LWN.net Weekly Edition for June 24, 2004
On dealing with Microsoft
Sequels, it is said, often fail to live up to the original. So it may not be entirely surprising that Eric Raymond's latest, Halloween XI, lacks some of the impact of its predecessors. There are no "smoking gun" memos to dissect this time around; instead, Eric looks at Microsoft's latest marketing techniques and redefines the free software community in terms of a cold-war style confrontation with Microsoft. This view of things is not likely to be helpful.Eric's analysis of Microsoft's latest road show does have its good points. The company, he notes, has dropped its discussion of "intellectual property threats" posed by Linux and Microsoft's higher level of "innovation." Instead, Microsoft is pushing total cost of ownership arguments and trying to sell the idea that its "shared source" program is as good as truly free software. The company's position does, indeed, appear to have shifted into a more defensive mode.
But consider this quote:
One can imagine several ways of characterizing the whole free software movement. A couple of those might be:
- A group of software developers and users who are pooling their
effort to supply themselves with the best software they can create,
free of restrictions, obnoxious licensing, hidden "features," etc.
- A noble, if outgunned army, led by wizards, in an epic battle against the dark forces of Mordor and the roving red eye of Steve Ballmer.
The truth of the matter is that we are not fighting a war. We are building a set of tools which allow us to better run and control our lives, and, with luck, having some fun in the process. Forcing our efforts into the mold of a battle is not likely to help us in that process.
The competitive threats to Linux are relevant. In general, expanding the user base of free software is a good thing; it causes a corresponding expansion of the developer base and makes it more likely that we will encounter free software in all aspects of our lives. Growing the user base means dealing with competing forces which have their own ideas of how things should go. That's capitalism. Certainly some people should be thinking about how to make free software competitive; this task naturally falls on those working to build businesses around free software.
There is also a definite legislative threat - as there is in many aspects of our lives. This threat goes far beyond Microsoft, however. Software patents, black-box voting systems, cryptography regulations, mandatory digital rights management schemes, anti-circumvention laws, etc. are all part of the fight for freedom which is as old as the human race. Focusing on Microsoft as the Big Threat can only distract attention from the real battle, in which Microsoft is only a part.
In that context, consider this quote:
If your focus is Microsoft, this advice may make some sense. But if your goal is an "abstraction" like freedom from software patents, systems which spy on you, etc., a focus on Microsoft seems short-sighted. Let the folks at IBM, Novell, Red Hat, and so on talk to the bottom-line people; that's their job. They should, while they are at it, be able to find ways of selling freedom as well; that freedom is just as valuable to a large corporation as to anybody else. The rest of us, meanwhile, can find better things to do.
Microsoft can certainly be expected to attack us. It will fund corporations which attempt to claim ownership of Linux via the courts. It will fund "think tanks" to spread doubts - see this impressive list of Microsoft-funded organizations which have published attacks on free software. It will attempt to intimidate government officials contemplating switching away from its products. But Microsoft is a small piece of the problem, and the best way to fight it is the production of more, better code. That approach, after all, has worked pretty well so far.
As a postscript, it is worth noting that there are good things to be found in the latest Halloween essay. In particular, Eric's advice to work to increase the adoption of Linux inside governments makes a lot of sense. If we can feed a government enough free software that it becomes addicted, that government is more likely to think twice before passing laws which are highly inimical to free software. Of course, that's "drug dealer" talk, which we'll get to in the next article.
A legal attack in Brazil
The recent reports that Microsoft has filed suit against Sérgio Amadeu, the president of the Brazilian National Institute for Information Technology and a leader of Brazil's move toward free software, have upset many in the community. This suit looks very much like an attempt to intimidate a government which has been making increasingly friendly noises about free software. A closer look shows that, while this may be the case, there probably is not too much to be concerned about here.For the curious, Microsoft's complaint is available in PDF format. That complaint comes down to the following: Mr. Amadeu compared Microsoft's tactics to those of drug dealers, and Microsoft doesn't like it. So Microsoft has filed a a "demand for explanation" aimed at getting Mr. Amadeu to retract his statements, or, at least, to back them up in court.
The "drug dealer" comment was, beyond doubt, over the top. Many public statements made by Microsoft about free software are, beyond doubt, equally over the top, as is Microsoft's reaction in this case. Microsoft seems unlikely to get very far with this particular complaint, especially in the face of public statements like:
(Bill Gates, 1998, quoted in News.com). The most likely result of this action may well be to convince more governmental employees that dealing with Microsoft is generally a bad idea. This kind of ham-fisted attack seems unlikely to slow any government's move toward Linux, though it may make the people involved watch their words a little more carefully.
Large ISPs ponder spam
The Anti-Spam Technical Alliance is a consortium of large Internet service providers, including Yahoo, Microsoft, EarthLink, American Online, and others. This group has just announced the publication of a set of guidelines intended to reduce the amount of spam in circulation; the document is available in PDF format. These ISPs carry enough network traffic between them that it's worth looking at their recommended policies. After all, if these carriers decide to screw up the net, they could succeed in making a big mess for everybody.The recommendations, unsurprisingly, are aimed primarily at ISPs. For the most part, they are reasonably obvious stuff; they include:
- Close open relays. Most people who run mail systems will have done
this some time ago; anybody who doesn't finds it hard to send mail
after a short while. The guidelines also recommend tightening access
to open proxies.
- Shut down formmail.pl. It is hard to imagine that systems running
formmail are still out there, but they must be. The LWN web server
gets a handful of attempts to use formmail.pl (which has never been
installed there) every day.
- Detect and disconnect zombie systems. This clearly has to be done;
compromised systems are increasingly in demand as spam sources.
Detection of such systems should be relatively easy, most of the time;
one hopes, however, that ISPs will be careful when deciding just how
active they want to be when looking for compromised systems.
- Use authenticated email submission. The report also recommends
pushing customers over to the mail submission port
(port 587) for
feeding email into the system. Separating out the submission step,
again, allows for prior authentication. Of course, implicit in all of
this is the idea that ISP customers are not to be allowed to directly
send mail to remote systems.
- Put rate limits on outbound email traffic. Recommended limits are 150
recipients per hour, up to 500 recipients per day. This idea has all
kinds of problems, starting with the effect it will have on anybody
running a mailing list.
- Close down web redirector services. Evidently some redirection
services are open to anybody who wants to use them; putting redirected
URLs into spam helps make the message look more legitimate and hide
the ultimate destination.
- Set up and use spam reporting services.
There is also a set of recommendations for bulk mail senders, with ideas like "do not harvest email addresses," avoid forged headers, and provide clear opt-out instructions. The best recommendation, however (which would be "cease and desist") is absent. The "recommendations for consumers" section limits itself to suggesting the installation of firewalls and anti-virus software.
In one sense, these guidelines are a step in the right direction. They are an admission from a number of large ISPs that they must take responsibility for spam originating on their networks. In the best possible scenario, ISPs will take a higher level of interest in their contribution to the problem and shut their spammers down. In the worst case, however, we could see a significant reduction in what "normal users" are allowed to do on the net, major hassles for anybody wanting to run mailing lists or handle their own mail, and increasingly intrusive probes from ISPs which are ostensibly intended to root out compromised systems - all with a wink to "legitimate" bulk commercial emailers and no real reduction in spam volumes.
For now, at least, vast parts of the net are beyond the control of these large ISPs. That puts a limit on their ability to make a significant dent in the spam problem, but also in their ability to impose their own vision of how the net should work. Limits of that sort can only be a good thing.
Security
Long-lived security holes
It is time, once again, to look at quick distributor response to security holes - or the lack thereof. We could start by poking fun at the distributors which have taken over a week to fix the latest kernel vulnerability - but we won't. The updates probably should have come out more quickly, but, in the end, it was a local denial-of-service vulnerability; it was not the top priority for a lot of administrators.Let's look, instead, at a fix that took a little longer. Red Hat, Fedora, and Whitebox recently sent out advisories for a buffer overrun in the libpng library; this problem could be exploited by way of a hostile image to run arbitrary code on a victim's system. These distributors are thus running just a little behind Debian, which sent out its advisory on December 19, 2002.
In fact, Red Hat had issued an advisory as well. It just turns out that the problem had not actually been fixed. As a result, Red Hat users were vulnerable to attackers wielding evil PNG images for over two years. This is not the quick response time that is a source of such pride for the free software community.
Of course, one should note that, as far as anybody can tell, not a single Red Hat user suffered any sort of compromise as a result of this unfixed bug. It almost certainly could have remained unfixed for another two years without ill effect. Perhaps the world isn't quite as dangerous as we sometimes think.
The truth of the matter is that our community finds (and fixes) dozens of vulnerabilities every year which are unlikely to ever be exploited. These fixes add to the load of already overworked system administrators and give ammunition to "alert counters" who like to claim that Linux is less secure than other operating systems. Perhaps it is time to come out and admit that many of the patches issued every year are not actually all that important.
System administrators already prioritize updates as they come in. Remotely exploitable holes (should) get fixed in a hurry. Vulnerabilities like this week's aspell hole - a buffer overflow caused by words more than 256 bytes long - can be allowed to sit for a while. It would be nice if distributors could help out by explicitly noting the importance of every update. If the truly serious fixes came with a bright red flag, they might stand out from the noise and be applied more quickly.
There are some obvious problems with this idea. Some truly serious vulnerabilities are not seen as such when they are originally fixed. In certain litigious countries, nobody wants to be exposed to lawsuits from users who were broken into by way of a "non-urgent" vulnerability. These issues would need to be addressed, but the fact remains: we are not necessarily helping ourselves by treating all updates as if they were equally important.
New vulnerabilities
aspell: bounds checking problem
| Package(s): | aspell | CVE #(s): | CAN-2004-0548 | ||||||||||||
| Created: | June 17, 2004 | Updated: | December 20, 2004 | ||||||||||||
| Description: | Aspell's word-list-compress utility fails to properly check bounds when dealing with words that are more than 256 bytes long. This can lead to arbitrary code execution by an attacker. | ||||||||||||||
| Alerts: |
| ||||||||||||||
dhcp: buffer overflows
| Package(s): | dhcp | CVE #(s): | CAN-2004-0460 CAN-2004-0461 | ||||||||||||||||
| Created: | June 23, 2004 | Updated: | July 14, 2004 | ||||||||||||||||
| Description: | Two separate buffer overflows have been found in versions 3.0.1rc12 and 3.0.1rc13 of the ISC DHCP server. These overflows can be exploited by a remote attacker to cause a denial of service, or, potentially, to execute arbitrary code. DHCP servers should not be exposed to the Internet, but this problem is worth fixing regardless. See this CERT advisory for more information. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
racoon: improper certificate validation
| Package(s): | racoon ipsec-utils | CVE #(s): | |||||
| Created: | June 23, 2004 | Updated: | June 23, 2004 | ||||
| Description: | The racoon tool found in ipsec-tools (through version 0.3.3) fails to perform proper authentication, enabling a potential man-in-the-middle attack. | ||||||
| Alerts: |
| ||||||
rlpr: format string vulnerability
| Package(s): | rlpr | CVE #(s): | CAN-2004-0393 CAN-2004-0454 | ||||
| Created: | June 21, 2004 | Updated: | June 21, 2004 | ||||
| Description: | rlpr contains format string and buffer overflow vulnerabilities which could potentially be exploited by a remote attacker to execute arbitrary code. | ||||||
| Alerts: |
| ||||||
sup: format string vulnerability
| Package(s): | sup | CVE #(s): | CAN-2004-0451 | ||||
| Created: | June 21, 2004 | Updated: | June 21, 2004 | ||||
| Description: | sup contains a format string vulnerability which could be used by a remote attacker to cause arbitrary code to run on the server. | ||||||
| Alerts: |
| ||||||
super: format string vulnerability
| Package(s): | super | CVE #(s): | CAN-2004-0579 | ||||
| Created: | June 21, 2004 | Updated: | June 21, 2004 | ||||
| Description: | A format string vulnerability has been found in super; this hole can be exploited by a local user to obtain root access. | ||||||
| Alerts: |
| ||||||
usermin: information disclosure and denial of service
| Package(s): | usermin | CVE #(s): | |||||
| Created: | June 21, 2004 | Updated: | June 21, 2004 | ||||
| Description: | Versions of the usermin utility prior to 1.080 suffer from two vulnerabilities: a failure to sanitize email which could lead to information disclosure, and one which allows an attacker to lock out an account. | ||||||
| Alerts: |
| ||||||
www-sql: buffer overflow
| Package(s): | www-sql | CVE #(s): | CAN-2004-0455 | ||||
| Created: | June 21, 2004 | Updated: | June 21, 2004 | ||||
| Description: | www-sql contains a buffer overflow which can be exploited by a local user to execute arbitrary code. | ||||||
| Alerts: |
| ||||||
Events
ESORICS 2004
The 9th European Symposium on Research in Computer Security is happening September 13 to 15 in Sophia Antipolis, France. The preliminary program has been posted; click below for the details.RAID 2004
The Seventh International Symposium on Recent Advances in Intrusion Detection is scheduled for September 15 to 17 in Sopia Antipolis, France, immediately after ESORICS 2004. Speakers include Bruce Schneier; click below for the program.Usenix Security Symposium
Registration is now open for the Usenix Security Symposium, happening in San Diego on August 9 to 13.
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current 2.6 kernel is 2.6.7; the first 2.6.8 prepatch has not yet been released as of this writing. There is, however, a large pile of patches in Linus's BitKeeper tree, including support for new Apple PowerBooks, more sparse annotations, some netfilter improvements, some kbuild work, a new wait_event_interruptible_exclusive() macro, support for the O_NOATIME flag in the open() call, sysfs knobs for tuning the CFQ I/O scheduler, mirroring and snapshot targets for the device mapper, the removal of the PC9800 subarchitecture, reiserfs data=journal support, preemptible kernel support for the PPC64 architecture, and many fixes and updates.The current prepatch from Andrew Morton is 2.6.7-mm1; recent additions to -mm include a new knob for controlling how aggressively the system reclaims VFS caches when memory gets tight, a memory allocation tweak to improve DMA segment merging (see below), and various fixes.
The current 2.4 prepatch is 2.4.27-rc1, which was released by Marcelo on June 19. Only a small number of fixes have gone in since the last prepatch. Now is the time for those interested in a stable 2.4.27 release to do some testing.
Kernel development news
A handful of DMA topics
The generic DMA layer provides a way for device drivers to allocate and work with direct memory access regions without regard for how the underlying hardware does things. This interface works well, for the most part, but, as with the rest of the kernel, occasional issues come up. Here's a few that were discussed over the last week.Many devices can perform full 64-bit DMA operations. This capability is nice on large-memory systems, but working with larger addresses can also bring a performance penalty. As a way of helping drivers pick the optimal size for DMA address descriptors, James Bottomley has proposed the creation of a new function called dma_get_required_mask().
The current API already has dma_set_mask(), which tells the kernel about the range of DMA addresses the device can access. The new function would be called after an invocation of dma_set_mask(); it would return a new bitmask describing what the platform sees as the optimal set of DMA addresses, taking the device's original DMA mask into account. If the specific hardware situation does not require the use of larger addresses, the platform can suggest using the faster, 32-bit mode even when the device can handle larger addresses. The driver can then use that advice to set a new mask describing what it will actually use.
The "scatterlist" mechanism is another part of the DMA subsystem; it allows drivers to set up scatter/gather I/O, where the buffer to be transferred is split into multiple, distinct chunks of memory. Scatter/gather is useful in a number of situations, including network packets (which are assembled from multiple chunks), the readv() and writev() system calls, and for I/O directly to or from user-space buffers, which can be spread out in physical memory. The mapping functions for scatter/gather I/O will coalesce pieces of the buffer which turn out to be physically adjacent in memory. In practice, that has turned out not to happen very often; one recent report showed that, out of approximately 32,000 segments, all of 40 had been merged in this manner.
It turns out, however, that the Linux memory allocator is not helping the situation. When the allocator breaks up a large block of pages to satisfy smaller requests (a frequent occurrence), it returns the highest page in the block. A series of allocations will, thus, obtain pages in descending order. If those pages are assembled into an I/O buffer, each page will need to be a separate segment in a scatter/gather operation, since the reverse-allocated pages cannot be merged.
William Lee Irwin put together a patch which causes the allocator to hand out pages from the bottom of a block instead of the top. With this patch applied, the merge rate in this particular test went up to over 55%. Larger segments lead to faster I/O setup and execution, which is a good thing. Sometimes a tiny patch can make a big difference, once you know where the problem is.
Meanwhile, Ian Molton turned up a different sort of problem. Some types of interfaces have their own onboard memory. This memory is, often, accessible to the CPU, and it can be used by devices attached to the interface for DMA operations. But that memory is not part of the regular system RAM, and it typically does not show up in the system memory map. As a result, the generic DMA functions will not make use of this memory when allocating DMA buffers.
It would be nice to be able to make use of this memory, however. It is there, and it can be used to offload some DMA buffers from main memory. On some systems, it may be the only memory which is usable for DMA operations to certain devices. The DMA API has even been set up with this sort of memory in mind; it can handle cases where, for example, the memory in question has a different address from the device's point of view than it does for the processor. It would seem that the addition of an architecture-specific module to the DMA API could enable such memory to be allocated on platforms which have it, when the DMA target is a device which can make use of it.
The biggest problem would appear to be that this sort of remote memory is not part of the system's memory map, and, thus, there is no struct page structure which describes it. The lack of a page structure makes certain macros fail. It also completely breaks any driver which tries to map the buffer into user space via the nopage() VMA operation. And, it turns out, drivers really do that; the ALSA subsystem, for example, maps buffers to user space in this manner.
Once a problem is identified, it can usually be fixed. The right approach in this case would appear to be a combination of two things. The first is to simply fix any bad assumptions in drivers with regard to how they can treat DMA buffers. If the driver expects that a page structure exists for a DMA buffer, it is broken and simply needs to be fixed. The second part is to provide an architecture-independent way for device drivers to map DMA buffers into user space.
To that end, Russell King has proposed yet another DMA API function:
int dma_map_coherent(struct device *dev,
struct vm_area_struct *vma,
void *cpu_addr,
dma_addr_t handle,
size_t size);
This function would take the given mapped DMA buffer (as described by cpu_addr and handle) and map it into the requested VMA. Device drivers could use this function to make a buffer available to user space, and would be able to discard their existing nopage() methods. The new interface would thus simplify things, though it does still leave a reference counting problem on the driver side of things: freeing the DMA buffer before user space has unmapped it would be a big mistake.
Separating kernel source and object files
The build process in recent 2.6 kernels allows for the separation of source and object trees. If a kernel build is started with the O= option, the resulting object files (and other built files) will go into the directory specified, rather than being mixed in with the source. Some developers find this way of doing things easier to manage, especially if the same source tree is being used to build kernels for multiple architectures or with multiple sets of configuration options.One distributor (SUSE) has begun shipping kernels which have been built in this manner. The difference has gone unnoticed by almost all users, but one vendor of proprietary modules recently posted a strong message accusing SUSE of forking the kernel. The specific issue is that this vendor's modules would no longer build with SUSE's kernels, and that problem turned out to be a result of the separated source and object trees.
When a kernel's modules are installed under /lib, a symbolic link called build is made pointing to the source tree. This link is used by the external module build process to find kernel headers, configuration files, and needed object files. When SUSE adopted the separate object directory, it redirected the build link to point to that directory, rather than to the original source. That is, after all, where many of the necessary files will be found. Unfortunately for this particular vendor, their modules needed some other files which are only found in the source tree. When the build link was directed elsewhere, those modules would no longer compile.
The fix was relatively straightforward, but this situation forced a new discussion on how the build system should work when separate object directories are in use. The result is a new patch from Sam Ravnborg which nails down how these links should work. With this patch (not merged as of this writing), the build link would always point to the object directory. Doing things this way allows most external modules to continue to build without changes. A new link (source) will be added to point to the source directory when needed. And a small, special-purpose makefile is placed in the object directory; its job is to bridge the gap between the two trees and make most external module builds work with no changes required.
Reworking the wireless extensions
Two weeks ago this page covered the launch of a new wireless networking effort. The scope of this effort now seems to be expanding to a redesign of the "wireless extensions" portion of the network stack. This code handles wireless network interfaces, and, in particular, provides a set of functions to user space for the control of those interfaces. Scott Feldman has posted an initial set of objectives for a wireless extensions rework.Much of what is being proposed is uncontroversial. There has been some disagreement, however, over proposed changes to the "iw_handler" interface. This interface is the mechanism by which wireless adapter drivers respond to ioctl() calls from user space. Each driver registers a set of functions, one for each of the command codes supported by the wireless extensions. The mechanism used is different from what is seen in other parts of the kernel, however; a wireless interface driver fills in a simple array of function pointers and passes that to the core. The array is indexed by the ioctl() command code, and the proper function is called.
The problem with this interface is that it defeats the compiler's normal type checking. All wireless extension handler functions must have the same prototype, and there is no real way to tell if the right one is being called. As a way of improving the code base, Jeff Garzik would like to replace the iw_handler array with a structure full of specific, named function pointers - the same mechanism which is used in the rest of the kernel. Initially, all of these functions would keep the current iw_handler prototype, but, over time, each function would be migrated over to taking exactly the arguments it needs.
Nobody disputes that the new interface would be cleaner. Jean Tourrilhes, the designer of the wireless extensions, has an objection, however: changing this interface would break backward compatibility. Jean does not like this idea:
It's possible. It's not difficult. Breaking backward compatibility is not a design goal.
Jean proposes, instead, to create a wrapper layer around the existing interface, thus avoiding breaking any out-of-tree drivers. Jeff, however, would rather get rid of the old interface entirely, since he sees it as dangerous.
The other relevant point is that Jeff, like most kernel developers, does not see backward compatibility of internal interfaces as an important goal. Interfaces need to be able to change, and the developers can't be held back by the prospect of breaking out-of-tree drivers. As a result, the wireless extensions changes are quite likely to happen - though, perhaps, not until 2.7.
Debugging kernel modules
Linus is famously against the use of interactive debuggers on the kernel, but many developers use them anyway. Debugging a running kernel is a little harder than working with a typical application, but it can be done in a couple of ways. It is relatively easy to query kernel data structures in the current running kernel by running gdb with /proc/kcore as the "core" file. More extensive debugging, allowing the use of breakpoints and such, can be done by using gdb on a remote machine and controlling the target via a serial line or a network interface. The -mm tree contains the necessary patches for using gdb in this mode for a few architectures.One limitation with using gdb this way is that it can't be used to work with loadable modules. The debugger can query the memory used by loadable modules, set breakpoints there, etc. The problem is that it does not know what addresses get assigned to functions and variables when a module is loaded. Those addresses, obviously, are not in the core kernel executable, and there is no real way to find them at run time. The developer can thus work by typing in hex addresses directly, but that gets tiresome fairly quickly.
Your editor was recently finishing out the debugging chapter for Linux Device Drivers, Third Edition (which is getting closer to ready - honest) when he ran up against the loadable module problem. The kernel knows where all of the symbols go when it loads a module; it really seemed like it should be possible to communicate that information to a debugger. A bit of digging revealed that, in fact, the relevant information gets dropped once the module gets loaded. So it was time for a fix.
Like any other ELF executable, a loadable module is divided up into several sections. The section called .text contains (most of) the module code itself; .data and .bss contain most of the variables. The module loader looks at all of the sections and lays them out sequentially in (vmalloc) memory; after relocating symbols it forgets about where the sections went. If the positions of the sections could be recovered, however, they could be passed to gdb in the same add-symbol-file command which tells the debugger about the module code. The section offsets are all that gdb needs to figure out where the module's variables live.
Your editor, rather than tell LDD3 readers that symbolic debugging of kernel modules was impossible, chose to do a little hacking. The result was this patch, which hangs a new kobject onto each loadable module and populates it with a set of attributes containing the section offsets. Those attributes will show up under /sys/module. Thus, for example, after module foo is loaded, /sys/module/foo/sections/.data will contain the beginning of the .data section. The foo developer can then fire up gdb and, after connecting to the target kernel, use the section offset information to issue a command like:
add-symbol-file /path/to/module 0xd081d000 \ # .text
-s .data 0xd08232c0 \
-s .bss 0xd0823e20
Thereafter, debugging the module is just like debugging the rest of the kernel. There is a little script (included with the patch) which generates the add-symbol-file command, reducing the operation to a simple cut-and-paste.
The patch has been merged into Linus's BitKeeper tree, and will be part of 2.6.8.
Patches and updates
Kernel trees
Architecture-specific
Build system
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Page editor: Jonathan Corbet
Distributions
News and Editorials
A First Look at Asianux 1.0
When Asianux was first announced in January 2004, it raised the eyebrows of those Linux users who have to deal with the many complex writing systems found across the culturally rich Asian continent. Will we finally have a distribution that solves all the headaches associated with reading, inputting, mixing, and printing Asian characters in documents? Will Asianux become a standard distribution throughout Asia? We downloaded and installed the newly released Asianux 1.0 in search for answers to these and other questions.First a little background. Asianux is a joint collaborative project by Japan's Miracle Linux and China's Red Flag Linux. Miracle Linux is a well-established server oriented distribution, essentially a Red Hat Enterprise Linux pre-configured for certain specific tasks (e.g. database, cluster, backup, etc.), and sold as complete sets. Some of these sets are not cheap - as an example, a standard Miracle Linux 2.1 together with Oracle 9i sells for an equivalent of $2,450 per seat. On the other hand, Red Flag Linux has historically been focusing on the desktop with an attempt to create a very Windows-like user interface and configuration utilities, thus easing the migration of computer users to Linux. Although Red Flag is a well-known Linux distribution, reports from China indicate that most Chinese users prefer Fedora or Mandrakelinux rather than any of the domestically developed products.
Asianux is designed as a base server platform, not dissimilar from the now-defunct United Linux. Each vendor takes the common base and customizes it to serve a certain purpose, then ads localization features depending on the vendor's sphere of influence. Thus, while Asianux is a usable and installable distribution in its own right, it will also serve as a base for the upcoming Red Flag Linux 4.1 and Miracle Linux 3.0. The influence of each of the two vendors is apparent - Asianux inherits Miracle's strong bias towards server use (you won't find any office suites, multimedia or graphics software in Asianux 1.0) and Red Flag's KDE modifications (e.g Konqueror includes a very Windows-like Control Panel module and many configuration utilities strongly resembling those present in Microsoft Windows; see screenshot). Yes, despite being designed for server use, Asianux ships with XFree86 and KDE.
The installer is a simplified Anaconda. However, unlike Red Hat's original Anaconda, the number of available languages during installation and for later use is limited to three: simplified Chinese, English and Japanese. This was the first disappointing aspect of the distribution - the term "Asianux" somehow implies that it is intended to be a pan-Asian project supporting, at the very least, the most widely-used Asian languages. Even worse, there is no easy way to change the language after installation. When choosing to install the distribution in simplified Chinese, the system was ready for Chinese input immediately after install; however, when choosing Japanese, it required further command line tweaking by following instructions in the release notes before one could start typing text in Japanese. Interestingly, looking through the RPM package list it would seem that Asianux also supports Korean, although the release notes make no mention of the fact and they don't provide instructions for setting up a Korean desktop. Traditional Chinese, used in Taiwan and Hong Kong, where many people would struggle to read the simplified Chinese character set, is absent from the distribution, and so are all other Asian languages.
There was further disappointment when examining the security features of the distribution. Firstly, the simplified Anaconda installer is missing the "Add Users" screen, so the only user created during installation is root. Of course, it is easy enough to add new users to the system, but one has to question the wisdom of creating an entire user infrastructure for the root user, including a "My Documents" folder and an easy root login without any warnings. This is obviously a "feature" by Red Flag, which has been known for trying to emulate Windows to the extent that it even removes some of the inherent security aspects from its Linux distribution. No wonder that the Red Flag Linux web site is hosted on a server running Red Hat Linux, rather than the company's own distribution!
Another worrying factor is the lack of any package update tool. Red Hat's up2date is not included in the distribution and there seems to be no repository designed to provide security updates for Asianux. Perhaps the distribution itself is not meant to be a standalone product and those interested in deploying it should use one of the products based on Asianux, be it Red Flag Linux or Miracle Linux. If this is the case, the Asianux web site, which, incidentally, is entirely in English, does not make it very clear.
Other than the above peculiarities and the reduced number of available applications, Asianux seems to differ little from Red Hat Linux 9. This poses an interesting question - why would any user choose Asianux over Red Hat Linux or any other well-established distribution? The Asianux development team provides very few innovations of its own, with the only exception being the above-mentioned addition of graphical configuration utilities strongly resembling the Control Panel found in Microsoft Windows. A questionable value, some would say, especially for a distribution designed for server use.
Nevertheless, the idea behind Asianux is sound. What the product needs now is broader support by Linux vendors from across the region; it would certainly benefit the project if the likes of Korea's Hancom Linux and Hong Kong-based ThizLinux joined the development. Hancom Linux has emerged as the dominant Linux player in Korea with extensive effort at "Koreanization" of KDE and other applications. ThizLinux has evolved as one of the most significant Linux development companies in Greater China, with expertise in both simplified and traditional Chinese character sets (including Cantonese), Chinese input methods and printing. Another Asian country with substantial Linux development drive is Thailand, and even less developed countries of the region, such as Vietnam or Mongolia, have their own internationalization projects and Linux development communities.
Once all these vendors and communities get together and establish an efficient working group, perhaps we could see Asianux as a significant Linux player in Asia, able to compete with Red Hat, which enjoys strong brand recognition in the region, and with the newly revived Turbolinux currently making strong gains in Japan and China. A foundation has been laid. All that needs to be done now is to persevere in building upon it.
Distribution News
Gentoo Weekly Newsletter
The June 21 Gentoo Weekly Newsletter is out; this issue looks at the Wasabi 0.2 release, and, among other things, contains a call for new kernel developers for the Gentoo project.
New Distributions
Announce: HOACD 1.0 (bootable OpenBSD + honeyd CD)
HOACD (Honeyd+OpenBSD+Arpd) is a live CD system which is intended for setting up honeypots; it performs logging to a local hard disk. The version 1.0 release is available now; click below for the details.
Minor distribution updates
2-Disk Xwindow embedded Linux
2-Disk Xwindow embedded Linux has released source code v1.2.12. "Changes: The zlib dependencies, maplay, and the intitial font hack were removed. SSL suport was removed from the desktop system, and many other superfluous files were removed. busybox was upgraded. The fbdev code was reintegrated with kdrive. Font changes were made. The init scripts were modified and optimized for the upcoming 1disk 386 version. A .config file was added for kernel 2.4.26. Improvements in kernel VM paging were added. Xlib was integrated into desktop. Documentation updates were made."
AGNULA/DeMuDi 1.2.0-beta1 is out!
Version 1.2.0-beta1 of the AGNULA/DeMuDi music distribution has been announced. "This version is the second beta of the 1.2.0 series, which sports tighter integration with Debian, using the Sarge Debian Installer and the CDD (Custom Debian Distributions) framework."
Ark Linux
Ark Linux 1.0 Alpha 12.1 is out. The release notes can be found here.Cobind Desktop
Cobind Desktop 2.0 (beta) has been released. This release includes a new software management program, mplayer, K3B, and other improvements.CRUX
CRUX has released v2.0 with major feature enhancements. "Changes: This release features the 2.6 kernel, Glibc 2.3.3 with NPTL, GCC 3.3.3, and X.org's X11 6.7.0."
DeLi Linux
DeLi Linux has released v0.6 with major feature enhancements. "Changes: A new "graphic" deliinstall, a new network and PPP install floppy disk, and enhanced delisetup."
LinuxDefender
LinuxDefender has released v1.5.6 with major feature enhancements. "Changes: This release adds BitDefender SMTP Proxy 1.5.6 with antispam, kernel 2.6.1, BitDefender Remote Admin 1.5.6, and GNOME Desktop."
Linux LiveCD Router
Linux LiveCD Router has released v1.9.5 with minor feature enhancements. "Changes: The new default language is English. A new version of linux-wlan-ng 0.2.1-pre21 for Prism2 wifi cards is included. USB webcam driver support was added, including ov511, ov51x, nw802, spca5xx, philips, pencam, and more. Hotspot, Samba, and webcam server documentation was added."
LormaLinux 5 RC1 released
LormaLINUX 5 RC1 has been released. "Based on Fedora Core 2 and optimized for i686 architecture and above, Lormalinux 5 features extremely simple installation for Education and Workstation users on just one CD!"
Recovery Is Possible!
RIP has released v9.5. "Changes: The kernel and some of the software were updated. There's a way to install and boot the system, from a USB flash/pen drive, under Linux or Windows XP."
Skolelinux 1.0 released
Skolelinux, a Debian-based distribution aimed at deployment in public schools, has announced its 1.0 release. "Skolelinux v1.0 is the first stable version, after more than three years of development. 47 test candidates and 3 prereleases have been released, and more than 93 Norwegian schools have registered as test schools -- with a surge the last few months. Recent changes include improved installer support, better hardware detection, a Java J2RE upgrade, and more. (Thanks to Tom Simonsen).System-Down::Rescue
System-Down::Rescue has released v1.0pre7 with minor feature enhancements. "Changes: The kernel has been upgraded to 2.4.25, and the glibc libraries were upgraded to 2.3.2. The system architecture is now fully modular. There are new modules with new useful tools, for example, tools for system recovery, network analysis, some network servers (ftp, ssh), and PCMCIA support. Support for the ClamAV Anti Virus toolkit was added. The boot sequence has been redesigned, both in the scripts and in the graphics."White Box Linux
White Box Linux has released v3.0 Respin 1 with minor feature enhancements. "Changes: This version included all errata released by Red Hat through May 31, 2004, an x86_64 port, and an FC2 Up2date ported in for transparent mirror support. rhn-applet was fixed and added to the default install. 3rd party package repo support was improved, and Tora was linked against Oracle 10g and MySQL."
Distribution reviews
Linux Lite: Cobind and the Simpler Life (OSNews)
OSNews checks out the new Cobind Desktop beta. "The surprising thing has been just how much of a pleasure Cobind is to use. Most things snap to the screen. The software feels modern and smoothly integrated. I haven't had this much fun with a new distribution in a long time. For just a second version (with first only a month or two old), Cobind is remarkably stable and polished."
Xandros Desktop OS 2.0 (UnixReview.com)
UnixReview.com reviews Xandros Desktop OS 2.0. "Xandros was extremely easy to install, configure, and use. The whole effect is completely different from the first version of Linux I put on my computer several years ago--and different, even, from the version of Linux I put on my computer 18 months ago. Of the three versions I've reviewed recently, Xandros does the best job of steering the user away from the classic Linux complexity, showcasing the most useful open source tools, and keeping the experience intuitive and easy."
Page editor: Forrest Cook
Development
The New Age of Programming
A long time ago in a Galaxy far, far away I was a programmer by profession. This was in the days of Mainframe COBOL programs. Over the years I have gradually found myself becoming a Systems Administrator. While I do less "real" programming now, I have picked up a number of different languages like perl, php, shell, C/C++, etc. Recently I have found myself thinking about the differences in programming languages and it seems to me that there are two basic kind of languages. For lack of better terms I'll call them "Standards Based" and "Internet Based". These two branches have some interesting differences that might not be apparent at first glance.What do I mean by Standards Based languages? These are languages that are generally defined by ISO standards committees. For the purpose of this piece we'll consider the following languages to be in this category: Ada, C, C++, COBOL, Pascal and SmallTalk. As for Internet Based languages, we'll use Java, Perl, PHP, Python, Ruby and Tcl/Tk. So what is the significant differences between these two camps? What are the advantages and disadvantages of using one or the other?
One of the advantages of the Internet Based languages is the fact that they are languages that have grown up and proliferated on the Internet. Being designed and built to work in the online world, they can easily do things that other languages can't, or must be shoehorned into doing. Even though C and C++ are quite capable of dealing with the 'Net, they aren't as at home as, say, Java. With the Internet Based languages you can develop and implement a system or application in a much easier fashion than with the others. The developers of these languages also had the advantage of being able to learn from the older languages, making what had previously been difficult much simpler. There are also some down sides to the Internet Based languages.
The most noticeable one is, ironically enough, one of their considered strengths; the speed with which they evolve. The language definitions for PHP, Python, Ruby and even Perl and Java are done at light speed. It's lucky if a language lasts for a few years before being massively updated. While this is fun for developers doing small, cutting-edge work and those doing R&D, it's not so good if you need to build an application for a large production system. I've been involved with a massive online system that's been built in Java. The application works fine, but the amount of work that the developers have to do to maintain and enhance it with older versions of Java is not insignificant.
With the older languages there's much more long-term stability. You don't find major changes in the language definitions happening at such a fast pace. A program written in Ada or C++ twenty years ago will still compile and run on today's platforms. These languages are not stagnant, however. The current C standard is C99 and it may surprise you to know that the most up to date language is COBOL with the current standard dated 2002. Standards Based languages, by definition, are standardized and stable. This does make for slow adaptation to changes in the IT/IS world, such as the development of WiFi and other new technologies. This adaptability/stability aspect is, as I said earlier, both an advantage and a disadvantage for each of the different models of languages.
Programming languages are tools. Different languages have their own strengths and weaknesses. Most seasoned developers have an idea of these issues. However, the speed of a language's evolution is often an overlooked aspect. Sometimes, slow and steady is better than fast and new.
System Applications
Audio Projects
Planet CCRMA Changes
The latest changes from the Planet CCRMA audio utility packaging project include updated versions of Libsndfile, Specimen, Blop, and the addition of apt and configuration file links for Fedora Core 2.
Database Software
Glom 0.8.3 announced
Version 0.8.3 of Glom, a database table definition GUI, is out. This release features bug fixes, improved documentation, and an updated German translation.PostgreSQL Weekly News
The PostgreSQL Weekly News for June 22, 2004 has been published. "With 7.4.3 now out the door, all eyes have really turned to finishing up 7.5 development. The biggest progress in that regard was the committing of the long awaited tablespaces patch."
PyORQ 0.1 released
Version 0.1 of PyORQ, a Python Object-Relational binding, is out."With PyORQ you can use Python expressions to write queries which are automatically translated into SQL and executed by the backend. This leverages the search capabilities of RDBMSs in an object-oriented programming environment. PyORQ 0.1 is a technology demo. It's purpose is to demonstrate the possibility to translate python expressions into SQL queries and to solicit feedback on this approach and its implementation".
ZODB 3.2.2 (final) released
Version 3.2.2 (final) of ZODB is available. "As promised with the ZODB 3.2.2b1 release last week, the tests for the unsupported Berkeley-based storages are now disabled in 3.2.2. In addition, a small but critical bug in FileStorage.restore() was identified and repaired. This bug didn't affect the Zope core, but is critical for sites running ZRS."
Mail Software
bogofilter 0.91.4 released (SourceForge)
Version 0.91.4 of bogofilter has been announced. "This release fixes a minor bug that could result in an "err: 17, File exists" message. The bogofilter package implements a fast Bayesian spam filter as suggested by Paul Graham in "A Plan For Spam"."
milter-bcc/0.2 (alpha) is available
The 0.2 alpha release of milter-bcc is out. "This is a Sendmail utility milter that can add to the recipient list of any inbound and/or outbound message one or more blind-carbon-copy recipients (Bcc) depending on the MAIL FROM: and/or RCPT TO: addresses for any given message. This is particularly useful for mail hosts that manage several domains, such as an ISP."
Sendmail 8.13.0 released
Version 8.13.0 of Sendmail has been announced. New features include the ability to query maps via tcp/ip sockets, connection rate control, LDAP enhancements, message quarantining, support for certificate revocation lists, experimental MTAMark support, and more. See the release notes for more information.
Printing
LinuxPrinting.org news
The latest news from LinuxPrinting.org includes the release of version 3.0.1 of the Foomatic printer database, and the release of a number of Okidata PPDs under the GPL. On Foomatic 3.0.1: "Most important new features are: CUPS drivers can be used with any spooler, better compatibility of the PPDs to the Adobe specifications and to Windows, better PJL support, workaround for bug in OpenOffice.org 1.1, LPRng improvements, clean-up of Perl scripts, enhancements on *BSD compatibility."
Security
Filtering IDS Packets (O'Reilly)
Don Parker explains how to filter network packets on O'Reilly. "Anyone who has worked with an intrusion detection system knows that it can produce an enormous amount of data. For many network security analysts this vast ocean of packets flagged for further inspection quickly becomes an unruly beast to tame. How then to tame the beast?"
Web Site Development
Project/Open 2.0
Version 2.0 of Project/Open has been announced. "Project/Open is an open-source web-based "project resource planning" system (Project-ERP) with project rooms and tools for managing clients, invoices, time and cost. It is designed for companies in the consulting, advertizing and translation sectors."
Quixote 1.0c1 released
Version 1.0c1 of the Quixote web development platform has been released. The changes include bug fixes and more.
Miscellaneous
POE 0.29 Released (use Perl)
Version 0.29 of POE, A Perl-based networking and multitasking framework, has been announced. "POE 0.29 is released after three months and hundreds of human-hours of hard work. Thanks go out to everyone who helped make it possible. This release includes a substantial performance increase in I/O intensive programs. It improves portability to Solaris, Windows, and Mac OS X."
Announcing Wasabi 0.2
Version 0.2 of Wasabi, a log file monitoring application, has been released. Changes include support for multiple files, performance improvements, improved signal handling, and lots more.
Desktop Applications
Audio Applications
Muine 0.6.3 is available
Version 0.6.3 of Muine, a music playing application, is available. "This release works with mono beta 3."
CAD
Sixteenth release of PythonCAD now available
PythonCAD release sixteenth is out. "Due to packaging problems in the fifteenth release, and a code snafu the bit the Cocoa interface, I'm releasing the sixteenth version of PythonCAD. The missing Cocoa files have been added, and a patch addressing the Layer problems on Cocoa have been applied."
Electronics
XCircuit 3.2.22 released
Version 3.2.22 of XCircuit, an electronic schematic drawing application, is available. This version adds a new tcl parameter selection mechanism.
Financial Applications
KMyMoney 0.6 released
KDE.News announces the availability of KMyMoney 0.6. This version supports double-entry accounting, multiple account types, a new XML file format, and more.SiGeFi 0.1.1 released
Version 0.1.1 of SiGeFi is out. "SiGeFi is a Financial Management System, with focus in the needs of the administration of the money in each personal life and house. It's written in Python/Tkinter, so it'll run in every system that supports Python."
Games
Exult Version 1.2 released (SourceForge)
Exult Version 1.2 has been announced. "After two years of development, we are pleased to Version 1.2 of Exult, the multi-platform engine for playing the classic game Ultima 7. This release contains many bug fixes and gameplay enhancements."
gnome-games 2.6.2 released
Stable version 2.6.2 of gnome-games is available with backported bug fixes.Spineless game engine 0.0.1
Version 0.0.1 of the Spineless game engine has been announced. "Spineless is a generic 3D game engine implemented in Python with C++ optimizations. Focus is on clean design and ease of use, not pure speed. It is still very incomplete and not really useful yet for serious use, but I would appreciate feedback, comments and suggestions."
WoodPusher 0.1 released
Version 0.1 of WoodPusher, a chess application written in C# under Mono, is out. This is the initial release.
GUI Packages
New FLTK software
The latest new software for FLTK,The Fast Light Toolkit, includes SPTK 2.2 beta 2, vtkFLTK 0.6.0, and Table 040621.gtkglextmm 1.1.0 is out
Unstable version 1.1.0 of gtkglextmm is available. "gtkglextmm is C++ wrapper for GtkGLExt, OpenGL Extension to GTK. C++ programmers can use it to write GTK+-based OpenGL applications using gtkmm 2."
gtkmm and glibmm 2.4.3 are available
Version 2.4.3 of gtkmm and glibmm are out with minor improvements. "gtkmm provides a C++ interface to GTK+. gtkmm 2.4 wraps additional API in GTK+ 2.4. gtkmm 2.4 installs in parallel with gtkmm 2.2, so you can have both installed at the same time. glibmm is now a separate module, for use in non-GUI software."
LTK 0.8 released
Version 0.8 of LTK, the Lisp ToolKit, is out. "LTK (The Lisp Toolkit) is a portable "Common Lisp binding for the Tk graphics toolkit". Unlike other similar bindings, LTK provides a high level interface and does not require any knowledge of Tk."
Imaging Applications
ImageProcess 0.4 released
Version 0.4 of ImageProcess, a cross-platform image processing tool, is available. New features include remote processing, undo/redo, and a toolbar.
Interoperability
Wine 20040615 released
Release 20040615 of Wine has been announced. Changes include a major winedbg rewrite, a new Wine preloader, audio support improvements, and bug fixes.Wine Traffic
The June 18, 2004 edition of Wine Traffic has been published. Take a look for the latest Wine project news.
Music Applications
BLOP LADSPA Plugins 0.2.8
Version 0.2.8 of the BLOP LADSPA Plugins are out. "After way too long, a new release of the BLOP LADSPA Plugin set. Orginally named Bandlimited LADSPA Oscillator Plugins, but there's more than oscillators... they're more useful in a modular host, such as Spiral Synth Modular, gAlan, Alsa Modular Synth etc."
gmorgan 0.23 released
Version 0.23 of gmorgan, an organ synthesizer, is out. "This release is a bugfix version and solve compilation problems."
mcontrol 0.0.01 released
Version 0.0.01 of mcontrol has been released. "mcontrol is a ALSA MIDI sequencer client and brings the possibility to assign up to twelve "simultaneous" MIDI control messages for each controller in your MIDI keyboard (Modulation Wheel, Breath Controller, Foot Controller, Pitch Bend and After Touch)."
TAP-plugins 0.6.0 +more
Version 0.6.0 of the TAP-plugins is available. The initial release of the TAP Reverb Editor is also out. New features include the TAP Fractal Doubler, the TAP Reflector, and the TAP Pink/Fractal Noise. Changes have been made to the reverb section as well.
News Readers
Liferea 0.5.0 is out
Liferea Version 0.5.0 is available with bug fixes, new translations, and more. "Liferea (Linux Feed Reader) is a fast, easy to use, and easy to install GNOME news aggregator for online news feeds. It supports a number of different feed formats including RSS/RDF, CDF, Atom, OCS, and OPML."
Office Suites
OpenOffice.org 1.1.2 released
OpenOffice 1.1.2 is out. "OpenOffice.org 1.1.2 introduces the FontOOo Autopilot, which downloads and installs fonts from various sources. In addition, this release provides improved support for dBase database files, additional language support, and improved XML export facilities." Click below for the details.
Web Browsers
Galeon 1.2.14 "End of the Line" released
Version 1.2.14 of Galeon has been announced. "Well, after far too long, here's a new 1.2.x release to coincide with the Mozilla 1.7 release. It's also significant because I'm not planning to try and keep up with mozilla beyond 1.7. AA font support is no longer supported for gtk1 builds of mozilla 1.8, making it pretty clear that it's viewed as deprecated so this seems a good point to stop."
Mozilla 1.7 released
Mozilla 1.7 is out. New features include improved popup blocking, the ability to extract passwords from the password manager, numerous mail improvements, better performance, and more; see the "what's new" document for details.
Wireless Applications
gnome-bluetooth 0.5.1 and libbtctl 0.4.1 are available
New development releases of gnome-bluetooth and libbtctl are available. "gnome-bluetooth is a suite of tools for managing Bluetooth devices and sending/receiving data under the GNOME desktop. libbtctl is a GObject-based library for the Bluetooth and OBEX operations on Linux. It comes with Python and Mono language bindings."
Miscellaneous
First release of gamin
Version 0.0.1 of Gamin is available. "Gamin is a file and directory monitoring system defined to be a subset of the FAM (File Alteration Monitor) system."
Hydrogen 1.0 released
Hydrogen 1.0 is out; click below for the details. Hydrogen is, perhaps, the first offshoot of the recently-freed Ximian Connector; this project, sponsored by Sun, enables Evolution to work with the Sun Java Enterprise System Calendar Server.GNOME Phone Manager 0.3 development release
Development version 0.3 of GNOME Phone Manager is available. "Phone Manager allows you to send and receive text (SMS) messages from the desktop, connecting to your mobile phone via Bluetooth, serial or IrDA. It's finally here! A version of Phone Manager that works with the latest gnome-bluetooth code. This release is feature-wise exactly the same as the 0.2 release, but more or less completely rewritten underneath. The user interface is a bit rough, in particular."
xtopdf v1.0 announced
The xtopdf project aims to provide a tool for conversion from various file formats into .pdf form. The current version can read plain text and .DBF files as input.
Languages and Tools
Caml
Caml Weekly News
The June 8-22, 2004 edition of the Caml Weekly News is available with another round of Caml language information.
Java
Introduction to Jena (IBM developerWorks)
Philip McCarthy introduces Jena on IBM's developerWorks. "RDF is increasingly recognized as an excellent choice for representing and processing semi-structured data. In this article, Web Developer Philip McCarthy shows you how to use the Jena Semantic Web Toolkit to exploit RDF data models in your Java applications."
Perl
Perl's Special Variables (O'Reilly)
Dave Cross shows how to work with Perl internal variables in an O'Reilly article. "One of the best ways to make your Perl code look more like ... well, like Perl code -- and not like C or BASIC or whatever you used before you were introduced to Perl -- is to get to know the internal variables that Perl uses to control various aspects of your program's execution. In this article we'll take a look at a number of variables that give you finer control over your file input and output."
This Week on perl5-porters (use Perl)
The June 14-20, 2004 edition of This Week on perl5-porters is available with more Perl 5 news. "Maybe it's due to the conferences, but this week was a low-traffic one."
PHP
PHP Weekly Summary for June 21, 2004
The PHP Weekly Summary for June 21, 2004 is out. Topics include: Reflection API testers required - and php.net to go live with five!
Python
Weave a neural net with Python (IBM developerWorks)
Andrew L. Blais describes a Python-based neural network on IBM's devloperWorks. "Hot things cool, obviously. The house gets messy, frustratingly. In much the same way, messages are distorted. Short-term strategies for reversing these things include, respectively, reheating, cleaning, and the Hopfield net. This article introduces you to the last of these three, an algorithm that can, within certain parameters, undo noise. A very simple Python implementation, net.py, will show you how its basic parts fit together, and why a Hopfield net can sometimes retrieve a pattern from its distortion."
Python-dev Summary
The May 1-31, 2004 python-dev Summary is available with a summary of the python-dev mailing list traffic.Python-dev Summary
The June 1-15, 2004 python-dev Summary is out with more Python language information.Dr. Dobb's Python-URL!
The June 21, 2004 edition of Dr. Dobb's Python-URL! is online with the latest Python language articles.
S
SLgtk 0.5.9 and Vwhere 1.2.2 released
New versions of SLgtk and Vwhere are available. "The SLgtk package binds the Gtk2 and GtkExtra widget sets to the S-Lang scripting language (www.s-lang.org). SLgtk wraps more than 2200 functions from Gtk2 and its constituent libraries, includes over 4000 lines of sample code in 40+ working guilets, and bundles a code generator (SLIRP) which can be useful for building additional S-Lang modules."
Tcl/Tk
Dr. Dobb's Tcl-URL!
The June 22, 2004 edition of Dr. Dobb's Tcl-URL! is available with the latest Tcl/Tk article links.
Editors
Conglomerate-0.7.14 Released
Version 0.7.14 of Conglomerate, an XML editor, is available. "This is still an unstable release; there are still some known repeatable crash bugs. Please download it and test that no new bugs have been introduced!"
IDEs
Eclipse 3.0 announced
A press release has gone out announcing the June 30 availability of the Eclipse 3.0 release. "With release 3.0, Eclipse now extends its sophisticated object-oriented development technologies to support a rich-client platform (RCP) that enables construction of desktop applications."
Java Development on Eclipse, Part 2 (O'ReillyNet)
O'Reilly has published part two in a series about Java on Eclipse by Steve Holzner. "In this conclusion of a two-part series of excerpts from Eclipse, author Steve Holzner provides still more examples of how Eclipse makes it easier to create Java code from scratch. This week he covers creating Javadocs, refactoring, adding certain skills to your Eclipse toolbox, and customizing the development environment."
Miscellaneous
Associative Array Usage in Python, Perl, and awk (Unix Review)
Ed Schaefer explores associated arrays on Unix Review. "Associative arrays are a staple of Unix productivity tools, as well as the modern ksh-style shells, ksh, bash, zsh, etc. This month, Charles Leonard discusses associative array usage in Python, Perl, and Awk."
Code Improvement Through Cyclomatic Complexity (O'ReillyNet)
Andrew Glover analyzes code by looking at its cyclomatic complexity on O'Reilly. "Overly complex code is dangerous, hard to maintain if not already buggy. But what do we mean by "complex"? The metric of cyclomatic complexity helps show where the most complex code is. As Andrew Glover illustrates, finding the complex code is also the first step to refactoring it."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
The Linux Killer (Wired)
Wired is running a long article about SCO with an interesting emphasis on the history of the association between Darl McBride and Mike Anderer (who is the person who brokered the Microsoft license payments and BayStar investment). "At Silicon Stemcell, McBride and Anderer polished the strategy they'd repeat at SCO: turning intellectual property into a revenue stream. Anderer, McBride, and four managers who had served with them at Ikon's technology services division pooled their ideas for products, then attempted to patent them. It was 1999, and they were in the business vanguard, devising a new way to create wealth. Something as intangible as a claim to owning an idea, they realized, could be used to extract money from innovators in related fields. Even if Silicon Stemcell's patents weren't finalized, it might still be cheaper for startups to pay licensing fees to Anderer's group than to fight protracted legal battles. Silicon Stemcell wouldn't even have to create businesses, it could thrive just by collecting these fees."
INDUCE Act is Free Speech Killer (Copyfight)
Here's a Copyfight column on Orrin Hatch's "INDUCE" act, apparently about to be introduced into the U.S. Senate. INDUCE stands for, believe it or not, "Inducement Devolves into Unlawful Child Exploitation Act of 2004," but the intent of the law is to penalize any "inducement" to copyright infringement. As noted in the column, this is a rather large expansion of copyright law which would doubtless be used against those who develop tools which might be used for copyright infringement, or, conceivably, even those who are simply critical of current copyright law.Dutch Parliament Considers Revoking Support for Patent Directive (OSnews)
OSnews is carrying a lengthy article describing the process that has led the Dutch government to reconsider its position on software patents in Europe. "The Dutch parliament will make a final decision about the position the Minister will take in September. A debate about this issue will take place at Thursday, the 24th of June, 19:45-20:45 CET... They may also decide to require the European Presidency to open a new voting procedure, which would completely reopen the case for all member states." (Thanks to Daniel Mantione).
Trade Shows and Conferences
A Report from the 5th International Free Software Forum (Linux Journal)
The Linux Journal reports from the International Free Software Forum in Brazil. "With a GDP of around 493 billion USD and a population of 170 million, Brazil boasts the world's 15th largest economy, but it also is rated among the worst when it comes to distribution of wealth.... At the same time, the country is paying out 1.2 billion USD every year in software licensing fees. It therefore is essential to find some way of keeping these resources within the country. This idea led José Dirceu, the chief of staff, to affirm that free software is a fundamental issue here."
The SCO Problem
Notice this Notice? ~ by Dr Stupid (Groklaw)
Groklaw tries to figure out whether Novell really sold the Unix copyrights by looking at the actions of the parties involved - and, in particular, what sort of copyright notices they put into the Unix code. "oldSCO's handling of the UnixWare source code in the years following the deal seem to me most consistent with those of a company that had obtained the right to freely derive from and sell products based on the code, but inconsistent with those of a company that had been granted, or believed they owned, the copyrights on that code."
"Every Step You Take, Every Move You Make, I'll Be Watching You" (Groklaw)
Groklaw has the latest SCO filing in the DaimlerChrysler case - an affidavit from the company's "director of software licensing" William Broderick. "SCO had made good-faith attempts to contact over 750 of those licensees to secure assurances of their compliance with the terms of their licenses. If each licensee disregards the request or unilaterally determines that it may respond whenever it wants, SCO may have to spend extraordinary resources and potentially commence hundreds of court actions to enforce its rights. It would be impracticable and costly for SCO to have to sue each one to obtain basic assurances of performance."
Eyewitness Account of Blepp's Speech in Germany (Groklaw)
Groklaw has an informal report from a speech made by SCO executive Gregory Blepp in Germany. "Someone needs to send Mr. Blepp the memo that mum's the new word at SCO. He spills the beans that SCO at the beginning just wanted IBM to pay them some millions for 'copyright infringement', and they are puzzled why that didn't happen."
Companies
Nokia cash boosts Mozilla (News.com)
News.com has posted an article on Nokia's funding for the Mozilla Minimo project. "Sources described the Nokia deal, inked last year, as a potential model for Mozilla's financial self-sufficiency. The group hopes to land more development grants to meet the needs of particular clients and at the same time make the resulting code freely available to all-comers. The foundation also plans to announce the corporate members of a technical advisory board in coming weeks."
Sun reveals tidbits of Solaris open source strategy (NewsForge)
Sun Microsystems releases a few more details on its plan to release its Solaris operating system as open-source software, according to this article on NewsForge. "Bryan Cantrill, senior kernel engineer for Solaris, said that he's excited about his and his team's work going public. "Technically, this is not a problem to do this," he said. "I can assure you, the engineers in this room write some of the cleanest code in the entire world. We're proud to open it. We feel we were born to do this work. But I'm also sure we'll be revisiting a few comments in the code here and there -- I just thought of a particularly disparaging one I might have left in having to do with C++ unions," Cantrill said with a laugh."
Linux Adoption
France Challenges Microsoft in Software Re-Fit (Reuters)
Reuters reports that the French government is shopping for free software solutions. "Civil service minister Renaud Dutreil told Reuters France wanted to use 'open-source' software providers to resupply part of the almost one million state computers under a government cost-cutting drive designed to trim a bulging public deficit. 'We are not starting a war against Microsoft, or against American companies in the software sector,' Dutreil said in an interview. But he added that Microsoft 'must return to being one supplier to the state among others.'" Unfortunately, the story also says that open source software is "uncopyrighted."
Legal
DMCA Foes Find Allies in House (Wired)
Wired looks at a new bill that would soften the DMCA anti-piracy act. "If some in Congress get their way, you may soon be able to hack DVDs and CDs to get around copy protections and make as many copies of albums and movies as you want -- with no fear of the feds breaking down the door. A bill in the House of Representatives, HR107, would overturn a major provision of the controversial Digital Millennium Copyright Act of 1998, which bars consumers from circumventing encryption on digital media products, even if they only intend to make copies for personal use."
Tech heavies support challenge to copyright law (News.com)
News.com reports that attempts to fix the DMCA are gaining some support. "But members of the nascent coalition, including Intel, Sun Microsystems, Verizon Communications, SBC, Qwest, Gateway and BellSouth, are lending their support to a proposal by Rep. Rick Boucher, D-Va., to rewrite that part of the DMCA. Boucher's bill says that descrambling utilities can be distributed, and copy protection can be circumvented as long as no copyright infringement is taking place."
Interviews
The Hill's property rights showdown (News.com)
News.com talks with Representative Rick Boucher about his DMCA reform attempt and other topics. "I think that our legislation has a good chance of being approved, at least in the House of Representatives, this year. I think that the major push for passage probably will come during the course of the next Congress. There has been a tremendous change in public perception with respect to the appropriate level of protection for intellectual property over the course of the years since the Digital Millennium Copyright Act was passed in 1998."
Novell: Fighting Microsoft's FUD machine (ZDNet)
ZDNet talks with Novell managers David Patrick and Alan Murray. "The first big global deployment of desktop Linux will be Novell. We are moving 6000 employees over to Linux. By 1 August, everyone in the company is going to be on Open Office and then, by this autumn, roughly half the company will be on Linux and the rest we are finishing off as soon as possible after that."
Richard Stallman interviewed in La Repubblica
La Repubblica is carrying an interview (in Italian) with Richard Stallman. Regarding software patents in Europe: "I don't know the motives, but I tell you: pay attention, don't make this mistake. Copyrights and software patents worsen the digital divide and concentrate wealth in the hands of the few." (editor's translation).
Interview with Jean Tourrilhes of HP (LinuxQuestions.org)
LinuxQuestions.org interviews Jean Tourrilhes. "In an interview with LinuxQuestions.org, Jean Tourrilhes discusses how he first got introduced to Linux, OS zealotry, the origins of his famous Wireless How-to page, Linux on the desktop, the state of Linux wireless device driver support, the best and worst wireless chipset manufacturers, the biggest limitations of the current 802.11 implementations and his opinion on the emerging wireless networking standards."
Resources
OO.org Off the Wall: Paragraph Styles, Part II (Linux Journal)
Bruce Byfield continues his Linux Journal series on OpenOffice.org with part two. "So, you've chosen the fonts for your paragraph style and its positioning. What next? In many cases, nothing is next. Font and positioning choices are the basics of paragraph styles in OpenOffice.org Writer. Often, you need nothing more. But, when you do need more, Writer's paragraph styles have a grab bag of tricks waiting for you."
Putting together PDF files (NewsForge)
Scott Nesbitt shows several ways to merge PDF files under Linux. "Sadly, Adobe hasn't deigned to put out a version of Acrobat for Linux, but there are a number of Linux utilities available that enable you to quickly and efficiently combine PDF files. This article looks at three command line utilities: Ghostscript, joinPDF, and pdfmeld. Each does a good job of combining PDF files, and they all pack some interesting features."
A fast, free distributed method for C/C++ compilation (developerWorks)
developerWorks shows how to use distcc to speed up compilations. "Now, just having distcc on one machine is pointless; this won't really give us any benefit. I'm going to find three friends on my LAN who are running Linux and see if they're interested, since everyone who installs distcc can benefit from the 'pool.' It is also worth noting that apart from the version of gcc you are running, there doesn't need to be anything else common about the machines: they needn't share a filesystem, header files, or libraries, or even be running the same Linux kernel or distribution."
Reviews
Eclipse readies 'rich client' software (News.com)
News.com looks forward to the Eclipse 3.0 release. "Eclipse 3.0, which is freely available software aimed at Java programmers, includes tools for building and running so-called rich-client applications, which have more sophisticated graphics capabilities than standard Web browser-based applications."
Kommander Looks to Shake Up the Desktop (KDE.News)
KDE.News has a review of Kommander. "So the answer to the question many of you may be asking, "What is Kommander?", really has to be answered from each perspective. A simplified technical description is that Kommander is two programs, an editor and an executor, that produce dialogs that you can execute."
Miscellaneous
A Day in the Life of #Apache (O'ReillyNet)
This O'ReillyNet article tries to answer the question on everybody's mind: should one be using Apache 1.3 or 2.0? "Most of the active Apache developers work on Apache 2.0. This means that, increasingly as time goes on, Apache 2.0 is likely to be the better product by greater margins. I expect that 1.3 will still be maintained for a long, long time. And there will always be security patches available for 1.3, as long as anyone is using it."
Backdoor program gets backdoored (SecurityFocus)
SecurityFocus reports on the discovery of a "master password" in the Optix Pro backdoor program. "At least one security expert says there's a lesson to be learned from the whole affair. 'It obviously says you should always use open-source Trojans,' says Mark Loveless, a senior security analyst with Bindview Corporation. 'That's the moral. You can't even trust Windows malware.'" (Thanks to Rajesh Bhandari).
The BlueSpace wall display project (IBM developerWorks)
Barry A. Feigenbaum describes the code behind the BlueSpace wall display on IBM's developerWorks. "The BlueSpace wall display is an exciting demonstration of the potential of multimedia development on the Java platform. In this project, first developed by the IBM Worldwide Accessibility Center in 2003 and presented this year at JavaOne, a large-scale, high-resolution visual screen is implemented as a grid of projected computer displays. The resulting display is infinitely malleable in size and form and has numerous multimedia and presentation capabilities. Regular developerWorks contributor and Worldwide Accessibility Center engineer Barry Feigenbaum summarizes the concept and implementation details behind this project, for which he was the development team leader."
The Importance of Being Linux (ABC)
Here's a strange Dvorak column hosted on ABC News. "Other than Linux, all the other open-source projects move along at a rate best described as glacial. Even principals in the community are sometimes shocked at the slowness of open-source development. This probably is a function of how motivation and lack of fear work among open-source developers. Often they're motivated like hobbyists. And there is no fear to drive anyone to do anything -- no fear of getting fired or yelled at by a mean boss." That notwithstanding, it's actually a somewhat positive column.
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
OSDL: 22 Companies Now Contributing, Implementing or Supporting Carrier Grade Linux
The Open Source Development Labs has announced a list of 22 companies that are supporting the development of its Carrier Grade Linux specifications. "The companies include Alcatel, Cisco, Comverse, Ericsson, Force Computers, Fujitsu, Hitachi, HP, IBM, Intel, MontaVista Software, NEC, Nokia, Novell, NTT Data Intellilink, NTT Group, Red Hat, Sun Microsystems, SuSE Linux AG, Timesys, TurboLinux and Wind River."
Commercial announcements
IBM's supercomputer successes
Click below for an IBM press release proclaiming its success in the cluster business. The company claims over 200 installed supercomputing systems, and 150 Linux clusters on the list of the top 500 computers worldwide.Lindows gets into retail
Lindows has announced the opening of Sub500.com, a physical retail store in Toronto which will sell computers with Linspire preinstalled.Red Hat's first quarter results
Here's the press release from Red Hat on its first quarter results. Revenue was $42 million, yielding income of almost $11 million. Red Hat has just under $1 billion in the bank now.New courses from Red Hat to support RHCA
Red Hat is setting itself up to launch a new level of certification, called the "Red Hat Certified Architect." To that end, the company has announced a new set of training courses for people with architect-level aspirations. They cover topics like network security, large organization systems administration, directory services, storage management, and more.Skype for Linux Beta
Skype Technologies has announced the availability of a beta version of its Internet telephony application for Linux. The application is propretary, but binaries can be freely downloaded.TransGaming releases and renames WineX 4.0
TransGaming has announced the availability of WineX 4.0, which is now able to run a wider range of Windows games under Linux. As of this release, WineX also has a new name: Cedega.
Resources
Embedded Software Development with eCos Available Online
An online version of the book Embedded Software Development with eCos is available.The LDP Weekly News
The LDP Weekly News for June 23, 2004 is out with the latest new documentation releases.
Contests and Awards
Proposals for Incorporating Machine Learning in Mozilla Firefox (MozillaZine)
Blake Ross is looking for ideas relating to machine learning and the Firefox browser. "I will be doing research this summer at Stanford with Professor Andrew Ng about how we can incorporate machine learning into Firefox. We're looking for ideas that will make Firefox 2.0 blow every other browser out of the water. People who come up with the best 3-5 ideas win Gmail accounts, and if we implement your idea you'll be acknowledged in both our paper and in Firefox credits."
Upcoming Events
Linucon - Linux and Sci-Fi
The Linucon event will take place in Austin, TX on October 8-10, 2004. "Our guests of honor are Eric Raymond, Wil Wheaton, Steve Jackson, Eric Flint, and Howard Tayler. We'll have panels, tutorials, masquerade, filk, 802.11b wireless internet, pocky, liquid nitrogen ice cream, 24 hour hour video room, caffienated jello, Evil Stevie's Pirate Game, chaos, Munchkin: the LARP, Anime Music Video contest..."
OpenOffice.org Conference 2004
The OpenOffice.org Conference 2004 will be held in Berlin, Germany on September 22-24, 2004. The event's Call For Papers has gone out, submissions are due before the end of July.International PHP Conference 2004
The International PHP Conference 2004 will be held in Frankfurt, Germany on November 9-10, 2004. A series of tutorials will be held before the conference on November 7 and 8.A call for papers has gone out, submissions are due by July 16, 2004.
RPF for OSCOM.4 with ApacheTracks
A Request for Proposals has been sent out for the OSCOM.4 event. The event will take place in Zurich, Switzerland from September 29 to October 1, 2004.Plone Conference 2004
The Plone Conference 2004 will be held on September 20-22, 2004 in Vienna, Austria.Slony-I Workshop following OSCON
A Slony-I Configuration Workshop will be held on July 31, 2004 in Portland, Oregon. "Afilias' Software Engineer Jan Wieck will conduct a FREE seminar for PostgreSQL consultants and DBAs on Slony-I, a new enterprise-level replication system for PostgreSQL that he is currently developing."
Events: June 24 - August 19, 2004
| Date | Event | Location |
|---|---|---|
| June 24, 2004 | Free Software for Multimedia Streaming over the Internet | (Ircam)Paris France |
| June 27 - July 2, 2004 | USENIX 2004 | (Boston Marriott Coppley Place)Boston, MA |
| June 28 - 30, 2004 | GNOME User and Developer European Conference(GUADEC) | Kristiansand, Norway |
| June 28 - July 1, 2004 | JavaOne | (Moscone Center)San Francisco, CA |
| June 29 - July 1, 2004 | Perl Workshop 6.0 | (Barbara-Künkelin-Halle)Schorndorf, Germany |
| July 12 - 15, 2004 | Real-time and Embedded Systems Workshop | Washington, DC |
| July 19 - 20, 2004 | Italian Perl Workshop | (Polo Fibonacci)Pisa, Italy |
| July 21 - 24, 2004 | Linux Symposium | Ottawa, Canada |
| July 26 - 30, 2004 | O'Reilly Open Source Software Convention 2004(OSCON) | Portland, OR |
| July 26 - 30, 2004 | IBM pSeries Technical Conference | Cairns, Australia |
| July 31 - August 2, 2004 | Vancouver Python Workshop | Vancouver, Canada |
| August 2 - 5, 2004 | LinuxWorld Conference & Expo | (Moscone Center)San Francisco, California |
Event Reports
1st European Lisp and Scheme Workshop material available
Conference papers and other materials are available from the 1st European Lisp and Scheme Workshop, the event took place in Oslo, Norway on June 13.
Web sites
LinuxQuestions.org Linux Forum Surpasses One Million Posts
LinuxQuestions.org has announced its millionth post. "In just under four years, LinuxQuestions.org has grown to become one of the largest Linux communities online. With over 100,000 users and more than 1,000,000 posts the site continues to not only grow in size, but in content as well."
The Planet Python Blog Site
The Planet Python site is available for those of you who wish to follow the activities of various Python Bloggers.
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Page editor: Forrest Cook
Letters to the editor
Re: The Grumpy Editor's guide to terminal emulators
| From: | "nathan r. hruby" <nhruby-AT-uga.edu> | |
| To: | letters-AT-lwn.net | |
| Subject: | Re: The Grumpy Editor's guide to terminal emulators | |
| Date: | Thu, 17 Jun 2004 11:35:55 -0400 (EDT) |
Hi!
After reading the "The Grumpy Editor's guide to terminal emulators" I felt
I had to mention the terminal emulator I use on a daily basis: dzt.
dzt has tabs, color, fonts, decent scrolling, selectable profiles, visual
alerts on tabs with activity, and several user-configurable hotkeys for
dzt actions (eg: next tab, previous tab, new tab, close tab, etc..). The
best part of dzt is that each tab consumes about as much memory as an rxvt
terminal session. When coupled with XFCE, you can have a stylish and fast
desktop in really slim environments.
Sadly, the only drawbacks are that dzt seems to be not maintained anymore
(or, as the authors states "Development is very sporadic") and is a GTK-1
based application. Which is a shame because is it one of the nicest
terminal emulators I've used. Its homepage (with download links) can be found
at: http://dzt.sourceforge.net/
Please try it out, I think you'll like it.
-n... a grumpy sysadmin.
--
-------------------------------------------
nathan hruby <nhruby@uga.edu>
uga enterprise information technology services
production systems support
metaphysically wrinkle-free
-------------------------------------------
Re: MH / exmh
| From: | Brent Welch <welch-AT-panasas.com> | |
| To: | "Andreas Kupries" <andreask-AT-ActiveState.com> | |
| Subject: | Re: MH / exmh | |
| Date: | Fri, 18 Jun 2004 22:30:09 -0700 | |
| Cc: | letters-AT-lwn.net |
I have many things I'd like to do with exmh, including slowly
replacing the nmh base. But, on the other hand,
"If it aint' broke, don't fix it." The main thing I'd like
to have has a central email manager that pulls and filters
email, and then supports multiple email user interfaces.
For example, I'm about to go on an extended road trip and
I have to rely on my exmh UI remaining alive on my desktop
at work so it can do all the filtering for me. Plus, I can't
tunnel in from my Windows laptop and run exmh natively on
my windows laptop.
It should be easy to split exmh into the mail manager half
and the user interface half. Alas, I spend all my time with
my day job (which takes up most evenings, too) or my family.
It took me months to get a TclHttpd distribution out in
"my spare time". It is time for an exmh release as well.
If I win the lottery or Panasas goes public, I can retire
and work more on an email client. In the meantime it works
quite well for me. Keep the faith.
If you need IMAP, the easiest thing is to use something like
fetchmail that can get mail from anywhere. Ultimately I'd
like a toolkit that helped you exploit tools like that to
manage email from multiple user accounts and servers, etc.
etc. It is all possible now, but takes a fair amount of
time with your head under hood pulling at wires.
--
Brent Welch
Software Architect, Panasas Inc
Delivering the premier storage system for scalable Linux clusters
www.panasas.com
welch@panasas.com
Page editor: Jonathan Corbet