; Problems Linking to OpenSSL; Debian's 10th Birthday; Recommendations for Knoppix DVD; a Call For Votes; and much more.
Registration for Debconf 3 and Debcamp will
close June 16. "People who want to participate in deb{conf,camp}
but prefer not to register by the 16th of june are welcome anyway, but
should not expect accommodation, food, tshirts, books, nametags, printed
conference materials, cars or personal conference hostesses.
"
Linmagau has an article on Compiling Kernels The Debian Way, with a step by step walk through the process of getting kernel source, configuring, compiling and building a custom kernel package that can be installed using dpkg. (Found on DebianPlanet)
DebianPlanet reports that significant progress has been made using the GNU C library as a base instead of FreeBSD's libc. The result has been a great improvement in portability.
Gentoo Weekly Newsletter -- Volume 2, Issue 23
The Gentoo Weekly Newsletter for June 9, 2003 is available, with a look at the Gentoo platform on MacOS X; Hardened Gentoo; and more.Slackware Linux
Slackware Linux reports numerous changes to slackware-current. As usual the changelog has all the details. Perl has been recomplied for i486/i686 arch; python has been upgraded; DBI and DBD-mysql modules were added by popular request; lots of other upgrades to tcl, gimp, lprng and other packages.Footnotes, the site for Gnome Desktop News has declared Dropline GNOME 2.2.3 fit for society. This version of Slackware's GNOME desktop includes the very latest GNOME 2.2-series software, fully i686-optimized.
SOT Linux 2003 and SOT Office 2003 released
SOT has announced the release of SOT Linux 2003 and SOT Office 2003. "SOT's 2003 releases mark a shift in the company's philosophy towards a purely open source platform. All proprietary software in earlier SOT Linux releases has been replaced in the new version with open source equivalents."
New Distributions
Aurox Linux
Aurox Linux is an international distribution, hailing from Poland. Aurox CDs are published with "Aurox Linux" magazine available in several language versions, including Polish, Czech, German, French and Spanish, in 9 countries of Europe. Aurox Linux is based on Red Hat Linux and Aurox Linux 9.0 (based on RHL 9) is the most recent offering.CDLinux
CDLinux is a CD based mini Linux distribution, which runs from a CDROM. It aims to be an administration/rescue tool for Eastern Asian (CJK) users. CDlinux is also highly user configureable, and supports a wide range of hardware (PCMCIA/SCSI/USB). Version 0.4.3 was released June 10, 2003.Does the name CDLinux sound familiar? An old project called CDLinux was aimed at creating a Chinese Debian. That project has not been active in over two years.
System-Down::Rescue
System-Down::Rescue is a free downloadable live distribution. It is designed to recover damaged file-systems, copying the data around other physical discs or networks, or burning them on a CD-ROM using cdrecord. It features a working hardware detection system. Version 1.0.0pre4 was released June 9, 2003.
Minor distribution updates
Bonzai Linux
Bonzai Linux has released version 1.7. More information is available in this DebianPlanet article.Coyote Linux
Coyote Linux has released v2.0.0-pre4 with major feature enhancements. "Changes: This release implements the 2.4.20 kernel, iptables, a caching DNS proxy, and a full Web administrator. A switch to the uClibc core system libraries has allowed the entire distribution to be loaded onto a 1.44Mb format floppy with room to spare."
Damn Small Linux
Damn Small Linux has released v0.3.10 with minor feature enhancements. "Changes: This release updates Naim (AOL, ICQ, and IRC client) and Links-Hacked (an enhanced version of gLinks). Links-Hacked now has tabs. Also new is VNCviewer, the client for Virtual Network Computing."
freevix
freevix has released v0.7 with major feature enhancements. "Changes: The entire system was recompiled aginst uClibc. A full copy of Perl, an OpenSSH server/client, crond, and pure-ftpd were added. The startup script environment was improved, and other minor changes were made."
KNOPPIX
KNOPPIX has released v3.2-2003-06-06 with minor feature enhancements. "Changes: Software updates, a new version of loop-aes, and hardware detection updates. apmd is now always started."
LoopLinux
LoopLinux has released v3.0 with code cleanup. "Changes: This release has been updated to work with Slackware 9.0. The software has also been updated."
openMosix
The openMosix Project has released openMosix kernel patches version 2.4.20-3 and Userspace Tools 0.3.2. "RPMs and Source, plus for the first time, DEBs can be downloaded from the files section of our website. Gentoo ebuilds are also available from the Gentoo mirrors."
Quantian 0.3 released
Version 0.3 of Quantian - a scientifically-oriented Debian offshoot - is now available. Quantian is now based on clusterKnoppix (which gives it OpenMosix support) and has even more scientific applications (GRASS, Comedi, gri, etc.).TA-Linux
TA-Linux has released v0.2.0-beta4 with minor feature enhancements. "Changes: The packages were updated. An MTA and DHCP support were added. XFree86 was updated to 4.3.0. The collection now contains over 450 packages."
ThinStation
ThinStation has released v0.92rc2 with major feature enhancements. "Changes: Refined Samba support, new "group" configuration files for better handling of large groups of thinclients, a new sv keymap package, and other minor changes."
Trustix Secure Linux
Trustix Secure Linux has released version 2.0 Beta 3 (Lightning). "The main focus of this release is to get a test of the few packages that did not get fully tested in the previous releases."
Distribution reviews
Latest Red Hat Delivers Key Apps (TechWeb)
TechWeb reviews Red Hat Linux 9. "I tested some of version 9's feature-rich applications--OpenOffice Productivity Suite, Gimp, Ximian Evolution and Mozilla--and they worked like a charm. OpenOffice provides word processing, spreadsheet and presentation software, and is similar to Microsoft Office. In fact, it can open Microsoft Office documents and save its documents in a Microsoft Office format. Gimp, an image-manipulation tool, is similar to Adobe Photoshop. The Ximian Evolution e-mail client lets you read and send e-mail, manage and search various mailboxes, and filter or create different views. Mozilla, an open-source Web browser, is similar to Netscape and lets users surf the Web, access newsgroups, send e-mail and create Web pages."
Page editor: Rebecca Sobol
Development
The LTI-Lib Computer Vision Library
LTI-Lib is a cross-platform (Linux and Windows) computer vision and image processing library that was written in C++.![[LTI-Lib]](https://static.lwn.net/images/ns/ltlib.jpg)
The library is divided into the following sections:
- Encapsulation of Windows/Linux functionality.
- Linear algebra.
- Classification and Clustering.
- Image Processing.
- Visualization and Drawing Tools.
One interesting feature of LTI-Lib is a Perl language scripting system that can be used to generate template files, making use of the library straightforward. For details, see the LTI-Lib Architecture document, which is part of the Online Manual.
LTI-Lib Version Beta 1.9.3 was announced this week.
"This release provides new functors and features, many bug fixes and more documentation.
"
Dependencies include GCC 2.95.3 or newer, Perl, and the GTK libraries. LTI-Lib has been released under the GNU Lesser General Public License (LGPL). The code is available for download here.
System Applications
Audio Projects
Speex 1.0.1 Released
Version 1.0.1 of the Speex speech codec is available. "This release fixes several minor bugs that were found in version 1.0 as well as a major bug in the wideband encoding. This makes files encoded with 1.0 play with lower quality on 1.0.1 decoders. Upgrading to 1.0.1 is highly recommended, especially for wideband users. As such, reencode wideband files using a 1.0.1 encoder if you can."
Database Software
Firebird 1.0.3 maintenance update
Maintenance release version 1.0.3 of the Firebird database is available. "The Firebird project is pleased to announcement the immediate availability of the v1.0.3 maintenance release. It is a testament to the robustness of Firebird 1.0 that no major problems have been found that have required fixing. However, almost six months have passed since the Fb 1.0.2 and several bug fixes and enhancements have appeared. Rather than letting them molder indefinitely it is better to get them out into the big wide world."
Education
GNU/Linux in education report
Issue #97 of the GNU/Linux in education report is out. Topics include a discussion of a GNU/Linux-based learning system for children, the third Schoolforge Monthly IRC Meeting, processing quizzes with Zope, migrating schools from Microsoft to Linux, a discussion about various Linux distributions that are can be used to introduce students to Linux, and more.
Networking Tools
Sussen v0.2 Released
A new version of Sussen has been released. "Star Chamber Inc. is proud to announce the release of Sussen v0.2. Sussen is a client for the Nessus Security Scanner. It based on the GNOME 2.2 and attempts to take full advantage of the platform."
Web Site Development
Gallery v1.3.4 Release Candidate 2 available (SourceForge)
Version 1.3.4 Release Candidate 2 of Gallery has been announced on SourceForge. "Changes from RC1 essentially amount to small fixes for errors discovered since the first release candidate in the backup_albums.php script and the new "custom fields" code. Gallery is slick, intuitive web based photo gallery with authenticated users and privileged albums."
phpwsBB 0.1.0 released (SourceForge)
SourceForge has an announcenet for version 0.1.0 of phpwsBB. "phpwsBB is a native bulletin board module for the phpWebSite content management system, version 0.9.2 or later. Today we release version 0.1.0 of phpwsBB. Features include anonymous posting, message editing and deletion for registered users, thread locking and message forking for admins, and ... well that's probably it."
TextIndexNG 2.0 Beta 1 released (ZopeMembers)
Zope Members News has an announcement for a new version of TextIndexNG, a fulltext index utility for Zope. New features include search relevence ranking, speedier phrase searching, support for left-truncation and auto-expansion, a better HTML converter, a text/sgml converter, and more.
Desktop Applications
Audio Applications
Ardour Status Update
The Ardour multi-track audio recording utility is undergoing lots of changes prior to the upcoming first release. Changes include a redesign of the transport mechanism, editor window changes, improved thread-safety, multi-channel import, and more.Horgand v0.91 released
Version 0.91 of Horgund, a real-time organ synthesizer, is available. This release features bug fixes, performance improvements, and the removal of unwanted noises.Meterbridge 0.9.2 released
Version 0.9.2 of Meterbridge, A virtual audio meter system for JACK, is available. This version features a number of bug fixes.Rosegarden-4 0.9.1 released
Version 0.9.1 of the Rosegarden-4 MIDI and audio sequencer and score editor has been released. "This is mainly a bugfix release. It is recommended that anyone using Rosegarden-4-0.9 upgrade to this latest release immediately to take advantage of improved quality and stability."
Desktop Environments
New GNOME2 default theme proposal (GnomeDesktop)
Gnomedesktop.org covers a proposal for a new GNOME2 default theme. ""Gnome's default widget look is a very boring one, and maybe one of its weak points [...] most users stay with the defaults, so these should be attractive and make sense"."
GTK+-2.2.2 / GLib-2.2.2 / Pango-1.2.3 released (GnomeDesktop)
GnomeDesktop.org mentions the release of GTK+ 2.2.2, Glib 2.2.2, and Pango 1.2.3, most of the changes are bug fixes, a few new features have also been added.KDE-CVS-Digest
The May 30, 2003 edition of the KDE-CVS-Digest is out. "This week, new tab widgets are in Konqueror (requires Qt 3.2), news on KAudioCreator, MDI support goes into KDE, and more functions and templates are added to KSpread. Also, many bug fixes have been made to KMail, Konqueror, and KWin. Read it all in the latest KDE-CVS-Digest."
KDE-CVS-Digest
The KDE-CVS-Digest for June 6, 2003 is out. The summary says: "Improvements and bugfixes to the new tab code used in Konqueror and now Quanta. Numerous usability enhancements in Kmail, easier keyboard shortcut editing, flickering toolbars fixed. Kdeprint gets a new PPD parser. Kstars hardware interface is extended. And many bug fixes throughout."
KDE Traffic
Issue #54 of KDE Traffic is out. "KOffice updates abound, as well as an update on the continuing saga of Ellis Whitehead. I wonder if penguins make good wives."
XFce4 Beta-1 Release
The first beta release of the lightweight XFce4 desktop environment is available. "XFce 4 is a desktop environment for UNIX-like operating systems. It aims to be fast and lightweight, while still being visually appealing and easy to use. It is based on the GTK+ toolkit version 2 and aims to adheresto the standards defined on freedesktop.org."
Ximian Desktop 2 is out/Evolution 1.4 released! (GnomeDesktop)
According to GnomeDesktop.org, Ximian has released Ximian Desktop 2 along with version 1.4 of Evolution, a personal and workgroup information management application.
Games
Pygame 1.5.6 released
Version 1.5.6 of Pygame, "a set of Python modules designed for writing games", has been released. "This is a release test that needs much testing before the big 1.6. Major new features are; draw arcs and antialiased lines, system fonts, and color utilities. Also several crash fixes for fonts."
Graphics
Gimp 1.3.15 Released (GnomeDesktop)
GnomeDesktop.org has an announcement for version 1.3.15 of the Gimp, a powerful image processing utility. A number of new features, and numerous bug fixes are included in this version.
Interoperability
First Samba 3.0.0 beta available
The first beta release of Samba 3.0.0 is now available for testing. This is a major release with a bunch new features, including Active Directory support, Unicode handling, a new authentication system, a new filename mangling setup ("this needs lots of testing"), better printing support, and lots more. See the release notes for more information.
Wine Traffic #173
Issue #173 of Wine Traffic has been published. Topics include: RedHat 9 RPM's Available, ReactOS Regedit Merge, WinINet Work, Adding a Root Drive Mapping, and CVS Commits.
Multimedia
GStreamer 0.6.2 Released (GnomeDesktop)
Version 0.6.2 of Gstreamer, a multimedia framework, has been released. "At this point in time GStreamer is fully functional for creating audio-based applications. The video part is known to be somewhat less functional than the audio part, but applications such as gst-player works very well, and a port of Totem is in progress in GNOME CVS."
Office Applications
AbiWord Weekly News
Issue #147 of the AbiWord Weekly News is online with the latest AbiWord word processor development news. "Frank releases a new utility, AbiBits, for Mac OS X users who love their ProjectBuilder. Along with that, Christian Neumair has more HIGrrrification screenshots to show off, and an official BeOS developer may be waiting in the wings! Win32 users can find out why they should thank Mikey, while POSIX users may want to give a thank you to Stephen Viles."
Glow milestone 0.1 released
The first milestone for Glow, a groupware client for OpenOffice.org, has been released.Gnumeric 1.1.18 is now available (GnomeDesktop)
Version 1.1.18 of the Gnumeric spreadsheet has been announced. "At long last a gtk2 based charting engine is in place. An MS Excel importer is tied in, and its ready to test. Guppi did more, but this is already better than the Gnumeric-1.0.x wrapper for Guppi. The data allocation is much stronger, and easily handles things like vector size changes, and missing values. The rest of the features should fall into place shortly."
Web Browsers
Epiphany 0.7.0 (GnomeDesktop)
GnomeDesktop has an announcement for version 0.7 of the Epiphany web browser. This release features lots of new features and bug fixes.Galeon 1.2.11 and 1.3.5 Released (GnomeDesktop)
GnomeDesktop mentions the release of two new versions of the lightweight Galeon web browser.Mozilla Firebird Raises the Browser Bar (DevX)
DevX reviews Mozilla's Firebird. "Although there are numerous popup-blocking add-ons for Internet Explorer, Mozilla has taken it one step further: popup-blocking capability is built into the browser. It's not an afterthought. If you have some sort of strange popup ad fetish or you visit sites that use popups for necessary functionality, you can turn the feature off (even for individual sites), but personally, I'm only sorry that the popup blocker doesn't also make the person responsible for the popup ad turn into a toad or something equally unpleasant. Popup blocking may not be a sufficiently persuasive reason to switch browsers, but tabbed browsing is a major advance."
AdBlock 0.3 Available for Mozilla Firebird (MozillaZine)
A new version of AdBlock, an image filtering add-on for Mozilla Firebird has been announced.Mozilla Status Update
The June 6, 2003 Mozilla Status Update is out with the latest Mozilla development news.
Miscellaneous
Kontact Progress: New Summary View
KDE.News mentions recent progress on the Kontact personal information management (PIM) system. "The integration of KMail, KOrganizer, KAddressBook and KNotes is nearly finished now and over the weekend the summary view -- which can display current weather information and the upcoming events such as birthdays -- was added. It is planned to get the groupware functionality working in time for the LinuxTag in Karlsruhe and present a replacement for Outlook/Exchange."
Languages and Tools
Caml
Caml Weekly News
The June 3-10, 2003 Caml Weekly News is out with a bunch of new articles on the Caml language.
Java
OpenEJB 0.9.2 released (SourceForge)
Version 0.9.2 of OpenEJB has been announced on Sourceforge. "The 0.9.2 release contains a neat surprise for OpenEJB/Tomcat users -- TOOLS! The new integration features a webapp with a setup verifier, JNDI browser, EJB viewer, Class browser, and even an Object invoker!"
Making Sense of Java's Dates (O'Reilly)
Philipp K. Janert, Ph.D. looks at date handling from Java on O'Reilly. "Over all of the issues concerning leap seconds, time zones, daylight savings time (DST), and lunar calendars, it is easy to forget that measuring time is a very simple concept: time progresses linearly."
Lisp
GCL 2.5.3 released
Version 2.5.3 of GCL, Gnu Common Lisp, has been released. "This is a minor bugfix release, primarily reintroducing object_to_float and object_to_double required in general C interfacing, and in Axiom in particular. Also removed references to the obsolete multiply-bignum-stacks from the documentation." Thanks to Lars Brinkhoff.
Perl
This Week on perl5-porters (use Perl)
The June 2-8, 2003 edition of This Week on perl5-porters has been published. "What happened this week ? Interesting bugs were found, and solutions proposed ; new areas explored, technical points raised, and patches applied."
This week on Perl 6 (O'Reilly)
The June 1, 2003 edition of This week on Perl 6 is out with the latest Perl 6 development news.Regexp Power (O'Reilly)
Simon Cozens explains the capabilities of Perl's regular expressions on O'Reilly. "Everyone knows that Perl works particularly well as a text processing language, and that it has a great many tools to help the programmer slice and dice text files. Most people know that Perl's regular expressions are the mainstay of its text processing capabilities, but do you know about all of the features which regexps provide in order to help you do your job?"
PHP
PHP Weekly Summary
Issue #140 of the PHP Weekly Summary is online. Here's the content summary: "ActiveState ActiveAwards nominations, Sybase with PHP 5, Upload progress meter, strip_tags(), mnogosearch extension, define()d constants, 4.3.2 benchmarks, Removing namespaces from 5.0."
Python
Dr. Dobb's Python-URL!
The Dr. Dobb's Python-URL for June 9, 2003 is out with a selection of discussions, announcements and links on Python related topics.How-To Guide for Descriptors
Raymond Hettinger has published a How-To Guide for Descriptors for the Python language. The abstract says: "Defines descriptors, summarizes the protocol, and shows how descriptors are called. Examines a custom descriptor and several built-in python descriptors including functions, properties, static methods, and class methods. Shows how each works by giving a pure Python equivalent and a sample application."
Pexpect version 0.98
Version 0.98 of Pexpect, a Python module that works like Expect, has been released. "Pexpect is a pure Python module for spawning child applications; controlling them; and responding to expected patterns in their output. Pexpect works like Don Libes' Expect. Pexpect allows your script to spawn a child application and control it as if a human were typing commands."
Tcl/Tk
This week's Tcl-URL
Dr. Dobb's Tcl-URL for June 11 is out with the latest from the Tcl/Tk development community.
XML
Regular Expression Matching in XSLT 2 (O'Reilly)
Bob DuCharme covers regular expressions in XML on O'Reilly. "Because XSLT is for manipulating XML documents, and XML documents are text, XSLT developers with any experience in Unix-based utilities often wish that XSLT would let them use regular expressions. XSLT 2.0 grants this wish."
Introducing Examplotron (IBM developerWorks)
Uche Ogbuji introduces Examplotron on IBM's developerWorks. "A zoo of XML schema languages is out there, and although some of the beasts are bigger than others none is as friendly as Examplotron. With Examplotron, your example XML document is your schema, for the most part. It requires you to learn very little new syntax, and most of the core features of XML can be specified by providing representative examples in the source. In this article, Uche Ogbuji introduces Examplotron, providing plenty of, well, examples."
Editors
Conglomerate 0.5.1 released
Version 0.5.1 of Conglomerate, an XML editor, has been released. "This is an UNSTABLE release: it will crash from time to time, along with numerous other problems. However it should do this in a stylish way."
Version Control
Running Arbitrary Scripts Under CVS (O'ReillyNet)
Jennifer Vesperman shows how to run scripts from CVS on O'Reilly. "CVS is a useful version control tool. Version control is not the only aspect of building a project or maintaining a service, though. This article is about the hooks CVS includes to allow you to expand it and integrate it with other tools."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Darl McBride doesn't understand Linux (NewsForge)
Robin 'Roblimo' Miller looks for insight in Darl McBride's resume, in this NewsForge article. "In any case, McBride is obviously no adamant Open Source booster. If anything, he's been so steeped in competition based on proprietary, patented, copyrighted, and trademarked products that I doubt he can think of any other way to do things."
Linux hacks hit all-time high (vnunet)
Vnunet reports an increase in the number of cracked Linux boxen. "Security analyst mi2g has released research claiming that hack attacks against Linux are exploding, while attacks on Windows-based servers are dropping off. May saw the highest number of attacks ever, according to mi2g, with 19,208 successful breaches worldwide recorded against Linux based systems."
Embedded Systems, Linux, and the Future (O'ReillyNet)
Here's an O'ReillyNet article looking at the future of embedded Linux systems. "Before anything useful is said about this market, one has to keep in mind that for a long time, 50 percent of embedded systems were running custom-made, in-house operating systems. That's an important figure, as many of the engineers deploying a "roll your own" OS are increasingly attracted to Linux. So beyond grabbing market share from established embedded OS vendors, Linux is also penetrating the "last frontier" of the embedded OS world."
Trade Shows and Conferences
CeBIT America 2003 show preview (NewsForge)
NewsForge takes a look at Linux and Open Source software offerings at CeBIT America 2003. "CeBIT's Linux/Open Source offerings are not huge, to be sure -- eight or nine sessions throughout the program, and a small number of booths (plus, presumably, some Linux/Open Source within other exhibitors). But on the other hand, there are fewer instances of "Microsoft" and "Windows" in the programs than one might expect."
Report from Brazil's Software Livre Forum 2003
KDE.News has this report by Helio Chissini de Castro of Conectiva, who recently gave a KDE speech at Rio Grande do Sul in Brazil. "First, a little explanation on what this conference represents to Brazil itself. Since the collapse of Comdex Brazil and Fenasoft, this conference has become the major computing conference in Brazil, and in the last two years has gained strong political backing, ever since Brazilian government made a serious turn towards Open Source Software."
Caribbean Centre for Monetary Studies sponsors Open Source Conference (NewsForge)
Robin 'Roblimo' Miller prepares for a trip to the Caribbean for the first Free, Libre and Open Source (FLOS) Software Conference, sponsored by the Caribbean Centre for Monetary Studies (CCMS) and the Trinidad and Tobago Linux Users Group (TTLUG). "Interest in Open Source is accelerating at a fantastic rate in countries where the license fee for a single copy of the most-used proprietary operating system's server version exceeds a sysadmin's monthly earnings. Trinidad and Tobago (TnT) is one such country, even though unlike most Caribbean nations it has oil to export and, as a result, is financially healthier than most of its island neighbors."
Companies
Free Software Foundation probes Linksys (Register)
The Register covers accusations made in the Linux Kernel Mailing List that Linksys has Linux code in its proprietary software. "The Free Software Foundation says that the copyright issue is "under investigation" but it would appear that any action on this would be contingent on goodwill from Linksys, rather than legal repercussions; FSF isn't wealthy, and has little clout apart from the mind-share amongst a section of the developer community."
Ballmer targets Linux in annual memo (ComputerWorld)
ComputerWorld takes a peek at memo from Ballmer to all Microsoft employees. "The memo came on the heels of an annual retreat that Ballmer spent with other top Microsoft executives. Although the document covered several issues, ranging from innovation and product development to people and productivity, it clearly identified Linux and open-source as a growing threat to the company, requiring action at the highest level." (Thanks to Jay R. Ashworth)
SuSE: Ballmer gives Linux 'credibility' (ZDNet)
ZDNet talks with SuSE CEO Richard Seibt about Microsoft's Steve Ballmer. "Seibt also took issue with Ballmer's assessment, in his memo, that Linux has no "center of gravity" contributing to its ongoing development and improvement. "The people contributing to Linux are working for Oracle, IBM, SuSE, Daimler Chrysler," he said. He pointed out that Linux developers become influential in the community due to their programming abilities. "It is based on skill, knowledge and creativity," he said."
A Baby Database's Chance to Grow Up? (BusinessWeek)
BusinessWeek investigates the alliance between MySQL and SAP. "In this light, SAP's deal with MySQL is a natural. Under its terms, the German company will pass development of SAP DB to MySQL. The Swedish company then picks up commercial rights to SAP DB. Mickos plans to merge SAP DB's code with that of MySQL. And he hopes to incorporate heavy-duty computing features into MySQL's next release."
Contract illuminates Novell, SCO spat (News.com)
News.com got a copy of the 1995 contract between Novell and SCO. "According to a copy of the contract obtained by CNET News.com, Novell sold 'all rights and ownership of Unix and UnixWare' to the SCO Group's predecessor, the Santa Cruz Operation. However, the asset purchase agreement, filed with the Securities and Exchange Commission, specifically excludes 'all copyrights' and 'all patents' from the purchase."
Lessons from the SCO/IBM Dispute (Freedom To Tinker)
Here is Ed Felten's take on the whole SCO thing. "More likely, though, the fact that SCO's story involves their code ending up in an open-source IBM product, rather than a closed-source one, is just a red herring. IBM would have had just as large an incentive to copy code into a closed-source product, and doing so would have reduced the chance of getting caught. Nobody has offered a plausible reason why the open-source nature of the end product matters."
SCO might recycle ATT's Unix blunder (Inquirer)
The Inquirer looks into the allegations that SCO used Linux kernel code to implement its "Linux Kernel Personality" in UnixWare. "But the bottom line is that SCO seems to have made the same mistake that AT&T made long ago, that is, copying 'free' source code into its product and stripping away the copyrights. That loose practice is precisely what spannered the Unix Systems Labs (USL) lawsuit against BSD Unix, about a decade ago."
SCO shows Linux code to analysts (InfoWorld)
InfoWorld reports on SCO's NDA code show. "Specifically, SCO claims that IBM's 1985 Unix license, originally signed with AT&T but subsequently transferred to SCO, prevents IBM from distributing software derived from the Unix code base. IBM's contributions to Linux in the areas of non-uniform memory architecture (NUMA), symmetric multiprocessing (SMP), and a journaling file system all constitute breaches of that contract, [SCOsource manager Chris] Sontag said." (Thanks to Peter Link and Ulrich Kunitz).
Sun: Linux Users Don't Actually Want Linux (TechWeb)
TechWeb is covering a talk by a Sun executive which, perhaps, sheds a bit more light on that company's view of Linux. "'Why do we think enthusiasm for Linux exists in the first place?' said Robert Youngjohns, executive vice president for global sales operations for Sun, speaking at the Bear Stearns 14th Annual Technology Conference here on Tuesday. 'The enthusiasm isn't about Linux, it's about access to Intel and the ability to run Unix on what seems to be a cheaper platform.' But, while the platform is cheaper, Linux brings with it its own costs, including fragmentation of the operating system into multiple distributions, and cost of supporting the systems, Youngjohns said."
Linux Adoption
Merrill Lynch: Linux will save millions (ZDNet)
ZDNet reports on an internal study at Merrill Lynch (a large U.S. brokerage firm) showing that large amounts of money could be saved by moving over to Linux. "In fact, [Merrill VP Mark] Snodgrass found that, while the software licensing costs of Windows was higher than Linux, the highest cost was in managing traditional Windows infrastructure."
Linux Goes Ka-Ching (eWeek)
eWeek covers Linux adoption in retail businesses. "Retailers of all sizes are investigating the use of Linux on POS, or point-of-sale, systems to provide some flexibility in their software deployments and lower operating costs by avoiding licensing fees. Cost savings is crucial in the world of retail, where life is lived on razor-thin margins." (Thanks to Ashwin N)
Linux Access in State and Local Government, Part I (Linux Journal)
Linux Journal takes a look at open source in government. "Depending on your worldview, we could say the Open Source community made important strides or failed miserably in the past year. Regardless, we gained extensive knowledge of our situation in state and local government. This discussion covers specifics of our overall findings."
Interviews
Interview with Michael Hudson (EuroPython)
EuroPython presents the second in a series of interviews with some of the EuroPython speakers. This interview with Michael Hudson looks at what to expect from the Python Language Track, PyPy and other topics. "PyPy is an attempt to implement Python in Python, which is an idea that appeared from time to time. The current project apparently emerged from a discussion on the German Python list, particularly between Christian Tismer and Holger Krekel -- both of whom I met at EuroPython last year."
Reviews
GNOME 2: A Year Later (OSNews)
OSNews reviews GNOME 2.2.1. "The absolutely great thing about the HIG on Gnome is that it has won the hearts of all its maintainers, so when people are suggesting applications to become part of the main distribution of Gnome, they are instructed to HIG-ify their applications. It is absolutely imperative that developers read, understand and comply with the HIG as it is for the good of the platform in the long run. I like that."
Nukes: the Open Source Java CMS (O'ReillyNet)
O'ReillyNet looks at Nukes, an open source Java content management system based on PHP's PostNuke. "Because we mostly steal concepts from PostNuke, skip this section if you are already familiar with that PHP framework. PostNuke is based on a lightweight component model. In JBoss, we leverage the JMX packaging and microkernel approach to provide a truly dynamic environment for Nukes. Like PostNuke, we have three different components: modules, blocks, and themes."
The handheld that will make you like Linux (ZDNet)
ZDNet reviews the Zaurus SL-5600. "As I said, I'm not a geek. But I have associates who are. One is a programmer, and he loves his Zaurus. He claims he uses it less like a handheld and more like a little Linux desktop. He can program it. He can program with it. And therein lies the reason that the Zaurus also deserves serious consideration from business users. Because the Zaurus uses Linux, companies can adapt their enterprise-level apps to work, if not on it, then with it. While nobody would actually want to do so in real life, Sharp has run the Linux-based Apache Web server and mySQL on the Zaurus, just to prove that it can be done."
Miscellaneous
Bell tolling for PNG graphics format? (News.com)
News.com predicts the future of the png image format as the gif format's LZW compression patent expires. "A patent underlying one of the Web's most popular graphics formats is set to expire later this month, raising the question of whether a rival, open format, created as a royalty-free alternative, will become obsolete."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
OpenVistA Available Now (LinuxMedNews)
LinuxMedNews has an announcement for the first release of OpenVista, a healthcare information system. "Based on the Department of Veterans Affairs robust CPRS-VistA® system made available to the public through FOIA, OpenVista is a fully integrated, enterprise-wide healthcare information system."
Support the mozdev Pledge Drive (MozillaZine)
MozillaZine mentions a request for donations for the Mozdev site. "The popular mozdev free project hosting site is requesting donations to fund ongoing hosting costs and pay for the purchase of a new server."
Commercial announcements
Callident launches open source Linux cluster company
Callident is a team of Linux professionals dedicated to high-performance computing on Linux clusters. They will be introducing new products at ClusterWorld, including Callident Rx for automated cluster installation and BioBrew, an open source Linux cluster distribution that is enhanced for bioinformaticists and life scientists.MailStripper Pro 1.0.2 released
Eridani has announced the release of version 1.0.2 of MailStripper Pro, a spam filtering package.GUADEC/Linux@Work Brings Everything From Linux Luminaries to Hollywood
Here is a press release on the upcoming GUADEC/Linux@Work User Day in Dublin on June 18, 2003 which boasts a slate filled with Linux luminaries, top executives from global companies, top government IT officials and new media leaders, and conference programs too.Motorola Releases AltiVec Technology-Enabled Library for Linux
Motorola, Inc. has created a downloadable source-code library of AltiVec technology-enabled functions that are frequently used in the Linux OS. The code library (AltiVec technology-enabled equivalents of the Linux string.S and checksum.S files) is designed to help Linux OS developers enhance the speed and efficiency of their applications based on the Motorola G4 processor containing PowerPC(TM) cores, without upgrading to higher processor speeds.Penguin Computing acquires Scyld
Penguin Computing has announced the signing of a "definitive agreement" to acquire Scyld Computing, a cluster-oriented company founded by Donald Becker.Another SCO teleconference
SCO has announced another teleconference; this one happened June 6, 2003 at noon, U.S. eastern time. According to this ZDNet article, they have dug up a new contract with Novell that, they say, clarifies the Unix copyright picture.Polish Linux companies have given notice to SCO Group
Two Polish Linux based companies: CYBER Service and IT ZONE have given notice to SCO Group to desist from unfair competitive practices after an interview with Greg Boguchwalski from SCO Group was published in the Polish edition of Computerworld magazine. CEOs of both companies, Cezar Cichocki and Sergiusz Pawlowicz have warned the SCO Group that it will be sued in case of further unfair competitive practices. (Thanks to Cezar Cichocki)Here's a link in English on 7thguard.net. (Thanks to lukasz)
Open source announcements from Java One
Sun Microsystems, Inc., O'Reilly & Associates, Inc., and CollabNet, Inc. announced java.net, a site that is designed to be "the ultimate watering hole for the entire Java™ developer ecosystem."
Novell announced the Novell Forge open source Web site is now home to about 200 projects under development by Novell's growing developer community.
SuSE Linux Desktop
Here is the press release from SuSE announcing its new "Linux Desktop" distribution. SuSE Linux Desktop is aimed at corporate deployments; it comes with StarOffice, but CrossOver Office is also part of the package, so Microsoft Office can be installed as well. One year of maintenance comes with the package, with five years of maintenance available.SYS-CON Media to Launch LinuxWorld Magazine
SYS-CON Media and IDG have announced a licensing agreement for SYS-CON to launch LinuxWorld Magazine (print version) in the United States. SYS-CON will also expand LinuxWorld.com. The premier issue of LinuxWorld Magazine will be on newsstands in August 2003, just in time for LinuxWorld Expo in San Francisco. (Thanks to Scott Dowdle)TimeSys Joins OSDL
The Open Source Development Labs, Inc. (OSDL) has announced that TimeSys has joined OSDL with a focus on Carrier Grade Linux (CGL). TimeSys makes TimeSys Linux 4.0, a Linux distribution enhanced specifically for use in embedded systems that require predictable, reliable response, and TimeStorm, an integrated development environment for C/C++/Java development for embedded Linux."Practical mod_perl" Released by O'Reilly
O'Reilly has published the book "Practical mod_perl".
Resources
The new CLump mailing list
A new mailing list, known as CLump, has been created for the discussion of Common Lisp. "Clump is a mailing list for discussion of software development in Common Lisp. Its focus is on development of applications and their supporting libraries rather than lisp compilers or other development tools." Thanks to Paolo Amoroso.
LDP Weekly News
The June 10, 2003 LDP Weekly News is out with the latest Linux Documentation Project changes.Training documents for Python
Dave Kuhlman has published two new Training documents for Python, Beginning Python and (Slightly) Advanced Python.Setting up Samba
Siddhu Warrier explains how to set up a Samba server. "This article has been written primarily for the benefit of newbies, who have advanced beyond the stage of changing wallpapers and alternating between desktops, and want to connect to another computer at home. The whole process has been described using KDE 3 on RedHat Linux 8.0, although you should be able to use similar techniques on your distribution or platform of choice."
'Creating XPCOM Components' Book Available Online (MozillaZine)
MozillaZine has an announcement for a free online book. "Creating XPCOM Components, a new book by Doug Turner and Ian Oeschger, is now available online. As you might expect, the book covers creating XPCOM components for Gecko-based browsers. It's published under the Open Publication License. A dead tree version will be available in August. The book is available here.Accessing Web Services In Mozilla 1.4 Using WSDL Proxying
Doron Rosenberg illustrates the use of Mozilla 1.4 and Gecko to access web services. "This article covers Mozilla 1.4's WSDL support. It also addresses the cross-domain issue and new security model that Netscape is proposing that would allow web services to determine if the client can access the service from any domain or only specific domains."
Upcoming Events
Stallman at GWU June 12
Those in the Washington DC area will have an opportunity to hear Richard Stallman speak at George Washington University on Thursday June 12, 2003.Time running out for OLS registration
If you're thinking of signing up for the Ottawa Linux Symposium, it's time to get moving. There's only room for about thirty more people at the conference, and the hotel space is getting tight. The speaker list promises a solid, technical conference that should be well worth the trip.The Fifth Annual Linux Festival in Kaluga Region (Russia)
The Fifth Annual Festival of Linux will be held in the Kaluga region of Russia on July 25-27, 2003. "The festival will be held from 25.07.2003 to 27.07.2003 in the Borovsk district of Kaluga region on a bank of the river Protva. The amount of attendees is not limited, as there will be enough room for everyone under the sun. The festival organizers will provide some place for a tent, wood for the fire and transportation from the town of Balabanovo, Kaluga region. ;-)"
10 Useful facts about GU4DEC (GnomeDesktop)
GnomeDesktop.org gives ten reasons to attend the GU4DEC conference, which will be held in Dublin, Ireland from June 16-18, 2003.Linux.Conf.Au 2004
Linux.Conf.Au 2004 will be held in Adelaide during January, 2004.UK Unix Users' Group and O'Reilly UK present Tim O'Reilly
Tim O'Reilly will be speaking at the UKUUG meeting in London on June 23, 2003. For more details on the event, take a looks at the current UKUUG Press Releases.SANE 2004 CFP
The initial announcement and call for papers have gone out for the System Administration and Network Engineering (SANE) 2004 conference. The event will be held in September and October in Amsterdam, the Netherlands.Events: June 12 - August 7, 2003
| Date | Event | Location |
|---|---|---|
| June 12 - 14, 2003 | USENIX 2003 | (Marriott Hotel)San Antonio, TX |
| June 16 - 18, 2003 | Yet Another Perl Conference::North America(YAPC::2003) | (Florida Atlantic University)Boca Raton, FL |
| June 16 - 18, 2003 | GNOME User and Developer European Conference(GUADEC) | (Trinity College)Dublin, Ireland |
| June 16 - 20, 2003 | Infosec 2003 | (UniNet)Online |
| June 18 - 23, 2003 | Open Source Clinical Application Resource Workshop(OSCAR) | (McMaster University)Ontario, Canada |
| June 21 - 22, 2003 | EuropeanRubyConference | (University of Karlsruhe)Karlsruhe, Germany |
| June 23 - 26, 2003 | ClusterWorld Conference & Expo | (San Jose Convention Center)San Jose, California |
| June 23 - 26, 2003 | Fourth Workshop On UML for Enterprise Applications | (Hyatt Regency San Francisco Airport Hotel)Burlingame, CA |
| June 24 - 26, 2003 | LinuxUser & Developer Expo | (Birmingham National Exhibition Centre)Birmingham, UK |
| June 25 - 27, 2003 | European Python and Zope Conference 2003 | (CEME)Charleroi, Belgium |
| July 7 - 11, 2003 | O'Reilly Open Source Convention 2003(OSCON) | (Portland Marriot)Portland, Oregon |
| July 9 - 12, 2003 | Libre Software Meeting | Metz, France |
| July 10 - 13, 2003 | LinuxTag | Karlsruhe, Germany |
| July 12 - 17, 2003 | Debcamp | Oslo, Norway |
| July 18 - 20, 2003 | Debconf 3 | (The University of Oslo)Oslo, Norway |
| July 23 - 26, 2003 | Ottawa Linux Symposium | Ottawa Canada |
| July 23 - 25, 2003 | YAPC::Europe 2003 | (CNAM Conservatory)Paris, France |
| July 25 - 27, 2003 | Fifth Annual Linux Festival in Kaluga Region | (bank of the river Protva)Kaluga region, Russia |
| July 29 - August 2, 2003 | The 10th Annual Tcl/Tk Conference | Ann Arbor, Michigan |
| July 31 - August 3, 2003 | UKUUG Linux Developers' Conference(LINUX 2003) | (George Watson's College)Edinburgh Scotland |
| August 4 - 7, 2003 | LinuxWorld Conference and Expo 2003 | (Moscone Convention Center)San Francisco, CA |
| August 7 - 10, 2003 | Chaos Communication Camp 2003 | Paulshof, Altlandsberg, Germany |
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Miscellaneous
KDE on FreeBSD: Alan Eldridge (1961-2003)
KDE.News notes the passing of Alan Eldridge who died June 6, 2003. He was a core member of the team which packages KDE for FreeBSD, and a respected member of the Open Source community outside of KDE.Active Awards Programmers' Choices Nominees are in
The nominees are in for the Active Awards Programmers' Choice awards. "Please vote for your favorite Perl, Python, PHP, Tcl and XSLT programmer before the June 30 deadline!"
Mozilla 1.0 Released One Year Ago Today (MozillaZine)
MozillaZine reports on the first year since Mozilla 1.0 was released. "Today marks the first anniversary of the release of Mozilla 1.0. The release came after four years of development and represented a major milestone in project's history. A party was held in San Francisco's DNA Lounge to celebrate with several other events taking place around the globe."
Perl Foundation Grant Recipients (use Perl)
Use Perl has published a list of recipients of the Perl Foundation's recent grants.
Page editor: Forrest Cook
Letters to the editor
strlcpy
| From: | Theo de Raadt <deraadt@cvs.openbsd.org> | |
| To: | lwn@lwn.net | |
| Subject: | strlcpy | |
| Date: | Thu, 05 Jun 2003 14:11:00 -0600 |
Two thing you guys might like to be aware of:
1) We certainly hope that the Linux version is 100% compatible. Even
a teeny little incompatibility here would be utterly dumb. Ours is
under an ISC-like license -- you cannot get more free than that, and
we would be utterly pissed off if Linus went and made incompatible
changes (and I think the community should also be; note that Linux
snprintf is not 100% complaint either). Solaris had a bug in the
first strlcpy/strlcat they shipped, and I believe they have now
adjusted to just using our code -- to avoid incompatibilities.
2) Our bootblocks, kernels, and all of userland (except for a few GNU
things like gcc, cvs, and binutils) are not using strcpy, strcat,
sprintf, or vsprintf anymore. Essentially our entire tree has been
converted to use the safer (bounded) variants.
Page editor: Jonathan Corbet