LWN.net Weekly Edition for January 22, 2004
Report from the SCO front
When SCO launched its SCOsource initiative one year ago, it must have known that it would encounter resistance at some point. Even so, the SCO Group may not have expected Novell to emerge as one of its largest obstacles. But Novell has done exactly that. Novell has disputed SCO's claims to the Unix copyright (and submitted copyright registrations in its own name), initiated audits of SCO's Unix licensing activities (with an eye, perhaps, on a 95% cut of the money from Sun and Microsoft), claimed - and exercised - the right to override SCO's actions against IBM and others, and acquired a Linux distributor of its own.As a result of Novell's actions, even the most weak-willed corporate officer will have to think twice about buying a "license" from SCO. Said officer may not feel capable of deciding whether SCO's claims have merit, but a disputed copyright is easy to understand. SCO's chances of prevailing on its claims are minimal even in Novell's absence, but Novell's entry into the game makes those claims moot for now. Given that, SCO's lawsuit against Novell is not particularly surprising. It was, instead, inevitable. SCO had to make a show of getting Novell out of its way.
SCO's full complaint is available as an 11-page PDF file. It is, in fact, a relatively straightforward suit, the sort of thing one would expect to see from a company which feels that its copyrights are being stolen in plain sight. It states that Novell has laid claim to the Unix copyrights, that it has made statements with the intent of causing people not to do business with SCO, and has damaged SCO's reputation and business. All of these claims are demonstrably true. Of course, SCO also states that Novell's copyright ownership claims are false, which is not so clear.
SCO is asking the court to find that the copyrights belong to SCO; force Novell to pay actual, special, and punitive damages; issue preliminary and permanent injunctions requiring Novell to assign copyrights and cease claiming to own those copyrights; and to make Novell retract its past claims.
Given that the relevant purchase agreement is available online, one would think that understanding what SCO really bought would not be that hard. In fact, the agreement is written in a sort of obscure legalese that would appear to invite misunderstandings and lawsuits from the beginning. To try to figure out what SCO bought, you have to read through to the very end; the assets to be transferred are listed in schedule 1.1(a):
This paragraph provides a lengthy list of things to be transferred to SCO, but "copyrights" does not appear on that list. So it would be up to a court to decide whether "all rights and ownership" include copyrights or not. SCO claims that the issue was clarified in Amendment 2 to the agreement, which revises Schedule 1.1(b). That section lists the things which were not sold to SCO; the wording was changed to read:
This language suggests that some copyrights would be transferred to SCO, but does not actually list those copyrights in any way. In summary, it is a messy agreement that will require a court to sort out.
The interesting thing is that SCO has not actually asked the court to sort it out. Regardless of what the agreement really says, one thing is strikingly clear: Novell has not actually assigned any copyrights to SCO. Novell might have signed a contract obligating it to assign copyrights to SCO, but SCO agrees that said assignment has not happened. Given that, SCO really needed to file a breach of contract suit to force Novell to live up to (what SCO sees as) its obligations. SCO's lawyers certainly know this; one wonders what they are really trying to accomplish.
More to the point, however, one might well wonder whether the end result of this suit matters to Linux users in the first place. In fact, this action is a significant development in the wider SCO affair. If Novell prevails, SCO's days of threatening Linux users will be done, and that would certainly be a good thing. The IBM case, which has nothing to do with copyrights, might continue, but it would be an isolated contract dispute. All Linux users would have to worry about at that point is what Novell intends to do with its newly-defended copyrights. As we have said before, Novell owes the community a statement regarding its intentions.
If SCO prevails - with an amended complaint bringing up the contract issue, presumably - Linux users would find their position unchanged. SCO would still have to prove that Linux contains its copyrighted code, something it has not done in any convincing way so far. It is increasingly apparent that, in fact, Linux contains no significant amount of copyrighted Unix code. So a Novell defeat would not really set back Linux users in any way.
It seems fairly clear, however, that no court will allow an SCO-initiated copyright suit to proceed until the Novell case is resolved. Until then, SCO's threats against users are even emptier than before.
Meanwhile, SCO has completed a new S-3 filing updating its "risk factors" to include a few marginally relevant items, like Novell's copyright claims. The fact that SCO has known about these claims for several months but only now updated its regulatory filings could come back to haunt it later on. Groklaw has put together a nice table of differences between the old and new filings; it paints a grim picture of where things are going with SCO. Worth a read.
The new S-3 also discusses the strange accounting required by the BayStar investment. For each $1 drop in the company's stock price, SCO must record approximately $1 million in income. Don't be surprised if this phantom income somehow pushes the company into a paper profit in future quarters.
Red Hat has made a fair amount of noise about its new Open Source Assurance Program, which is automatically extended to all Enterprise Linux customers. The program, however, does not offer very much: it states that any code in Red Hat Enterprise Linux which is found to infringe upon intellectual property rights will be replaced. For users who fear, say, a patent problem, this warranty will be a comforting thing to have. It does not go far beyond what the community would do anyway, however.
Finally, it would appear that the SCO Group has sent a letter to the U.S. Congress (available in PDF format) describing the evils of free software. Among other things, it will destroy the U.S. economy and provide vital computing capabilities to America's enemies. And create some business discomfort for the SCO Group, of course. The letter is an impressive bit of work, worth a read. If you are an American citizen, you may want to consider writing a letter yourself to counter SCO's claims. The fact of the matter, however, is that SCO is unlikely to be able to out-lobby companies like IBM and HP.
Linux.Conf.Au trip report
Your editor is back and rested - if somewhat jet lagged - from the 2004![[Not a developer]](https://static.lwn.net/images/ns/lca/didg-sm.jpg)
production of Linux.Conf.Au in
Adelaide. Some 540 people attended this event -- the highest attendance
in this conference's five-year history.
Here's a quick summary of what happened as seen by LWN.
Greg Ungerer gave an introductory talk on uClinux which will be interesting to those who haven't actually looked at how this kernel (which runs on systems without a memory management unit) works. Modern uClinux supports a vast number of architectures, and will run on systems with as little as 1MB of memory (though "you can't do much" on such a system). There's a few little things missing, of course: virtual memory support, the fork() system call (vfork() works), no dynamic stacks, no sbrk(), etc. And, of course, nothing protects the system and applications from each other. Even so, making applications work on uClinux is usually not a particularly big deal. Future plans for uClinux include supporting more hardware, adding to the list of ported applications, and integration with the RTAI real-time system.
Running device drivers in user mode was discussed by Peter Chubb.
This topic will get a more detailed treatment on this week's Kernel Page.
![[maddog]](https://static.lwn.net/images/ns/lca/maddog.jpg)
Your editor has come to the conclusion that Jon 'maddog' Hall serves as a mutual exclusion mechanism for Linux conferences. Since he, inevitably, shows up at every Linux event, his scheduling constraints serve to keep multiple conferences from happening at the same time. In Adelaide, he discussed the differing expectations of developers, users, and managers. Among other things, he predicted that 2004 will be the year when the Linux desktop truly begins to take over. Maddog's talks are invariably fun to hear.
Greg Lehey discussed his Vinum volume manager. Vinum runs on FreeBSD and NetBSD, but a Linux port is in the works. It provides many of the usual features: disk concatenation and striping, along with implementations of the various RAID levels. Among other things, Vinum was intended to be easy to configure via a relatively straightforward text file. As Greg noted, however, "pilot errors" remain possible.
Bdale Garbee gave a wide-ranging talk covering a number of topics.
The core of the discussion, however, had to do with truly large-scale Linux
![[Bdale]](https://static.lwn.net/images/ns/lca/bdale.jpg)
deployments, such as those which have happened in Extremadura (Spain), and
in Brazil. He notes that Linux has become an obvious first choice for
publicly-sponsored computing initiatives in many parts of the world -
especially the less rich areas. Use of Linux allows greater control,
doesn't require sending large amounts of hard currency to the United
States, and can help in the creation of local information technology
expertise. Bdale also noted, with visible pleasure, that the Debian
distribution (or a derivative thereof) tends to be chosen for this sort of
project. He sees Debian as embodying many of the free software community's
core concepts and being appealing for its essential openness.
Havoc Pennington touched on some similar concepts with his "state of
the Linux desktop" keynote. He repeatedly pointed out that, to achieve
true success on the desktop, the free software community must focus on what
![[Havoc]](https://static.lwn.net/images/ns/lca/havoc.jpg)
it does best, rather than trying to imitate current proprietary offerings.
For example, since any interested party can add to free software and influence its
development, the very best translation and accessibility
support tend to be found in free systems. Many languages and user
communities are too small to be worth supporting for a proprietary software
company, but the users themselves don't care about that. Then, there are
projects like Dashboard and
GNOME Storage (among many others) which show that anybody can pursue interesting
ideas; if others like the results, those ideas will be enhanced by others
and eventually
incorporated. For this reason, it is important that the Linux desktop
remains 100% free software; as soon as proprietary components start to
appear, the advantages of free software are lost.
His call to go beyond imitation notwithstanding, Havoc is clearly very focused on where Microsoft is headed, especially with the forthcoming "Longhorn" release. He says that the delays in Longhorn give Linux a window of opportunity to step in (especially since moving to Longhorn looks like it will be no easier than switching to Linux), but we have to be aware of the sort of features Longhorn will offer and have something which will be a competitive alternative.
Jeff Waugh gave a high-energy talk on the GNOME project. His focus was on the decentralized nature of the project, the increasing number of developers, and the tightly-run six-month release schedule. He talked of some trends in GNOME development (the new "evolution data server" which will provide contact and calendar information; embracing of standards and code coming out of FreeDesktop.org; the commitment to ABI stability across GNOME 2.x, etc.) but it seems that nobody really knows what future GNOME releases will bring. The one sure thing, according to Jeff, is "we will rock you."
Beyond the talks, this conference included a well-developed
"partners program" for the families of attendees, dinner events put on by
![[Fearless leader]](https://static.lwn.net/images/ns/lca/lt-grimace.jpg)
IBM and Oracle, and the now-famous dunk tank. The break area lacked
coffee (by American standards, anyway) but made up for it in free ice
cream. The venue was beautiful; Elder Hall with its woodwork and pipe
organ is far superior to the typical conference ballroom. And the whole
event was suffused by an Australian sense of humor and fun.
Also worthy of note was the "Miniconf" program which ran for two days before the main event (and which, unfortunately, your editor was unable to attend). The Linux and Open Source in Government miniconf, in particular, seems to have brought out many themes which resonated through the rest of the event.
In summary; Linux.Conf.Au was a great success. It was, as intended, a seriously fun gathering with much talk about the technology and no marketing. Let it never be said that volunteers cannot bring off a complex event of this type. Linux.Conf.Au is more volunteer-driven than most; it is run by a different committee in a different city every year. Despite the talk of heroic, last-minute, all-nighters put on by the conference staff, the attendee experience was smooth and seamless. Linux.Conf.Au came off better than many events run by "professionals." Great congratulations are due to the dedicated group of people who pulled this off.
LWN would like to thank HP one last time for making our presence at Linux.Conf.Au possible.
The MIT 2004 Spam Conference
You know that spam prevention efforts have reached fever pitch when a spam conference brings together lawyers, developers, economists, Eric Raymond and a representative from Microsoft to discuss the problem and ways to stop it. MIT hosted a conference on this topic on January 16, and we decided to check out the webcast to see what kind of work is being done in this area. The answer is, there's quite a bit of work going on, and the future looks much more encouraging than you might think.Lawyers Jon Praed and Matthew Prince both spoke about spam from the legal perspective. Praed discussed experiences in suing spammers. Interestingly, Praed wasn't as negative about the recent CAN-SPAM Act as many in the anti-spam community have been. Praed noted that legal solutions can often do something that technical solutions alone have failed to do: significantly drive up the cost of sending spam by requiring spammers to deal with legal bills. He also said that 2003 was a banner year for legal efforts against spam, because it brought the first arrests solely for spamming. According to Praed, the CAN-SPAM Act is effective, in that it makes it clear that spamming in and of itself is a crime.
Prince was less enthused with CAN-SPAM. Prince pointed out that 37 state spam laws have been passed prior to CAN-SPAM; now all 37 are pre-empted by federal law, which is weaker than most of the state laws. But even the stronger state laws have been largely ineffectual for stopping spam. He also noted that spam laws were not based on the volume of spam, which is the problem we now face, but were written to counter the problem of fraud in spam.
Prince did bring up the McCain amendment to CAN-SPAM for praise, and said it had received almost no coverage. Essentially, the McCain amendment says that when prosecutors are going after a spammer, they don't necessarily have to go after the sender. It allows prosecutors to attach liability to advertisers, which may be much more effective than having to go after the spammer.
Prince also said that we would have to remove anonymity of email to solve the legal problem of spam. Washington has been the most successful because its law includes a registry of email addresses that are located in the state of Washington. He said that it was necessary to establish a national do-not-spam registry which would establish jurisdiction to allow spammers to be sued and prosecuted.
Both Prince and Praed agreed that the important thing about legal solutions is that they impose costs on spammers.
Yahoo's Miles Libbey talked about trends in spam, as seen passing through Yahoo Mail. Like many other speakers, Libbey saw a emerging emphasis on spammers trying to hide their identity, and attempting to make messages more random to avoid filters. On a scary note, Libbey said that Yahoo! had found that spammers had reacted to their anti-spam filters within a space of two hours.
Another presentation focused on finding economic means to deal with spam. Thede Loder, Marshall Van Alstyne, and Rick Wash outlined the Attention Bond Mechanism (ABM) where senders would have to put up a "bond" where users could charge the sender a sum of money for unwanted messages or release the money if the message was wanted.
Assuming a working model could be found and implemented, they say this would be of benefit to users and marketers. According to Loder, Van Alstyne and Wash, it could be cheaper than direct mail, while giving the recipient an incentive not to block the email automatically. Either the message would be of benefit to the user, or the user could reap a small financial gain by accepting the message. Most importantly, this model would return the control of a user's inbox to the user where it belongs and shift the burden to marketers.
Along the same lines, Eric Johansson of CAMRAM talked about a hybrid system that would add a money-free sender-pays type of system incrementally to email. Instead of being a money-based system, the stamp creation would be time-based. That is to say, that each "stamped" email would contain a 22-bit or 23-bit stamp that costs a given amount of time to generate. Adding that amount of time to generate each email would be somewhat prohibitive for spammers, as spammers need to send email in volume to make money.
Of course, there were also many discussions of technical means to filter and block spam. William Yerazunis spoke about ways to go beyond the accuracy of Bayesian and Markovian spam filtering. One interesting note from Yerazunis' talk is that he noted that some spammers are getting desperate enough to actually sign up for "well-credentialed" email lists in an effort to penetrate those lists and send spam to the mailing list members. He also noted that the "Habeas Haiku" method of whitelisting mail has actually become an indicator of spam rather than an indicator that the email is clean, as spammers have been brazenly using the Haikus in their spam.
Marty Lamb spoke about Martian Software's TarProxy, or "creating pain for spammers." TarProxy is a method for throttling connections between the spammer and an SMTP server by slowing the rate at which a spammer can send spam, and thereby make it more costly. It also would cause headaches for administrators of open relays, with the eventual goal of forcing them to fix the configuration of their server.
Jonathan Zdziarski managed to present two topics in the allotted 20 minute space. Zdziarski spoke about using "chained tokens" to provide more information when filtering spam, rather than using a single word as a token. The "chained token" technique basically works on the concept that it is easier and less risky to identify spam by multiple words or tokens rather than a single word or token. Tokens can include mail headers, HTML fragments and other bits of an e-mail. A white paper discussing the technique can be found on the DSPAM website in PDF.
Zdziarski is also working with Bill Yerazunis on an RFC for MIME Encoding for message inoculation, create a message format that allows different spam filters on different servers to share inoculation information.
John Graham-Cumming taped his presentation beforehand. Instead of discussing how to block spam, Graham-Cumming's presentation focused on how spammers could beat spam filters by using filters like POPFile to detect "good" words to get through a spam filter. Graham-Cumming predicts that spammers will continue to react to adaptive filtering, and said that it would be possible for a spammer to insert "web bugs" into spam to help train filters to see which messages are delivered and which are not. Graham-Cumming said that it would be necessary to choke off feedback to spammers, such as bounces and SMTP error messages, to prevent adaptive filtering to work against spam filtering.
Eric Raymond was also on hand at the conference, and spoke about several topics. One topic Raymond discussed is a provision in the CAN-SPAM Act that requires the Department of Commerce to consult with the IETF on spam-labeling standards. While the CAN-SPAM Act directs the department to consult with the IETF on this issue, the IETF does not have any labeling standards at the moment. Raymond says he is working on a draft RFC that could "pass constitutional muster" that could be used.
Raymond also discussed Sender Permitted From (SPF). SPF allows a server to query whether something is a valid IP address, and to set policies based on that information. To use SPF, you add information to DNS that informs the world which IP addresses are valid for sending e-mail from your domain. When spammers attempt to spoof "from" headers and so on, a server using SPF can check to see whether or not the IP addresses match the valid IP addresses listed in DNS records.
Raymond admitted that there are compatibility problems with SPF. For example, SPF breaks forwarding and causes problems for roving users who need to send mail from different IP addresses. He noted that no one technology for stopping spam is perfect, but several tactics can work together as a "drug cocktail" to help end the spam problem.
For those interested in attending an anti-spam conference before MIT's 2005 conference, several speakers plugged the First Conference on Email and Anti-Spam (CEAS), which is scheduled for July 30 and 31 in Mountain View, California. For those working on anti-spam technologies or in related areas, there is a call for papers with a deadline of April 16.
The full presentations from the MIT conference are available in RealPlayer format at the Spam Conference website.
Security
Brief items
A weak cryptoloop implementation in Linux?
The "cryptoloop" code in the Linux kernel allows "loopback" mounts of filesystems. Essentially, cryptoloop looks like a block driver which encrypts data on its way through. It can thus be used to add encryption to any of the standard Linux filesystems without changing the filesystem code itself.Recently, in response to a bug report with the 2.6.1-mm3 cryptoloop implementation, Jari Ruusu made a disturbing claim:
It will come as no surprise that this message was followed by requests for more details on the "back-doored" cryptoloop. Jari obliged with a clear, technical explanation of what is going on. If you are using (or considering) cryptoloop. it is worth a look, even if there may be no need for immediate panic.
The problem, it seems, is that cryptoloop is susceptible to a certain kind of known plaintext attack. For any given filesystem type, the contents of certain sectors will be easy to predict. Given some time and an idle processor, an attacker can generate an exhaustive dictionary of likely passwords and the resulting ciphertext that will appear on disk. With access to the actual, encrypted disk, a quick lookup in the dictionary will yield the password and enable decryption of the entire filesystem. This attack is not practical for casual snoopers, but it would not be entirely surprising if government agencies and other, relatively organized groups had this sort of dictionary handy.
There are two ways of getting around this sort of problem. One is to choose a lengthy, non-obvious password. The other is to use salted passwords, where the password is modified by a randomly-chosen value before the data is encrypted. The salt value has to be retrievable, but it has the effect of requiring an attacker to create a separate dictionary for every possible number. If the range of salt values is large enough, salting the password will render the dictionary attack impractical.
The end result is that most cryptoloop users need not go into an immediate panic, but this weakness is worth being aware of. It would also be a good idea to get a stronger mechanism into the mainline kernel. There is little to be gained and much to be lost by shipping crypto code with known weaknesses.
IBM and SUSE get EAL3+ certification
IBM and SUSE have sent out an announcement stating that SUSE LINUX Enterprise Server 8 ("with service pack 3"), when running on IBM eServer systems, has been awarded Common Criteria EAL3+ certification. This certification is a step beyond the EAL2 level reached last year. SUSE's distribution, once again, becomes the first to achieve this level of security certification.
New vulnerabilities
kdepim: VCF file information reader vulnerability
| Package(s): | kdepim | CVE #(s): | CAN-2003-0988 | ||||||||||||||||||||||||||||
| Created: | January 15, 2004 | Updated: | May 26, 2004 | ||||||||||||||||||||||||||||
| Description: | KDE has issued a security advisory for all versions of kdepim as distributed with KDE versions 3.1.0 through 3.1.4 inclusive. A carefully crafted .VCF file potentially enables local attackers to compromise the privacy of a victim's data or execute arbitrary commands with the victim's privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0988 to this issue. | ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||
kernel: privilege vulnerability on AMD64
| Package(s): | kernel | CVE #(s): | CAN-2004-0001 | ||||||||
| Created: | January 16, 2004 | Updated: | February 17, 2004 | ||||||||
| Description: | On AMD64 systems, a fix was made to the eflags checking in 32-bit ptrace emulation that could have allowed local users to elevate their privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0001 to this issue. | ||||||||||
| Alerts: |
| ||||||||||
mc: arbitrary code execution
| Package(s): | mc | CVE #(s): | CAN-2003-1023 | ||||||||||||||||||||||||||||||||||||||||
| Created: | January 16, 2004 | Updated: | April 5, 2004 | ||||||||||||||||||||||||||||||||||||||||
| Description: | A vulnerability was discovered in Midnight Commander, a file manager, whereby a malicious archive (such as a .tar file) could cause arbitrary code to be executed if opened by Midnight Commander. | ||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||
netpbm: insecure temporary files
| Package(s): | netpbm | CVE #(s): | CAN-2003-0924 | ||||||||||||||||||||||||||||||||||||
| Created: | January 19, 2004 | Updated: | December 29, 2004 | ||||||||||||||||||||||||||||||||||||
| Description: | netpbm is graphics conversion toolkit made up of a large number of single-purpose programs. Many of these programs were found to create temporary files in an insecure manner, which could allow a local attacker to overwrite files with the privileges of the user invoking a vulnerable netpbm tool. | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
qmail: integer overflow
| Package(s): | qmail | CVE #(s): | |
| Created: | January 21, 2004 | Updated: | January 21, 2004 |
| Description: | The qmail-smtpd server suffers from an integer overflow which may be exploited to crash (one instance of) the server process. It is not clear, at this point, whether the overflow may be exploited for more useful ends; the claims made in this advisory regarding overwriting of memory have been disputed. A patch has been posted which fixes the problem. | ||
| Alerts: | (No alerts in the database for this vulnerability) | ||
slocate: buffer overflow
| Package(s): | slocate | CVE #(s): | CAN-2003-0848 | ||||||||||||||||||||||||||||||||
| Created: | January 20, 2004 | Updated: | February 16, 2004 | ||||||||||||||||||||||||||||||||
| Description: | A vulnerability was discovered in slocate, a program to index and search for files, whereby a specially crafted database could overflow a heap-based buffer. This vulnerability could be exploited by a local attacker to gain the privileges of the "slocate" group, which can access the global database containing a list of pathnames of all files on the system, including those which should only be visible to privileged users. This problem, and a category of potential similar problems, can be fixed by modifying slocate to drop privileges before reading a user-supplied database. | ||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||
tcpdump: flaws in the ISAKMP decoding routines
| Package(s): | tcpdump | CVE #(s): | CAN-2003-0989 CAN-2004-0057 CAN-2004-0055 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | January 15, 2004 | Updated: | April 6, 2004 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump
versions prior to 3.8.1. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0989 to this issue.
Jonathan Heusser discovered two additional flaws in the ISAKMP decoding routines of tcpdump versions up to and including 3.8.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0057 to this issue. Jonathan Heusser discovered a flaw in the print_attr_string function in the RADIUS decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0055 to this issue. Remote attackers could potentially exploit these issues by sending carefully-crafted packets to a victim. If the victim uses tcpdump, these packets could result in a denial of service, or possibly execute arbitrary code as the 'pcap' user. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Resources
January CRYPTO-GRAM newsletter
Bruce Schneier's CRYPTO-GRAM newsletter for January is out. This issue looks almost exclusively at airline security in one form or another.2003 viruses caused $55B damage, antivirus firm says (ComputerWorld)
ComputerWorld is carrying a Reuters story quoting an antivirus company as estimating the total cost of viruses to businesses in 2003 at $55 billion. What the story doesn't cover is the portion of that cost which is due to Linux-based viruses. That figure is, of course, about $0.
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current 2.6 kernel is 2.6.2-rc1, which was announced by Linus on January 20. A massive set of patches was merged into this release; included therein is a new Qlogic SCSI driver, a bunch of USB work, infrastructural work to better support hotplug block devices, several architecture updates, some I/O scheduler work, a rework of the PCMCIA drivers, sysfs support for several new types of devices, an XFS update, and much more. See the long-format changelog for the details.The latest kernel from Andrew Morton, as of this writing, is 2.6.1-mm5. Recent additions to the -mm tree include a working modular IDE implementation, improved x86 CPU type selection options, a user-mode Linux update, and many other fixes.
The current 2.4 kernel is 2.4.24. Marcelo released 2.4.25-pre5 on January 15; a "deadly mistake" there forced the release of 2.4.25-pre6 one day later. The 2.4.25 prepatches have been getting steadily smaller; there may be a release candidate coming in the near future.
Kernel development news
Quote of the week
User-space device drivers
Peter Chubb works with the Gelato project, which works toward better Linux performance on the IA-64 architecture. Among other things, Peter is responsible for the 64-bit sector support which went into the 2.5 kernel. At Linux.Conf.Au, Peter discussed device drivers. He pointed out that drivers, while making up roughly 50% of the code in the kernel, are responsible for 85% of all kernel bugs. Drivers tend to be written by people who would not normally be considered kernel hackers: hardware engineers, for example. These people tend to have a hard time dealing with the special nature of kernel programming, where interfaces are fluid, bugs are lethal, and many normal development tools are not available.Driver authors - and their users - might have a much easier time if drivers could be written to run in user space. In addition to mitigating the above-mentioned kernel programming issues, user-space driver development would allow the creation of a stable ABI; it also, presumably, would eliminate any licensing issues associated with closed-source drivers. User-space driver writers could also use any language they choose, "even Python."
Peter and company have set out to make user-space drivers possible. Some of the necessary pieces are already in place. Standard Linux will allow a suitably privileged process to access I/O ports, for example. Low-address memory-mapped I/O registers can be accessed via a mmap() of /dev/mem. There is also an interface which gives user-space processes access to the PCI configuration space; this interface works via ioctl() calls on /proc files, though, thus upsetting the sensibilities of most kernel hackers. These facilities are enough to allow some user-space drivers (particularly XFree86) to work, but they are not sufficient to enable a wider range of drivers to move out of the kernel.
One of the big gaps is interrupts; there is no way, currently, for user-space processes to register and respond to device interrupts. A patch from the Gelato project addresses this gap by creating a set of files under /proc. A process wanting to deal with interrupt 11, say, would open /proc/irq/11/irq. Reading the resulting file descriptor enables the interrupt and blocks the process until a device interrupt happens; control then returns to user-space, which can figure out what to do. A typical user-space driver will set up a separate thread to wait for interrupts in this manner; the actual work can be handed off to a different thread within the program.
Peter presented some graphs showing that interrupt response times suffer very little when interrupt handlers run in user space. The main limitation at the moment seems to be the fact that shared interrupts are not supported.
Another thing that user-space processes cannot normally do is set up DMA operations. To enable DMA, a new set of system calls has been added. The interface appears to be in a bit of flux, but it will be something like the following. The driver starts by opening a special file for device operations:
int usr_pci_open(int bus, int slot, int function);
There is then a function for setting up DMA mappings:
int usr_pci_map(int fd, int cmd, struct mapping_info *info);
The cmd argument can be USR_ALLOC_CONSISTENT to set up a long-lived consistent mapping, or USR_MAP to create a streaming, scatter/gather mapping. In either case, the info argument is used to pass in the relevant information, and to get the necessary address(es). There is also, of course, a USR_UNMAP operation for when the DMA is complete.
Many user-space drivers will be able to obtain their requests directly from user space; the X server works in this way. Many other drivers, however, will need to hook into the kernel for this information. The current patch includes a mechanism (Peter described it as ugly) for a user-space block driver to register itself with the kernel and get I/O requests. It works by opening another special file and using it to communicate requests and responses back and forth. A similar interface apparently exists for network drivers.
Getting a user-space driver patch into the kernel could be an interesting challenge. Many kernel hackers, certainly, resist changes that look like they are pushing Linux toward something that looks like a microkernel architecture - or which might legitimize binary-only drivers. On the other hand, some drivers bring a great deal of baggage into the kernel with them which might be better kept in user space; think of some of the code required by some sound drivers or the modulation software needed by "linmodem" drivers. The ability to run these drivers in user space could be a nice thing to have.
See the Gelato user-level drivers page for more information.
Shrinking the kernel with gcc
It will come as no surprise to most Linux users that the kernel has grown over time. In general, the expansion in the kernel has been more than offset by the increasing power of the systems that it runs on, but there is still a price to be paid for kernel bloat. Extra memory has to be paid for, and other overhead - such as cache misses - can hurt the overall performance of the system.Andi Kleen has been putting some effort into making the kernel smaller through the use of some relatively new and obscure gcc options. He starts with -Os, as do most kernel shrinkers; this one simply tells the compiler to optimize for size rather than strictly for performance. Anecdotal evidence suggests that -Os not only produces a smaller kernel, but the resulting code also often runs faster as well.
The next step was to use -funit-at-a-time. This option is new; it will be part of the upcoming gcc 3.4 release. It causes the compiler to load the entire source file into memory before it begins generating code; the result is better inlining and dropping of unused functions. The result was a little over 3% reduction in kernel text size. The reasons for this shrinkage require further investigation; it may be that there is a significant amount of dead code in the kernel.
Finally, Andi has also enabled -mregparm=3, which instructs the compiler to pass up to three function arguments in registers, rather than on the stack. This option helps even more than -funit-at-a-time. Using all three options, Andi is able to reduce the text size by over 700KB.
There is one potential problem with -mregparm=3, however: it changes the calling conventions within the kernel, and thus breaks binary modules. As one might imagine, some kernel developers are more worried about this than others. Red Hat kernel packager Arjan van de Ven has stated that he is using this option, and intends to build production kernels that way as well. As always, sympathy for the difficulties encountered by distributors of binary-only modules is low. If the kernel hackers decide that this option is worth using, they'll not let some broken binary modules stop them.
FUSYNs - robust user-space synchronization primitives
The FUTEX subsystem, which is part of the 2.6 kernel, provides fast mutual exclusion primitives for user space. The FUTEX functionality is similar to that of the longstanding semaphores, but with a nicer interface and better performance. A FUTEX lock can be acquired (in the non-contention case) without going into the kernel at all. FUTEXes are a part of the high-performance native POSIX threading implementation.FUTEXes are an improvement on what came before, but they do not yet provide the functionality that some users - particularly real-time system implementers - would like to have. To help fill in the gap, Iñaky Pérez-González has been working (with others) on a new set of "robust mutexes" which go by the name of FUSYNs. The project has a simple web site based at OSDL and a set of patches. Some information can be found in fusyn.txt, which is included with the patch.
FUSYNs enhance FUTEXes with:
- Priority-based locks. When a lock is released, it is not handed over
to a random process. Instead, the highest-priority process waiting
for the lock will be allowed to proceed. If a process changes
priority while waiting for a lock, the system will take the change
into account properly.
- Priority inheritance. Processes which take out FUSYN locks
("fulocks") can have their priority raised to a specified level while
they hold the lock. This mechanism is an attempt to avoid priority
inversion problems, where a low-priority process can obtain a lock,
lose the processor, and keep a high-priority process from running for
a long time.
- Robustness features. The kernel can take remedial action when a process dies while holding a lock. There is also deadlock protection code which looks at the chains of locks held by various processes and reacts when a deadlock situation is detected.
Future plans include the addition of features like condition variables, reader/writer locks, spinlocks, etc.
Inside the kernel, this functionality is implemented through the addition of some new facilities which could be useful beyond the FUSYN code. The "vlocator" structure allows the kernel to associate objects with user-space processes via a hash table. In the longer term, vlocators could be used to provide some relief for the ever-growing task structure. The unfortunately-named "fuqueue" functions much like an ordinary kernel wait queue, except that wakeups take process priority into account - only the highest-priority process is awakened. To support this functionality, a new "plist" type is added; it implements a general, priority-sorted, doubly-linked list capability.
The reaction to posts of FUSYN patches on linux-kernel has tended to be quiet. There does not appear to be any strong opposition to the addition of this capability to the kernel. Whether FUSYNs go into 2.6, or have to wait for 2.7, however, remains to be seen.
Patches and updates
Kernel trees
Architecture-specific
Build system
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
GoboLinux - Fun with File System Hierarchy
It is a well-known fact that of the 300 or so Linux distributions in existence today, the vast majority are nothing but modified versions of one of the major ones. Some of them might offer a few interesting ideas or several user-friendly tweaks, but the underlying system usually differs very little from its immediate parent. That's not to say that there is no innovation among the smaller distributions. Unfortunately, most of them are limited to relatively simple enhancements, rather than radical ideas. One exception is GoboLinux. This comparatively little-known project is attempting to redefine the entire UNIX file system and come up with a unique and more logical structure of directories and files.More logical? Well, even some seasoned UNIX system administrators will probably agree that the UNIX file system, developed in late sixties, is far from ideal. While it is not particularly difficult to learn which files belong to /usr, which should go into /var and what to store in /etc, isn't there a more intuitive way of placing files into directories? Especially in times when many people are trying to push Linux into the mainstream as a viable alternative to other, more user-friendly operating systems?
It turns out that the GoboLinux project has been doing exactly that - reorganizing the directories and files into a new structure. It all started with one of the developers working on a system where he did not have superuser privileges, but still needed to compile programs. To avoid difficulties when upgrading, he placed individual programs into their own directories and named them according to the relevant program names, e.g. ~/Programs/AfterStep. Other parts of the programs went into similarly identified directories, such as ~/Libraries, ~/Headers, etc. Custom scripts for automated compilation of these programs and correct placing of individual components were also developed.
After a hard disk crash, the developer decided to rebuild his entire system with this new file system hierarchy. Under GoboLinux, there are 6 directories below the root file system; these are /Depot, /Mount, /System, /Files, /Programs and /Users. All executable files are stored under /Programs, which has a structure of /Programs/XFree86/4.3/. This makes it easy to maintain multiple versions of an application without having to resort to application renaming (e.g. gcc and gcc3). The /Programs directory also stores system-wide settings, so the XFree86 configuration file can be found in /Programs/XFree86/Settings/X11/. The /Users directory is roughly equivalent to /home on "normal" Linux system, while /Depot is a general place to store files by all users. The /Files directory contains plugins, fonts, documentation and other non-executable files.
The purpose of the /System directory is more complex. It contains symbolic links to all executable files, libraries, headers, etc on the system and these are also mapped to the traditional location, such as /bin, /usr/bin, etc. Yes, the system does include these directories - for legacy reasons and for those troublesome applications where directory paths are hard-coded into the source code. However, these legacy directories are not visible to users, thanks to a GoboHide kernel patch, which is able to hide certain directories, both from the command line and from file managers.
How does one go about installing applications on GoboLinux? These tasks have been automated by a collection of scripts. There are scripts for compiling programs, scripts for creating GoboLinux packages from source code, and scripts for installation. They have command line options to handle special situations, but in most cases they are very simple to use. The scripts also include simple dependency checking. As for the system boot, rather than using one of the common boot models (System V or BSD), the GoboLinux developers have written their own set of boot scripts - simple sequences of executable commands, each with a message string.
GoboLinux, the core of which is developed by Hisham Muhammad and Andre Detsch (as well as a number of contributors), is an interesting distribution to play with. The bootable ISO image serves as a live CD with some basic hardware auto-detection and KDE as the default desktop environment. Once booted, a graphical (as well as a text-based) GoboLinux installer is provided for those who would like to give it a partition on the hard disk. The latest version is 010 (the versioning scheme follows octal numbering), released earlier this month, and this is available for free download from GoboLinux mirror sites. The developers pride themselves on having created a highly unusual, yet usable Linux system and they are keen to offer support via their fairly busy mailing lists.
It is highly unlikely that GoboLinux will succeed in relegating the traditional UNIX file system hierarchy into the annals of history and replacing it with a more intuitive one. But as a hobby distribution, it is certainly a lot of fun.
Distribution News
Conectiva Linux 10 Technology Preview 2
The second preview release of Conectiva Linux 10 is now available. It features a 2.6.1 kernel, the KDE 3.2 release candidate, and other bleeding-edge stuff; see the release notes for details on what is in this release, or this page for information on the preview itself.Debian GNU/Linux
The Debian Weekly News for January 20, 2004 is out. This week's issue looks at Debian in Slashdot and Symlink, a new developer survey, updating web site translations, Debian at LinuxWorld Expo New York, and much more.The debian-installer team has announced the second beta release of the Debian Sarge installer for the i386, PowerPC, and ia64 architectures.
The Debian Bug Tracking System has moved to a new computer. Most people won't notice much of a difference, at least for now. Click here for more details.
DebianPlanet has some helpful pointers for running IPv6 in Debian.
Fedora Core
A test release of Fedora Core 1 for AMD64 is now available for download and may be at a mirror near you. The ISOs are also up and available at: bit torrent.The third Fedora News Updates issue is out, with information on Fedora at LinuxWorld, the first AMD64 release, Fedora kernel information, and more.
Gentoo Weekly Newsletter - Volume 3, Issue 3
The Gentoo Weekly Newsletter for the week of January 19, 2004 is out. This week: Gentoo Linux is a finalist for LinuxWorld Expo's "Best Open Source Project"; the Gentoo Linux Desktop Project has new co-leaders; and more.Mandrake Linux
The January 16 issue of the Mandrake Linux Community Newsletter is available; it looks at the availability of the MandrakeMove download edition, the business case of the week, and more.Here are some bug fix advisories for Mandrake Linux 9.2:
- The krozat screensaver in Mandrake
Linux 9.1 and 9.2 has a memory leak.
- The kwin4 application in kdegames
crashes on startup.
- A problem with qt3 causes improper
behavior when using accelerator keys in KDE applications such as
Konqueror, KMail, and others.
- This drakxtools update fixes a problem with sagem modems.
Lycoris and Bitstream Bring High-Quality Fonts to Linux
Lycoris and Bitstream have announced that Lycoris has licensed 40 high-quality Bitstream fonts for the Lycoris ProductivityPak.Slackware Linux
Slackware has upgraded alsa, kde (includes a security fix), inn, gnome, gimp, mozilla, sendmail and python this week according to the slackware-current changelog.Trustix Secure Linux
Trustix has bug fixes available for TSL 2.0:- The samba library libnss_wins does
not get built.
- This update provides minor cleanup of the kernel source package.
Minor distribution updates
Astaro Security Linux
Astaro Security Linux has released v4.019 with minor bugfixes. "Changes: This Up2Date fixes a config update bug for HA Systems."
Blue Cat Embedded Linux
LynuxWorks has released Blue Cat Embedded Linux 5.0, which features a 2.6 Linux kernel.BRaiLleSPEAK
BRaiLleSPEAK has released 07-10-2003 with major feature enhancements. "Changes: This version is no longer Slack-based but Debian-based."
Buffalo Linux
Buffalo Linux has released v1.1.1 with minor feature enhancements. "Changes: The main new features are the 2.6.1 kernel, a 'newkernel' GUI rebuild feature, and a new modutils 3.0.0 (with a Buffalo wrapper for switching back to the old version if needed). All other packages are the same as 1.1.0. There are many minor bugfixes and a few new features, such as a 'RUN Program' option on the main menu which supports adding desktop icons and Programs entries for both Linux and MS Windows programs."
Coyote Linux
Coyote Linux has released v2.06 with minor bugfixes. "Changes: PPP dialup script fixes were made. The SSH daemon was updated to dropbear .40. The bpalogin utility was recompiled to make it work properly with the uclibc libraries used by Coyote."
Damn Small Linux
Damn Small Linux has released v0.5.3.1 with minor feature enhancements. "Changes: This version features gPhone, a fix for the Monkey Web server, replacement of the NES game "BattleTank 2000" with "Munchie Attack", and a new Fluxbox theme."
Feather Linux
Feather Linux has released v0.3.3 with minor feature enhancements. "Changes: SciTE has been fixed. Firebird and OpenOffice install scripts have been added. mount.app, portmap and nfs-common, and chntpw have been added. The default Fluxbox theme has been changed. Sylpheed has been updated to 0.9.8a. A proxy configuration option has been added to setup. A script to save the configuration to a floppy has been added."
Gentoo For Zaurus
Gentoo For Zaurus has released v0.2.1 with minor bugfixes. "Changes: More "real" packages instead of the busybox ones. bison, procps, patch, bash, grep, and coreutils have been merged into the main system. The system should compile more packages without errors or warnings."
Gibraltar
Gibraltar has released v1.2 with minor feature enhancements. "Changes: This release enhances the Web interface usability, making it easier to use and in some places speeding up administration tasks."
LEAF
LEAF (Linux Embedded Appliance Firewall) has released Bering-uClibc 2.1rc1 with major security fixes. "Changes: This is the first version based on Linux 2.4.24. Dropbear has been upgraded to 0.40 and shorewall to version 1.4.9."
Recovery Is Possible! (RIP)
RIP has released v7.0 with minor feature enhancements. "Changes: The kernel and some of the software was updated."
slimlinux
slimlinux has released v0.4.0 with major feature enhancements. "Changes: This release has a smaller distribution size (1.2 MB), kernel 2.2.19, BusyBox 0.60.5, "the one true" awk, and retawq 0.2.1 instead of Links. Both floppy and hard disk versions are available. All Linux utilities build with gcc and uClibc."
Distribution reviews
Spawn of Debian faceoff: MEPIS Linux (NewsForge)
NewsForge continues the 'Spawn of Debian faceoff' with a review of MEPIS Linux. "The default MEPIS desktop is a clean, well-lighted place. Nearly a dozen desktop icons are arranged in two columns on the left hand side of the screen. Along the bottom, the KDE task bar shows the status of your keyboard LEDs, the date and time, and half a dozen icons of its own."
Spawn of Debian faceoff: Xandros 2.0 (NewsForge)
NewsForge reviews Xandros 2.0. "There is an interesting array of applications included by the default installation available via the menu launcher. Accessories include both a personal time tracker and pop-up notes. There is a complete CrossOver menu to allow you to run MS Office, Adobe Photoshop, and other Windows applications on your Xandros box. Multimedia includes Audio Builder, which is actually ARTS, the Real Time Synthesizer. OpenOffice.org is also present. The only thing that surprised me was that the GIMP was not present in the default installation. But given the ease of adding applications via Xandros Networks, that's really not a big deal."
Page editor: Rebecca Sobol
Development
The Bochs x86 PC Emulator
Bochs (pronounced box) is cross-platform PC emulator that was written by Kevin Lawton:
![[Bochs]](https://static.lwn.net/images/ns/bochs.jpg)
Bochs features emulation for the standard PC i/o ports,
keyboard, mouse, hard drive, floppy drive, and CDROM.
It also features emulation for a
Sound Blaster audio card and NE2000 ethernet device.
See
this list of supported devices for details.
The project includes disk images for various pre-configured operating systems:
Currently, the list of pre-packaged free operating systems includes Linux, DLX Linux, Pragma Linux, Debian 3.0r0, Debian 2.2r5, FreeDOS, NetBSD, OpenBSD, and PicoBSD. Other supported operating systems include Minix, and GNU/Hurd.
The screenshots page shows Bochs running many different operating systems from within various host platforms. Due to the x86 instruction set emulation used by Bochs, performance of emulated applications may not be especially speedy.
Version 2.1 of Bochs
was released recently.
"We have improved the accuracy of the simulation in many ways,
notably in the cpu, fpu, and vga areas; 3DNow! and PNI instructions are now
supported, and Bochs includes a new disassembler that supports all IA-32
instruction sets; On the I/O devices side, Bochs now provides experimental
PCI VGA and USB cards, 16550A uarts and gameport emulation; New types of
disk image can be used as harddisks: stackable, commitable or
growing.
"
Bochs is licensed under the GNU LGPL, the source code is available here.
See the project documentation and faq for more information.
System Applications
Audio Projects
Planet CCRMA Changes
The latest changes from the Planet CCRMA audio utility packaging project include updates to the PlanetCore components, support for the Fedora Core distribution, and a new version of JACK.
Database Software
Kexi 0.1 Beta 2 Released (KDE.News)
Version 0.1 beta 2 of Kexi, an integrated data management environment for KDE, has been announced. "This is a preview release for interested developers and experienced users; changes from the previous beta include an integrated kexisql engine and an improved user interface."
PostgreSQL Weekly News
The PostgreSQL Weekly News for January 19, 2004 has been published. Take a look for another week's worth of PostgreSQL database news.ZODB 3.2.1c1 and 3.1.5c1 released
Two new versions of ZODB, the Zope Object DataBase are out. "We have made release candidates for ZODB 3.2.1 and 3.1.5. These releases fix a bug in FileStorage pack that can cause data loss if you pack to a time earlier than a previous pack time. The ZODB 3.2.1 release also fixes several ZEO bugs."
Mail Software
Sendmail 8.12.11 is available
Version 8.12.11 of Sendmail has been released and features many bug fixes.Five Tips for a Better sendmail Configuration (O'Reilly)
Craig Hunt gives some tips on sendmail configuration. "Unix vendors bundle sendmail with the operating system and ship it out preconfigured. It is very easy to install the OS and use the sendmail configuration delivered with the system. Don't be fooled by this apparent simplicity. In the long run, it is better to take charge of your fate. Creating a custom sendmail configuration using current software and features selected for your environment will give you better performance, reliability, security, and maintainability."
Networking Tools
An Introduction to the Twisted Networking Framework (O'ReillyNet)
Itamar Shtull-Trauring introduces the Twisted Networking Framework on O'Reilly. "Twisted is an open source networking framework, implemented in Python. It is designed to support both clients and servers and run on multiple operating systems and platforms. This article is a brief introduction to Twisted's capabilities and design goals."
Peer to Peer
ed2k-gtk-gui 0.6.2 released! (SourceForge)
Version 0.6.2 of ed2k-gtk-gui, a GUI for the eDonkey2000 and Overnet file-sharing programs, has been released. This version features numerous bug fixes.
Printing
Gimp-Print 4.2.6 (SourceForge)
Stable version 4.2.6 of Gimp-Print, a suite of printer drivers that works with common print spoolers, has been announced. Changes include bug fixes, support for more printers, and more.PyKota 1.16 available
Version 1.16 of PyKota, a print quota and accounting software solution for the CUPS print spooler, is out. See the news page for change information.
Security
Sussen 0.8 Released (GnomeDesktop)
Version 0.8 of Sussen, a security scanner, has been announced. Changes include user interface improvements, code clean-up, better documentation, and more.
Web Site Development
mod_caml 1.0.6 released
Version 1.0.6 of mod_caml, the Caml language binding to the Apache web server, is out. This release features a security fix and other minor bug fixes.Zope 2.7.0 rc1 Released
Zope version 2.7.0 rc1 is out. "The 2.7.0 'release candidate' release fixes a number of issues introduced in Zope 2.7.0 b4 as a result of merging extensive security updates."
Web Services
Building a Web Services Container in Python (O'Reilly)
Rich Salz builds a web services container using Python on O'Reilly. "In the present run of columns, I'm using the web services framework provided by Python and the ZSI SOAP implementation to implement the XKMS registration service. Last month's column ended with a link to a skeleton server, but there was neither space nor time to explain it. This time we'll look at that server in some detail so that we can get an understanding of what features are provided by generic container servers (Apache Axis, J2EE servers, and the like)."
Desktop Applications
Accessibility
Dasher 3.2.2 available
Version 3.2.2 (stable) of Dasher, a zooming predictive text entry application, is available.
Audio Applications
GNUsound 0.6.2 Released
Version 0.6.2 of the GNUsound audio editor is available. "This release fixes a bug with solo/mute button selection and adds mouse wheel support."
Muine 0.1.1 released (GnomeDesktop)
Version 0.1.1 of Muine, a new music player application, is available. "The idea is that it will be much easier and comfortable to use than the iTunes model, which is used by both Rhythmbox and Jamboree."
Visecas 0.3.1 available
Visecas 0.3.1, a graphical interface for the Ecasound audio recording utility, is out. This is the initial release.TimeMachine 0.2.1 released
TimeMachine version 0.2.1 is out. TimeMachine is a JACK application that can record recently played audio data.
Desktop Environments
GNOME Weekly Summary
The GNOME Weekly Summary for January 4-10, 2004 is available.Gnome Summary
The GNOME Summary for January 10-17, 2004 is available with more GNOME desktop articles.KDE 3.2 Reaches Final Stage: Announcing Release Candidate 1
The first release candidate for KDE 3.2.0 is now available for download from download.kde.org.KDE-CVS-Digest
The January 16, 2004 KDE-CVS-Digest is out. Here's the content summary: "amaroK adds graphic sonograms. Kolourpaint can be used as an icon editor. KPilot PIM integration improves. KMail folder code is refactored. KWord adds import of text boxes from OOWriter. And the last bugfixes before release."
Desktop Publishing
Passepartout 0.4 released (GnomeDesktop)
Version 0.4 of Passepartout, a desktop publishing tool for GNOME, has been announced. Changes include an improved command line parser, support for libxml++ 1.0, and more.TeXmacs 1.0.3 released
Version 1.0.3 of GNU TeXmacs, an interactive structured typesetting system, has been announced. "This release features better PDF output, TrueType fonts support, extended plug-in infrastructure, a internal reorganisation of the typesetting language, and more."
Electronics
gEDA News
The latest releases from the gEDA project include new versions of the Icarus Verilog electronic simulation language compiler and gaf (gschem and friends), a collection of CAD tools.XCircuit 3.1.35 released
Version 3.1.35 of XCircuit, an electronic schematic drawing package, is available "Change information is in the source code."
Games
FreedroidRPG 0.9.10 released (SourceForge)
Version 0.9.10 of FreedroidRPG has been announced. "The changlog is lengthly and lists improvements of all aspects of the game."
Using Sprites in Pygame
A new tutorial entitled Using Sprites in Pygame is available. "Sprites are one of the most useful, but least understood, parts of Pygame. This document will, hopefully, teach you enough about sprites to simplify your code tremendously."
Graphics
Second preview of GIMP-2.0 (GnomeDesktop)
The second preview of GIMP 2.0 has been announced. "Lots of bugs have been fixed since the 2.0pre1 release and you are encouraged to try the new GIMP pre-release."
JFreeChart 0.9.16 released (SourceForge)
Version 0.9.16 of JFreeChart, a Java class library for generating charts, is out. "This release contains bug fixes and some minor feature enhancements (title and category label wrapping, legend shape scaling, enhanced performance for the DefaultTableXYDataset class and new Spanish localisation files)."
JGraph 3.1 released (SourceForge)
Version 3.1 of JGraph, a graph component for Java, has been announced. This release features bug fixes and minor API changes.PyX 0.5 was released
Version 0.5 of PyX, a Python graphics package for the creation of encapsulated PostScript figures, has been released. See the CHANGES file for a long list of new features.TesselSphere 1.1.0-rc7
Version 1.1.0-rc7 of TesselSphere, a cross-platform OpenGL spherical subdivision utility has been released. This version adds a Morpher window.
GUI Packages
PyQt 3.10 Released
Version 3.10 of PyQt is available. "PyQt now includes the QFtp, QHttp, QHttpHeader, QHttpRequestHeader, QHttpResponseHeader and QLocalFs classes."
Advanced UI design for GNOME (IBM developerWorks)
Vladimir Silva explains SLIK on IBM's developerWorks. "SLIK (SimpLIstic sKin interface provides a great tool for building advanced user interfaces in Linux or Unix systems. A part of the GQmpeg toolset, it is written using the GTK toolkit, a powerful set of widgets for graphics used by such applications as the GIMP and other GNOME-based apps."
The Tk Text Widget (Linux Journal)
Derek Fountain explores the Tk text widget on the Linux Journal. "All script writers need to deal with textual data at one time or another. One of the most powerful tools for manipulating text in the free software world is the text widget found in the Tk graphical user interface (GUI) toolkit. This widget is available to script writers working with Tcl, Perl/Tk and Tkinter in Python, and it boasts features and functionality that can solve almost any text-related requirement a script writer is likely to encounter."
Imaging Applications
gThumb 2.3.0 released ! (GnomeDesktop)
Version 2.3.0 of gThumb, an image viewer and browser for GNOME, is available. "This is a development version that adds some neat features as a photo importer and the crop tool."
Interoperability
DOSEMU 1.2.0 announced
Version 1.2.0 of DOSEMU, a PC Emulator for x86 based Linux, is out with a long list of changes.Samba 3.0.2rc1 Available for Download
Samba version 3.02 rc1 is available for testing. This release features several bug fixes.
Mail Clients
Balsa 2.0.16 and 2.1.0 released (GnomeDesktop)
New stable and development releases of Balsa, an e-mail client for GNOME, have been announced. "The 2.1.0 development release has a brand-new mailbox backend with much better performance and lowered memory footprint. This is a dogfood-quality code under development - handle it with care!"
Music Applications
horgand 1.05 Released
Version 1.05 of horgand, an organ synthesizer, is out. This version features new sounds, bug fixes, and more.
Office Applications
Gnumeric 1.2.5 is now available. (GnomeDesktop)
Version 1.2.5 of the Gnumeric spreadsheet has been announced, here is the change summary: "A few mostly minor xls export issues, and some package cleanup. A small patch to add some missing includes fixes a crash in the ia64 build This package should also be alot more relaxed about the intltool version requirements. The Manual recalc redraw issue was quite interesting. Jean Brefort added bubble plot support, bringing us ever closer to complete coverage of the available XL formats."
Office Suites
OpenOffice.org Newsletter
Issue #7 of the OpenOffice.org Newsletter is out with the latest OpenOffice.org office suite news.OOo Developers Digest
The OpenOffice.org Developers Digest has been launched.
Digital Photography
libgphoto2/gphoto2 2.1.4 released (SourceForge)
New versions of gphoto2 and libgphoto2 have been announced. "As always, we have fixed some bugs, and now support new cameras."
Web Browsers
Epiphany 1.0.7 released (GnomeDesktop)
Version 1.0.7 of Epiphany, a web browser for GNOME, is out. "This new stable release features support for mozilla 1.6 and numerous bug fixes."
Jazilla Milestone 3 Released (MozillaZine)
Milestone 3 of Jazilla, a rewrite of Mozilla in Java was announced. "This latest release features a user-agent string in the HTTP request headers, error pages instead of error dialogues, better CSS rendering, XUL overlay support and some stability bug fixes."
lynx 2.8.5 pre.2 released
Version 2.8.5 pre.2 of lynx, a text-mode browser, is available. Change information is in the source code.Mozilla 1.6 Released (MozillaZine)
Version 1.6 of the Mozilla web browser has been announced. "This latest version features several Mail & Newsgroups improvements, including vCard support, a preference to remove mail from a POP server after x days, a setting that places the user's signature above the quoted text when replying to a message and optional separate Recipient and Sender columns in the thread pane."
Roadmap Update: Mozilla Application Suite will be Sustained (MozillaZine)
MozillaZine examines the latest version of the Mozilla Development Roadmap. "Brendan Eich has updated the Mozilla Development Roadmap, adding a note that the Mozilla Foundation has no plans to retire the Mozilla Application Suite in the near future and will continue to release updates to the program, also known as SeaMonkey. This means that users of the Mozilla Application Suite will continue to benefit from changes made to core components such as the Gecko rendering engine and the Necko networking library."
Mozilla Links Newsletter
The Mozilla Links Newsletter is back for the new year. This issue discusses the "StumbleUpon" feature, managing multiple identities, the ConQuery project, and more.mozilla.org Status Update (MozillaZine)
The January 19, 2004 Mozilla Status Update has been published. The MozillaZine summary says: "It includes news on Mozilla 1.6, the Mozilla Development Roadmap, Camino, relicensing, the URL spoofing vulnerability, CSS and more."
Minutes of the mozilla.org Staff Meeting (MozillaZine)
The minutes are available for the January 19, 2004 Mozilla.org staff meeting. "Issues discussed include Mozilla 1.6 final, Mozilla Firebird 0.8, a Mozilla Thunderbird update for the 1.6 CD, Mozilla 1.7 Alpha, CVS over SSH, the next Developer Day and LinuxWorld."
Independent Status Reports (MozillaZine)
The Mozilla Independent Status Reports for January 18, 2004 are available. "The latest set of status reports include updates from XUL Console, mozImage, Mycroft, MozPHP, MozPython, Archangel, Forumzilla, MozManual, the Mozilla-Delphi project, ConQuery, Xprint, TipBar and Enigmail."
Miscellaneous
GNOME ASCII Art Tool 0.1.1 Released (GnomeDesktop)
Version 0.1.1 of GAAT has been announced. "GAAT (GNOME ASCII Art Tool) is an ASCII text or HTML file generator from a picture. You can resize the output to a specific character/pixel size, select the characters to use in the substitution of the pixels, etc."
gTranslator v1.1.4 Released (GnomeDesktop)
Version 1.1.4 of gtranslator, an enhanced gettext po file editor for GNOME, has been announced. Change information is in the source code.Revelation 0.1.0 released (GnomeDesktop)
The initial release (version 0.1.0) of Revelation, a password manager for GNOME 2, has been announced. "Revelation is a password manager for GNOME 2. It organizes accounts in a tree structure, and stores them as AES-encrypted XML files. This is the first release, with most basic functionality in place."
Quartz 1.3.0 Released (SourceForge)
Version 1.3.0 of Quartz, a job scheduling system that works with J2EE or J2SE applications, has been announced. "This release contains both bug fixes and new features".
Languages and Tools
Caml
Caml Weekly News
The Caml Weekly News for January 13-20, 2004 is out with another collection of Caml language articles.
Java
Hibernate your Data (O'ReillyNet)
Davor Cengija writes about Hibernate on O'Reilly. "Hibernate can persist any kind of Java object, manipulate a hierarchy of objects, handle collections, and work with transactions."
Perl
Perl 5.8.3 Released (use Perl)
Perl 5.8.3 is available. "5.8.3 is a maintenance release for perl 5.8, incorporating various minor bugfixes, including eliminating a couple of errors in Perl's UTF8 handling."
Maintaining Regular Expressions (O'Reilly)
Aaron Mackey details the use of Perl regular expressions on O'Reilly. "For some, regular expressions provide the chainsaw functionality of the much-touted Perl "Swiss Army knife" metaphor. They are powerful, fast, and very sharp, but like real chainsaws, can be dangerous when used without appropriate safety measures."
This Week on perl5-porters (use Perl)
The January 5-11, 2004 edition of This Week on perl5-porters is online. "Besides the first release candidate of perl 5.8.3, lots of things happened on perl5-porters this week. Read about new features to be added to the language, lots of bugs and fixes, and other odds and ends."
This Week on perl5-porters (use Perl)
The January 12-18, 2004 edition of This Week on perl5-porters has been published. "Besides the release of a new maintenance version of perl, this week passed and carried its usual heterogeneous load of bugs. Read below for all the details."
This week on Perl 6
The January 11, 2004 edition of This week on Perl 6 has been published. "It's Monday. People have been talking about Perl 6, Parrot and the European Union Constitution. Let's find out what they've been saying about Parrot first shall we?"
The State of Perl (O'Reilly)
Adam Turoff examines Perl's future on O'Reilly. "In 2000, Larry Wall saw Perl 6 as a means to keep Perl relevant, and to keep the ideas flowing within the Perl world. The fear at the time was quite palpable: if enough alpha hackers develop in Java or Python and not Perl, the skills we have spent years acquiring and honing will soon become useless and literally worthless."
PHP
PHP Weekly Summary for January 19, 2004
The PHP Weekly Summary for January 19, 2004 is out. Topics include: PHP 5 and SimpleXML, PECL PHP 5 Win32 binaries, 4.3.5 RC 1, OpenDirectory extension, Circular destruction.Using PHP 5's SimpleXML (O'ReillyNet)
Adam Trachtenberg explores SimpleXML on O'Reilly. "This article shows how to use SimpleXML to read an XML file, parse the results into a useful form, and query the document with XPath."
PostScript
GSview 4.6 and Epstool 3.04
The ghostscript.com site lists new versions of Epstool, an Encapsulated PostScript preview tool, and GSView, a a graphical interface for Ghostscript.
Python
Dr. Dobb's Python-URL!
The Dr. Dobb's Python-URL! for January 19, 2004 is available, with weekly Python news and links.
Tcl/Tk
Dr. Dobb's Tcl-URL!
The January 19, 2004 edition of Dr. Dobb's Tcl-URL! has hit the presses. Take a look for links to a large selection of Tcl/Tk articles.
XML
A survey of XML standards: Part 1 (IBM developerWorks)
Uche Ogbuji has assembled a survey of XML standards on IBM's developerWorks. "The world of XML is vast and growing, with a huge variety of standards and technologies that interact in complex ways. It can be difficult for beginners to navigate the most important aspects of XML, and for users to keep track of new entries and changes in the space. In this series of articles, Uche Ogbuji provides a guide to XML standards, including a wide range of recommended resources for further information."
Business Integration -- Information Conformance Statements (IBM developerWorks)
Scott Hinkelman explains BI-ICS on IBM's developerWorks. "Industry trends within the XML-oriented business space indicate that regardless of the advancements in technology that XML brings, challenges in business information modeling that have existed for decades continue. A predominant problem area is centered on the real-world need to accommodate different levels of conformance for such information. This article discusses industry trends in the area of modeling business information, and introduces an XML specification for business information conformance as a step toward a solution in this area."
Building Dictionaries With SAX (O'Reilly)
Uche Ogbuji discusses Python dictionaries and SAX on O'Reilly. "My pet description of XML's fundamental data model is "labeled strings in nested packages". The labeling and nesting are what differentiate XML from good old comma or tab-delimited value and tabular ("square") data models such as spreadsheets and classic SQL databases. This same labeling and nesting makes for a natural accommodation of data from XML in Python dictionaries."
Miscellaneous
XPlanner 0.5.3 Released (SourceForge)
Version 0.5.3 of XPlanner has been announced. "XPlanner is a web-based project planning and tracking tool for eXtreme Programming (XP) teams. XPlanner is implemented using Java, JSP, and Struts, and MySQL (user contributed support for other databases)."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Going Upstream to Fight Spam (Wired)
Wired covers a talk by Eric Raymond at a Spam Conference at MIT. "Raymond is promoting an antispam technology called SPF (sender permitted from), an open-standard SMTP (simple mail transfer protocol) extension that stops spam before ISPs have to download messages by rejecting those e-mails coming from forged addresses. Under SPF, e-mail users enter their valid domains and IP addresses into the SPF registry. More than 4,000 domains have published their SPF records, including AOL, said Raymond. The registry will also be supported by an upcoming version of SpamAssasin and other antispam applications."
Under the hood of the Open Source Awards (ZDNet)
ZDNet takes a look at the projects that are winning the Open Source Awards. "Today marks an important milestone for the open source community. It's the day that, for the first time in the movement's history, the community's elders begin to dole out cash awards--known as the Open Source Awards -- to the lesser known contributors whose efforts are critical to the vibrancy, viability, and preservation of the open source culture. The first recipients are Julian Seward for Valgrind, Paul Davis for JACK, the VideoLAN project, and the Pango project."
Eclipse to split from IBM (News.com)
News.com reports that Eclipse will split from IBM. "The current Eclipse consortium, made up of about 50 software companies, will be incorporated as the Eclipse Foundation, a nonprofit modeled after other successful open-source organizations, such as the Apache Foundation, said McGaughey."
Trade Shows and Conferences
Saudi open source conference opens minds (NewsForge)
NewsForge covers a small open source conference in Saudi Arabia. "Dr. Aljahadi is Chairman of the Saudi Linux Group, so when he presented facts and figures about Linux and open source after all the buildup, he had an attentive audience. Most of what he said is old hat to NewsForge readers, but not many government officials in Saudi Arabia knew, for instance, that open source Apache was a clear leader in the Web-serving software realm until he told them. Introducing open source to government and industry leaders here was what the conference was all about, so it's nice that he got such a fine reception."
Novell advocates open source (News.com)
News.com reports from the Novell press conference at LinuxWorld. "SCO, which now is attacking Linux and its intellectual property foundations, refuses to withdraw from UnitedLinux, Richard Seibt, SuSE's CEO, said in the press conference. 'There's no value for us to work in the UnitedLinux corporation,' Seibt said. 'This doesn't mean we're not focusing on continuing with the development relationship we have with Turbolinux and Conectiva.'"
The SCO Problem
Declaration of Ryan E. Tibbitts (Groklaw)
Groklaw has posted the text of SCO's declaration to the Utah court that it has provided the required evidence. PJ is not impressed. "After they get everything they list in this document from IBM, they figure they'll need 90 days to evaluate what IBM turns over. I'm not kidding. 90 more days. They'd better send Boies to court for the next hearing. This is going to be a hard sell."
The Wrath of Linux (Motley Fool)
This Motley Fool article is another sign that SCO is losing the PR war. "If SCO thought threat-born licensing fees would provide a quick boost to the bottom line, it looks to have miscalculated. As fellow Fool Tom Taulli noted last month, SCO has tried to cast its lawsuits in apocalyptic terms. But with the entire computing world putting its money behind Linux, it appears that, for SCO, the apocalypse is now."
Linux users face licence cash call (BBC News)
The BBC News covers SCO's attempts to sell Linux licenses to European firms. "Mr Sontag said taking out a licence was a cheap way to avoid potential legal action and was less expensive than the indemnification schemes set up by firms such as Novell to bail out Linux users that end up in court."
Changes in the New SCO SEC Filing (Groklaw)
The SCO Group has a new regulatory filing available now. Groklaw has posted a listing of differences between this filing and previous versions that is definitely worth a look. For example, "In addition to SCOx, we implemented our first SCOsource initiative in January 2003 to review and enforce our intellectual property rights in the UNIX operating system. became "In addition to SCOx, we implemented our first SCOsource initiative in January 2003 to review and establish our intellectual property rights in the UNIX operating system." (emphasis added). As a whole, the changes do not indicate that everything is going SCO's way.SCO Hints at a Short List and Licenses Go on Sale in Australia (Groklaw)
Groklaw looks at SCO's plans to sell licenses in Australia. "More menacing hints from SCO. It seems they are making their list smaller and smaller, and it's down to about a dozen or so. Didn't they already say it was a definite? But they now say they "may" sue. Here are some on the short list, according to Darl: "BP, Siemens and Fujitsu are among a large number of big companies whose use of the operating system has come under scrutiny, said Darl McBride, chief executive of SCO, the small US company that has mounted the challenge. He said the company had not yet decided whether to sue. But he added: 'That clearly is an option we are looking into very closely.'"Aust firm tells SCO to detail evidence (SMH.com)
The Sydney Morning Herald talks with Leon Brooks about his efforts to get SCO to detail its claims. "Brooks said that several people at last week's Adelaide conference on the use of open source software in government had indicated that they were holding off on adoption or testing of software of this genre for public sector use until the case which SCO has filed against IBM is resolved."
Companies
Commentary: Oracle envisions grand future in China (News.com)
News.com has a commentary that looks at Oracle's leveraging of Linux in China. "Oracle's database and business applications growth in the United States may no longer be very robust, but in China, the company sees greener fields. Oracle plans to reap those fields with Linux, which has received strong support in China because of that country's distaste for being locked in to Microsoft's proprietary Windows systems."
Oracle's Linux Push: Mozilla Browser to Front Oracle Apps (eWeek)
eWeek looks at a push by Oracle to support Linux on the desktop as well as on the server. "Oracle Corp. is ready to extend its "Linux Everywhere" campaign to client systems. In the coming year, the company will enable the Mozilla open-source Web browser to run Oracle applications."
Interviews
Linux breaks desktop barrier in 2004: Torvalds (LinuxWorld.com.au)
LinuxWorld.com.au interviews Linus Torvalds. "The fact that X and kernel development have been separate is good; one could evolve without the other but DRI (Direct Rendering Infrastructure) has made them not completely independent. As a developer, having the two separate is good, because different people are good at developing for each."
Interviews with FOSDEM speakers
The FOSDEM team has published 2 new interviews with FOSDEM speakers: In this one Rich Kilmer talks about Ruby. Then Tom Kistner, from the SpamAssassin project, explains current anti-spam techniques.Red Hat CEO Is Optimistic about Economy, Sector (The News & Observer)
The News & Observer, Raleigh, N.C. interviews Matthew Szulik. "Last year, Red Hat hired 150 workers worldwide, bringing its total employees to 620, including 220 in the Triangle. Its stock has more than quadrupled in the past 12 months. And last week, Red Hat raised $600 million by selling convertible bonds, money that the company says it will use for acquisitions and to expand internationally. Szulik talked with staff writer Vicki Lee Parker about the role the technology industry will play in the local economy's recovery."
Open Source in Government: Newport News, Va. (O'Reilly)
Tom Adelstein interviews Andy Stein, CIO of Newport News, Va on the topic of open-source software in government. "What if you ran a city government and had to upgrade your infrastructure, productivity applications, comply with new homeland security standards, and do it in the midst of a budget crunch. If that sounds familiar, you're not the only one facing this dilemma."
Linux's 'center of gravity' (News.com)
News.com interviews Stuart Cohen, chief executive of OSDL. "We will shortly be announcing some governments that will become OSDL members, but we are not at liberty to announce them today. There are a number of government agencies around the world that are interested in participating, because they have technical requirements, they have market requirements, they have deployment requirements--whether it is for Data Center Linux, for Carrier Grade Linux (CGL) or for desktops."
Oracle's Linux Boss Gears Up for Grid (eWeek)
eWeek talks with Oracle exec Dave Dargo. "Reiterate for me, please, why Oracle's so Linux-focused. It's an enabler of a few things in the market. It enables customers to retain the skill sets they've built over the past decade or so in Unix while enabling them to take advantage of low-cost, high-performance processors from Intel [Corp.] and [Advanced Micro Devices Inc.]. The reason Oracle's made such a huge investment in Linux is so we can have a platform where we can make it easier for customers to deploy Oracle and our clustering technology."
Resources
IceWM with Sound (OfB.biz)
Open for Business describes the process of getting sound working with IceWM. "First, about the only way you can have sound is to have compiled in the ESound interface. If your distro offers an "icewm-gnome" package, there's a good chance this has been done for you. If not, you'll have to compile it in as an option yourself. I've read discussions in the past how the authors had considered working in an Alsa interface, but at that point it was too big a chore, and they had other problems that took priority."
Reviews
The KDE 3.2 Beta 2 User Review (OSNews.com)
OSNews test drives KDE 3.2 Beta. "The first thing you notice when you start up a few apps is - 'Boy, this is Fast!'. KDE 3.2 is significantly faster than 3.1, and certainly way faster than Gnome 2.4 on my machine. It reminds me of the kind of responsiveness that Windows 98 used to give me on this same configuration few years ago (minus the crashes). Konsole opens up almost instantaneously, and Konqueror takes only about 3 seconds the first time. I was afraid that the increase in bloat with every release of KDE since the 1.x series would one day prevent me from using this computer at all with KDE. I'm glad the guys over at KDE have so splendidly allayed my fears." (Found on KDE.News)
Hacking Reality (Linux Journal)
Linux Journal has more mini book reviews. This time Frank Conley takes a look at "Linux Server Hacks: 100 Industrial-Strength Tips and Tools", "Google Hacks: 100 Industrial-Strength Tips and Tools", "Amazon Hacks: 100 Industrial-Strength Tips and Tools", and "eBay Hacks: 100 Industrial-Strength Tips and Tools".Playing with a little Pogo schtick (NewsForge)
NewsForge reviews Pogo, a lightweight application launcher. "The first time I logged in to an iceWM session, I opened a terminal window and entered the pogo command. Pogo immediately appeared along the bottom of the desktop, ... After playing around with the default Pogo config for a bit, and getting used to iceWM, I decided I had some hacking to do with the defaults for both."
EFF Staff Technologist Seth Schoen to Teach Trusted Computing Class (Linux Journal)
Linux Journal takes a look at an upcoming class in trusted computing. "Seth Schoen, Staff Technologist at the Electronic Frontier Foundation, is uniquely qualified to conduct the tutorial. He wrote "Trusted Computing: Promise and Risk", EFF's report on trusted computing, following briefings from industry and academic experts on all sides of trusted computing."
Linux TV (Forbes)
Forbes looks at the use of Linux in electronic entertainment systems. "Linux does require more sharing of trade secrets. Recently Toshiba came out with a Linux-based portable music player and was asked by Taiwanese and Chinese would-be clonemakers to reveal the code used. 'Since Linux is open, we will reveal the code to anybody who asks,' says Toshiba spokesperson Midori Suzuki. Toshiba will differentiate its product with superior hardware, she says."
Company designing cell phone especially geared toward teens (Seattle Times)
This Seattle Times article describes another amusing Linux-powered gadget. "Dan Shapiro, the company's lead program manager, who during his time at Microsoft worked on Windows XP and its still-developing successor, code-named Longhorn, said every feature was developed to appeal to teens. The phone, which at its heart is a computer running on the Linux operating system, resembles a kidney bean because that shape allowed the teens to more readily grip the phone with four fingers, while text messaging with their thumb."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
DotGeek PHP Certification Program
DotGeek.org is offering a Certified PHP Programmer Certification Program. "Dotgeek is a community, non-business driven website made by developers for the PHP programmers community and open source community at large. Dotgeek is an entirely self-financed project and is free from any economically-driven initiatives."
Linuxaudio.org Consortium Launched to Create Professional Audio Tools
Here's an announcement for the newly launched Linuxaudio.org. "Linuxaudio.org is a not-for-profit consortium of companies and libre software projects using Linux kernel based systems and other libre software for audio work, with an emphasis on professional tools for the music, recording and broadcast industries. The consortium aims to co-ordinate joint projects between members, collaborate on the promotion of Linux based systems for audio tasks, and provide a single point of contact for prospective industry partners."
AGNULA Joins Linuxaudio.org
The AGNULA (A GNU/Linux Audio distribution) project has joined forces with the Linuxaudio.org Consortium. "Linuxaudio.org is a not-for-profit consortium of companies and libre software projects using Linux kernel based systems and other libre software for audio work, with an emphasis on professional tools for the music, recording and broadcast industries."
JC takes over GNU/Linux Summit from SOT
SOT Finnish Software Engineering Ltd. has passed the job of organizing the annual GNU/Linux Summit to the Junior Chamber organization. "We wanted the Summit to have an independent organizer, one that will serve all actors in the industry equally, and ensure that the Summit remains an event of substance."
Open Ireland group formed
A new open-source advocacy group has been formed in Ireland. "It's an active group and includes a number of people from both the Irish public sector as well as vendors and end users."
Commercial announcements
HP Records More Than $2.5 Billion in Linux-based Revenue in 2003
HP has announced Linux-based revenue in excess of $2.5 billion for its fiscal year 2003 as well as additions to its Linux portfolio.Linux Veteran Paula Hunter Joins OSDL
The Open Source Development Labs has announced the appointment of Paula Hunter as Business Development director based on the East Coast. Hunter was the head of UnitedLinux from 2002 until joining OSDL.SGI launches visualization initiative
SGI has announced a new initiative to bring better visualization technology to Linux. This effort includes a new "Visualization Developer Tool Kit," which appears to be somewhat tied to the company's Itanium-based NUMA systems, and support for some free software projects, with Chromium being named explicitly.VA Company Now Offering Red Hat Linux Support
gOSapps, an eSolutions provider based in Virginia, has announced a comprehensive support programs for companies using Red Hat Linux.
New Books
"Learning Python, Second Edition" Released by O'Reilly
O'Reilly has published the second edition of the book Learning Python by Mark Lutz and David Ascher."Perl Template Toolkit" Released by O'Reilly
O'Reilly has published the Perl Template Toolkit by Darren Chamberlain, David Cross, and Andy Wardley.
Resources
Straw tutorial (GnomeDesktop)
GnomeDesktop.org points to a tutorial on Straw, a desktop RSS news aggregator. "Thomas Chung at fedoranews.org has put a nice little tutorial for getting Straw installed and running on Fedora. It also shows how to add new feeds, complete with screenshots."
Contests and Awards
Desktop Integration Bounty Winners (GnomeDesktop)
GnomeDesktop.org has announced the winners of round one of the Desktop Integration Bounty contest. "Six weeks ago, we launched the bounty hunt contest to attract new developers to the GNOME project, and generate momentum around innovations in collaborative software. Interest has, to say the least, been fantastic."
Upcoming Events
LinuxWorld News
Here are a couple pre-LinuxWorld announcements:- IDG World Expo has
announced the finalists for the Product Excellence Awards. Winners
will be announced next week, at LinuxWorld in New York City.
- The Desktop Linux Consortium will be hosting the Desktop Linux Pavilion at LinuxWorld.
O'Reilly at LinuxWorld
O'Reilly has sent out a press release detailing their plans for the LinuxWorld conference.LPI SUSE Exam free at LinuxWorld
The Linux Professional Institute will be offering a free version of its SL103 SUSE Linux certification exam at the LinuxWorld Conference & Expo in New York City on January 23, 2004.Strong KDE Presence at LinuxWorld NYC (KDE.News)
KDE.News covers the KDE events that will occur at the upcoming LinuxWorld NYC conference.Perl6 and Parrot at the NORDU Usenix Conference (use Perl)
Use Perl mentions a couple of Perl talks at the NORDU Usenix Conference in Copenhagen starting on January 28.YAPC 2004 CFP
A Call For Participation has gone out for the YAPC 2004 Perl conference. The event will take place in Buffalo, New York on June 16-18, 2004.Dutch Perl Workshop (use Perl)
Use Perl mentions a Perl Workshop that will be held in the Netherlands on March 5, 2004. "This informal meeting, with talks by many infamous Dutch Perl Monks and Saints, is targeted at anyone using Perl on a regular basis."
Perl Conferences 2004
The definitive list of Perl conferences for 2004 is available.KDE at FOSDEM 2004: A Call for KDE Developers to Join
KDE.News has posted a call for talks by KDE developers at the FOSDEM 2004 conference in Belgium. "We are looking for developers who want to join and perhaps do a talk and/or presentation at the "KDE Developers Room". This is your chance to let us know what kind of talks you would like to see in the "KDE Developers Room"."
Seth Schoen to teach Trusted Computing class
Seth Schoen will be teaching a class on Trusted Computing. The event will take place in Mountain View, California on January 24, 2004.Events: January 22 - March 18, 2004
| Date | Event | Location |
|---|---|---|
| January 22 - 23, 2004 | LinuxWorld Conference & Expo 2004 | (Jacob K. Javits Convention Center)New York, New York |
| January 22 - 23, 2004 | Vancouver PHP Conference | (SFU Harbour Centre)Vancouver, BC, Canada |
| January 28 - February 1, 2004 | NordU/USENIX 2004 | Copenhagen, Denmark |
| January 29, 2004 | Linux for business 2004 | Hotel De Biltsche Hoek, de Bilt |
| January 31 - February 1, 2004 | WineConf 2004 | (Court International Building)St. Paul, Minnesota |
| February 2 - 6, 2004 | EclipseCon 2004 | (Disneyland Hotel)Anaheim, CA |
| February 2 - 4, 2004 | Open Standards and Certification Conference | (San Diego Marriott Mission Valley)San Diego, CA |
| February 3 - 5, 2004 | Linux Solutions 2004 | Paris, France |
| February 9 - 12, 2004 | O'Reilly Emerging Technology Conference(ETech) | (The Westin Horton Plaza)San Diego, CA |
| February 20 - 22, 2004 | CodeCon 2004 | (Club NV)San Francisco, CA |
| February 20 - 24, 2004 | PaWS PHP and Web Standards UK 2004 | Manchester, UK |
| February 21 - 22, 2004 | Mozilla Developers Meeting in Europe 4.0 | Brussels, Belgium |
| February 21 - 22, 2004 | FOSDEM 2004 | (SOLBOSCH)Brussels, Belgium |
| February 23 - 27, 2004 | PostgreSQL Bootcamp | (Big Nerd Ranch, Inc.)Atlanta, GA |
| February 25 - 26, 2004 | UKUUG LISA/Winter Conference and Tutorial | (Lansdowne Campus, Bournemouth Univ.)Bournemouth, UK |
| March 1 - 5, 2004 | PHP|Cruise | The Caribbean |
| March 5, 2004 | Perl Workshop 2004 | Amsterdam, the Netherlands |
| March 15 - 17, 2004 | Open Source in Government Conference | (George Washington University)Washington, DC |
| March 16 - 17, 2004 | Open Source Business Conference 2004 | (The Westin St. Francis)San Francisco, CA |
Event Reports
Various LinuxWorld Announcements
LinuxWorld Conference and Expo begins today in New York. Here are a few of the announcements from the first day.- LinuxWorld attendees are invited to
join Fedora developers for a community gathering and discussion
session on Wednesday.
- NewsForge wants to
know what they should cover at LinuxWorld.
- Wind River Executive Dave Fraser will
give at talk about "How to Make Money from Open Source".
- The Open Source Development Labs (OSDL) announced the launch of a new Desktop Linux
Working Group initiative focused on greater use of Linux on desktops
throughout the enterprise.
- SGI announced new midrange models
with "a host of 64-bit applications" and Voltaire InfiniBand solutions. SGI also launched a graphics technology initiative.
- Zultys Technologies announced a new
Linux soft phone available for download.
- CodeWeavers launched the CodeWeavers
CrossOver Compatibility Center.
- News.com reports the Red Hat
will introduce a new provisioning service for Red Hat Enterprise Linux
and a warranty,
which is part of a new project called the Open Source Assurance Program.
- Trolltech
joins OSDL.
- The Financial Times notes
that Darl McBride will not be at LinuxWorld. (Thanks to Philip Nelson)
- Last, but not least, see eWeek's first report from LinuxWorld.
LinuxWorld press release summary
Here's a selection from the LinuxWorld press release flood.- Novell has five releases; these discuss the
SUSE EAL3 certification, the availability
of Red Carpet Enterprise for IBM zSeries servers, Novell
exteNd 5 (a secure web services platform), an open
beta of GroupWise 6.5 for Linux, and finally, Novell
is joining Eclipse.
- JBoss has proclaimed
a major increase in JBoss server usage and announced
the availability of the "Nukes" content management system.
- LynuxWorks has announced
the general availability of BlueCat Linux 5.0, which includes a 2.6
kernel.
- Predixis has announced
the availability of "MusicMagic Mixer," a tool for organizing digital music
files.
- RealNetworks has announced
five recipients of funds from the "Helix Community Grant Program."
Supported work includes multicast functionality, Ogg codec
integration, and three other projects.
- Sun has announced
a cheaper version of the Java Desktop for schools. Also announced
is a new Java Desktop release, a Linux-based "Java Enterprise System"
server offering, a preview of an upcoming developer-oriented desktop
system, and a new community site for Linux Java developers.
- SYS-CON Media announces
the winners of the LinuxWorld magazine Readers' Choice awards. LinuxWorld
readers apparently have a strong fondness for proprietary
applications.
- Tadpole Computer now offers a notebook running Sun's Java Desktop.
Web sites
linuxmusician.com launched
The new linuxmusician.com site aims to expand the coverage of Linux in music. "At the moment there is one (1) complete article on there, plus two brief stubs of articles; there's a links page with hardly any links yet, and a copy of the bownie.com Guide to Home Recording. We will continue to post stuff that we come up with, but also if you take a moment to register you are then very welcome to submit articles, news, and links."
Search PostgreSQL related resources
A new Search PostgreSQL sites service has been announced. "Currently it indexes 31 sites with about 350,000 pages in total. Web interface supports two languages: english (default) and russian."
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Page editor: Forrest Cook
Letters to the editor
Happy birthday LWN!
| From: | Andrew Pimlott <andrew-AT-pimlott.net> | |
| To: | letters-AT-lwn.net | |
| Subject: | Happy birthday LWN! | |
| Date: | Tue, 20 Jan 2004 11:47:16 -0500 |
LWN is, I'm told, six years old now; but it seems like it's been the
most thoughtful source of Linux news forever. What's particularly
special about this longevity is that LWN is not a self-sustaining
community project. Its quality remains the product of a few
passionate individuals who are also fine researchers and writers.
It is their talent and dedication that we should recognize and
reward.
When LWN introduced subscriptions, I was uncertain about the
prospects of the plan. I was happy to support the people
responsible for such valuable work, but didn't know whether LWN
could survive as a business, or whether the staff would be
distracted from their original purpose. Gratifyingly, LWN continued
to live up to expectations through all the changes.
Imagine my even greater surprise in recent months, when the
publication I was paying good money for became noticeably better! I
was finding each week even more top-notch and relevant content,
well-rounded coverage of the big issues (*cough* SCO), interviews
with the right people, enlightening exposition of kernel design, and
deeper original research and analysis. Given the still sub-optimal
state of LWN's finances, I might have forgiven them for focusing
more on survival than on creative new ideas and higher standards of
journalism. But they continue to improve their service to the
community, always with the endearing LWN style.
So, thank you to the LWN staff for your ongoing committment. Thank
you to the other subscribers for allowing them to continue doing
what they do so well. And thank you to everyone who will subscribe
(or give a subscription) after reading this letter! Remember that
LWN will only exist as long as the staff can eat in those few
moments when they're not working on stories.
I look forward to many more years of exceptional reporting.
Andrew
I want to know what's actually for sale
| From: | Leon Brooks <leon-AT-cyberknights.com.au> | |
| To: | "Kieran O'Shaughnessy" <anz_info-AT-sco.com> | |
| Subject: | I want to know what's actually for sale | |
| Date: | Tue, 20 Jan 2004 11:38:32 +0800 | |
| Cc: | Linux Australia list <linux-aus-AT-linux.org.au>, SLPWA members <members-AT-slpwa.asn.au>, letters-AT-lwn.net, Kate Mackenzie <mackenziek-AT-theaustralian.com.au>, Sam Varghese <svarghese-AT-theage.com.au>, infocentre-AT-accc.gov.au |
The SCO Group in the person of Kieran O'Shaughnessy announced on 19
January 2004 that:
> The SCO Intellectual Property (IP) License permits the use of
> SCO's intellectual property, in binary form only, as contained
> in Linux distributions.
What intellectual property?
If SCO ANZ can't _specifically_ identify any significant portions of The
SCO Group's intellectual property in a timely manner in any of the
Linux distributions which CyberKnights deploy, we must assume that SCO
ANZ is making fraudulent claims and must in defense of CyberKnights'
good name vigorously pursue public acknowledgement of fault and
material redress from SCO ANZ.
Linux distributions which CyberKnights currently have deployed include,
so far, Mandrake (up to 9.2), Debian (stable and testing), Red Hat
(7.3, 8.0, 9.0 and Enterprise), Fedora (1.0), SuSE (9), Gentoo and
Knoppix (3.2, 3.3).
Take notice that even if SCO ANZ substantiates this somewhat nebulous
claim to ownership-through-contamination of software not designed or
written by them, a binary-only licence would be of limited use to me
since some deployments require the use of source code in rebuilding a
kernel, specifically for drivers whose intellectual property claims
appear to conflict with SCO ANZ's and whose evidence of ownership is
somewhat more substantial.
As a Director of CyberKnights Pty Ltd, I personally know and trust
several contributors to the Linux kernel, including the original
author, Mr Linus Torvalds. As of three days ago, Linus told me that he
knows of no substantial code in his Linux kernel source code tree which
could possibly be subject to ownership claims by The SCO Group.
Linus has been consistently truthful and unambiguous in all of the
accessible public and personal statements which I have been able to
locate. The SCO Group has a well-documented history of ambiguous and
often surprising claims, contradictions and retractions. On this basis,
I find it unreasonable to do other than prefer to trust statements by
Linus in favour of statements by The SCO Group or any of its branches,
agents or other minions.
In short, the burden of proof lies with The SCO Group. Unless and until
SCO ANZ demonstrates serious and specific substantiation of the claims
it makes in this announcement, CyberKnights Pty Ltd does not believe
that it is using The SCO Group's property at all, and therefore refuses
to even consider paying any licence fees.
> The SCO IP License is currently available at introductory pricing
> of AUD$999.00 per server processor and AUD$285.00 per desktop
> processor.
This would more than double the customer's cost per server, including
the hardware, for most of the servers which CyberKnights installs, and
for no material advantage. In our eyes these properties make it an
unreasonable demand.
If SCO ANZ were to demonstrate ownership of substantial Linux code, the
only viable alternative such pricing would leave CyberKnights is to
reinstall a system other than Linux on customers' machines - such as
FreeBSD - involving considerable disruption to customer services.
MS-Windows is too unstable, insecure and expensive, and opens privacy
and control concerns which are unacceptable to several of my customers;
SCO's own Unix offerings are pitifully feature-starved, too expensive,
and recent versions appear to include driver code stolen wholesale from
other authors without acknowledgement; Sun are a licencee of The SCO
Group and CyberKnights could not in good conscience use software
licenced from a company which appears to be unreasonably greedy,
unpredictable and apparently disrespectful of the intellectual property
of others.
> Forward looking statement safe harbor:
The weaselly disclaimer which followed does not provide SCO ANZ with a
safe harbour. Threatening letters demanding monies with menaces can
hardly be thought to be defused by statement to the effect that
enforcement of the unambiguous claim to fees is yet future and might
possibly not be followed through.
That this disclaimer is placed among the notes for editors well after
the content of the announcment is delineated with the line "ends" is a
fairly clear indication that it is not a part of the announcement
proper.
If CyberKnights has not recieved clear, precise and substantial
identification of the specific code which SCO ANZ claims fees from us
for by 01 February 2004, we will begin our defense by referring the
matter to the appropriate legal authorities, and vigorously pursue a
positive resolution from there.
Cheers; Leon
--
http://cyberknights.com.au/ Modern tools; traditional dedication
http://plug.linux.org.au/ Committee Member, Perth Linux User Group
http://slpwa.asn.au/ Committee Member, Linux Professionals WA
http://linux.org.au/ Past Committee Member, Linux Australia
Page editor: Jonathan Corbet